[nycbug-talk] jails: puppet vs. cfengine

[Charles Sprickman]

On Sat, 11 Sep 2010, Francisco Reyes wrote:

> Edward Capriolo writes:
>
>> Interesting topic. To be clear, you do not want to run puppet/cfengine
>> inside the jail? That is probably the preferred way.
>
> Waiting on Charles to clarify... but I would think that running it from the 
> jail is the right way, specially since he mentioned portability as a concern. 
> That way if a jail is moved it will get the puppet/cfengine bits moved with 
> it.

I've sort of mashed two questions into one.  For files inside the jail, 
running cfengine/puppet inside it makes sense.  But the other part of the 
question is on the host hosting the jails, can either of these tools 
handle configuring the jail and see it as something of an "entity" that 
can be moved amongst hosts.  There is some overlap where it would be 
helpful if the two environments could be tied together - for example 
changing the IP of the jail involves changes on the host (interface, 
firewall) as well as the jail (any config files that reference that IP).

I might be overestimating what these tools can do, I was running with the 
assumption that either of them can do things like tie together interface 
aliases and instances of that IP occurring in config files...

Thanks,

Charles