For the past several years we have been managing the operating system on our servers using a transcript based configuration management tool called Radmind. Radmind was developed by the University of Michigan's Research Systems Unix Group. The concept of radmind is simple, a sysadmin builds transcripts describing a filesystem, stores the transcripts along with the files they describe on a server and then applies these transcripts to any other server basically mirroring the original server. Compared to other tools that simply mirror a filesystem, Radmind gives greater control over multiple configurations with minimal fuss. Its a great tool. There are plenty of good reasons to use Radmind to keep track of your web servers, but here are our three main reasons.
- Deploy new servers with consistent operating system images quickly and painlessly.
Transcripts can be cascaded allowing us to combine multiple configurations into a singular transcript. In addition, negative transcripts can indicate to Radmind which areas of the file system it should not touch. These features combined allow us to take a varying level of control over the servers we maintain, making it easy to store the consistent parts of our disk images in Radmind while leaving the inconsistent parts (site specific files and data) to be managed by more appropriate backup systems.
- Upgrade servers quickly and safely.
When transcripts are modified they can be applied across multiple servers either automatically (by using a cron job) or simply by running a few quick commands on the server. Since the child servers should basically mirror the master transcripts (which are expected to be well tested before release) upgrades tend to be safer.
- Rollback file system changes quickly.
Transcripts do a great job of recording what should exist in the file system, and they also do a great job of recording what should not exist. Therefore, changes to the file system can be quickly rolled back simply by reapplying transcripts. All files in the transcripts are checksumed so any file radmind detects that does not mach this checksum is instantly rolled back to the original. This can be especially useful if the server gets hacked. Instead of spending time looking around for obfuscated configuration changes left behind by the hacker, simply rerun the transcript to restore the system to its pre-compromised state.
