[Beowulf] Configuration change monitoring

Mark Hahn hahn at mcmaster.ca
Thu Aug 30 14:19:55 EDT 2007

> It is more the ITIL standards, and Commercial vendor  lobbying, our
> accountants are clueless :)

I have no idea what ITIL means, but would probably prefer to keep
it that way :)

a standard that forces use of specific and commercial packages 
is not a standard at all...

> HPC clusters are normally a horde of clones.  no configuration change
>> is applied individually to a node, but rather applied en-mass.
>> reimaging nodes is not a huge big deal, for instance (and a non-event
>> if you use nfs-root - definitely a good idea in some cases.)
> True The only frequent changes are user account modification, mounted nfs
> files, and scheduler configurations files if log level need to be altered. I

none of those require any node-local changes.  as I mentioned, nfs-root
solves many of them, though it's common to use ldap/nis/AD.  it's uncommon
to change the NFS mounts on a compute node, but also quite easy to change
the fstab and then something like "pdsh -a mount -a"

> can just write a script or use a file integrity checker to check these. The
> problem is that the department that is asking us to implement configuration
> change monitoring based on a security audit items want more  than that, want

perhaps you should ask them what their actual goals/motives are,
and talk to them to figure out how it makes sense for a cluster.
offhand, I'd be surprised if it made any sense to do for anything
except admin nodes (ie, not compute nodes).

regards, mark hahn.
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf


More information about the Beowulf mailing list