Changeset 200

Timestamp:

12/08/05 06:07:09

Author:

stevegt

Message:

4.2.8 release

Files:

• trunk/README (modified) (2 diffs)
• trunk/doc/isconf.8 (modified) (7 diffs)
• trunk/doc/isconf.html (modified) (7 diffs)
• trunk/doc/isconf.t2t.in (modified) (6 diffs)
• trunk/version (modified) (1 diff)

trunk/README

@@ -27 +27 @@
-====================================================
-
-6
+8
-cd /tmp
-isconf -m "upgrade to $newversion" lock
@@ -37 +37 @@
-(...and make /etc/rc* symlinks, again using isconf exec)
-isconf exec chmod 755 /usr/bin/isconf
-
+
-isconf reboot
-isconf ci

trunk/doc/isconf.8

@@ -1 @@
-1/17/2005" "ISconf 4.2.7.197
+2/01/2005" "ISconf 4.2.7.199
-
-.SH NAME
@@ -65 +65 @@
-aren't as interested in O/S patch management, or still want to log in
-as root on target machines and make arbitrary untracked changes, then
-
-
+
-
-.SH BACKGROUND
@@ -406 +405 @@
-Rather than set this in an environment variable, you're better off
-populating the \fB/var/is/conf/domain\fR file, below.
+
+See the \fBdomain\fR glossary entry.
-
-.TP
@@ -670 +671 @@
-then creating a \fBcheckpoint image\fR.
-
-
+
+
+
+
+
+
-
-See also \fBclass\fR.
-
+For more discussion of what branches are, and how they contrast
+with domains, see
+http://trac.t7a.org/isconf/wiki/DomainsVsBranches.
+
-.TP
-\fBcategories of data\fR
+
-There appear to be three categories of data or executables on the 
-disk of a typical UNIX machine:
@@ -702 +713 @@
-.TP
-\fBclass\fR
+
-This is an anti\-definition: the word "class" should not be used to
-describe anything related to deterministic host management.  It
@@ -708 +720 @@
-propagated to subclasses", and so on; most of these misconceptions
-imply that \fIediting history\fR is a safe thing to do.
+
+.TP
+\fBcongruent\fR
+
+Remaining in compliance with a fully\-descriptive specification.
+If a configuration management tool is congruent, the machines it
+manages will remain in lock\-step with the desired state.  This
+makes it easier to maintain a representative test environment, and
+allows for more predictable disaster recovery.  ISconf is
+congruent.  Also see the \fBconvergent\fR glossary entry, and:
+
+http://www.infrastructures.org/papers/turing/turing.html#methods/congruence
+
+.TP
+\fBconvergent\fR
+
+Tending to converge towards a desired state.  If a configuration
+management tool is convergent, the machines it manages will trend
+towards each other in disk state, but for practical reasons they
+will rarely reach congruence.  It will be difficult to maintain a
+representative test environment, and changes will tend to be made
+first, and tested first, in production.  Predictable disaster
+recovery will remain elusive.  Also see the \fBcongruent\fR glossary
+entry.  For more in\-depth information about convergence, see:
+
+http://www.infrastructures.org/papers/turing/turing.html#methods/convergence
+
+.TP
+\fBdomain\fR
+
+An ISconf domain name is more or less equivalent to a NIS domain
+name, an AFS cell name, or a Kerberos realm name.  This name is an
+arbitrary string, but by convention it is usually based on the DNS
+domain name.
+
+ISconf domains are a security mechanism, primarily in regards to
+information hiding.  All of the machines sharing the same ISconf
+domain name will share the same distributed cache, so root users
+on all of these machines will be able to read the contents of the
+cache.  Likewise, machines that are in different domains will not
+share the same cache, so root users of these machines will not
+have access to the cache contents of the other domain.  This
+becomes important if there is any proprietary or sensitive
+information stored in the ISconf cache, for example via a 'snap'
+or 'exec' command.
+
+Normally you'd want all of the machines in a given legal entity \-\-
+the same corporation, for instance, to use the same domain name.
+For example, a small company using ISconf might use an ISconf
+domain name of 'example.com' on all of their machines.  A larger
+company might have multiple divisions or subsidiaries and legal or
+security reasons for segregating machines.  The large campany
+might put most of their machines in 'example.com', but for
+regulatory or security reasons might isolate a subsidiary into
+'foo.example.com', and might put their bastion and firewall
+machines into 'security.example.com'.  Note again that there
+doens't need to be a 'security.example.com' DNS domain for this to
+work.
+
+The idea of ISconf domains is to completely isolate legal entities
+from each other when sharing the same net.  Machines in different
+domains refuse to cache each other's data, answer each other's
+queries, and so on.  Domains really come into play in the TCP
+crypto and user auth code (ISconf 4.3 and later), where each
+domain has its own PGP keyring; its own database of hosts and
+users, and all of the wire traffic is encrypted accordingly.
+
+Establishing two machines in different domains means "I don't want
+these machines to ever cooperate at all.  I will never merge their
+branches, I don't want them to be able to share or see each
+other's packages, cache space, or wire traffic."
+
+For more discussion of what domains are, and how they contrast
+with branches, see
+http://trac.t7a.org/isconf/wiki/DomainsVsBranches.
+
+Domain names must match this regular expression:
+
+.nf
+          \ew+[-\ew\e.]+
+.fi
+
-
-.TP
@@ -823 +917 @@
-explosion of risk, to the point where all data on disk must be
-considered to be environmental, and all changes must be considered
-
-
+
+
+
+
+
-
-.TP

