Hi. While this not entirely related question to Puppet, I noticed many hear use Fabric for deployments and remote control. I''m currently checking a tool called ControlTier (namely ct_exec), as Fabric doesn''t currently run on my CentOS machine. Can anyone say about the difference between these 2 deployment tools? Regards. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Thu, Apr 15, 2010 at 4:17 AM, SyRenity <stas.oskin@gmail.com> wrote:> Hi. > > While this not entirely related question to Puppet, I noticed many > hear use Fabric for deployments and remote control. > > I''m currently checking a tool called ControlTier (namely ct_exec), as > Fabric doesn''t currently run on my CentOS machine. > > Can anyone say about the difference between these 2 deployment tools? > > Regards.I''ll throw a couple more into the mix --- Func also runs on your CentOS machine and can use Puppet certs in the latest source version. http://fedorahosted.org/func (which I helped write) There''s also Capistrano and mcollective. (And a lot of distributed ssh tools on the side.) I don''t like to look at these as deployment tools -- I strongly prefer packaging applications properly and pushing them out with Puppet, but it''s good for ad-hoc tasks like "power these off now", or "initiate OS reinstall". Func was really designed to be a reusable component for building secure remote applications, as we wrote one and found there wasn''t a good framework to use for that. Where you don''t want packages, take a look at using something like http://github.com/reductivelabs/puppet-vcsrepo to check out code from source, right on your puppet managed machines. --Michael -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
I am using Fabric for deployment and also to automate the installation of a puppet master server and puppet client servers. I have nothing to complain about it. Cheers, Gus On Thu, Apr 15, 2010 at 4:53 PM, Michael DeHaan <michael@puppetlabs.com>wrote:> On Thu, Apr 15, 2010 at 4:17 AM, SyRenity <stas.oskin@gmail.com> wrote: > > Hi. > > > > While this not entirely related question to Puppet, I noticed many > > hear use Fabric for deployments and remote control. > > > > I''m currently checking a tool called ControlTier (namely ct_exec), as > > Fabric doesn''t currently run on my CentOS machine. > > > > Can anyone say about the difference between these 2 deployment tools? > > > > Regards. > > I''ll throw a couple more into the mix --- Func also runs on your > CentOS machine and can use Puppet certs in the latest source version. > > http://fedorahosted.org/func (which I helped write) > > There''s also Capistrano and mcollective. (And a lot of distributed > ssh tools on the side.) > > I don''t like to look at these as deployment tools -- I strongly prefer > packaging applications properly and pushing them out with Puppet, but > it''s good for ad-hoc tasks like "power these off now", or "initiate OS > reinstall". Func was really designed to be a reusable component for > building secure remote applications, as we wrote one and found there > wasn''t a good framework to use for that. Where you don''t want > packages, take a look at using something like > http://github.com/reductivelabs/puppet-vcsrepo to check out code from > source, right on your puppet managed machines. > > --Michael > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi.> > I''ll throw a couple more into the mix --- Func also runs on your > CentOS machine and can use Puppet certs in the latest source version.How Func compares to Fabric? By puppet certs, you mean it''s enough to add Puppet client to Puppet master, and Func can re-use the created certificates?> There''s also Capistrano and mcollective. (And a lot of distributed > ssh tools on the side.)I actually tried Capistrano sometimes ago, didn''t quite like it due to extensive Ruby use (which admittedly I don''t have much expired with). MCollective looks interesting, any how it compares to Func/Puppet?> I don''t like to look at these as deployment tools -- I strongly prefer > packaging applications properly and pushing them out with Puppet, but > it''s good for ad-hoc tasks like "power these off now", or "initiate OS > reinstall".I find this approach problematic, as I won''t have control over which box is being deployed. Moreover, it''s not as clear for DB schema updates.> Where you don''t want > packages, take a look at using something like http://github.com/reductivelabs/puppet-vcsrepo to check out code from > source, right on your puppet managed machines.I presume this module supports a checkout of code right on the application machines? Again, I need to control exactly which deployment steps are performed on each machine, and it seems that Puppet requires a lot of work to achieve this, compared to other existing tools. Regards. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Fri, Apr 16, 2010 at 3:25 PM, SyRenity <stas.oskin@gmail.com> wrote:> Hi. >> >> I''ll throw a couple more into the mix --- Func also runs on your >> CentOS machine and can use Puppet certs in the latest source version. > > How Func compares to Fabric? > By puppet certs, you mean it''s enough to add Puppet client to Puppet > master, and Func can re-use the created certificates?Yes. https://www.redhat.com/archives/func-list/2010-March/msg00003.html> >> There''s also Capistrano and mcollective. (And a lot of distributed >> ssh tools on the side.) > > I actually tried Capistrano sometimes ago, didn''t quite like it due to > extensive Ruby use (which admittedly I don''t have much expired with). > MCollective looks interesting, any how it compares to Func/Puppet?It introduces a message bus and does groups a little differently. Volcane would be the best person to ask. Func has a concept of modules where you can make reusable "things" to trigger remotely, though many people just use it for shell commands.