Avoid make install services, and ideas for best practise IT administration

In the past I have seen a more or less make install service installation of OpenLDAP as a Samba backend service. Unfortunately there was invested way too little effort on getting a feeling of what the OpenLDAP service was actually doing. The installation was missing basic testing functionally, monitoring, redundancy and missing continuing upgrading. If you do manage to get time or collecting proper knowledge, make sure you store your findings somewhere useful for yourself and your collegues. You might get inspired by my thoughts of knowledge management and single point of entry for search.

I fear there are many IT departments that still perform IT operation as single individuals, not sharing knowledge and sticking with make install service installation. What puzzles me about this picture is how anyone working professionally with IT administration can be satisfied with just make install installations, let alone how can their boss let it happen in their IT department.

From my years of IT administration I have come think of an IT service as something which needs much more than make install! Off my head I can think of at least issues if someone asks me for ideas for a best practise IT adminstration:

• service usage understanding(at least basic)
  
• redundancy and availability (high)
• security issues, impacts
  
• installation, dependancies
  
• monitoring, logging, baseline for behaviour and files used
  
• performance, baseline and tuning
  
• backup/restore
  
• perform cases of most likely actions, eg. add/remove/change/stop/start
• upgrades, minor and major, possibly backup->install/upgrade->restore
  
• locate community wikis, forums and announce mailing list
  
• let someone else setup a complete test environment, following the intial docs
  
• make some (initial) support scripts and docs, which everyone can commit to in the future... knowledge sharing!
  

All is part of an IT service, and most likely it wont be the same single person performing all aspects for ever, so knowledge sharing is paramount. It may sound like going for the impossible, but I have seen it work out just fine, and to the pleasure of everyone! It makes a great feeling for everyone when everyone can contribute.. it just enforces the good feeling and good work of the department! So keep striving, if you, your boss and your colleguages really want it, you will succeed!

Well anyways, what got me thinking about all this today, was an OpenLDAP post over at OnLamp, which mentions lastest OpenLDAP upgrades, version 3, and a rundown of how to make an OpenLDAP installation redundant. The last part was particular interesting as it mentions syncrepl as superior to slurpd, since OpenLDAP version 2.2:

In the late 1990s, a new feature called Content Synchronization (see RFC 4533) offered a new basis for replication. In OpenLDAP 2.2, the project introduced synchronization replication (syncrepl) based on persistent search. syncrepl uses change sequence numbering and is a pull approach by the replica server. It is much more robust replication approach and more forgiving when replica servers lose connectivity.

I have seen problems with citrix access gateway (CAG) logon failures due to a missing OpenLDAP upgrade, and I have also seen non-working OpenLDAP slurpd replication.

All together, it confirms me in my intial point: avoid make install service installations, and spend more time with your IT service, it will most likely come back in terms of better operation, service and support from your service!