Radmind

And how to lapply it

Jeffrey T. Peckham

What Radmind is

A tool to compare filesystem objects to transcripts (radmind term)
A service to provision POSIX based machines with OS and applications
A service to load, unload, upgrade, downgrade and otherwise maintain a system and its software

What Radmind is not!

A Package Management System
An imaging solution
A tool that understands Package Management Systems
An "intelligent" tool that knows what you want and/or runs your system for you

Radmind in a Nutshell

Radmind is a client/server tool to define and store collections of files and filesystem objects in a central authoritative place and PULL from that location to clients in order to monitor and apply changes.

Things to know before diving in

Everything is a File!
Filesystem objects - file, dir, block device, char device, symlink, hardlink, etc.
File metadata - ownership, permissions, timestamp, size, etc. (SEE stat)
FHS - Filesystem Hierarchy Standard

Filesystem Hierarchy Standard

www.pathname.com/fhs
Guidelines for filesystem layout and common tool locations
Attempts to define the purpose of common directory structures
Outlines characteristics that help define management techniques for these directory structures

FHS categories

	shareable	unsharable
static	/usr /opt	/etc /boot
variable	/var/mail /var/spool/news	/var/run /var/lock

Radmind Terms

Transcript: a list of related filesystem objects and metadata
Loadset: a Transcript and its associated files
Creatable Transcript: a Transcript used to describe a new set of files and changes
Applicable Transcript: a Transcript used to apply changes to a system.
Positive Transcript: a Creatable Transcript that defines managed static objects
Negative Transcript: a Creatable Transcript that defines unmanaged files

Radmind Terms (continued)

Command File: a list of related Transcripts and other Command Files to include
Specials: individual files listed in a Command File which are special to an IP, Hostname or Client SSL Certificate
Excludes: a list of patterns for files to be ignored on the filesystem (.DS_Store on Mac OS X)
Overload: when a transcript defines a file that's been previously defined the latter gets the precedence.

FHS categories > Transcript Types

	shareable	unsharable
static	positive	specials / positive
variable	negative	excludes / negative

Example Transcript

#Type Path                             Perms Owner Group [OPTIONS]
d    .                                 0755    0     0
d    ./usr                             0755    0     0
d    ./usr/bin                         0755    0     0
l    ./usr/bin/dos2unix                0777    0     0   fromdos
f    ./usr/bin/fromdos                 0755    0     0   1259061169
	10004 /gvHGTcAmP1YdWhqeTk2+91aFJs=
d    ./usr/lib                         0755    0     0
d    ./usr/share                       0755    0     0
d    ./usr/share/man                   0755    0     0
d    ./usr/share/man/man1              0755    0     0
l    ./usr/share/man/man1/dos2unix.1   0777    0     0   fromdos.1
f    ./usr/share/man/man1/fromdos.1    0644    0     0   1259061169
	3589 AaxTxKJDXOaLgdBzrpBCM616ELA=

Regular File (with checksum)




Type  Path                             Perms Owner Group Timestamp
|       |                                |     |     |       |
f    ./usr/bin/fromdos                 0755    0     0   1259061169
	10004 /gvHGTcAmP1YdWhqeTk2+91aFJs=
          |         |
 	Size	Checksum

Radmind Server Space

/var/radmind/

config: defines root command file for clients
command/: area for command files
transcript/: area for transcripts
file/: mirror of transcripts folder for stored files
special/: area to store per machine specials
tmp/: staging area for newly uploaded transcripts and stored files

Command File

#Type	Command file or Transcript in radmind space
k	common.K
p	somedir/positive.T
n	somedir/negative.T

# Remove/Ignore Transcript from common.K
- p	somedir/common.T

#Type	File system path 
s	./etc/network/interfaces

#Type	File system path pattern
x	*/.DS_Store

Radmind Client Tools

fsdiff: compares filesystem to loadset
ktcheck: obtains latest transcripts and command files from radmind server
lapply: apply changes to filesystem using an Applicable Transcript
lcreate: stores Creatable Transcripts to radmind server along with any storable files

Radmind Client Tools (continued)

lfdiff: compares local file to file on server (diff for single files)
repo: report events to radmind server
twhich: returns which command file and transcript an object is defined in

Radmind Server Tools

radmind: daemon that provides service to radmind client tools
lcksum: verifies and updates transcript metadata and checksums
lmerge: merges transcripts together
lsort: sorts transcript into depth + ls sort order

Demo

Check current state of machine A and B
Make Changes on A
Create Transcript
Push to Server
Add to Command File
Apply to machine A and B

Effective Usage Concepts

Separation of Application and Configuration
Platform Dependent vs Platform Independent transcripts and Glue Layers
Class Overloading
"Radmind Friendly" configuration files and tools
Separation of Dynamic User Driven Content vs State Driven Content
Manage as much as possible, but pick your battles

Develop Processes

ra.sh - wrapper to client tools
Machine checkout
Manage Radmind Space (i.e. manage transcripts with RCS)

Caveats

Package Management Systems require tweaking to play nicely with radmind
Command File and Transcript manipulation is mostly done by hand
Requires you to be more organized

Benefits

Requires you to be more organized
It's Fast - 2 passes (fsdiff and lapply) of the filesystem for a full system update
Inherent Tripwire - all managed objects are accounted for, therefore they can be checked for modifications
Simple - concise tools make it easy to learn and easy to debug when something goes amiss
Granular Control - Easy to isolate OS and application changes to debug and test
OS Independence - single server can provide loadsets to Linux, BSD, Mac, and Solaris machines

Pitfalls

Emergent Dependencies on libraries or directory structures
Too Large vs Too Many Transcripts
Per Package updates to system wide files (i.e. passwd, shadow, perllocal.pod, installed packages databases, etc.)

Summary

Radmind is an effective management tool for a semi-homogeneous environment
Identify radmind friendly directory structures and configuration layouts
Manage as much as possible
Use overload techniques to build off a common base and reuse transcripts
Develop processes that protect against pitfalls or additional work
Be Organized

Radmind

Jeffrey T. Peckham

Radmind

And how to lapply it

Jeffrey T. Peckham

What Radmind is

What Radmind is not!

Radmind in a Nutshell

Things to know before diving in

Filesystem Hierarchy Standard

FHS categories

Radmind Terms

Radmind Terms (continued)

FHS categories > Transcript Types

Example Transcript

Regular File (with checksum)

Radmind Server Space

/var/radmind/

Command File

Radmind Client Tools

Radmind Client Tools (continued)

Radmind Server Tools

Demo

Effective Usage Concepts

Develop Processes

Caveats

Benefits

Pitfalls

Summary

Questions?

Links