[linux-elitists] Congruent Infrastructure (was: Re: Surveillance)

Andy Bennett andyjpb at ashurst.eu.org
Sun Sep 8 09:14:01 PDT 2013


>> Which means I need to set up that build the source
>> package and check that the binaries match thing.
>> Anyone doing this already for your favorite
>> distribution?
> I did that at google for our distribution that runs in production,
> well more specifically we don't run upstream binaries at all. We've
> re-bootstrapped our own distribution, maintain and compile our own openssl,
> openssh and so forth.
> We also have mostly binary invariant builds, and yes that was work, we had
> to patch stuff for sure.
> However, that process didn't tell us if the upstream binaries were the same
> because we modified most of our source to be leaner and compiled differently
> than upstream.

> Home page: http://marc.merlins.org/

I notice you did this:


I'd be very interested in your views on things such as Puppet or Chef: I
myself have been very skeptical of them. Some of the issues are outlined
in this blog post (not by me):


It seems that all the evangelists for such things have never heard of
things like MIT Athena and http://www.infrastructures.org/ and don't
seem to know much about the underlying theory.

infrastructures.org describes a system similar to the one in your
slides, albeit using slightly older technology.

I'd be interested in your thoughts on "congruent infrastructure
management" especially around the issues of avoiding divergence, proving
convergence and recovery from failure that doesn't involve wiping the


andyjpb at ashurst.eu.org

More information about the linux-elitists mailing list