What tools/methods/practices reconcile deployed versions of components?

Question

We have a problem at our org where we have the need to know "with very high certainty" what specific versions of each app/web service/etc. is deployed to a given node and/or environment at any given point in time.

Some ideas have been kicked around, such as:

• A custom deploy tool that is backed by a DB, and on each deploy, records the version number to the DB (so that we can do a DB query and say "Hey, it looks like the Fizz Buzz Web Service has version 1.34.1 deployed to its QA/TEST environment")
• Some kind of a "build info" plugin that injects CI information into a metadata file (XML/JSON/whatever) and that exposes some admin URL where we can retrieve that info from. For instance, the CI build creates version 1.34.2 of the "Fizz Buzz Web Service" and creates a buildinfo.json file inside of its binary. Then once the web service is deployed, some server-side controller can read that JSON file and expose it as info at, say, http://myapp.example.com:8081/buildinfo, etc.

While these methods may work, I feel like we're trying to reinvent the wheel here. So I ask: are there tools/methods/practices that address this already? I just want the ability to run some type of query that reports what version of a component (again, web app, web service, DB, whatever) is deployed to a given node (VM) or environment (DEV, QA, PROD).

Answer 1

I'm thinking you might want to pop this question over to Server Fault and turn it around: how do sysadmins for big corporations know what versions of what software is installed on their client machines. There might be some industry-standard solution that looks at, say, the version of DLL's in a predefined location on each machine that it works with. If something like that exists I'd imagine that to be a good possible solution.

If you want to roll your own, the company I work for has a central server that does deployments and installation and simply keeps track of the versions it deployed. The advantage is that it works for both client and web-applications, does not need any access to the server itself beyond the moment of deployment and our whole build-and-deployment process goes through that pipeline so there is no way of circumventing it easily.

Answer 2

First off, there are tools out there that can scan ports and network traffic to help you discover your software catalog but the bottom line is in order to be highly accurate you will have to touch every web-service or application and redeploy them to properly report their build versions and other information you want from them.. no matter what the salesman tells you it isn't easy. As there is no systematic way of determining the version or even the existence of an application you will have to rely on heuristically collected data analysis. If there were a systematic way to determine what was installed then anti-virus software would be a piece of cake.

The question you have to ask is "What specific configurations do we have of each app/web service/etc. that is deployed to a given node and/or environment at any given point in time?"

Your second option would be the preferred option since it both reports the version and location of the app but it also reports that the app is up and operating. Other stat information could be included in the poll as well. Also, JSON files can be called via several protocols, file, http, ftp, etc. But like I said there is no easy way out of this one.