> >> I don''t like to look at these as deployment tools -- I strongly prefer >> packaging applications properly and pushing them out with Puppet, but >> it''s good for ad-hoc tasks like "power these off now", or "initiate OS >> reinstall". > > I find this approach problematic, as I won''t have control over which > box is being deployed. Moreover, it''s not as clear for DB schema > updates. > >> Where you don''t want >> packages, take a look at using something like http://github.com/reductivelabs/puppet-vcsrepo to check out code from >> source, right on your puppet managed machines. > > I presume this module supports a checkout of code right on the > application machines?Yes.> Again, I need to control exactly which deployment steps are performed > on each machine, and it seems that Puppet requires a lot of work to > achieve this, compared to other existing tools.I understand inter-machine orchestration is difficult, yes, there have been quite a few threads on this lately about what we might do to make this better in the future. Search for "external resource" for starters of what this may become. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
hello, ----- "Michael DeHaan" <michael@puppetlabs.com> wrote:> > I actually tried Capistrano sometimes ago, didn''t quite like it due > > to extensive Ruby use (which admittedly I don''t have much expired > > with). MCollective looks interesting, any how it compares to Func/Puppet? > > It introduces a message bus and does groups a little differently. > Volcane would be the best person to ask.MCollective enables you to write agents on all your nodes and talk to them in an RPC fashion. It has more dependencies than some of the other tools but provides tight integration with puppet and other such tools meaning instead of host lists etc you can pick and choose which machines to target your actions based on facts, classes, hostnames and regexes of all of those. I''d say if you were looking for something to run just random cli commands with on all your machines then its the wrong choice but if you had to write code that interacts with your infrastructure and orchastrate cross machine states then its the right tool. It''s more programming heavy than some of the other tools though the RPC framework is a bit like Rails in that it makes a lot of assumptions about how you build agents and if you work within those assumption boundaries you can pull off some nice stuff quite quickly. It comes with agents package, service, puppet, iptables, exim and a few others. Provides centralized auditing of all actions and in the next release very fine grained authorization of all actions. The auditing, authorization, security encryption and even what serialization you use is all pluggable and replacable. It really shines on larger infrastructures where you would want high concurrency. And the payoff in its extra dependencies becomes really apparent in those larger platforms though. To see the kind of thing it enables you to write, the code in http://pastie.org/924350 asks all machines their puppet status and keeps a count of which ones are currently doing manifest runs. Also note how that code supports selection of machines as in the last part of the pastie where it only runs against machines with puppet class /dev_server/ and facter fact country=de. Also see http://srt.ly/1b and http://srt.ly/p I don''t really want to do a point for point comparison between tools but any tool in this space that is based on threads of parallel ssh will run into resourcing issues fairly soon. Similarly tools that are based on static hosts lists rather than the reality of what is there now will also have issues. MCollective doesn''t use any of these modes of operation. I specifically designed MCollective to allow quick discovery of resources, like here I have a report of a specific fact, the data is based on right now, not based on some DB or something: $ mc-facts country Report for fact: country de found 23 times uk found 9 times us found 6 times za found 2 times Finished processing 40 hosts in 1002.30 ms Building up queries of machines is easy: $ mc-find-hosts -W /dev_server/ country=de dev1.my.net dev2.my.net dev3.my.net And these queries can be used to target requests. It isn''t a Puppet extension though the same basic stuff will work with Chef/Ohai and with whatever else you can code really since the core provides extensive plugin abilities. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi. Thanks for the detailed explanation.> MCollective enables you to write agents on all your nodes and talk to > them in an RPC fashion. It has more dependencies than some of the other > tools but provides tight integration with puppet and other such tools > meaning instead of host lists etc you can pick and choose > which machines to target your actions based on facts, classes, > hostnames and regexes of all of those.It sounds as very close to what I need, i.e. performing different actions according to types of machines, rather then running over a list of hosts. Does it contain any deployment-oriented tools?> I''d say if you were looking for something to run just random cli commands > with on all your machines then its the wrong choice but if you had to write > code that interacts with your infrastructure and orchastrate cross machine > states then its the right tool.You probably mean that just for firing commands over group of machines, it''s better to be done in "SSH loop" tools, like Func/Fabric/ etc, as it doesn''t require client installation? Does MCollective allow any raw CLI, or all needs to be done via Ruby?