Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




677 posts

Ultimate Geek
+1 received by user: 27

Trusted

Topic # 94647 15-Dec-2011 22:50
Send private message

Hi all.
I have been looking at many and varied ways of managing the configuration of  large number of hosts, invariably I am drawn back to either cfengine3 or Puppet as being reasonable options.
Both have good and bad qualities, cfengine for example has a learning curve that makes hard to sell in any meaningful way to an ops team.

I was pointed towards Chef today though and am left wondering if anyone is using it.
http://wiki.opscode.com/display/chef/Home

It seems sane and usable, so i must be missing something.

So the question is, has anyone here used it before?

I am going to do an eval on it so I will post what i find but actual accounts of how it has worked would be very useful.

Paul




meat popsicle

Create new topic
3 posts

Wannabe Geek


  Reply # 558554 16-Dec-2011 07:56
Send private message

Hi,

(disclaimer: I work at CFEngine, but I'll try to be balanced here)

Chef is a nice and mature system (and they are very nice guys - I got to meet several of them last week at LISA'11 in Boston). One of its very strong points is that it's very approachable and easy to get started, and they have a good collection of "cookbooks" for managing many different components. One of its disadvantages is that, being written in Ruby, it requires Ruby and a lot of dependencies to be installed. On a clean Ubuntu system, running "apt-get install chef chef-server" brings in around 290 packages as dependencies. To install just the client ("apt-get install chef") requires installing around 50 packages as dependencies.

On the other hand, in my opinion, CFEngine's reputation for having a steep learning curve is greatly exaggerated, particularly in recent releases. Since CFEngine 3.2.0, you can bootstrap both servers and clients with a single command (cf-agent --bootstrap), which gives you a bare-ones install with policies that do nothing except update themselves. So you can easily install CFEngine and have it running without any adverse effects, and then gradually add policies that manage different parts of the system. CFEngine is very lightweight - its only dependencies are OpenSSL, PCRE and a BerkeleyDB (or equivalent, I prefer using Tokyo Cabinet).

For learning CFEngine, I would suggest starting with the Concept Guide and the Quick Start Guide. Neil Watson's CFEngine 3 tutorial is also very good. And if I may do a shameless plug, my book "Learning CFEngine 3" is now available as an Early Release, which contains already all the "basic concepts" and "getting started" chapters of the book, as well as some of the more advanced topics.

All the documents I mentioned (and many others) can be found from http://cfengine.com/tech. The forum at https://cfengine.com/forum/ is a very friendly place to ask questions. For information about the book see http://cf-learn.info/

Hope this helps,
--Diego Zamboni



677 posts

Ultimate Geek
+1 received by user: 27

Trusted

  Reply # 558560 16-Dec-2011 08:22
Send private message

Thanks for that.
I must admit i used cfengine3 before it had the --bootstrap option, so it was a fair amount of work to get something useful, and functional.

I am not so worried about the learning curve for myself, more for the people that would end up using this on a daily basis, or have to trouble shoot it.

I hear you on the dependency tree, there is also a stigma to ruby, as there is any language, can generally start a religious war of what the superior language is.

All accounts welcome, even if they may be biased;)




meat popsicle

 
 
 
 


3 posts

Wannabe Geek


  Reply # 558563 16-Dec-2011 08:49
Send private message

Always happy to help. Sorry for the lack of links in my replies, but being new here, the forum doesn't yet let me post links.

About ease of maintenance: one of the nice new things in CFEngine 3 is the ability to compose promises into higher-level, reusable blocks. This makes it much easier to write policies and to understand them, since you can look at the policies only at the level that is necessary, hiding lower-level details. There is already a collection of pre-made blocks in the CFEngine standard library (http://cfengine.com/starterkit )

For example, if you want to edit the sshd configuration file, you can use a bundle like the one I posted here: http://blog.zzamboni.org/editing-sshd-configuration-files-with-cfengin . The edit_sshd() bundle uses the set_config_values() bundle, which is the one that knows how to edit the file (and in turn uses stuff from the stdlib). But at the top level, you use it like this:

bundle agent configfiles
{
vars:
"sshdconfig" string => "/etc/ssh/sshd_config";

# SSHD configuration to set
"sshd[Protocol]" string => "2";
"sshd[X11Forwarding]" string => "yes";
"sshd[UseDNS]" string => "no";

methods:
"sshd" usebundle => edit_sshd("$(sshdconfig)", "configfiles.sshd");
}
Which is very clear and easy to understand.

Best regards,
--Diego
 

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.