Historical Record

October 31, 2017

in Uncategorized

My post-2011 writing moved to other forums. These posts serve as a historical record.

To quote Laurie Anderson (From the Air, Big Science, 1982):

Put your hands over your eyes. Jump out of the plane
There is no pilot. You are not alone. Standby
This is the time. And this is the record of the time
This is the time. And this is the record of the time


Like Diogenes1 I’ve been wandering around from Puppet user to Puppet user asking about the questions I brought up in the first post in this series. It seemed like such a sub-optimal hole in the workflow for the standard use case, I couldn’t believe others weren’t seeing and addressing it with some best practice I hadn’t heard about yet.

One of the people who was kind enough to suffer my investigation was was Eric Shamow, Manager of the System Operations Group at Advance Internet. He even tolerated this during the Q&A for his excellent talk at the PICC 2011 conference.  Eric introduced me to Nigel Kersten at Puppet Labs who graciously agreed to participate in the discussion about workflow Eric and I were having.

One of the things that came out of that discussion2 was an idea that came the closest to any I’ve heard for addressing my workflow concerns. I’d like to tell you about it now by paraphrasing what Nigel suggested in my own words. Any errors in the following are mine, any cool ideas found there should be attributed to Nigel.

For this explanation, I’m going to bring back some of the stellar diagram artwork from the first post in the series. My artistic skills haven’t really improved since that post, so apologies in advance.

The Big Idea

Let’s review the cast of characters from our first post:


  1. though I’d like to think a little nicer. He seemed like quite a character. []
  2. and it is possible I’ll post more here from it in future episodes []


Post image for The Puppet Puzzle Becomes More Perspicuous

Even though my exploration into the questions I broached in my last post didn’t actually continue with what you will find in this post, I’m going to pretend it did because it makes for a better narrative. Please bear with me.

I’ve been working my way through the very new and excellent book Pro Puppet by James Turnbull and Jeffrey McCune. Given my last set of questions, I was excited to hit the third chapter in the book which is all about workflow, how Puppet gets used with a VCS (git) and all that good stuff. And then I started to read…



A Puppet Puzzle

May 11, 2011

in sysadmin

I’ve watched the birth and toddlerhood of all of the major configuration management tools (Puppet, Cfengine, Chef, Bcfg2, and so on) and have had the pleasure of knowing and interacting with almost all of their parents over the years. Recently I decided it was high time I get my hands dirty by leading a substantial deployment of one of the tools at $WORK. The first tool I thought I would tackle would be Puppet.

In the process of planning for this effort, I’ve identified what appears to be a fairly large usability/workflow gap in Puppet1. I’ve tried to talk to a whole bunch of people about how they do things, but as far as I can tell everyone is still making due with fairly rickety rope bridges to get over the gap. It is entirely possible I’ve overlooked something obvious or the problem isn’t as big as the amount of scrutiny I’ve given it. But something in my long-time sysadmin heart tells me we could be doing much better. I’d like to see if I can pose a clear and cogent problem statement here and see if others can help me figure out what I’m missing.

What’s the Problem?

One of the most common scenarios for how Puppet is used seems (to me) to have a “best practices” workflow that is unclear at best and unwieldy at worst. Given how often a sysadmin performs this workflow, I’d really like to know if there is a better way. If there isn’t, I’d like to work with people to invent one. Please read on for the gory details…


  1. and most other config mgmt tools, so even if you use another config mgmt system, I’d still love your input []


I feel that I would be terribly remiss if I didn’t point people to Michael Reilly’s Discovery News article Sea Otters, the Cutest Way to Fight Global Warming. It notes a new study mentioned in New Scientist is suggesting Sea Otters have an unexpected and pretty significant role in combatting global warming.

Yet another reason to work towards helping the sea otters.


The Lawyer and the SysAdmin

April 15, 2010

Warning: dumb joke modified from a dumb joke that used to contain a character of a certain ethnicity. Also note: this is not representative of lawyers in general so please do not sue me. A lawyer and an SysAdmin are sitting next to each other on a long flight. The lawyer is thinking that SysAdmins […]

Read the full article →

Simon says…Restart Your Daemons

April 14, 2010

I’m all for performing service management using mechanisms built-in to a configuration management system (i.e. you change a config file and the config management system automatically restarts the daemon), but occasionally you get into a situation where you want to interactively do the same exact thing on several machines. For example, I recently wanted to […]

Read the full article →

Enough About Me…What Do You Think of Me?

April 14, 2010

Sorry I left this blog languish for a bit. Let me catch you up on a few things that have happened in my professional life in rough chronological order: I was quite surprised (stunned really, ask me about it some time) and tremendously honored to receive the 2009 SAGE Outstanding Achievement Award at the last […]

Read the full article →

Speeding Up fsck/fsck_hsfs on OSX

January 10, 2010

Here’s a quick tip on how to make an fsck (or specifically an fsck_hsfs) run much faster. I learned this as part of debugging some corruption with the backup image on my Time Capsule. where {%mem} is ½ to 1⁄3rd the amount of memory you have in your computer. If you need to determine the […]

Read the full article →

Some lovely SSL resources

December 29, 2009

Just had to deal with a total swap out of all of my SSL certificates at work thanks to the ipsCA screwup that also nailed Bob Plankers and Chris Siebenmann and I’m sure lots of other sites (especially .edu). I’m really peeved too, but rather than hissing and spitting like I really feel like doing, […]

Read the full article →