[Mageia-sysadm] planning for sysadmin task

Michael Scherer misc at zarb.org
Sat Oct 30 10:55:51 CEST 2010


Le mardi 26 octobre 2010 à 16:39 +0200, Romain d'Alverny a écrit :
> On Tue, Oct 26, 2010 at 16:06, Olivier Thauvin
> <nanardon at nanardon.zarb.org> wrote:
> > * Romain d'Alverny (rdalverny at gmail.com) wrote:
> >> On Tue, Oct 26, 2010 at 15:23, Michael Scherer <misc at zarb.org> wrote:
> >> Sysadm. Per request of webteam.
> >>
> >> > - setup of infrastructure ( ie apache module)
> >>
> >> Sysadm. Per request of webteam.
> >>
> >> > - who is in charge of securing
> >> >  - the servers
> >> >  - each applications
> >>
> >> Both. Server security is going to be affected by application security
> >> and this is the webteam role to control that part. And to assume/fix
> >> potential issues.
> > [...]
> > Since you prefer to not using rpm, the work to setup such application
> > get more complicated, especially if the sys admin don't know perl (in
> > this case, the same apply to php apps, python, etc...).
> 
> I know this firsthand, from both sides, yes. That's the webteam
> responsibility to provide this info for installing/upgrading the app,
> and that partially requires from the webteam some knowledge about the
> system.
> 
> So indeed, both teams need to know/understand each other.
> 
> > I don't like the "svn snapshot" way for officially in use web apps. It
> > works for testing the devel version, but I'd really hope anyone
> > working on web apps is able to have a clear roadmap and managing branch
> > for quick security fixes.
> 
> Sure. But it happens to break nonetheless. What is crucial is not that
> there is no breach (there will), it's that it is quickly reported and
> fixed.
> 
> > And since you have a stable branch and a devel one, you are able to
> > quickly redo a rpm.
> 
> I understand that but a RPM is an unnecessary step here IMHO. A web
> app/development life cycle in dev/production is not the same as one
> for a packaged app for a distribution.
> 
> All I care here as a Web dev/project manager is:
>  - working on the app
>  - making sure it works
>  - pushing to prod
>  - check again
>  - iterate.
> 
> Pushing deployment from dev to production, assuming all tests pass,
> should be ideally as fast as pushing a single button and waiting for a
> few seconds. And it may not be a trivial thing either (not just
> pushing files, but moving the app into several states for a clean
> migration).
> 
> At some extent, RPM dependencies would be a useful thing for setting
> up the application but this mostly happens once (first install) and
> can be easily hosted within the web application itself (and then
> handle the error) - WordPress and Drupal do it for instance.

It also prevent the removal of used dependencies. 
This can happen either when we are cleaning the server, or when we
upgrade the server, or another application. 

If tomorrow, we discover a huge security hole in php-hugesecurityhole
rpm, we need to know who use it to assess the security of the
infrastructure. And without knowing what other packages use the rpm,
this is gonna be slightly complicated to know if we are affected or not.


> So we can discuss this further with other future webteam members but I
> will seriously not manage a production environment that goes through
> packaging for app updates.

Well, if creating a package is just a single command ( as would be a
upgrade to the production server ), I do not think it will be much of a
problem. The only issue is to find someone skilled enough to create a
shell script for that and I do not really think that it will be a big
problem. We have a team of 8 admins and there is several volunteers
eager to help, it would be quite weird to have no one able to do it in
time.

> That does not mean I don't care about security - that means that
> there's a balance to find and that web developers have to be in charge
> of their apps security as well. So if that means we need to have
> separate servers to isolate risks, so be it. If that means we need to
> go for a different type of hosting, so be it.

Separating server do not really help much, if there is a security
problem, it will be there wherever you are. You can reduce the impact of
course, but that's just a consolation.  We will have work to do to be
sure the server is clean after being audited, the reputation will be
affected none the less, and if the server is used for
spam/attack/whatever, we have to take care of this. 

-- 
Michael Scherer



More information about the Mageia-sysadm mailing list