[nycbug-talk] jails: puppet vs. cfengine

Edward Capriolo edlinuxguru at gmail.com
Tue Sep 14 10:19:45 EDT 2010

On Mon, Sep 13, 2010 at 11:35 PM, Francisco Reyes
<lists at stringsutils.com> wrote:
> Charles Sprickman writes:
>> question is on the host hosting the jails, can either of these tools
>> handle configuring the jail and see it as something of an "entity" that can
>> be moved amongst hosts.
> I am a puppet newbie myself.. but so far from the little I have looked into
> it I think it would be difficult to configure anything with puppet on the
> host hosting the jail. I think it may be possible to do something with the
> jail itself.
> For example something along the lines of a jail defaulting to DHCP and then
> having puppet/cfengine getting whatever setup files the jail needs.
> Although it may be possible my first impression is that it would not be
> easy.
>> helpful if the two environments could be tied together - for example
>> changing the IP of the jail involves changes on the host (interface,
>> firewall) as well as the jail (any config files that reference that IP).
> I can't see how it would be done with a program like puppet/cfengine. It is
> more than just "pushing" files and starting process. You are basically
> looking into what for all intent and purposes are different machines and
> coordinating actions based on information retrieved from the machines.
>> assumption that either of them can do things like tie together interface
>> aliases and instances of that IP occurring in config files...
> I think they may do that, but how does that tie back to the machine hosting
> the jails? I guess the part I don't believe would be easy to implement is
> the jail to host communication. I think an in-house/custome made program
> would be needed for that.
> Have you tried asking in either of those programs mailing lists?

You should check out puppet modules.

Including the puppet puppet module.

And the xen module.

Both puppet and cfengine do not have built in capabilities to manage
jails, but in the end all these tools "really" do is manage files, and
packages. So if you can figure out a way to turn your problem into a
bunch of files that puppet can manage you have the problem solved.


More information about the talk mailing list