[Beowulf] Configuration change monitoring

[Mark Hahn]

> It is more the ITIL standards, and Commercial vendor  lobbying, our
> accountants are clueless :)

I have no idea what ITIL means, but would probably prefer to keep
it that way :)

a standard that forces use of specific and commercial packages 
is not a standard at all...

> HPC clusters are normally a horde of clones.  no configuration change
>> is applied individually to a node, but rather applied en-mass.
>> reimaging nodes is not a huge big deal, for instance (and a non-event
>> if you use nfs-root - definitely a good idea in some cases.)
>>
>
> True The only frequent changes are user account modification, mounted nfs
> files, and scheduler configurations files if log level need to be altered. I

none of those require any node-local changes.  as I mentioned, nfs-root
solves many of them, though it's common to use ldap/nis/AD.  it's uncommon
to change the NFS mounts on a compute node, but also quite easy to change
the fstab and then something like "pdsh -a mount -a"

> can just write a script or use a file integrity checker to check these. The
> problem is that the department that is asking us to implement configuration
> change monitoring based on a security audit items want more  than that, want

perhaps you should ask them what their actual goals/motives are,
and talk to them to figure out how it makes sense for a cluster.
offhand, I'd be surprised if it made any sense to do for anything
except admin nodes (ie, not compute nodes).

regards, mark hahn.