[nycbug-talk] cfengine book

pete pete at nomadlogic.org
Thu Jul 3 18:07:58 EDT 2008

On Thu, 3 Jul 2008 17:47:06 -0400, Brian Cully <bcully at gmail.com> wrote:
> On 3-Jul-2008, at 16:55, Jesse Callaway wrote:
>> thanks for the suggestion. My takeaway from last night's meeting was
>> that cfengine is entirely inappropriate for use where I work... too
>> diverse of a base of computers. Too bad!
> 	If you're only using one OS, cfengine is a great tool for
> distribution even among a diverse set of workloads. If you're using
> more than one OS, it's not worth the headache to try and cram it all
> onto one master cfengine box. Just keep one cfengine box per OS
> install and you'll still be doing pretty good.

really?  that seems kinda wasteful.  there is no rule stating you have to
have the same distribution tree for every platform or facility:


works for us.  we've actually expanded it to:

for auditing administration purposes i prefer to have one system as my
point of contact for management - rather than having to remeber which
distribution server i setup for a given platform/location.  when coupled
with a SCM like svn/rcs etc. i think it's a pretty supportable scheme.  it
seems to scale well now (we are in the 10,000+ linux network node range ATM
and growing, along with a fair amount of windows, os_x and other unices).

> P.S.
> At the job previous, I set up rsync to do pretty much what I was
> shooting for cfengine to do later. rsync was substantially easier to
> comprehend and get working, but it is absolutely nowhere near as
> powerful. cfengine is a bit baroque, has tons of useless (or at least
> questionable) features, but does a bang-up job at almost anything you
> want it to do.

well - i think some may argue that rsync is a transport mechanism - not a
configuration management system like cfengine, puppet etc.  i think the
design goal of cfg mgt systems are to create an environment where systems
have the ability to "self heal" or bring themselves into a predefined,
consistent state based on rules an policies.  although no doubt, you can
certainly achieve something close to this using wrappers around rsync.

i think once you get past the couple server, workstation environment a cfg
mgt system is essential, be it via cfengine, puppet, rdist or homegrown
code.  at the end of the day i think its the process of sitting down and
drawing up policies that you want your systems to adhere to that makes the
biggest difference.


Pete Wright
pete at nomadlogic.org

More information about the talk mailing list