On Tue, Dec 19, 2006 at 05:44:45AM -0700, Clint Pachl wrote: > So your're saying cfengine would need to be included in an install > set, such as base40.tgz or some custom install set in order to be > used in a base install (an obvious yes)? So how do we automate to > that point? I would like to automate the install process, as well > as the upgrade process. What do you do when you need to install 50 > machines? I may be wrong, but if cfengine can take me from a bare > bones system to a fully function server, let me know.
I assume you've already checked the FAQ: http://www.openbsd.org/faq/faq4.html#site http://www.openbsd.org/faq/faq4.html#Multiple > I am currently working on the automated install script and it is > fairly simple. In fact, once it is setup and talking to a central > repository for install purposes, making it also perform system > updates will be a breeze. cfengine isn't an automated installer; it's a configuration management thingy. At my previous job, we used kickstart (solaris) and FAI (debian) to automate the installation, and cfengine to manage post-install configuration. > I will look into cfengine. I always figured it was one of those > bloated apps that did about 90% of what you needed, dropping the > ball on the last and most complex 10%. For that last 10% you > usually end up building a custom solution. Can others comment on > cfengine? How many managed boxen? What are its quirks, pros, cons? We manage several thousand compute and storage nodes in a dozen or so labs with cfengine in our grid; in my department, we manage maybe 600 CPUs. We use it to install complicated software (eg dCache, which requires java and postgres and all sorts of badnesses), sync user accounts/uids, etc. cfengine is the best thing available, but it's not perfect. I've looked briefly at the obvious alternatives (bcfg2, puppet), but wasn't impressed. radmind (also in ports) might work for some sites; I haven't had time to really evaluate it. I and others have already mentioned some benefits of cfengine -- other advantages should be obvious by now. As for drawbacks, you should know that cfengine is declarative, so some procedural tasks (like, in our case, installing dCache) are a bit trickier than I wish they were. There are some problems with the upstream code, too (string handling) that have been kludged-around in the OpenBSD port. Lastly, cfengine2 has been evolving for a while, so it's a bit crufty and at times befuddling. cfengine3 will (hopefully) address this problem with a rewrite, but that's still years away. -- o--------------------------{ Will Maier }--------------------------o | web:.......http://www.lfod.us/ | [EMAIL PROTECTED] | *------------------[ BSD Unix: Live Free or Die ]------------------*