trunk/doc/isconf.html

@@ -7 +7 @@
-<P ALIGN="center"><CENTER><H1>isconf(8)</H1>
-<FONT SIZE="4">
-7
-1/17
+9
+2/01
-</FONT></CENTER>
-
@@ -107 +107 @@
-aren't as interested in O/S patch management, or still want to log in
-as root on target machines and make arbitrary untracked changes, then
-
-
+
-</P>
-<A NAME="toc5"></A>
@@ -439 +438 @@
-    Rather than set this in an environment variable, you're better off
-    populating the <B>/var/is/conf/domain</B> file, below.
+<P></P>
+    See the <B>domain</B> glossary entry.
-<P></P>
-<DT><B>IS_HOME</B> </DT><DD>
@@ -693 +694 @@
-    then creating a <B>checkpoint image</B>.
-<P></P>
-
+
+
+
+
+
-<P></P>
-    See also <B>class</B>.
-<P></P>
+    For more discussion of what branches are, and how they contrast
+    with domains, see
+    <A HREF="http://trac.t7a.org/isconf/wiki/DomainsVsBranches">http://trac.t7a.org/isconf/wiki/DomainsVsBranches</A>.
+<P></P>
-<DT><B>categories of data</B></DT><DD>
+<P></P>
-    There appear to be three categories of data or executables on the 
-    disk of a typical UNIX machine:
@@ -719 +729 @@
-<P></P>
-<DT><B>class</B></DT><DD>
+<P></P>
-    This is an anti-definition: the word "class" should not be used to
-    describe anything related to deterministic host management.  It
@@ -726 +737 @@
-    imply that <I>editing history</I> is a safe thing to do.
-<P></P>
+<DT><B>congruent</B></DT><DD>
+<P></P>
+    Remaining in compliance with a fully-descriptive specification.
+    If a configuration management tool is congruent, the machines it
+    manages will remain in lock-step with the desired state.  This
+    makes it easier to maintain a representative test environment, and
+    allows for more predictable disaster recovery.  ISconf is
+    congruent.  Also see the <B>convergent</B> glossary entry, and:
+<P></P>
+        <A HREF="http://www.infrastructures.org/papers/turing/turing.html#methods">http://www.infrastructures.org/papers/turing/turing.html#methods</A>/congruence
+<P></P>
+<DT><B>convergent</B></DT><DD>
+<P></P>
+    Tending to converge towards a desired state.  If a configuration
+    management tool is convergent, the machines it manages will trend
+    towards each other in disk state, but for practical reasons they
+    will rarely reach congruence.  It will be difficult to maintain a
+    representative test environment, and changes will tend to be made
+    first, and tested first, in production.  Predictable disaster
+    recovery will remain elusive.  Also see the <B>congruent</B> glossary
+    entry.  For more in-depth information about convergence, see:
+<P></P>
+        <A HREF="http://www.infrastructures.org/papers/turing/turing.html#methods">http://www.infrastructures.org/papers/turing/turing.html#methods</A>/convergence
+<P></P>
+<DT><B>domain</B></DT><DD>
+<P></P>
+    An ISconf domain name is more or less equivalent to a NIS domain
