bcfg2
David Lutterkort
dlutter at redhat.com
Tue Dec 19 22:45:15 UTC 2006
On Tue, 2006-12-19 at 12:43 -0500, seth vidal wrote:
> On Tue, 2006-12-19 at 11:30 -0600, Jeffrey C. Ollie wrote:
> > On Tue, 2006-12-19 at 12:14 -0500, seth vidal wrote:
> > >
> > > What was wrong with glump and friends?
> > >
> > > It's simple, no cryptic formatting of files or craziness. The scripting
> > > language that runs on the hosts is whatever you want it to be.
> >
> > There's nothing "wrong" with glump. It does an excellent job at what it
> > was designed to do. I think that the issue here is that {cfengine,
> > bcfg2, puppet} were designed to do more that serve out customized
> > versions of config files, like checking ownership/permissions of files,
> > the status of servcies, and whether packages are installed.
>
>
> So what we do at duke with glump is have it serve out custom versions of
> cron jobs.
Correct me if I am wrong, but my impression is that glump is mostly a
template-expansion tool with a custom language expressed in XML. The two
most important features that full-blown config mgmt tools add to that
are
* direct control over individual entries in database-like config
files (like /etc/hosts, /etc/passwd etc.)
* flexible grouping of config settings that is flexible enough to
express variations with little effort
> we have a cron job that runs hourly and nightly that requests its jobs
> via glump.
>
> glump puts together the shell script for that host and hands it back.
How do you handle security ? E.g., how do you keep host A getting its
hands on the config for host B ? That is important when you manage
security-sensitive parts of a machine's config with the tool.
> so if we want to check ownerships or update packages it would be:
>
>
> chown user.group /path/to/file
> yum -d0 -e0 -y install your_pkg_set
How do you deal with failures ? Logging ? Do you know whether the chown
actually changed anything ? (Which might be cause for concern) ?
> That's why we don't need the other features, we implement them within
> what glump can do.
Don't get me wrong - glump might be the right tool for the Fedora
infrastructure, but you should be conscious about the issues it does
_not_ address compared to a full-fledged config mgmt tool.
David
More information about the infrastructure
mailing list