I was reading a ComputerWorld article about how Google and Amazon achieve scale. The theme: you must do better than linear cost scale and the only way to achieve that is to automate and commoditize hardware. I find interesting parallels in the Crowbar physical devops effort.
As the OpenCrowbar team continues to explore the concepts around “ready state,” I discover more and more small ops nuisances that need to be included in the build up before installing software. These small items quickly add up at scale breaking the rule above.
I’ve already posted about the performance benefit of building a Squid Proxy fabric as part of the underlying ops environment. As we work on Chef Metal, SaltStack and Packstack integrations (private beta), we’ve rediscovered the importance of management/population of SSH public keys.
In cloud infrastructure, key injection is taken for granted; however, it’s not an automatic behavior in the physical ops. Since OpenCrowbar handles keys by default but other tools (like Cobbler or Razor) expect that you will use kickstart to inject your SSH keys when you install the Operating System..
Including keys in kickstart (which I’m using generically instead of preseed, auto-yast, jumpstart, etc) hand generated scripts is a potentially dangerous security practice since it makes it difficult to propagate and manage your keys. It also means that every time a new operating system update is released that you may have to update and retest your kickstarts. OpenCrowbar has the same challenge but our approach allows everyone can share in the work because our bootstrapping files are scripted and generic.
OpenCrowbar takes care of these ready state configurations in our integrations with these DevOps platforms. Our experience has been that little items like SSH keys and proxy configurations can make a disproportionate advantage in running scale ops or during iterative development.