Can anyone chime in on using enterprise mass systems configuration and
management tools?

What are you using? Chef, Puppet or CFEngine and why?

I have configured Chef, and setup and demonstrated puppet for specific
unique tasks (hackfest configuration and password files), both ruby based.

I see the systems administration role for these tools as one of automation,
for tasks like configuration revision control, single source update to
hosts, resolv.conf, and ntp.conf type files, and user passwd/group
management.

For chef, my experience found that setting up the recipes and configuring
the clients took more time and involved a layer of complexity that was
contrary to regular everyday use.  However chef can easily be added to any
RHEL kickstart file for configuration out of the box.

Puppet was excellent, but again, failed in mass user management when it
came to adding users.  Also Puppet SSL was not easy to configure.  It did
have a great security feature, in that any changes to configuration files
managed (passwd/group/shadow/pam) were happily and swiftly restored to
base, so that if a server was encroached, it was not pwn'd for long!

For changing passwords or adding users, when we are comparing adding ruby
or adding expect and using a quick shell script to change passwords or add
users with a standard UID/GID across 90 systems, the simple scripted/expect
process wins over puppet, and Chef.

While I have not configured or used CFengine, I don't find a standard CPAN
like cfengine .cf file repository with easy to implement recipes to change
mass passwords, set chkconfig and iptables, ntp etc.  The configuration cf
files use simple syntax so I am certain it will be trivial to setup
anything I need, but when looking forward to long term support and
expansion, I want linux interns and noobs to be able to use any tool.  Am I
missing a CFengine cf site somewhere?

I have heard that it does a great push job of maintaining configuration
files via a SSL connnection.  Has anyone used CFEngine or actively compared
these tools in a large production server farm and what was your impression?

I imagine in the end analysis, more than one tool, say a scripted add
user/change password process, with a mass configuration file management
(over and above the bacula/amanda DR solutions) will be best?
-- 
(602) 791-8002 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
HomeSmartInternational.com