[nycbug-talk] cfengine book

Thu Jul 3 18:07:58 EDT 2008

On Thu, 3 Jul 2008 17:47:06 -0400, Brian Cully <bcully at gmail.com> wrote:
> On 3-Jul-2008, at 16:55, Jesse Callaway wrote:
>> thanks for the suggestion. My takeaway from last night's meeting was
>> that cfengine is entirely inappropriate for use where I work... too
>> diverse of a base of computers. Too bad!
> 
> 	If you're only using one OS, cfengine is a great tool for
> distribution even among a diverse set of workloads. If you're using
> more than one OS, it's not worth the headache to try and cram it all
> onto one master cfengine box. Just keep one cfengine box per OS
> install and you'll still be doing pretty good.
> 

really?  that seems kinda wasteful.  there is no rule stating you have to
have the same distribution tree for every platform or facility:

$CFENGINE_HOME/dist/{linux,os_x,solaris,free_bsd,win_nt}

works for us.  we've actually expanded it to:
$CFENGINE_HOME/dist/$FACILITY/$PLATFORM

for auditing administration purposes i prefer to have one system as my
point of contact for management - rather than having to remeber which
distribution server i setup for a given platform/location.  when coupled
with a SCM like svn/rcs etc. i think it's a pretty supportable scheme.  it
seems to scale well now (we are in the 10,000+ linux network node range ATM
and growing, along with a fair amount of windows, os_x and other unices).

> 
> P.S.
> At the job previous, I set up rsync to do pretty much what I was
> shooting for cfengine to do later. rsync was substantially easier to
> comprehend and get working, but it is absolutely nowhere near as
> powerful. cfengine is a bit baroque, has tons of useless (or at least
> questionable) features, but does a bang-up job at almost anything you
> want it to do.

well - i think some may argue that rsync is a transport mechanism - not a
configuration management system like cfengine, puppet etc.  i think the
design goal of cfg mgt systems are to create an environment where systems
have the ability to "self heal" or bring themselves into a predefined,
consistent state based on rules an policies.  although no doubt, you can
certainly achieve something close to this using wrappers around rsync.

i think once you get past the couple server, workstation environment a cfg
mgt system is essential, be it via cfengine, puppet, rdist or homegrown
code.  at the end of the day i think its the process of sitting down and
drawing up policies that you want your systems to adhere to that makes the
biggest difference.

-pete

-- 
Pete Wright
pete at nomadlogic.org
310.869.9459