> It''s more programming heavy than some of the other tools though the RPC framework > is a bit like Rails in that it makes a lot of assumptions about how you build agents > and if you work within those assumption boundaries you can pull off some nice stuff > quite quickly.Any plans to support other languages?> It comes with agents package, service, puppet, iptables, exim and a few others. > Provides centralized auditing of all actions and in the next release very fine > grained authorization of all actions. The auditing, authorization, security > encryption and even what serialization you use is all pluggable and replacable.These packages mostly for audition? Or I can control them (though it probably should be left for Puppet)?> > It really shines on larger infrastructures where you would want high concurrency. > And the payoff in its extra dependencies becomes really apparent in those larger > platforms though.What overheads MCollective + deps add?> I don''t really want to do a point for point comparison between tools but any tool in this > space that is based on threads of parallel ssh will run into resourcing issues fairly soon. > Similarly tools that are based on static hosts lists rather than the reality of what > is there now will also have issues. MCollective doesn''t use any of these modes of operation.I think CTier works according to similar notation, where you need to define classes of machines, though it doesn''t seem to integrate as well with Puppet. Regards. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
hello, ----- "SyRenity" <stas.oskin@gmail.com> wrote:> Hi. > > Thanks for the detailed explanation. > > > MCollective enables you to write agents on all your nodes and talk > to > > them in an RPC fashion. It has more dependencies than some of the > other > > tools but provides tight integration with puppet and other such > tools > > meaning instead of host lists etc you can pick and choose > > which machines to target your actions based on facts, classes, > > hostnames and regexes of all of those. > > It sounds as very close to what I need, i.e. performing different > actions according to types of machines, rather then running over a > list of hosts. > Does it contain any deployment-oriented tools?What kind of tools do you mean? I deploy code with OS packages so that makes it easy the package agent actually uses the Puppet provider code to do the install/update/etc so it''s cross platform. Not sure what other tools you mean, give me some examples.> > I''d say if you were looking for something to run just random cli > > commands with on all your machines then its the wrong choice but if you had > > to write code that interacts with your infrastructure and orchastrate cross > > machine states then its the right tool. > > You probably mean that just for firing commands over group of > machines, it''s better to be done in "SSH loop" tools, like > Func/Fabric/ etc, as it doesn''t require client installation? > Does MCollective allow any raw CLI, or all needs to be done via Ruby?you cant access the CLI of a remote machine interactively no, you send a request and get a response based on the logic in your agents.> > > It''s more programming heavy than some of the other tools though the RPC framework > > is a bit like Rails in that it makes a lot of assumptions about how > > you build agents and if you work within those assumption boundaries you can pull off > > some nice stuff quite quickly. > > Any plans to support other languages?I have some proof of concept JSON <-> MC RPC bridges that can be used but not currently more than that in mind.> > It comes with agents package, service, puppet, iptables, exim and a few others. > > Provides centralized auditing of all actions and in the next release very fine > > grained authorization of all actions. The auditing, authorization, security > > encryption and even what serialization you use is all pluggable and replacable. > > These packages mostly for audition? Or I can control them (though it > probably should be left for Puppet)?I use the package agent to apply operating system updates for packages not included in puppet manifests, or for cases where puppet manifest just say ''ensure => present'' and I manage the updates out of band when i am ready.> > It really shines on larger infrastructures where you would want high concurrency. > > And the payoff in its extra dependencies becomes really apparent in those larger > > platforms though. > > What overheads MCollective + deps add?You need a middleware layer, currently STOMP based ones like ActiveMQ is supported best. On the machines themselves its just rubygem stomp and mcollective code.> > > I don''t really want to do a point for point comparison between tools but any tool in this > > space that is based on threads of parallel ssh will run into resourcing issues fairly soon. > > Similarly tools that are based on static hosts lists rather than the reality of what > > is there now will also have issues. MCollective doesn''t use any of > these modes of operation. > > I think CTier works according to similar notation, where you need to > define classes of machines, though it doesn''t seem to integrate as > well with Puppet.Yes, I re-use the work you already put into puppet as a source of meta data so it comes for free essentially, if you include a class or have a fact then that makes up the query sources for selecting targets. Better than having to classify machines twice and easy to extend with new meta data - just make new facts or classes. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
