Puppet users - Dec 2006 - Puppet and Cfengine Differences

Hello,

I''ve recently begun looking at Puppet as an alternative to Cfengine and
I
have a couple of questions.

1) Besides the information posted on the Puppet website, are there any
critical differences between Puppet and Cfengine?

2) Does Puppet allow for client-specific file text manipulation.  For
instance, in Cfengine I can add a line of text to a file if the line
doesn''t
exist instead of replacing the entire file, is this possible with Puppet out
of the box, or would I need to write a plugin/exec script?

Thank you,

Trevor


_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

2006/12/14, Trevor Vaughan
<peiriannydd@gmail.com>:
>
> Hello,
>
> I''ve recently begun looking at Puppet as an alternative to
Cfengine and I
> have a couple of questions.
>
> 1) Besides the information posted on the Puppet website, are there any
> critical differences between Puppet and Cfengine?
>
> 2) Does Puppet allow for client-specific file text manipulation.  For
> instance, in Cfengine I can add a line of text to a file if the line
doesn''t
> exist instead of replacing the entire file, is this possible with Puppet
out
> of the box, or would I need to write a plugin/exec script?

Actually, there is already a plugin available:
http://prmweb.hezmatt.org/recipes/show/1



Thank you,
>
> Trevor
>
> _______________________________________________
> Puppet-users mailing list
> Puppet-users@madstop.com
> https://mail.madstop.com/mailman/listinfo/puppet-users
>
>
>

_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

Of course, the one section of the site I didn''t mange to get to!

Thanks Koen,

Trevor

On 12/14/06, Koen Vereeken <koen.vereeken@gmail.com>
wrote:
>
>
>
> 2006/12/14, Trevor Vaughan <peiriannydd@gmail.com>:
> >
> > Hello,
> >
> > I''ve recently begun looking at Puppet as an alternative to
Cfengine and
> > I have a couple of questions.
> >
> > 1) Besides the information posted on the Puppet website, are there any
> > critical differences between Puppet and Cfengine?
> >
> > 2) Does Puppet allow for client-specific file text manipulation.  For
> > instance, in Cfengine I can add a line of text to a file if the line
doesn''t
> > exist instead of replacing the entire file, is this possible with
Puppet out
> > of the box, or would I need to write a plugin/exec script?
>
>
> Actually, there is already a plugin available:
> http://prmweb.hezmatt.org/recipes/show/1
>
>
>
> Thank you,
> >
> > Trevor
> >
> > _______________________________________________
> > Puppet-users mailing list
> > Puppet-users@madstop.com
> > https://mail.madstop.com/mailman/listinfo/puppet-users
> >
> >
> >
>
> _______________________________________________
> Puppet-users mailing list
> Puppet-users@madstop.com
> https://mail.madstop.com/mailman/listinfo/puppet-users
>
>
>

_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

On Dec 14, 2006, at 6:39 AM, Trevor Vaughan wrote:
> Hello,
>
> I''ve recently begun looking at Puppet as an alternative to
Cfengine
> and I have a couple of questions.
>
> 1) Besides the information posted on the Puppet website, are there  
> any critical differences between Puppet and Cfengine?
Having just come back from LISA where I was asked this question about  
every 10 minutes...  Most of this is covered on the cfengine  
comparison page, I expect, but I''ll probably rewrite that soon to  
incorporate anything missing.

Probably the biggest difference is that Puppet and the Puppet  
community are open -- I don''t think I''m "right", and
I''m always
looking for input on how to make Puppet better.  Puppet is still  
developing quickly, and I expect it to continue to do so for a long  
time, while cfengine has not changed significantly in many years.  If  
you write a new plugin for Puppet, I''m very likely to incorporate it  
into the trunk; if you submit a patch, I''m highly likely to  
incorporate it; if you think some significant aspect of it should be  
different and are willing to spend some time on the code, you''ll  
probably become a committer.

Of course, you were probably more interested in technical differences.

The biggest difference is that Puppet encourages you to think about  
resources, not scripts -- think about users, groups, packages, and  
filesystem mounts, not file contents or shellcommands.  Even when  
Puppet allows the use of exec, you''re better off if you wrap that  
into a definition so it looks like a resource type.

