[nycbug-talk] cfengine book

[Brian Cully]

On 3-Jul-2008, at 18:07, pete wrote:
> for auditing administration purposes i prefer to have one system as my
> point of contact for management - rather than having to remeber which
> distribution server i setup for a given platform/location.  when  
> coupled
> with a SCM like svn/rcs etc. i think it's a pretty supportable  
> scheme.  it
> seems to scale well now (we are in the 10,000+ linux network node  
> range ATM
> and growing, along with a fair amount of windows, os_x and other  
> unices).

	Well, money wasn't an object, and I only had to support FreeBSD,  
Solaris, and Linux. And really, mostly Solaris. I didn't break down  
past OS, because my only real hangup was using the dist box as a build  
host. If I had more OSes to support, I would probably not go with this  
scheme, but I never had to.

> well - i think some may argue that rsync is a transport mechanism -  
> not a
> configuration management system like cfengine, puppet etc.  i think  
> the
> design goal of cfg mgt systems are to create an environment where  
> systems
> have the ability to "self heal" or bring themselves into a predefined,
> consistent state based on rules an policies.  although no doubt, you  
> can
> certainly achieve something close to this using wrappers around rsync.

	Apologies, I actually meant rdist; it's been over 10 years since I  
used that system.

> i think once you get past the couple server, workstation environment  
> a cfg
> mgt system is essential, be it via cfengine, puppet, rdist or  
> homegrown
> code.  at the end of the day i think its the process of sitting down  
> and
> drawing up policies that you want your systems to adhere to that  
> makes the
> biggest difference.

	Agreed. I shoulda added a rule 4) must be religious about policy.

-bjc