<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Le 14/03/2017 à 10:30, Janos
Mattyasovszky a écrit :<br>
</div>
<blockquote
cite="mid:UTjgNPwiXThLguxf0NbJ5MfwqMORKCKEdv2lth5pi-7uyRhjkyyMGCDoRCI9v8MdsPZk5pGdsoflwW8I8Zz0KWQLtEpN6iBxKr5KmBbmOSc=@matya.eu"
type="cite">
<div>Hi dear Rudder Community,<br>
</div>
<div><br>
</div>
<div><u>The Challenge: </u><br>
</div>
<div>The biggest benefit of a Config Management tool can also
become pretty fast the greatest doom of the environment you have
to manage. Imagine you make a typo and it goes undetected to all
your systems. If you hit 3000 nodes with a bad policy within 10
minutes, you can easily create the biggest IT Outage your
company had, even making it go out of business... not a good way
to become famous... Remember AWS? :-)<br>
</div>
<div><br>
</div>
<div><u>The idea:</u><br>
</div>
<div>Currently Rudder only knows one version of Policy that is
"current" (correct me if I'm wrong) and that is applied to all
nodes at once. You can of course workaround your way by not
applying a policy to all nodes at once, and use "exclude groups"
attached to Rules and then removing them step-by-step, but that
does not solve the question on how to modify a rule already
applied to all your nodes in an "elegant" manner? There is of
course the way to unassign it from all nodes,
wait-for-policy-generation, then modify it, attach it back
step-by-step, each time wait-for-policy-generation, but that is
pretty error-prone and also hard to track if you get
interrupted.<br>
</div>
<div><br>
</div>
<div>This OTOH would require each piece of policy to be versioned
separately and the ability for the Nodes to have different
"current" versions of Config as their valid policy. This would
enable you modify something (that change would increment the
version of that policy item), and then you could apply that
_somehow_ incremental to the designated receivers of the config
(the set of groups), by chosing some kind of rollout mechanism.<br>
</div>
</blockquote>
<br>
Maybe just having 2 versions of generated policies could be
sufficient, current one and last one.<br>
We also need something to monitor how late a node is, to make sure
we do not forget some node in the process.<br>
<br>
<br>
<blockquote
cite="mid:UTjgNPwiXThLguxf0NbJ5MfwqMORKCKEdv2lth5pi-7uyRhjkyyMGCDoRCI9v8MdsPZk5pGdsoflwW8I8Zz0KWQLtEpN6iBxKr5KmBbmOSc=@matya.eu"
type="cite">
<div><br>
</div>
<div>Rudder could take care of rolling out the change by a staged
way, like "<i>10 nodes/hour</i>" or "<i>10%-25%-75%-100% with
safety pauses of 2h</i>". Since Rudder also knows the
compliance, it could monitor the those nodes already having the
new version of policy, and if it's over X%, it would commence to
the next stage of the rollout.<br>
</div>
<div><br>
</div>
<div>This _somehow_ is probably the hardest thing to define, since
there are probably as many "rollout methods" as Rudder users
itself. I have came up with some examples, which could probably
be used by most of the people, but there are of course also very
dedicated ways that are very-very specific to an organization,
so any feedback on this generic idea and possible rollout
methods I think is highly welcome.<br>
</div>
</blockquote>
<br>
If you are rolling out to avoid a mistake, a 2 steps rollout may be
sufficient.<br>
<br>
If you do it because thee is some level of unknown in your platform
(a platform is rarely uniform) you may prefer a progress based on
confidence, more and more machines, for example 1 - 10 - 100 - 1000
- 10000<br>
Then in this second case, your node selection method also becomes
important, should you prefer preproduction first or choose a list of
as diverse machines as possible ?<br>
<br>
If you do it because you want to manually test things, you may
prefer a human based progress: - human choose this filter - stop -
human choose another filter - stop - ...<br>
<br>
You probably also want to automate this and have a machine doing the
tests and triggering next step.<br>
<br>
<br>
<br>
<br>
<blockquote
cite="mid:UTjgNPwiXThLguxf0NbJ5MfwqMORKCKEdv2lth5pi-7uyRhjkyyMGCDoRCI9v8MdsPZk5pGdsoflwW8I8Zz0KWQLtEpN6iBxKr5KmBbmOSc=@matya.eu"
type="cite">
<div><br>
</div>
<div>Thanks for reading,<br>
</div>
<div><br>
</div>
<div>Best Regards,<br>
</div>
<div>Janos Mattyasovszky<br>
</div>
<div class="protonmail_signature_block ">
<div class="protonmail_signature_block-proton
protonmail_signature_block-empty"><br>
</div>
</div>
<div><br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
rudder-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:rudder-dev@lists.rudder-project.org">rudder-dev@lists.rudder-project.org</a>
<a class="moz-txt-link-freetext" href="http://www.rudder-project.org/mailman/listinfo/rudder-dev">http://www.rudder-project.org/mailman/listinfo/rudder-dev</a>
</pre>
</blockquote>
<br>
<p><br>
</p>
<div class="moz-signature">-- <br>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<style type="text/css">
<!--
a.redlink:link { color: #1782E6; }
a.redlink:visited { color: #1782E6; }
.sig { font-family: 'Century Gothic', CenturyGothic, AppleGothic, sans-serif; font-size: small; }
.sigsmall { font-family: 'Century Gothic', CenturyGothic, AppleGothic, sans-serif; font-size: x-small; }
-->
</style>
<table border="0" cellpadding="0" cellspacing="2" width="380">
<tbody>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><b><img alt="Logo Normation"
src="cid:part1.7DC6B12B.DF2E8569@normation.com"
align="left" height="50" hspace="10" width="50"> <span
class="sig">Benoît Peccatte</span></b><br>
<span class="sig"><i>Architecte</i></span><br>
<span class="sig"><a class="redlink"
href="http://www.normation.com">Normation</a></span> </td>
</tr>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><span class="sigsmall"><b>87, Rue de
Turbigo, 75003 Paris, France</b></span></td>
</tr>
<tr>
<td><span class="sigsmall">Phone:</span></td>
<td><span class="sigsmall">+33 (0)1 85 08 48 96</span></td>
</tr>
<tr>
<td colspan="2">
<hr> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>