Puppet already supports many important types, and it''s very easy to  
add new types, and it''s usually easy to add new providers for a given  
type.  Puppet already has providers for 17 different package  
managers, and new ones can be added in just a few lines of code.
> 2) Does Puppet allow for client-specific file text manipulation.   
> For instance, in Cfengine I can add a line of text to a file if the  
> line doesn''t exist instead of replacing the entire file, is this  
> possible with Puppet out of the box, or would I need to write a  
> plugin/exec script?
As already pointed out, you can use exec in a way that closely  
resembles cfengine''s functionality, but I don''t plan on adding
anything that approaches the complexity of editfiles, because it''s  
very difficult to use and its primary use is to hack around resources  
that cfengine can''t manage natively.  You''ll usually find that
you
can either use templates to easily get what you want, or you can  
write a simple type to manage your resource far more reliably and  
supportably.

Is that answer enough?  Do you have any more questions?

  --
  I never think of the future.  It comes soon enough.  --Albert Einstein
  ---------------------------------------------------------------------
  Luke Kanies | http://reductivelabs.com | http://madstop.com

Luke,

Thanks for the response.  This list has been refreshingly responsive to my
questions and it''s impressive that you take interest in responding to
as
many inquiries as possible.

I believe that you answered all of my questions but, of course, now I have
more.

My basic need is for something like the following:

Person A gives me a /etc/hosts file that I HAVE to use and that they may
alter at any time.  I can''t change their modifications, but I need to
make
sure that my particular entries are in the hosts file along with theirs.
Also, I can''t change the supply chain flow of control so
there''s no chance
of grabbing the file and modding it before deployment.

Now, I believe that the plugins mentioned before cover what I need to do,
but it would be nice to know if I could do something like this with
templating.

I suppose the full picture version would be that I want to update my local
spam lists from various spam watch sites but I have a few entries that I
want to make sure are in there and I want to let the pull processes work as
developed with only puppet doing configuration changes.  I was just trying
to make it more generic for the sake of ''enterprise'' or
''university'' goals.

Does that make sense?

Thanks,

Trevor

On 12/14/06, Luke Kanies <luke@madstop.com> wrote:
>
> On Dec 14, 2006, at 6:39 AM, Trevor Vaughan wrote:
>
> > Hello,
> >
> > I''ve recently begun looking at Puppet as an alternative to
Cfengine
> > and I have a couple of questions.
> >
> > 1) Besides the information posted on the Puppet website, are there
> > any critical differences between Puppet and Cfengine?
>
> Having just come back from LISA where I was asked this question about
> every 10 minutes...  Most of this is covered on the cfengine
> comparison page, I expect, but I''ll probably rewrite that soon to
> incorporate anything missing.
>
> Probably the biggest difference is that Puppet and the Puppet
> community are open -- I don''t think I''m
"right", and I''m always
> looking for input on how to make Puppet better.  Puppet is still
> developing quickly, and I expect it to continue to do so for a long
> time, while cfengine has not changed significantly in many years.  If
> you write a new plugin for Puppet, I''m very likely to incorporate
it
> into the trunk; if you submit a patch, I''m highly likely to
> incorporate it; if you think some significant aspect of it should be
> different and are willing to spend some time on the code, you''ll
> probably become a committer.
>
> Of course, you were probably more interested in technical differences.
>
> The biggest difference is that Puppet encourages you to think about
> resources, not scripts -- think about users, groups, packages, and
> filesystem mounts, not file contents or shellcommands.  Even when
> Puppet allows the use of exec, you''re better off if you wrap that
> into a definition so it looks like a resource type.
>
> Puppet already supports many important types, and it''s very easy
to
> add new types, and it''s usually easy to add new providers for a
given
> type.  Puppet already has providers for 17 different package
> managers, and new ones can be added in just a few lines of code.
>
> > 2) Does Puppet allow for client-specific file text manipulation.
> > For instance, in Cfengine I can add a line of text to a file if the
> > line doesn''t exist instead of replacing the entire file, is
this
> > possible with Puppet out of the box, or would I need to write a
> > plugin/exec script?
>
> As already pointed out, you can use exec in a way that closely
> resembles cfengine''s functionality, but I don''t plan on
adding
> anything that approaches the complexity of editfiles, because it''s
> very difficult to use and its primary use is to hack around resources
> that cfengine can''t manage natively.  You''ll usually find
that you
> can either use templates to easily get what you want, or you can
> write a simple type to manage your resource far more reliably and
> supportably.
>
> Is that answer enough?  Do you have any more questions?
>
>   --
>   I never think of the future.  It comes soon enough.  --Albert Einstein
>   ---------------------------------------------------------------------
>   Luke Kanies | http://reductivelabs.com | http://madstop.com
>
>
> _______________________________________________
> Puppet-users mailing list
> Puppet-users@madstop.com
> https://mail.madstop.com/mailman/listinfo/puppet-users
>

_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

On 14/12/06 11:03 -0500, Trevor Vaughan wrote:
<snip>
> I suppose the full picture version would be that I want to update my local
> spam lists from various spam watch sites but I have a few entries that I
> want to make sure are in there and I want to let the pull processes work as
Hmmmm, are you trying to put a DNSBL type thing under Puppet?
Personally, I would use make(1) to generate the DNSBL zone, rsync(1) to
transfer the data and Puppet to manage the cron jobs for running make
and rsync.

