Information Technology Reference
In-Depth Information
Whenlayingouttheconfigurationmanagementaspectsofyoursystem,youcanachieve
greaterflexibilityanddelegatemanagementthrough
multitenancy
.Thissimplymeansset-
ting up the system to allow individual groups, or “tenants,” to control their own code base.
Importantqualitiesofamultitenantframeworkarethatitcanbeusedbymultiplegroups
on a self-service basis, where each group's usage is isolated from that of the other groups.
Doing so requires a permission model so that each team is protected from changes by the
other teams. Each team is its own security domain, even though just one service is provid-
ing services to all teams.
Case Study: Multitenant Puppet
Google has one centralized Puppet server system that provides multitenant access
to the individual teams that use it. The Mac team, Ubuntu team, Ganeti team, and
others are all able tomanage their ownconfigurations without interfering with one
another.
The system is very sophisticated. Each tenant is provided with a fully source
code-controlled area for its files plus separate staging environments for develop-
ment, testing, and production. Any feature added to the central system benefits
everyone.Forexample,anyworkthePuppetteamdoestomaketheservershandle
a larger number of clients benefits all tenants. When the Puppet team made it pos-
sibleforthePuppetserverstobesecurelyaccessedfromoutsidethecorporatefire-
wall, all teams gained the ability for all machines to stay updated even when mo-
bile.
While Google's system enables each tenant to work in a self-service manner,
protections exist so that no team can modify any other's files. Puppet manifests
(programs)runasrootandcanchangeanyfileonthemachinebeingrunon.There-
fore it is important that (for example) the Ubuntu team cannot make changes to
the Mac team's files, and vice versa. Doing so would, essentially, give the Ubuntu
team access to all the Macs. This is implemented through a simple but powerful
permission system.
12.9 Summary
Themajorityofasystemadministrator'sjobshouldfocusonautomatingSAtasks.Acloud
computing system administrator's goal should be to spend less than half the time doing
manual operational work.
Tool building optimizes the work done by a system administrator and is an important
steponthewaytoautomation.Automationmeansreplacingahumantaskwithonedoneby
Search WWH ::
Custom Search