Theory and Practice of Configuration Management in decentralized Systems

Abstract

Summary form only given. What is configuration management? Often at NOMS we think only of network management - i.e. the management of network devices like routers and switches. Host management, on the other hand, has been studied more in the Unix community. Increasingly we are seeing these two worlds converge, as network devices run embedded GNU/Linux or Free BSD operating systems. So what are the differences? One difference is the file abstraction host operating systems have files and databases that contain configuration data. What are the technologies for managing these? Should they be centralized? Autonomy is a central concept in modern computing technology. Increasingly computers are being managed by their owners rather than by centralized authorities. In the early 1990's the author developed the automation system cfengine for configuring and maintaining Unix-like operating systems, based on an arbitrary model of either centralized or decentralized control. It was based on the idea of voluntary cooperation - a topic which is now centre stage in autonomic and pervasive computing, cfengine was conceived to be able to run on any device, no matter how large or small. Moreover, it started a field of research into configuration management at the USENIX configuration management workshops and was the proof-of-principle for several key results. Today cfengine is used on an estimated million computers around the world, both in large and small companies. Cfengine is a tool for setting up and maintaining a configuration across a network of hosts. It embodies a very high level declarative language, much higher-level than scripting languages, together with an autonomous, smart agent and machine-learning monitors. The idea behind cfengine is to create a single "policy" or configuration specification that describes the setup of as many or as few hosts in a network, without sacrificing their autonomy. Cfengine runs on each host and makes sure that it is in a policy-conformant state; if necessary, any deviations from policy rules are fixed automatically. Unlike tools such as rdist, cfengine does not require hosts to open themselves to any central authority, nor to subscribe to a fixed image of files. It is a modern tool, supporting state-of-the-art encryption and IPv6 transport, that can handle distribution and customization of system resources in huge networks (tens of thousands of hosts). The tutorial focuses on the general principles of configuration management and uses cfengine as an example which integrates the state of the art research