[Infrastructures] Is cfengine a good tool?
Tim Writer
tim@starnix.com
21 Feb 2003 08:33:37 -0500
Jim Rowan <jmr@computing.com> writes:
> On Sunday, February 16, 2003, at 02:00 PM, Harry Hoffman wrote:
>
> > Hi,
> > Is anyone out there basing there infrastructure from the Usenix (LISA
> > 2000)
>
> > paper titled:
> >
> > "Use of Cfengine for Automated, Multi-Platform Software and Patch
> > Distribution"?
>
>
> They make it way too complicated. Get cfengine, your favorite shared
> filesystem, and depot. Mix and match liberally. Go at it.
>
> Even though you have 100s (or 1000s) of programs and 100s (or 1000s) of
> systems, unless you're operating a life-support system, you don't need the
> full theoretical level of control. In fact, if you can deliver it, most
> places would like everything to be as close to homogenous as you can make
> it... Eliminate the need to handle 10^x combinations! That's readily
> achievable these days.
>
>
> The new cfengine (2.x) has some nice improvements in terms of managing
> autonomous systems and I recommend it even more highly.
>
>
> Jim Rowan
> DCSI
> jmr@computing.com
I've been lurking on this list for some time and have seen quite a few
similar endorsements of cfengine. I've been managing heterogeneous networks
for over a decade and, while I haven't had the opportunity to get my hands
dirty with isconf, I'm a strong proponent of the philosophy. I've been
dabbling with cfengine for some months now and I'm still not convinced it's a
good tool. Since so many others seem to have a good experience, I'm thinking
it's me, maybe I just don't get it. I'd like to start a discussion on
whether cfengine is really a good tool. In order to try and understand
cfengine better, I've reviewed the archives of the cfengine mailing list.
I've seen lots of trivial snippets of cfengine config files but no
substantial examples. Perhaps some of you who have used cfengine succesfully
could share your configuration.
One thing I find very frustrating with cfengine is the quirkiness of the
language. Variables are expanded in some places and not in others. This,
for example, doesn't work:
control:
actionsequence = ( copy )
prefix = ( /u/adm )
source = ( ${prefix}/etc/ssh )
copy:
any::
${source}
dest=/etc/ssh
...
Without consistent variable expansion, how do you prevent cfengine config
files from becoming unmaintainable.
Another thing I've had a huge problem with is dependencies, something the
cfengine docs suggest it excels at. For example, some of our networks use
NIS which requires portmap. If an upgrade to ypserv is available, cfengine
should restart ypserv after performing the upgrade. And if an upgrade to
portmap is available, cfengine should apply it, restart portmap, and restart
ypserv. I've been able to achieve this with classes and actionsequence but
with seemingly a lot of code and without the same clarity as with make.
I find cfengine's output horrible. Since I'm not yet comfortable with
cfengine, I like using the -n option (to cfagent) to see what it's going to
do. Without -v, it doesn't tell you enough. It tells you what it's going to
do but not why. With -v, there's far too much output to wade through.
So, what am I missing?
--
tim writer <tim@starnix.com> starnix inc.
tollfree: 1-87-pro-linux thornhill, ontario, canada
http://www.starnix.com professional linux services & products