On Configuration Management

This started out as a thought to me late last night while reading the comments to the quite poorly developed “Puppet versus Chef: 10 reasons why Puppet wins” blog post. The plan was to calmly sit down and write up my thoughts on some of these things. Instead, I blasted it all out in the comment thread there, and am just re-pasting here.

… being able to build these tools (Puppet, Chef, etc) from source is MANDATORY. This notion that “if you are building from source, you are doing it wrong” is a) total bullshit and b) completely vapid when you are not offering build tarballs for all OSes you claim your tool runs on. Where’s your Solaris pkg tarball? Yes, build from source. What if I want our CM shit in /usr/local/cm-tools, built with options for our environment? Yes, build from source. What if I want, as anyone should want, the Ruby used for our CM tools decoupled from the OS-provided Ruby which can change out from under me? BUILD. FROM. SOURCE. You’re rolling out a configuration management framework for sanity in your environment, and in the process a lot of you are doing it with the same old braindead methodology.

Configuration management software is something to be installed and left alone unless a serious security vulnerability or bug that actually affects your environment is found (not talking about config changes). It is a setup effort that should last more than a year without being dicked with.


I am amazed at some of the hackish mentality shown by so many people doing CM work or rollouts. On one hand, you say you “Get It” because you are doing CM instead of firefighting or meatforcing deployments. On the other hand, you cut your teeth dicking around with every latest release candidate of every Linux kernel or tool known to man and just can’t keep your hands between your ass and a chair. Listen, I *don’t want* the latest stable version of your CM tool, released 3 weeks ago, installed. I want the version I am using already, that I tested thoroughly with our environment, and that *works perfectly fine on my N-hundred boxes*. I will never, ever, stop being at odds with this “Linux Generation” of needless upgraders, let alone the ones who claim to understand system stability and interdependencies.

Leave a Reply

Your email address will not be published. Required fields are marked *