Something similar for access(5) maps.

Devdas Bhagat

On Dec 14, 2006, at 10:03 AM, Trevor Vaughan wrote:
> Luke,
>
> Thanks for the response.  This list has been refreshingly  
> responsive to my questions and it''s impressive that you take  
> interest in responding to as many inquiries as possible.
>
> I believe that you answered all of my questions but, of course, now  
> I have more.
>
> My basic need is for something like the following:
>
> Person A gives me a /etc/hosts file that I HAVE to use and that  
> they may alter at any time.  I can''t change their modifications,  
> but I need to make sure that my particular entries are in the hosts  
> file along with theirs.  Also, I can''t change the supply chain
flow
> of control so there''s no chance of grabbing the file and modding
it
> before deployment.
Puppet works with this by default -- all Puppet types default to only  
managing the resources you specify.  Thus, you can specify that  
certain hosts should be present or absent, and Puppet will basically  
just ignore the rest of the contents of the file.

So, you should be able to just use the ''host'' type and not
worry
about it.  Of course, I would do testing, and make sure it behaves as  
you expect, but this is exactly how it should work.
> Now, I believe that the plugins mentioned before cover what I need  
> to do, but it would be nice to know if I could do something like  
> this with templating.
Templating will only work for you if the file your clients give you  
can be stored on the server, rather than on the client.  Templates  
are all stored on the server, whereas Puppet types all perform their  
actions on the client.
> I suppose the full picture version would be that I want to update  
> my local spam lists from various spam watch sites but I have a few  
> entries that I want to make sure are in there and I want to let the  
> pull processes work as developed with only puppet doing  
> configuration changes.  I was just trying to make it more generic  
> for the sake of ''enterprise'' or
''university'' goals.
Yeah, that shouldn''t be a problem.  I''m currently implementing
the
code that will allow you to delete unmanaged resources if you want,  
but at this point, Puppet just ignores any resources you don''t mention.

  --
  The only difference between the Democrats and the Republicans is that
  the Democrats allow the poor to be corrupt, too.    -- Oscar Levant
  ---------------------------------------------------------------------
  Luke Kanies | http://reductivelabs.com | http://madstop.com

Yow, it looks like I need to be more specific.

Ok, I''m given a University built machine by the University IT gods and
I''m
told that:

1) I can''t delete their configurations
2) I can add configuration (more hosts, iptables rules, whatever
3) My changes might be blown away by their changes and I''ll just have
to
deal

Consider a lab of these and you don''t really want to be munging this
stuff
together by hand.  So, that''s what I''m trying to work with and
why I''m
looking at puppet.  Basically, all I have to do is re-load the puppet client
and configuration and everything goes back to the way that I want it without
having to touch every machine.  This is especially important when bringing
in new machines since I don''t have the resources to actually build them
all
by hand.

It would be nice if I could manage the entire process but that''s not
allowed
by "The Rules".

Sorry for the run around, I didn''t expect it to get so convoluted.

