[nycbug-talk] version control for config files

Pete Wright pete at nomadlogic.org
Sun Mar 8 13:08:09 EDT 2009


On 7-Mar-09, at 10:32 PM, Charles Sprickman wrote:

> On Sun, 8 Mar 2009, Isaac Levy wrote:
>
>> On Mar 8, 2009, at 12:59 AM, David Lawson wrote:
>>
>>> Puppet is a really good option for config management, I looked  
>>> really
>>> seriously at it a while back and liked what I saw a lot, but I had  
>>> two
>>> major problems with it.  First, it's written in Ruby and I'm not a
>>> Ruby programmer, so that kind of bites if I wanted to extend it.
>>> Second, and nearly every configuration management system I've looked
>>> at suffers from this problem, there's a pretty serious bootstrap  
>>> cost
>>> to implementing it.  It's a reasonably complex system, it's non-
>>> trivial to understand how to make it do what you want it to do, and
>>> when you do get a good handle on it, converting all your systems to
>>> use it can be a pretty serious undertaking, depending on how many  
>>> you
>>> have.  At the time, I was looking at a couple hundred, with
>>> configurations drifted all over hell and gone, so that was a time  
>>> sink
>>> I couldn't afford.
>>>
>>> What I ended up doing is writing a stupid simple configuration  
>>> manager
>>> in python, we call it ghetto-config in the office.  I've actually  
>>> been
>>> thinking about asking to open source it, I'll talk to my boss  
>>> about it
>>> on Monday, but the basic concepts are simple, and it didn't take me
>>> more than an afternoon to implement a first cut.
>>>
>>> Ghetto-config works as a very simple templating engine, you define a
>>> number bunch of key value pairs, and you can use those keys in a  
>>> file
>>> and have ghetto-config substitute in the appropriate value for you
>>> when it parses it.  It also understands how to set file modes,  
>>> create
>>> symlinks, manage owners and groups, and how to diff version of a  
>>> file
>>> if it's changed.
>>>
>>> Basically, you assign each machine a unique ID of some sort at  
>>> install
>>> time (or later, if you want), we used the MAC address of the  
>>> interface
>>> that was used to PXE boot the machine for kickstart, but you could  
>>> use
>>> hostname or whatever if that was easier.  That serves as the unique
>>> identifier for the system.  Ghetto-config takes that information and
>>> uses it to build a URL to fetch configuration information from a
>>> central HTTP server storing config data.  It fetches the URL it  
>>> builds
>>> and gets back a file in config parser syntax (basically an .ini  
>>> file)
>>> with a couple special sections.  The first section is includes, so  
>>> it
>>> can include in other config parser syntax files.  The second is
>>> definitions, it allows to set up key-value pairs, like $eth0-ip$ =
>>> 192.168.1.15, and the third set of managed file sections.
>>>
>>> Each managed file section gives the URL to fetch the template from  
>>> (so
>>> you can use the same template file for multiple machines by just
>>> pointing to the URL of a canonical version) and the location on the
>>> file system to write the rendered template to once the substitutions
>>> have been performed.  It optionally includes a file mode, owner,
>>> group, and the location of a symlink to make to the file location.
>>>
>>> There's some additional detail in structuring the central config
>>> server and doing some other stuff that makes it simpler to manage,  
>>> but
>>> that's the gist of it.  It's about two hundred lines of python, it
>>> supports doing diffs between the central configuration and the local
>>> reality for any attribute it understands (so file contents, owner,
>>> group, mode, etc.) as well as a programmatic mode intended to be run
>>> from cron that'll tell you whether anything has changed on the  
>>> machine
>>> so you can make sure none of your machines have drifted nightly,  
>>> etc.
>>> We've started checking the central config tree into SVN so we have  
>>> an
>>> audit trail of who did what to what file.
>>>
>>> Does it do everything puppet does?  God no.  Does it do everything
>>> cfengine does?  Again, god no.  It's an 80/20 solution, it took me  
>>> an
>>> afternoon to write the first version of it, and maybe a week of  
>>> total
>>> development time to get it doing what it does and full test coverage
>>> for it.  It happily manages several hundred machines, it makes
>>> installing and provisioning a new machine a thirty second job  
>>> instead
>>> of a half hour or so, and it makes managing software installs over
>>> multiple machines much, much easier and more deterministic.
>>>
>>> Like I said, I've been planning on asking about open sourcing it
>>> anyway, but if I don't get to do that, I'll be happy to answer
>>> questions or give pointers where I can.
>>>
>>> --Dave
>>
>>
>> This sounds hot- I wanna try it :)
>
> Ditto.
>
> Specifically, it sounds simple enough to actually sit down and  
> implement,
> which is what has scared me away from everything else.
>


should check out cobbler if you all are interested in a provisioning  
mgt system:

https://fedorahosted.org/cobbler/

yea, it's currently RHEL/Fedora based, but i've used it for a while  
now to manage other OS's.  it's written in python, and it supports  
Cheeta templates inside kickstart/preseed/<other-install-auto- 
responder-here> files.  it also manages dhcpd and bind configs pretty  
well and has a webUI.

the developer works for redhat - but he's a super nice guy and really  
wants better BSD and non-rhel support for his project.

it integrates with puppet quite well too...

-p



More information about the talk mailing list