[Infrastructures] state machines

Brendan Strejcek brendan@cs.uchicago.edu
Wed, 20 Sep 2006 09:39:14 -0400 

On 9/19/06, Daniel Hagerty <hag@linnaean.org> wrote:

>  > Oh sure, I agree with that.  But let me ask you: What is more likely
>  > to have the CNAME dependency problem?  A recent backup restored, or
>  > an old system image with months or years worth of changes applied?
>  > Perhaps you see what I'm getting at.
>
>     You're presumably suggesting that the backup (since it's just data
> at this level of abstraction) is more robust than a series of hand
> crafted imperative statemnts that you execute in proper order.
>
>     The two both have their places.  A backup is a large relatively
> opaque blob; code that supposedly reproduces the backup is
> introspectable in a way the backup is not.  One being better than the
> other is dependant on the context of use.

Actually, I think I can make this a little more concrete with another
example, which incorporates the backup scenario and brings the
discussion back to the original presentation of the state machine
model of management.

You have a deterministic backup (data and code that can reinstantiate
it) which behaves exactly as expected. However, between the time the
backup was taken and the time restored, some UID mappings were changed
on an external NIS or LDAP server, so files no longer have the correct
ownership. Note that this is not a problem with NIS or LDAP: if you
store the usernames instead, you could still have the same problem,
since the canonical data, by definition, will always be that given by
the directory server.

Both the previous DNS alias example and the above UID example have a
similar nature: data is stored in an external directory which is
critical to expected functionality. The problem is a hard one because
it incorporates aspects of federation (you may not control the
directory servers; thus, the directory servers may be unreliable
and/or malicious).

The essential problem is defining the boundaries of the system to be
managed. If you can't do that, you can't construct the state machine
digraph.

The state of the network is not an edge case.

Best,
Brendan

--
http://praksys.blogspot.com
http://people.cs.uchicago.edu/~brendan/