bcfg2

David Lutterkort dlutter at redhat.com
Tue Dec 19 22:45:15 UTC 2006 

On Tue, 2006-12-19 at 12:43 -0500, seth vidal wrote:
> On Tue, 2006-12-19 at 11:30 -0600, Jeffrey C. Ollie wrote:
> > On Tue, 2006-12-19 at 12:14 -0500, seth vidal wrote:
> > > 
> > > What was wrong with glump and friends?
> > > 
> > > It's simple, no cryptic formatting of files or craziness. The scripting
> > > language that runs on the hosts is whatever you want it to be.
> > 
> > There's nothing "wrong" with glump.  It does an excellent job at what it
> > was designed to do.  I think that the issue here is that {cfengine,
> > bcfg2, puppet} were designed to do more that serve out customized
> > versions of config files, like checking ownership/permissions of files,
> > the status of servcies, and whether packages are installed.
> 
> 
> So what we do at duke with glump is have it serve out custom versions of
> cron jobs.

Correct me if I am wrong, but my impression is that glump is mostly a
template-expansion tool with a custom language expressed in XML. The two
most important features that full-blown config mgmt tools add to that
are
      * direct control over individual entries in database-like config
        files (like /etc/hosts, /etc/passwd etc.)
      * flexible grouping of config settings that is flexible enough to
        express variations with little effort

> we have a cron job that runs hourly and nightly that requests its jobs
> via glump.
> 
> glump puts together the shell script for that host and hands it back.

How do you handle security ? E.g., how do you keep host A getting its
hands on the config for host B ? That is important when you manage
security-sensitive parts of a machine's config with the tool.

> so if we want to check ownerships or update packages it would be:
> 
> 
> chown user.group /path/to/file
> yum -d0 -e0 -y install your_pkg_set

How do you deal with failures ? Logging ? Do you know whether the chown
actually changed anything ? (Which might be cause for concern) ?

> That's why we don't need the other features, we implement them within
> what glump can do.

Don't get me wrong - glump might be the right tool for the Fedora
infrastructure, but you should be conscious about the issues it does
_not_ address compared to a full-fledged config mgmt tool.

David

More information about the infrastructure mailing list