+    name, an AFS cell name, or a Kerberos realm name.  This name is an
+    arbitrary string, but by convention it is usually based on the DNS
+    domain name.
+<P></P>
+    ISconf domains are a security mechanism, primarily in regards to
+    information hiding.  All of the machines sharing the same ISconf
+    domain name will share the same distributed cache, so root users
+    on all of these machines will be able to read the contents of the
+    cache.  Likewise, machines that are in different domains will not
+    share the same cache, so root users of these machines will not
+    have access to the cache contents of the other domain.  This
+    becomes important if there is any proprietary or sensitive
+    information stored in the ISconf cache, for example via a 'snap'
+    or 'exec' command.
+<P></P>
+    Normally you'd want all of the machines in a given legal entity --
+    the same corporation, for instance, to use the same domain name.
+    For example, a small company using ISconf might use an ISconf
+    domain name of 'example.com' on all of their machines.  A larger
+    company might have multiple divisions or subsidiaries and legal or
+    security reasons for segregating machines.  The large campany
+    might put most of their machines in 'example.com', but for
+    regulatory or security reasons might isolate a subsidiary into
+    'foo.example.com', and might put their bastion and firewall
+    machines into 'security.example.com'.  Note again that there
+    doens't need to be a 'security.example.com' DNS domain for this to
+    work.
+<P></P>
+    The idea of ISconf domains is to completely isolate legal entities
+    from each other when sharing the same net.  Machines in different
+    domains refuse to cache each other's data, answer each other's
+    queries, and so on.  Domains really come into play in the TCP
+    crypto and user auth code (ISconf 4.3 and later), where each
+    domain has its own PGP keyring; its own database of hosts and
+    users, and all of the wire traffic is encrypted accordingly.
+<P></P>
+    Establishing two machines in different domains means "I don't want
+    these machines to ever cooperate at all.  I will never merge their
+    branches, I don't want them to be able to share or see each
+    other's packages, cache space, or wire traffic."
+<P></P>
+    For more discussion of what domains are, and how they contrast
+    with branches, see
+    <A HREF="http://trac.t7a.org/isconf/wiki/DomainsVsBranches">http://trac.t7a.org/isconf/wiki/DomainsVsBranches</A>.
+<P></P>
+    Domain names must match this regular expression:
+<P></P>
+<PRE>
+          \w+[-\w\.]+
+</PRE>
+</DL>
+
+<DL>
-<DT><B>editing history</B></DT><DD>
-<P></P>
@@ -835 +926 @@
-    explosion of risk, to the point where all data on disk must be
-    considered to be environmental, and all changes must be considered
-
-
+
+
+
+
+
-<P></P>
-<DT><B>evolvable data</B></DT><DD>

