Best Practice: exec checks vs. PS script runs?
So we are now using puppet to manage over 100 IIS virtual applications. I started out by using one of the freely available IIS modules from puppet forge and quickly realized that I needed to customize it extensively to my my companies standards. Now I find myself (puppet, not me personally) doing hundreds if not thousands of exec checks on my IIS servers to make sure the app pools, virtual apps are all configured to my defined state via powershell. Here are some examples.
EXEC: does app pool have the right timeout? yes, ok skip to next. EXEC: are the connection strings encrypted? yes, ok skip to next. EXEC: is the physical path right? yes, ok skip to next.
blah, blah, blah...
So the question is, should I be making sure that every configuration piece is correct every hour of every day? or should I only run the checks on my servers once a day, or should I make a PS script that configures everything only once so if the server dies, I can quickly recover? I watched an interesting presentation about puppet and powershell ( http://puppetlabs.com/presentations/w... ) and I do agree that powershell is the key into automating Windows servers, powershell is a dog. in the presentation Mr. Stack runs what appears to be one PS script that installs and configures everything he needs. My method has been very modular and I'm wondering if its inefficient. Our linux side of the shop does not seem to have the same lag running the configuration checks. we have Moodle installs that checking roughly the same number of config items and they take seconds to run. Running all the EXEC checks though powershell on iis takes 300-400 seconds. In the presentation Mr. Stack states, just run it, if the configuration is correct, it wont hurt anything. But if I contantly go though and overwrite everthing without checking to see if its already configured the way i want using Exec Unless and Onlyif, the puppet logs show me tons of things that are "changed" even if they were not changed.