Thanks,

Trevor
On 12/14/06, Luke Kanies <luke@madstop.com> wrote:
>
> On Dec 14, 2006, at 10:03 AM, Trevor Vaughan wrote:
>
> > Luke,
> >
> > Thanks for the response.  This list has been refreshingly
> > responsive to my questions and it''s impressive that you take
> > interest in responding to as many inquiries as possible.
> >
> > I believe that you answered all of my questions but, of course, now
> > I have more.
> >
> > My basic need is for something like the following:
> >
> > Person A gives me a /etc/hosts file that I HAVE to use and that
> > they may alter at any time.  I can''t change their
modifications,
> > but I need to make sure that my particular entries are in the hosts
> > file along with theirs.  Also, I can''t change the supply
chain flow
> > of control so there''s no chance of grabbing the file and
modding it
> > before deployment.
>
> Puppet works with this by default -- all Puppet types default to only
> managing the resources you specify.  Thus, you can specify that
> certain hosts should be present or absent, and Puppet will basically
> just ignore the rest of the contents of the file.
>
> So, you should be able to just use the ''host'' type and
not worry
> about it.  Of course, I would do testing, and make sure it behaves as
> you expect, but this is exactly how it should work.
>
> > Now, I believe that the plugins mentioned before cover what I need
> > to do, but it would be nice to know if I could do something like
> > this with templating.
>
> Templating will only work for you if the file your clients give you
> can be stored on the server, rather than on the client.  Templates
> are all stored on the server, whereas Puppet types all perform their
> actions on the client.
>
> > I suppose the full picture version would be that I want to update
> > my local spam lists from various spam watch sites but I have a few
> > entries that I want to make sure are in there and I want to let the
> > pull processes work as developed with only puppet doing
> > configuration changes.  I was just trying to make it more generic
> > for the sake of ''enterprise'' or
''university'' goals.
>
> Yeah, that shouldn''t be a problem.  I''m currently
implementing the
> code that will allow you to delete unmanaged resources if you want,
> but at this point, Puppet just ignores any resources you don''t
mention.
>
>   --
>   The only difference between the Democrats and the Republicans is that
>   the Democrats allow the poor to be corrupt, too.    -- Oscar Levant
>   ---------------------------------------------------------------------
>   Luke Kanies | http://reductivelabs.com | http://madstop.com
>
>
> _______________________________________________
> Puppet-users mailing list
> Puppet-users@madstop.com
> https://mail.madstop.com/mailman/listinfo/puppet-users
>

_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

Devdas,

I definitely looked at that approach, but I really didn''t want to do
pre-processing on a server, I wanted to be able to do everything on the
client without maintaining anything but puppet configurations.

It''s an option if the puppet way doesn''t work.

Thanks,

Trevor

On 12/14/06, Devdas Bhagat <devdas@dvb.homelinux.org>
wrote:
>
> On 14/12/06 11:03 -0500, Trevor Vaughan wrote:
> <snip>
> > I suppose the full picture version would be that I want to update my
> local
> > spam lists from various spam watch sites but I have a few entries that
I
> > want to make sure are in there and I want to let the pull processes
work
> as
>
> Hmmmm, are you trying to put a DNSBL type thing under Puppet?
> Personally, I would use make(1) to generate the DNSBL zone, rsync(1) to
> transfer the data and Puppet to manage the cron jobs for running make
> and rsync.
>
> Something similar for access(5) maps.
>
> Devdas Bhagat
> _______________________________________________
> Puppet-users mailing list
> Puppet-users@madstop.com
> https://mail.madstop.com/mailman/listinfo/puppet-users
>

_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

On Dec 14, 2006, at 10:40 AM, Trevor Vaughan wrote:
> Yow, it looks like I need to be more specific.
>
> Ok, I''m given a University built machine by the University IT gods
> and I''m told that:
>
> 1) I can''t delete their configurations
> 2) I can add configuration (more hosts, iptables rules, whatever
> 3) My changes might be blown away by their changes and I''ll just  
> have to deal
>
> Consider a lab of these and you don''t really want to be munging  
> this stuff together by hand.  So, that''s what I''m trying
to work
> with and why I''m looking at puppet.  Basically, all I have to do
is
> re-load the puppet client and configuration and everything goes  
> back to the way that I want it without having to touch every  
> machine.  This is especially important when bringing in new  
> machines since I don''t have the resources to actually build them  
> all by hand.
>
> It would be nice if I could manage the entire process but that''s  
> not allowed by "The Rules".
>
> Sorry for the run around, I didn''t expect it to get so convoluted.
Hmm, you weren''t as specific as this to start, but I didn''t
think it
was all that convoluted.

You can do this pretty easily with Puppet, and this is exactly what  
will happen by default -- the hosts et al you specify will be added/ 
managed by Puppet, and everything else will be left alone.

  --
  There are three social classes in America: upper middle class, middle
  class, and lower middle class.    --Judith Martin
  ---------------------------------------------------------------------
  Luke Kanies | http://reductivelabs.com | http://madstop.com

On 14/12/06 11:42 -0500, Trevor Vaughan wrote:
> Devdas,
> 
> I definitely looked at that approach, but I really didn''t want to
do
> pre-processing on a server, I wanted to be able to do everything on the
> client without maintaining anything but puppet configurations.
> 
Is there _any_ reason why you can''t manage the Makefiles with Puppet?

The rsync is simply because of the sheer size of the files you will
transfer. Again, rbldnsd is your friend when it comes to DNSBLs.

Devdas Bhagat

Luke and Devdas,

Thanks for the input, I''ll see how things go!

Trevor


_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users