Date: Tue, 1 Mar 2016 10:10:59 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: Christoph Moench-Tegeder <cmt@burggraben.net> Cc: freebsd-ports@freebsd.org Subject: Re: Completely unscientific poll: cfengine, puppet, other? In-Reply-To: <20160301120350.GB1580@elch.exwg.net> References: <CAG_PEey4TR%2BZo=bq24HCmShYV1FZJpBiPAeegF5455oUjER5pg@mail.gmail.com> <20160301120350.GB1580@elch.exwg.net>
| previous in thread | raw e-mail | index | archive | help
Christoph Moench-Tegeder wrote: > Some systems (e.g. cfengine) are using a pull model, where the "managed" > machines connect to a central hub periodically, fetch the configuration > and "do what needs to be done", while e.g. ansible follows a "push" > model, where the "agent" is executed "somewhere" and connects to the > managed node to do it's work. It should also be noted that one of the primary differences between ansible and the other configuration management / deployment options is that ansible is agent-less i.e., you don't run anything other than an sshd on the clients. This precludes a range of potential problems from version-skew to client security. That said you do also need to run python on the clients (an unfortunate design decision IMO). Most places I see these tools used inappropriately. If you're not spinning up new instances frequently or maintaining more than a few dozen hosts you're better off using simple shell scripts, or at least you are if you know a bit of shell programming (as in /bin/sh). Otherwise your time is better spent learning shell than the domain-specific languages of any of these tools. Even with hundreds of hosts to maintain most features of deployment tools appeal to those with less sysadmin experience than software development experience, unless perhaps you have to perform the same operation over several different operating systems. Even then using tool-specific methods limits your flexibility (which may well be a design goal). Roger
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?>