[nycbug-talk] version control for config files
Charles Sprickman
spork at bway.net
Sun Mar 8 01:32:41 EST 2009
On Sun, 8 Mar 2009, Isaac Levy wrote:
> On Mar 8, 2009, at 12:59 AM, David Lawson wrote:
>
>> Puppet is a really good option for config management, I looked really
>> seriously at it a while back and liked what I saw a lot, but I had two
>> major problems with it. First, it's written in Ruby and I'm not a
>> Ruby programmer, so that kind of bites if I wanted to extend it.
>> Second, and nearly every configuration management system I've looked
>> at suffers from this problem, there's a pretty serious bootstrap cost
>> to implementing it. It's a reasonably complex system, it's non-
>> trivial to understand how to make it do what you want it to do, and
>> when you do get a good handle on it, converting all your systems to
>> use it can be a pretty serious undertaking, depending on how many you
>> have. At the time, I was looking at a couple hundred, with
>> configurations drifted all over hell and gone, so that was a time sink
>> I couldn't afford.
>>
>> What I ended up doing is writing a stupid simple configuration manager
>> in python, we call it ghetto-config in the office. I've actually been
>> thinking about asking to open source it, I'll talk to my boss about it
>> on Monday, but the basic concepts are simple, and it didn't take me
>> more than an afternoon to implement a first cut.
>>
>> Ghetto-config works as a very simple templating engine, you define a
>> number bunch of key value pairs, and you can use those keys in a file
>> and have ghetto-config substitute in the appropriate value for you
>> when it parses it. It also understands how to set file modes, create
>> symlinks, manage owners and groups, and how to diff version of a file
>> if it's changed.
>>
>> Basically, you assign each machine a unique ID of some sort at install
>> time (or later, if you want), we used the MAC address of the interface
>> that was used to PXE boot the machine for kickstart, but you could use
>> hostname or whatever if that was easier. That serves as the unique
>> identifier for the system. Ghetto-config takes that information and
>> uses it to build a URL to fetch configuration information from a
>> central HTTP server storing config data. It fetches the URL it builds
>> and gets back a file in config parser syntax (basically an .ini file)
>> with a couple special sections. The first section is includes, so it
>> can include in other config parser syntax files. The second is
>> definitions, it allows to set up key-value pairs, like $eth0-ip$ =
>> 192.168.1.15, and the third set of managed file sections.
>>
>> Each managed file section gives the URL to fetch the template from (so
>> you can use the same template file for multiple machines by just
>> pointing to the URL of a canonical version) and the location on the
>> file system to write the rendered template to once the substitutions
>> have been performed. It optionally includes a file mode, owner,
>> group, and the location of a symlink to make to the file location.
>>
>> There's some additional detail in structuring the central config
>> server and doing some other stuff that makes it simpler to manage, but
>> that's the gist of it. It's about two hundred lines of python, it
>> supports doing diffs between the central configuration and the local
>> reality for any attribute it understands (so file contents, owner,
>> group, mode, etc.) as well as a programmatic mode intended to be run
>> from cron that'll tell you whether anything has changed on the machine
>> so you can make sure none of your machines have drifted nightly, etc.
>> We've started checking the central config tree into SVN so we have an
>> audit trail of who did what to what file.
>>
>> Does it do everything puppet does? God no. Does it do everything
>> cfengine does? Again, god no. It's an 80/20 solution, it took me an
>> afternoon to write the first version of it, and maybe a week of total
>> development time to get it doing what it does and full test coverage
>> for it. It happily manages several hundred machines, it makes
>> installing and provisioning a new machine a thirty second job instead
>> of a half hour or so, and it makes managing software installs over
>> multiple machines much, much easier and more deterministic.
>>
>> Like I said, I've been planning on asking about open sourcing it
>> anyway, but if I don't get to do that, I'll be happy to answer
>> questions or give pointers where I can.
>>
>> --Dave
>
>
> This sounds hot- I wanna try it :)
Ditto.
Specifically, it sounds simple enough to actually sit down and implement,
which is what has scared me away from everything else.
Charles
> Rocket-
> .ike
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
More information about the talk
mailing list