From owner-freebsd-stable@FreeBSD.ORG Thu Feb 5 19:16:08 2015 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 82546993 for ; Thu, 5 Feb 2015 19:16:08 +0000 (UTC) Received: from mx1.shrew.net (mx1.shrew.net [38.97.5.131]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 42DFDBE4 for ; Thu, 5 Feb 2015 19:16:07 +0000 (UTC) Received: from mail.shrew.net (mail.shrew.prv [10.24.10.20]) by mx1.shrew.net (8.14.7/8.14.7) with ESMTP id t15JEgQa040635 for ; Thu, 5 Feb 2015 13:14:42 -0600 (CST) (envelope-from mgrooms@shrew.net) Received: from [10.16.48.252] (67-198-50-4.static.grandenetworks.net [67.198.50.4]) by mail.shrew.net (Postfix) with ESMTPSA id ACB50187E8C for ; Thu, 5 Feb 2015 13:14:37 -0600 (CST) Message-ID: <54D3C16E.2060408@shrew.net> Date: Thu, 05 Feb 2015 13:15:58 -0600 From: Matthew Grooms User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: freebsd-stable@freebsd.org Subject: Re: push a few config files to dozen or so servers References: <20150205130234.3fcbabfb@efreet.mimar.rs> <54D37932.7010808@madpilot.net> <20150205154743.GO88387@mail0.byshenk.net> <3552828A-536D-41AB-B56D-F47AA4164A79@gromit.dlib.vt.edu> <54D3AE68.6040003@shrew.net> In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (mx1.shrew.net [10.24.10.10]); Thu, 05 Feb 2015 13:14:42 -0600 (CST) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Feb 2015 19:16:08 -0000 On 2/5/2015 1:05 PM, Paul Mather wrote: > On Feb 5, 2015, at 12:54 PM, Matthew Grooms wrote: > >> On 2/5/2015 11:27 AM, Paul Mather wrote: >>> On Feb 5, 2015, at 10:47 AM, Greg Byshenk wrote: >>> >>>> On Thu, Feb 05, 2015 at 03:07:46PM +0100, Guido Falsi wrote: >>>>> On 02/05/15 13:20, Ronald Klop wrote: >>>>>> On Thu, 05 Feb 2015 13:02:34 +0100, Marko Cupa?? >>>>>>> thanks to virtualization, my fleet of FreeBSD hosts have grown to more >>>>>>> than dozen, and it still grows. There are some files that need to be >>>>>>> identical on all of them (aliases, sudoers, root crontab, pkg repo >>>>>>> files etc.). >>>>>>> >>>>>>> I was looking at puppet and cfengine but learning and implementing those >>>>>>> seem like an overkill for my purpose. >>>>>>> >>>>>>> Are there any other elegant solutions which can help me achieve my goal? >>>>>> Cron and rsync. >>>>>> Or create a pkg which you install on all servers. >>>>> He could also use an VCS system (subversion, git, fossil, whatever) and >>>>> some scripts. >>>>> >>>>> This adds the advantage of having history. >>>> If it's really limited, you should be able to wrap svn/git >>>> and scp/rsync in python/bash/ and have >>>> something that works. >>>> >>>> >>>>>> Just some quick ideas. In the end you just want to use something like >>>>>> puppet. :-) >>>>> I Agree, in the end that kind of solution is definitely more robust. >>>> But, agreeing here, as well, there are some real advantages >>>> in ensuring consistency, etc. with something like puppet. >>>> >>>> And a basic, minimalist puppet is pretty basic and minimal. >>>> Puppet can get very complex, but that comes from managing >>>> complex environments. >>> I'm familiar with Puppet and agree with your observations above. One >>> thing that concerns me with Puppet, though, is that Puppet is not >>> considered as a Tier 1 platform by Puppet Labs and so FreeBSD support >>> is inconsistent. With the current emphasis on modules and the Puppet >>> Forge, the focus on the RedHat and Debian OS families in many modules >>> makes it harder for FreeBSD users to use Puppet without reinventing the >>> wheel. Unfortunately, with Puppet, a lot of the "magic" happens under >>> the covers in these modules, via Types and Providers, and if they don't >>> support FreeBSD then they're not much use. (This is another way of >>> saying, "Puppet works great when it works.":) I know this is a >>> manifestation of the general "Linuxism" of *nix, so I know I'm swimming >>> against the tide in a sense in hoping for better support. :-) >>> >>> However, I don't get a sense of the vibrancy of the community around >>> FreeBSD and Puppet. Is it thriving? (Because Puppet abstracts away >>> the OS from a sysadmin point of view, people might argue, "why run >>> FreeBSD if you're using Puppet?") Also, Puppet seems to have evolved >>> rather than being the product of a clean, simple design. (Maybe this >>> is endemic to any Ruby-based project.:) The orchestration (e.g., >>> Marionette Collective) seems a bit bolted-on to me. >>> >>> Despite all that, there is still lots and lots to recommend Puppet. >>> However, if there's another configuration management framework that is >>> more "FreeBSD-friendly," then it would be good to know of that. With >>> large-scale system installations becoming more and more prevalent, so >>> too does the importance of configuration management and orchestration >>> systems. I've been looking at Salt recently, which I've heard is >>> supposed to be quite "FreeBSD-friendly." Does anyone know of any >>> others that have a great FreeBSD community and support behind them? >>> >>> Cheers, >>> >>> Paul. >> Have a look at saltstack. It's easier to setup/deploy, does centralized config management & orchestration in one tool ( like puppet + mcollective ), scales ridiculously well and is more platform agnostic ... >> >> http://saltstack.com/community/ >> http://www.freshports.org/sysutils/py-salt/ > > I've been looking at Salt (or saltstack, whatever it's called) for the > very reasons you mention above. I recently tested it out with > FreeBSD/arm Raspberry Pi and Beaglebone Black minions reporting to a > FreeBSD/amd64 master. I like what I see so far, and, from my reading, > the design seems nice and clean---or at least cleaner compared to > Puppet. > > Still, it's the community that makes or breaks these things, and so > it's the one that has the best/most active FreeBSD community that I'm > eager to know about. > > Cheers, > > Paul. Paul, My apologies. I was skimming and I missed your last two sentences regarding salt. Sorry for the repetition. I agree that it seems to have a cleaner design than puppet, especially if you need the orchestration piece. The mcollective bolt-on appears to have been a distant afterthought for puppet. I only use salt for managing FreeBSD amd64 VMs. Nothing as exotic as Beaglebone Blacks, but it has been working well and I haven't run across anything that has scared me off yet. Just seems to work as advertised. -Matthew