https://miek.nl/tags/cfg/ Recent content in Cfg on Miek Gieben Hugo en-us © Copyright 2007-2024 Miek Gieben Fri, 02 Feb 2024 15:20:33 +0100 https://miek.nl/2024/february/02/config-management-part-iii-rolling-back/ Fri, 02 Feb 2024 15:20:33 +0100 https://miek.nl/2024/february/02/config-management-part-iii-rolling-back/ <p><a href="https://miek.nl/2024/february/01/config-management-part-ii-microcode-language/">The second part</a>.</p> <p>In the previous part we looked how a micro language would look like, now I want to focus on what it means to roll back to a previous version. First take a look at an instruction that have no obvious reverse: CHMOD</p> <p>When rolling back CHMOD you want to revert to the previous permissions. This would work automatically <em>if</em> there was an older CHMOD that would also set the permission, but in a lot of situations you probably just go with the (package) defaults. This implies you don&rsquo;t know what a CHMOD reversal would be, and that implies we need to track that, like in a proper <em>journal</em>. As said each instruction has an implicit condition, if that condition doesn&rsquo;t hold, it executes the instruction, we can utilize that state and save it in the journal. Let&rsquo;s see in detail how this would work with something like CHMOD.</p> https://miek.nl/2024/february/01/config-management-part-ii-microcode-language/ Thu, 01 Feb 2024 15:20:33 +0100 https://miek.nl/2024/february/01/config-management-part-ii-microcode-language/ <p><a href="https://miek.nl/2024/january/29/config-management/">The first part</a>.</p> <p>This cfg mgmt system uses a micro language to perform the changes on the target system. This language is limited in its scope and has the following &ldquo;instructions&rdquo;:</p> <table> <thead> <tr> <th>INSTRUCTION</th> <th>ARITY</th> <th>ARGUMENTS</th> <th>REMARK</th> </tr> </thead> <tbody> <tr> <td>REM</td> <td>1</td> <td>TEXT</td> <td>a comment</td> </tr> <tr> <td>MKDIR</td> <td>2</td> <td>MODE PATH</td> <td>create a directory</td> </tr> <tr> <td>COPY</td> <td>2</td> <td>SRC-PATH DST-PATH</td> <td>copy a file</td> </tr> <tr> <td>CHMOD</td> <td>2</td> <td>MODE PATH</td> <td>set the mode</td> </tr> <tr> <td>CHOWN</td> <td>2</td> <td>USER/ID PATH</td> <td>set the owner</td> </tr> <tr> <td>CHGRP</td> <td>2</td> <td>GROUP/ID PATH</td> <td>set the group</td> </tr> <tr> <td>RM</td> <td>1</td> <td>PATH</td> <td>rm the file</td> </tr> <tr> <td>EXEC</td> <td>1</td> <td>CMD</td> <td>install a package</td> </tr> </tbody> </table> <p>These micro-instruction basically all call a simple system call to make the changes. Note, except for the latter this is the Unix API of everything is a file. <code>EXEC</code> is now only used to install/deinstall a package; of course such a generic instruction is ripe for abuse&hellip;</p> https://miek.nl/2024/january/29/config-management/ Mon, 29 Jan 2024 14:20:33 +0100 https://miek.nl/2024/january/29/config-management/ <blockquote> <p>this project needs a name and a domain.</p> </blockquote> <p>After many years of playing with YAML in k8s, I&rsquo;ve returned to using CFEngine (at work). The last config management software before that was Puppet. An issue I see with all modern config management tooling is the lack of monitoring and the impossibility to cleanly roll back. In k8s it works better, but that&rsquo;s only for pods running in k8s (which are stateless), not the underlying machines.</p>