Anyone ever implimented cfengine on 4.x ? I am just looking for background and if there are any traps to fall into? thanks
On Wed, Mar 29, 2006 at 10:00:46PM +0100, Tom Brown enlightened us:> Anyone ever implimented cfengine on 4.x ? I am just looking for > background and if there are any traps to fall into? >I use it very sparingly, and not in production yet. There is the possibility of RPM vs. cfengine races (e.g. the format of a config file changes, so your carefully crafted editfiles section is now broken). I try my best to limit it to things that RPM won''t/doesn''t touch. Matt -- Matt Hyclak Department of Mathematics Department of Social Work Ohio University (740) 593-1263
Works like a charm. I pulled a spec file off of dag, and modified it for my purposes, and built an RPM for it. There are still plenty of traps, but no more than with cfengine on any other system =). On Wed, 2006-03-29 at 22:00 +0100, Tom Brown wrote:> Anyone ever implimented cfengine on 4.x ? I am just looking for > background and if there are any traps to fall into? > > thanks > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos-- *********************************** * Alex Laslavic * Linux Engineer * WorldTravel BTI * x49511 * gpg/pgp key at * http://keys.jumpbox.net *********************************** -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.centos.org/pipermail/centos/attachments/20060329/a162e668/attachment.bin
On Wed, 29 Mar 2006, Tom Brown wrote:> Anyone ever implimented cfengine on 4.x ? I am just looking for > background and if there are any traps to fall into?I install and use it on CentOS (and Debian, and Gentoo, and Solaris, and OS X), but only for configuration; I don''t rely on it for package management at all. The only "traps" I''ve encountered are: 1) make sure your config repository is solid, with a clear and conservative set of guidelines concerning change management 2) use "-nv" liberally while formulating your configuration 3) for now, anyway, you have to add special shellcommands to manipulate SELinux contexts 4) document whatever you do, because it''s likely that none of your colleagues are familiar with cfengine (a sadly true fact of life...) -- Paul Heinlein <> heinlein@madboa.com <> www.madboa.com
Am Mi, den 29.03.2006 schrieb Alex Laslavic (Lenox) um 23:29:> Works like a charm. I pulled a spec file off of dag, and modified it > for my purposes, and built an RPM for it. > > There are still plenty of traps, but no more than with cfengine on any > other system =).http://centos.karan.org/el4/extras/stable/i386/RPMS/repodata/repoview/cfengine-0-2.1.18-1.el4.kb.html Does that package make problems? Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp Serendipity 00:15:08 up 16 days, 1:02, load average: 0.18, 0.23, 0.29 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digital signierter Nachrichtenteil Url : http://lists.centos.org/pipermail/centos/attachments/20060330/02ef00b9/attachment.bin
I''m sure my RH experience is applicable to CentOS as well.
1. We''ve Cfengine it in limited production for a while on RH9 and
RHEL3 workstations.
2. Don''t yet have ant RHEL4 workstations in production, and we
haven''t
yet implemented it for servers other than running a Cfengine server.
3. Cfengine is an extremely complex package, and the learning curve is
quite steep. Map out what you want to do carefully. and have another
associate eyeball your design. Standard practice.
4. I''ve done very little with "pushing" rpms to the
workstations, but
I''m now in the process of preparing such an upgrade package.
5. We have now implemented a test Cfengine server (perhaps even more
than one) and workstations to avoid the "oops, I thought that would
work" conditions.
6. Probably a good idea to keep the Cfengine inputs under CVS/SVN
control. We''re thinking about it.
7. Treat Cfengine system like production and be careful with changes.
See #5 above.
8. We didn''t install from RPM. I''m sure that would be fine,
but
install changes iin test first. Standard practice.
HTH,
--
Collins Richey
If you fill your heart with regrets of yesterday and the worries
of tomorrow, you have no today to be thankful for.
On 3/29/06, Tom Brown <tom.brown@goodtechnology.com> wrote:> Anyone ever implimented cfengine on 4.x ? I am just looking for > background and if there are any traps to fall into?We use Dag''s Cfengine RPM on 4.x and do package management with it. The only trap that we''ve encountered, beyond those already listed, is that cfengine executes shellcommands with umask 077, and many RPMs don''t install correctly with umask 077. To fix this, make sure that you always add a umask=022 option to any rpm shellcommands. Josh Kelley
> We use Dag''s Cfengine RPM on 4.x and do package management with it. > > The only trap that we''ve encountered, beyond those already listed, is > that cfengine executes shellcommands with umask 077, and many RPMs > don''t install correctly with umask 077. To fix this, make sure that > you always add a umask=022 option to any rpm shellcommands.thanks all - useful tips and something for me to digest slowly i think cheers