On Tue, 2006-12-19 at 12:43 -0500, seth vidal wrote:
On Tue, 2006-12-19 at 11:30 -0600, Jeffrey C. Ollie wrote:
> On Tue, 2006-12-19 at 12:14 -0500, seth vidal wrote:
> >
> > What was wrong with glump and friends?
> >
> > It's simple, no cryptic formatting of files or craziness. The scripting
> > language that runs on the hosts is whatever you want it to be.
>
> There's nothing "wrong" with glump. It does an excellent job at what
it
> was designed to do. I think that the issue here is that {cfengine,
> bcfg2, puppet} were designed to do more that serve out customized
> versions of config files, like checking ownership/permissions of files,
> the status of servcies, and whether packages are installed.
So what we do at duke with glump is have it serve out custom versions of
cron jobs.
Correct me if I am wrong, but my impression is that glump is mostly a
template-expansion tool with a custom language expressed in XML. The two
most important features that full-blown config mgmt tools add to that
are
* direct control over individual entries in database-like config
files (like /etc/hosts, /etc/passwd etc.)
* flexible grouping of config settings that is flexible enough to
express variations with little effort
we have a cron job that runs hourly and nightly that requests its
jobs
via glump.
glump puts together the shell script for that host and hands it back.
How do you handle security ? E.g., how do you keep host A getting its
hands on the config for host B ? That is important when you manage
security-sensitive parts of a machine's config with the tool.
so if we want to check ownerships or update packages it would be:
chown user.group /path/to/file
yum -d0 -e0 -y install your_pkg_set
How do you deal with failures ? Logging ? Do you know whether the chown
actually changed anything ? (Which might be cause for concern) ?
That's why we don't need the other features, we implement
them within
what glump can do.
Don't get me wrong - glump might be the right tool for the Fedora
infrastructure, but you should be conscious about the issues it does
_not_ address compared to a full-fledged config mgmt tool.
David