Services for Experts

Leveraging some features of the git source code management system, we can provide both extreme flexibility and customization while at the same time provide a stable, predicable, well curated system.
For those fortunate enough to have linux expertise, and for whom the need to move quickly and freely are paramount, a technical consensus on campus is emerging surround the use of `git` to drive linux configuration management.
In a nutshell, `git` allows *anyone* to take (in this case) config data, and create, without any further assistance, a "branch" which they can modify or replace as they see fit. These branches are tracked in git, and can be "pulled" back into the main configuration *if desired*.

For those that have the expertise

Image showing how kit can branch from https://imgur.com/gallery/YG8In8X

![Image showing how kit can branch from https://imgur.com/gallery/YG8In8X][git] [git]: images/gitbranches.png “https://imgur.com/gallery/YG8In8X”

By managing their own independent Puppet “control” repo, groups on campus can leverage our infrastructure while maintaining absolute and complete independence.

Campus can also utilize the infrastructure provided and maintained centrally, but essentially run their own custom environments by managing their own branches.

If the central environment moves too slowly for any campus group, but they have the expertise to move ahead, that work need not be lost to the campus at large, as it can be pulled back into the main branch later.

There are many ways that a central support group could conceivably assist such groups, even if they don’t need or want all services offered:

In-House admins: Completely disconnected.

  • Installation media on the RHEL Satellite
  • Local mirros of common software on OIT Mirrors
  • Full access, including “web hooks” to OIT’s git repos

In-House admins: Using OIT PXE servers only

  • Any desired bits from the previous category
  • Config for central CA, use central Foreman UI
    • Networking, firewalls, and HA all handled by OIT
    • Central CA provides secure (overseen by SnC) certificates with easier workflow.
    • Central CA means movement to any other group using the same CA is trivial.
  • Completely independent Puppet/Ansible/Chef/…
  • Completely independent git repos

Any work to monitor, load balance or scale the config management system of choice would be done by the in-house group, not centrally.

In-House admins: OIT PXE + Puppet servers

  • Any desired bits from the previous categories.
  • Completely independent git branch holding all configs
  • Git “webhook” informs central Puppet Servers when config changes made

If you use the OIT Puppet servers, then monitoring Load balancing / Fault tolerance provided is provided centrally.

In-House admins: Everything until something fails

It’s important to point out, that at any time someone using the “just something that works” model can simply branch off and do their own thing.

So, if you’re using the “just works” model, and discover in the middle of the night on a holiday weekend that you need a special config, you can create a branch, and implement and ship whatever is needed at that time.

If desired, you can work with CSI to have the centrally provided config support your scenario, and merge back into the main branch. This model allows everyone on campus to benefit from expertise that is currently only available to those that can afford it.

Tags: reference
Edit me