Puppet, Chef or CFEngine?

Bryan O'Neal Bryan.ONeal at TheONealAndAssociates.com
Tue Nov 8 09:34:24 MST 2011 

Personal opinion - for large scale use with many people maintaining
different sections puppet is one of the best - however it is really
only good for file management. Since nearly everything on a linux
system is a file, this should not be a problem. As for user management
- I am still under the opinion on that (unless you are a pure Linux
environment) this should be solved by using Active Directory for
authentication and pam for access mismanagement. (if you don't want to
integrate your services with pam they probably have a simple
configuration file that controls access management that could be
handled by puppet just as easily)
Chef is more extensible with access to a full ruby stack - however
unless you have a very small group of well coordinated developers who
insist on adhering to standards you will rapidly find your
provisioning code will become unwieldy and almost useless as you
inheritances start overriding key portions without notice as to why or
what section did what. In the rite hands the flexibly is an asset that
may help solve key problems. In the wrong hands it will propagate
problems whose effect compound over time until the entire system is
scraped.

Disclaimer - I know very little regarding this compared to others. I
use puppet, write manifests, build systems, etc. I am not responsible
for the engineering.

On Sun, Nov 6, 2011 at 3:56 PM, Ed <plug at 0x1b.com> wrote:
> On Sat, Nov 5, 2011 at 4:59 PM, James Mcphee <jmcphe at gmail.com> wrote:
>> I am also looking at implementing one of these at some point in the near
>> future.  The standard scripts over ssh is simple and relatively well
>> controlled, but teaching new people how to use them and maintaining them in
>> a sane fashion is troublesome.  I've used a few HP, Dell, Sun, and IBM
>> config products in the past and they were all bad enough I went back to
>> scripts in no time.
>>
>> On Nov 5, 2011 11:33 AM, "Lisa Kachold" <lisakachold at obnosis.com> wrote:
>>>
>>> Can anyone chime in on using enterprise mass systems configuration and
>>> management tools?
>>>
>>> What are you using? Chef, Puppet or CFEngine and why?
>>>
>
> I like CFengine - the task based focus is on "promises" and the
> install is painless. The only ruff spot I could point to is with
> application updates - the interface to yum is less polished than some
> - updates work if you work on them as groups vs particular apps. There
> are many promises online and in the maillists for particular tasks. I
> think there is even a starter pack on github somewhere. CFengine fits
> well into ITIL and managing IT - lots of IT - and it has it's own
> directory in /var too!  ;)
>
> The RH world has worked with Cobbler plus Puppet - this is getting
> tighter with Puppet plus TheForman and Pulp - if I remember the
> roadmap.
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

More information about the PLUG-discuss mailing list