| There are several classes of "infrastructure" as a sysadmin; legacy, new and critical. Legacy stuff is done the old fashioned way - portscans and nmap. If it has an open port, it's presumed to be intentional. If not, it's a target. I've seen some success using tools like Pysa to "blueprint" existing systems into Puppet code. Tools like SystemImager help here, too - enabling P2V and the creation of "file-based images" compatible with version control and able to PXE boot new clones. New stuff is from-scratch IaC all the way to the metal. Ansible and git submodules help me build "sandwiches". Critical stuff blurs the lines. The machines, IP addresses, ports and living connectivity can be documented, and "captured" to a limited extent with the manual mapping and Rsync stuff in the Legacy category. Some of this critical stuff is also "new", and is deployed in that fashion. What about switchgear and Cisco configs? License strings, key management, site-specific patching - all can complicate things. More important than any of these is the ability for you and those around you to see and manage the systems as they are launched and terminated. In the old days, I used to use a shell script on a newly-provisioned host to dump all its' details - dmidecode, environment stuff and so on. Those details were pushed back to a common source and were a real benefit in the days before real config management came on the scene. CFEngine was way too complicated and nebulous at the time. |