> You probably mean that just for firing commands over group of > machines, it''s better to be done in "SSH loop" tools, like Func/Fabric/ > etc, as it doesn''t require client installation?Just to clarify, Func does not use SSH. It uses XMLRPC over SSL, very similar to how Puppet works (no REST though), and has a daemon. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi.> What kind of tools do you mean? I deploy code with OS packages so that makes it easy > the package agent actually uses the Puppet provider code to do the install/update/etc > so it''s cross platform.You mean you package your code as RPM/DEB, and then install it via package agent (which uses Puppet code) on-demand, in push model?> > Not sure what other tools you mean, give me some examples.The above approach would be fine, if this what you meant.> you cant access the CLI of a remote machine interactively no, you send a request > and get a response based on the logic in your agents.Can you give any example to this? Suppose I want to find the version of Linux installed on every host, for example.> I use the package agent to apply operating system updates for packages not included > in puppet manifests, or for cases where puppet manifest just say ''ensure => present'' > and I manage the updates out of band when i am ready.So you basically can manage updates as needed, in monitored fashion. Nice. I understand that such things as db schema updates and partial productions deploys can be easily done using classes. But do you plan to support deployment rollbacks of any sorts? Regards. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
> Just to clarify, Func does not use SSH. It uses XMLRPC over SSL, very similar > to how Puppet works (no REST though), and has a daemon.I see, so Fabric is actually the only tool which allows agent-less operations. Are there any Puppet modules available for Func and MCollective agents? Thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
hey, ----- "SyRenity" <stas.oskin@gmail.com> wrote:> Hi. > > > What kind of tools do you mean? I deploy code with OS packages so > that makes it easy > > the package agent actually uses the Puppet provider code to do the > install/update/etc > > so it''s cross platform. > > You mean you package your code as RPM/DEB, and then install it via > package agent (which uses Puppet code) on-demand, in push model?yes..> > you cant access the CLI of a remote machine interactively no, you send a request > > and get a response based on the logic in your agents. > > Can you give any example to this? Suppose I want to find the version > of Linux installed on every host, for example.that is available as a Facter fact, here you go: % mc-facts lsbdistdescription CentOS release 5.2 (Final) found 1 times CentOS release 5.3 (Final) found 5 times CentOS release 5.4 (Final) found 34 times Finished processing 40 hosts in 5001.69 ms run it with -v and you get a list of hosts matching, if you wanted to just find the 5.2 you could: % mc-find-hosts -W lsbdistdescription=/5.2/ xen6.my.net If I just want to update ''httpd'' package on those machines: % mc-package -W lsbdistdescription=/5.2/ update httpd Look at this video: http://www.youtube.com/ripienaar#p/a/u/4/kNvoQCpJ1V4 that''s exim queues and management exposed over mcollective and centrally managed.> > I use the package agent to apply operating system updates for > packages not included > > in puppet manifests, or for cases where puppet manifest just say > ''ensure => present'' > > and I manage the updates out of band when i am ready. > > So you basically can manage updates as needed, in monitored fashion. > Nice.yeah, and audited centrally etc.> I understand that such things as db schema updates and partial > productions deploys can be easily done using classes. > But do you plan to support deployment rollbacks of any sorts?can''t imagine that, at least if some other tool provide a transaction aware layer sure, but it''s an incredibly complex task and probably varies per environment. Sure you could code rollbacks by calling your package management tool in a way that would trigger that. Certainly I do not believe something that just calls remote procedures could do rollbacks on your behalf. -- R.I.Pienaar -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
> I see, so Fabric is actually the only tool which allows agent-less > operations.aka Distributed SSH? There are others, not sure of any that make it into more of a language.> > Are there any Puppet modules available for Func and MCollective > agents?Not for Func, but I''m sure they would like it if you wrote one :) Here''s the current list: https://fedorahosted.org/func/wiki/ModulesList It''s simple enough to just call "command execute" and invoke puppetd, which is what most people do (if they are doing that). The module would just shorten the command. https://fedorahosted.org/func/wiki/CommandModule You could also pretty easily make a module that surfaced facts for augmenting the data in Func-Inventory: https://fedorahosted.org/func/wiki/FuncInventory However that''s kind of extra if you are also using storeconfigs, so I''m not sure you''d want to do that, but you could. --Michael -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/19/2010 07:26 PM, SyRenity wrote:>> Just to clarify, Func does not use SSH. It uses XMLRPC over SSL, very similar >> to how Puppet works (no REST though), and has a daemon. > > I see, so Fabric is actually the only tool which allows agent-less > operations. > > Are there any Puppet modules available for Func and MCollective > agents?Func: http://puppet-modules.git.puzzle.ch/?p=module-func.git cheers pete -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvMxlsACgkQbwltcAfKi3/oMACfVIdF4eIfSUDvx9Z0YcYJXhGN nvgAnj96vwgsczBorCT9Q5R6ZYk9JM/F =GDy9 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
>> Are there any Puppet modules available for Func and MCollective >> agents?Ah, Puppet modules. I read that backwards, sorry :)> > Func: http://puppet-modules.git.puzzle.ch/?p=module-func.gitNice! Yeah, just basic service-package-file. Looks good! --Michael -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.