help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Radmind vs CFengine


From: Chris Kacoroski
Subject: Re: Radmind vs CFengine
Date: Wed, 7 Jan 2004 14:49:20 -0800



On Jan 7, 2004, at 2:15 PM, address@hidden wrote:



On  7 Jan, Chris Kacoroski wrote:
Hi,

I am looking to implement an enterprise infrastructure (see
infrastructures.org) and am trying to decide between radmind and
cfengine.  Searching the archives and google, The only thing I could
find was a transcript from a LISA '03 BoF session on configuration
management.  After looking at both it seems that cfengine allows a
person to program into it semantics of the system files (e.g. the
editfiles command) while radmind does not have any idea of what may be
in a file.  As such radmind can only replace files which makes it much
simpler to use (e.g. no scripts to write).  In addition, radmind
enables a person to install software on a machine and then it will
automatically figure out what files were changed and create a script to
replication the installation on other machines.

Question1: Does anyone have examples of when just replacing a file will
not work?

This is not really the point. The point is that sometimes you do not want to manage the entire content of a file. e.g. you might have very different versions of inetd.conf on each host, and just want to make sure that no host has ftp enabled, or that all machines should definitely have a web server, or whatever. i.e. both complete and differential management is possible with cfengine.

But is this type of management required? Couldn't I just keep a separate version of inetd.conf for each host (or group of hosts) on the cfengine server? I think that the cfengine code would be the same (e.g. a copy file section, instead of an editfiles section).

My concern is that the cfengine scripts will quickly become very complex which is why the Radmind approach is attractive. cfengine has a much more flexibility, but is there a point where that flexibility shoots you in the foot (or allows you to shoot yourself in the foot :).


Question2: Does cfengine have any way to determine changes to a machine
and create a install scripts or is it preferred to use a third party
software installer for this functionality?

There are many ways to install software. You can copy files or create
a special subroutine to unpack, compile and install files, you can install
from packages etc etc.

Cfengine does not tell you how you should do it - it just tries to provide
a flexible framework for your own choices. It has tripwire-like
change management too, if that is of interest for tracking changes.

Mark

I like the tripwire-like intrusion detection. Radmind also has this ability.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]