help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Infrastructures] Is cfengine a good tool?


From: Zeev Fisher
Subject: Re: [Infrastructures] Is cfengine a good tool?
Date: Fri, 21 Feb 2003 18:02:16 +0200

Hi Tim,

I feel quite the same.

I'm trying to play with cfengine for a month and I feel that this tool is
very powerful but I'm always not sure if I use it correctly/spend lot of
time trying to find the correct way. There are not enough real world
examples.
The examples supplied are very basic and there are no advanced topics like
restarting things after typical actions for.

Regarding the variables quirkiness you talked about , it was fixed on 2.0.5
release. I was there too..

Anyway , I still think this tool is excellent and I will continue the
implementation in my environment which is composed of ~200 servers ( Linux +
Solaris ).

Maybe there should be an area on cfengine site for working configuration
which users will contribute. I think it would be very helpful for 2 things :

    1) cfengine way for doing things.
    2) New ideas for efficiently administration.



Zeev Fisher
Unix SA , Marvell Semiconductor Israel.
Zeev.Fisher@il.marvell.com


----- Original Message -----
From: "Tim Writer" <tim@starnix.com>
To: <infrastructures@terraluna.org>
Sent: Friday, February 21, 2003 3:33 PM
Subject: [Infrastructures] Is cfengine a good tool?


> Jim Rowan <jmr@computing.com> writes:
>
> > On Sunday, February 16, 2003, at 02:00 PM, Harry Hoffman wrote:
> >
> > > Hi,
> > >   Is anyone out there basing there infrastructure from the Usenix
(LISA
> > > 2000)
> >
> > > paper titled:
> > >
> > > "Use of Cfengine for Automated, Multi-Platform Software and Patch
> > > Distribution"?
> >
> >
> > They make it way too complicated.  Get cfengine, your favorite shared
> > filesystem, and depot.  Mix and match liberally.  Go at  it.
> >
> > Even though you have 100s (or 1000s) of programs and 100s (or 1000s) of
> > systems, unless you're operating a life-support system, you don't need
the
> > full theoretical level of control.  In fact, if you can deliver it, most
> > places would like everything to be as close to homogenous as you can
make
> > it...   Eliminate the need to handle 10^x combinations! That's readily
> > achievable these days.
> >
> >
> > The new cfengine (2.x) has some nice improvements in terms of managing
> > autonomous systems and I recommend it even more highly.
> >
> >
> > Jim Rowan
> > DCSI
> > jmr@computing.com
>
> I've been lurking on this list for some time and have seen quite a few
> similar endorsements of cfengine.  I've been managing heterogeneous
networks
> for over a decade and, while I haven't had the opportunity to get my hands
> dirty with isconf, I'm a strong proponent of the philosophy.  I've been
> dabbling with cfengine for some months now and I'm still not convinced
it's a
> good tool.  Since so many others seem to have a good experience, I'm
thinking
> it's me, maybe I just don't get it.  I'd like to start a discussion on
> whether cfengine is really a good tool.  In order to try and understand
> cfengine better, I've reviewed the archives of the cfengine mailing list.
> I've seen lots of trivial snippets of cfengine config files but no
> substantial examples.  Perhaps some of you who have used cfengine
succesfully
> could share your configuration.
>
> One thing I find very frustrating with cfengine is the quirkiness of the
> language.  Variables are expanded in some places and not in others.  This,
> for example, doesn't work:
>
>     control:
>
>         actionsequence = ( copy )
>
>         prefix = ( /u/adm )
>         source = ( ${prefix}/etc/ssh )
>
>     copy:
>
>       any::
>         ${source}
>           dest=/etc/ssh
>           ...
>
> Without consistent variable expansion, how do you prevent cfengine config
> files from becoming unmaintainable.
>
> Another thing I've had a huge problem with is dependencies, something the
> cfengine docs suggest it excels at.  For example, some of our networks use
> NIS which requires portmap.  If an upgrade to ypserv is available,
cfengine
> should restart ypserv after performing the upgrade.  And if an upgrade to
> portmap is available, cfengine should apply it, restart portmap, and
restart
> ypserv.  I've been able to achieve this with classes and actionsequence
but
> with seemingly a lot of code and without the same clarity as with make.
>
> I find cfengine's output horrible.  Since I'm not yet comfortable with
> cfengine, I like using the -n option (to cfagent) to see what it's going
to
> do.  Without -v, it doesn't tell you enough.  It tells you what it's going
to
> do but not why.  With -v, there's far too much output to wade through.
>
> So, what am I missing?
>
> --
> tim writer <tim@starnix.com>                                  starnix inc.
> tollfree: 1-87-pro-linux                        thornhill, ontario, canada
> http://www.starnix.com              professional linux services & products
> _______________________________________________
> Infrastructures mailing list
> Infrastructures@mailman.terraluna.org
> http://mailman.terraluna.org/mailman/listinfo/infrastructures
>






reply via email to

[Prev in Thread] Current Thread [Next in Thread]