Puppet, Chef or CFEngine?

James Mcphee jmcphe at gmail.com
Sat Nov 5 16:59:59 MST 2011 

I am also looking at implementing one of these at some point in the near
future.  The standard scripts over ssh is simple and relatively well
controlled, but teaching new people how to use them and maintaining them in
a sane fashion is troublesome.  I've used a few HP, Dell, Sun, and IBM
config products in the past and they were all bad enough I went back to
scripts in no time.
On Nov 5, 2011 11:33 AM, "Lisa Kachold" <lisakachold at obnosis.com> wrote:

> Can anyone chime in on using enterprise mass systems configuration and
> management tools?
>
> What are you using? Chef, Puppet or CFEngine and why?
>
> I have configured Chef, and setup and demonstrated puppet for specific
> unique tasks (hackfest configuration and password files), both ruby based.
>
> I see the systems administration role for these tools as one of
> automation, for tasks like configuration revision control, single source
> update to hosts, resolv.conf, and ntp.conf type files, and user
> passwd/group management.
>
> For chef, my experience found that setting up the recipes and configuring
> the clients took more time and involved a layer of complexity that was
> contrary to regular everyday use.  However chef can easily be added to any
> RHEL kickstart file for configuration out of the box.
>
> Puppet was excellent, but again, failed in mass user management when it
> came to adding users.  Also Puppet SSL was not easy to configure.  It did
> have a great security feature, in that any changes to configuration files
> managed (passwd/group/shadow/pam) were happily and swiftly restored to
> base, so that if a server was encroached, it was not pwn'd for long!
>
> For changing passwords or adding users, when we are comparing adding ruby
> or adding expect and using a quick shell script to change passwords or add
> users with a standard UID/GID across 90 systems, the simple scripted/expect
> process wins over puppet, and Chef.
>
> While I have not configured or used CFengine, I don't find a standard CPAN
> like cfengine .cf file repository with easy to implement recipes to change
> mass passwords, set chkconfig and iptables, ntp etc.  The configuration cf
> files use simple syntax so I am certain it will be trivial to setup
> anything I need, but when looking forward to long term support and
> expansion, I want linux interns and noobs to be able to use any tool.  Am I
> missing a CFengine cf site somewhere?
>
> I have heard that it does a great push job of maintaining configuration
> files via a SSL connnection.  Has anyone used CFEngine or actively compared
> these tools in a large production server farm and what was your impression?
>
> I imagine in the end analysis, more than one tool, say a scripted add
> user/change password process, with a mass configuration file management
> (over and above the bacula/amanda DR solutions) will be best?
> --
> (602) 791-8002 Android
> (623) 239-3392 Skype
> (623) 688-3392 Google Voice
> **
> HomeSmartInternational.com
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20111105/68d883ab/attachment.html>

More information about the PLUG-discuss mailing list