[Infrastructures] Radmind vs. Isconf ?

Chris Kacoroski ckacoroski@nsd.org
Wed, 06 Apr 2005 11:40:22 -0700 

Here are my two bits on this...

Steve Traugott wrote:

> A bunch of us sat down at LISA 2003 and went over Radmind; Patrick had
> presented it in the infrastructures workshop.  (Make sure to see the
> Radmind paper from that year as well.)  The impression I came away with
> was that Radmind gives you a way to maintain the baseline image, plus
> any deltas, as rsync-like sets of changed files (not what they call it
> -- I'm digging this out of my sieve-like memory).  

It can also apply multiple change sets to the extent that the change 
sets do not modify the same file in different ways.  For example set A 
modifies file 1 and then set B modfifies the same file.  If you just put 
set A or just put set B on a machine you are fine.  If you put set A and 
B on the machine you have a problem.  The solution is to create a change 
set called set AB so file 1 will have both modifications.

As you can see, this works fine for controlled environments, but if you 
have an environment with 100 changesets or more that can be mixed and 
matched all different ways, you end up a problem trying to create all 
the perturbations that may be used.  Because of this (and one other 
issue I mention below), we use it in our Labs, but not on our Staff 
workstations.

> 
> The main conceptual difference between Radmind and ISconf is that, while
> ISconf expects to distribute native rpm, deb, tarballs, and other
> packages from upstream, Radmind specializes in making it easy to
> redistribute the results of applying a package, rather than the package
> itself.  An overly simplistic way of looking at Radmind is that it's a
> more granular version of systemimager, implements its own protocol
> rather than using rsync (right guys?) with more tools for capturing and
> managing deltas and exceptions.  (This is a horrible analogy, I'm gonna
> get pummelled again). ;-)  Systemimager's optimized for image install,
> Radmind is optimized for ongoing maintenance.  (What do most Radmind
> users use for network install?)
> 

With our Mac's we use the Mac netboot/netrestore for the initial image 
install.

The other issue we have with Radmind vs cfengine is that Radmind has no 
concept of processes or what is in a file (as near as I can tell).  This 
means that if you want to restart a process or make changes to a single 
file you cannot do it from Radmind where you can from cfengine.  Again, 
in a controlled environment where you build the machines up from scratch 
and you know what is in each file (like our Labs), this works fine; but 
in an uncontrolled environment where a file may have be customized for 
that particular machine and all you want to do is to add a line to it 
(e.g. crontab), Radmind will not work.

Last example from my environment was changing the root password on all 
our clients.  I could not figure out how to do this with Radmind because 
the password files all had local user data in them so they were all 
different.  I was easily able to make the change with cfengine by 
running a process (shell script) that just replaced the root password 
hash with a new hash and did not touch the rest of the password file.

cheers,

ski


-- 
"When we try to pick out anything by itself, we find it
   connected to the entire universe"		John Muir

Chris "Ski" Kacoroski, ckacoroski@nsd.org, 425-489-6263