trunk/doc/isconf.t2t.in

@@ -89 +89 @@
-aren't as interested in O/S patch management, or still want to log in
-as root on target machines and make arbitrary untracked changes, then
-
-
+
-
-
@@ -407 +406 @@
-    Rather than set this in an environment variable, you're better off
-    populating the **/var/is/conf/domain** file, below.
+
+    See the **domain** glossary entry.
-
-: **IS_HOME** 
@@ -656 +657 @@
-    then creating a **checkpoint image**.
-    
-
+
+
+
+
+
-
-    See also **class**.
-
+    For more discussion of what branches are, and how they contrast
+    with domains, see
+    http://trac.t7a.org/isconf/wiki/DomainsVsBranches.
+
-: **categories of data**
+
-    There appear to be three categories of data or executables on the 
-    disk of a typical UNIX machine:
@@ -680 +690 @@
-
-: **class**
+
-    This is an anti-definition: the word "class" should not be used to
-    describe anything related to deterministic host management.  It
@@ -686 +697 @@
-    propagated to subclasses", and so on; most of these misconceptions
-    imply that //editing history// is a safe thing to do.
+
+: **congruent**
+
+    Remaining in compliance with a fully-descriptive specification.
+    If a configuration management tool is congruent, the machines it
+    manages will remain in lock-step with the desired state.  This
+    makes it easier to maintain a representative test environment, and
+    allows for more predictable disaster recovery.  ISconf is
+    congruent.  Also see the **convergent** glossary entry, and:
+
+        http://www.infrastructures.org/papers/turing/turing.html#methods/congruence
+
+: **convergent**
+
+    Tending to converge towards a desired state.  If a configuration
+    management tool is convergent, the machines it manages will trend
+    towards each other in disk state, but for practical reasons they
+    will rarely reach congruence.  It will be difficult to maintain a
+    representative test environment, and changes will tend to be made
+    first, and tested first, in production.  Predictable disaster
+    recovery will remain elusive.  Also see the **congruent** glossary
+    entry.  For more in-depth information about convergence, see:
+
+        http://www.infrastructures.org/papers/turing/turing.html#methods/convergence
+
+: **domain**
+
+    An ISconf domain name is more or less equivalent to a NIS domain
+    name, an AFS cell name, or a Kerberos realm name.  This name is an
+    arbitrary string, but by convention it is usually based on the DNS
+    domain name.
+
+    ISconf domains are a security mechanism, primarily in regards to
+    information hiding.  All of the machines sharing the same ISconf
+    domain name will share the same distributed cache, so root users
+    on all of these machines will be able to read the contents of the
+    cache.  Likewise, machines that are in different domains will not
+    share the same cache, so root users of these machines will not
+    have access to the cache contents of the other domain.  This
+    becomes important if there is any proprietary or sensitive
+    information stored in the ISconf cache, for example via a 'snap'
+    or 'exec' command.
+
+    Normally you'd want all of the machines in a given legal entity --
+    the same corporation, for instance, to use the same domain name.
+    For example, a small company using ISconf might use an ISconf
+    domain name of 'example.com' on all of their machines.  A larger
+    company might have multiple divisions or subsidiaries and legal or
+    security reasons for segregating machines.  The large campany
+    might put most of their machines in 'example.com', but for
+    regulatory or security reasons might isolate a subsidiary into
+    'foo.example.com', and might put their bastion and firewall
+    machines into 'security.example.com'.  Note again that there
+    doens't need to be a 'security.example.com' DNS domain for this to
+    work.
+
+    The idea of ISconf domains is to completely isolate legal entities
+    from each other when sharing the same net.  Machines in different
+    domains refuse to cache each other's data, answer each other's
+    queries, and so on.  Domains really come into play in the TCP
+    crypto and user auth code (ISconf 4.3 and later), where each
+    domain has its own PGP keyring; its own database of hosts and
+    users, and all of the wire traffic is encrypted accordingly.
+
+    Establishing two machines in different domains means "I don't want
+    these machines to ever cooperate at all.  I will never merge their
+    branches, I don't want them to be able to share or see each
+    other's packages, cache space, or wire traffic."
+
+    For more discussion of what domains are, and how they contrast
+    with branches, see
+    http://trac.t7a.org/isconf/wiki/DomainsVsBranches.
+
+    Domain names must match this regular expression:
+
+```
+        \w+[-\w\.]+
+```
+
-
-: **editing history**
@@ -794 +884 @@
-    explosion of risk, to the point where all data on disk must be
-    considered to be environmental, and all changes must be considered
-
-
-
+
+
+
+
+
+
-: **evolvable data**
-

trunk/version

@@ -1 @@
-7
+8