From owner-freebsd-stable@FreeBSD.ORG Thu Feb 5 19:05:30 2015 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B075E3B1 for ; Thu, 5 Feb 2015 19:05:30 +0000 (UTC) Received: from gromit.dlib.vt.edu (gromit.dlib.vt.edu [128.173.126.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gromit.dlib.vt.edu", Issuer "Chumby Certificate Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 84D97AB9 for ; Thu, 5 Feb 2015 19:05:30 +0000 (UTC) Received: from pmather.lib.vt.edu (pmather.lib.vt.edu [128.173.126.193]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by gromit.dlib.vt.edu (Postfix) with ESMTPSA id A9B2D6DD; Thu, 5 Feb 2015 14:05:28 -0500 (EST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Subject: Re: push a few config files to dozen or so servers From: Paul Mather In-Reply-To: <54D3AE68.6040003@shrew.net> Date: Thu, 5 Feb 2015 14:05:28 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: References: <20150205130234.3fcbabfb@efreet.mimar.rs> <54D37932.7010808@madpilot.net> <20150205154743.GO88387@mail0.byshenk.net> <3552828A-536D-41AB-B56D-F47AA4164A79@gromit.dlib.vt.edu> <54D3AE68.6040003@shrew.net> To: Matthew Grooms X-Mailer: Apple Mail (2.1878.6) Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Feb 2015 19:05:30 -0000 On Feb 5, 2015, at 12:54 PM, Matthew Grooms wrote: > On 2/5/2015 11:27 AM, Paul Mather wrote: >> On Feb 5, 2015, at 10:47 AM, Greg Byshenk = wrote: >>=20 >>> On Thu, Feb 05, 2015 at 03:07:46PM +0100, Guido Falsi wrote: >>>> On 02/05/15 13:20, Ronald Klop wrote: >>>>> On Thu, 05 Feb 2015 13:02:34 +0100, Marko Cupa?? = >>>>>> thanks to virtualization, my fleet of FreeBSD hosts have grown to = more >>>>>> than dozen, and it still grows. There are some files that need to = be >>>>>> identical on all of them (aliases, sudoers, root crontab, pkg = repo >>>>>> files etc.). >>>>>>=20 >>>>>> I was looking at puppet and cfengine but learning and = implementing those >>>>>> seem like an overkill for my purpose. >>>>>>=20 >>>>>> Are there any other elegant solutions which can help me achieve = my goal? >>>>> Cron and rsync. >>>>> Or create a pkg which you install on all servers. >>>> He could also use an VCS system (subversion, git, fossil, whatever) = and >>>> some scripts. >>>>=20 >>>> This adds the advantage of having history. >>> If it's really limited, you should be able to wrap svn/git >>> and scp/rsync in python/bash/ and have >>> something that works. >>>=20 >>>=20 >>>>> Just some quick ideas. In the end you just want to use something = like >>>>> puppet. :-) >>>> I Agree, in the end that kind of solution is definitely more = robust. >>> But, agreeing here, as well, there are some real advantages >>> in ensuring consistency, etc. with something like puppet. >>>=20 >>> And a basic, minimalist puppet is pretty basic and minimal. >>> Puppet can get very complex, but that comes from managing >>> complex environments. >>=20 >> I'm familiar with Puppet and agree with your observations above. One >> thing that concerns me with Puppet, though, is that Puppet is not >> considered as a Tier 1 platform by Puppet Labs and so FreeBSD support >> is inconsistent. With the current emphasis on modules and the Puppet >> Forge, the focus on the RedHat and Debian OS families in many modules >> makes it harder for FreeBSD users to use Puppet without reinventing = the >> wheel. Unfortunately, with Puppet, a lot of the "magic" happens = under >> the covers in these modules, via Types and Providers, and if they = don't >> support FreeBSD then they're not much use. (This is another way of >> saying, "Puppet works great when it works.":) I know this is a >> manifestation of the general "Linuxism" of *nix, so I know I'm = swimming >> against the tide in a sense in hoping for better support. :-) >>=20 >> However, I don't get a sense of the vibrancy of the community around >> FreeBSD and Puppet. Is it thriving? (Because Puppet abstracts away >> the OS from a sysadmin point of view, people might argue, "why run >> FreeBSD if you're using Puppet?") Also, Puppet seems to have evolved >> rather than being the product of a clean, simple design. (Maybe this >> is endemic to any Ruby-based project.:) The orchestration (e.g., >> Marionette Collective) seems a bit bolted-on to me. >>=20 >> Despite all that, there is still lots and lots to recommend Puppet. >> However, if there's another configuration management framework that = is >> more "FreeBSD-friendly," then it would be good to know of that. With >> large-scale system installations becoming more and more prevalent, so >> too does the importance of configuration management and orchestration >> systems. I've been looking at Salt recently, which I've heard is >> supposed to be quite "FreeBSD-friendly." Does anyone know of any >> others that have a great FreeBSD community and support behind them? >>=20 >> Cheers, >>=20 >> Paul. >=20 > Have a look at saltstack. It's easier to setup/deploy, does = centralized config management & orchestration in one tool ( like puppet = + mcollective ), scales ridiculously well and is more platform agnostic = ... >=20 > http://saltstack.com/community/ > http://www.freshports.org/sysutils/py-salt/ I've been looking at Salt (or saltstack, whatever it's called) for the=20= very reasons you mention above. I recently tested it out with=20 FreeBSD/arm Raspberry Pi and Beaglebone Black minions reporting to a=20 FreeBSD/amd64 master. I like what I see so far, and, from my reading,=20= the design seems nice and clean---or at least cleaner compared to=20 Puppet. Still, it's the community that makes or breaks these things, and so=20 it's the one that has the best/most active FreeBSD community that I'm=20 eager to know about. Cheers, Paul.