Can anyone chime in on using enterprise mass systems configuration and management tools? What are you using? Chef, Puppet or CFEngine and why? I have configured Chef, and setup and demonstrated puppet for specific unique tasks (hackfest configuration and password files), both ruby based. I see the systems administration role for these tools as one of automation, for tasks like configuration revision control, single source update to hosts, resolv.conf, and ntp.conf type files, and user passwd/group management. For chef, my experience found that setting up the recipes and configuring the clients took more time and involved a layer of complexity that was contrary to regular everyday use. However chef can easily be added to any RHEL kickstart file for configuration out of the box. Puppet was excellent, but again, failed in mass user management when it came to adding users. Also Puppet SSL was not easy to configure. It did have a great security feature, in that any changes to configuration files managed (passwd/group/shadow/pam) were happily and swiftly restored to base, so that if a server was encroached, it was not pwn'd for long! For changing passwords or adding users, when we are comparing adding ruby or adding expect and using a quick shell script to change passwords or add users with a standard UID/GID across 90 systems, the simple scripted/expect process wins over puppet, and Chef. While I have not configured or used CFengine, I don't find a standard CPAN like cfengine .cf file repository with easy to implement recipes to change mass passwords, set chkconfig and iptables, ntp etc. The configuration cf files use simple syntax so I am certain it will be trivial to setup anything I need, but when looking forward to long term support and expansion, I want linux interns and noobs to be able to use any tool. Am I missing a CFengine cf site somewhere? I have heard that it does a great push job of maintaining configuration files via a SSL connnection. Has anyone used CFEngine or actively compared these tools in a large production server farm and what was your impression? I imagine in the end analysis, more than one tool, say a scripted add user/change password process, with a mass configuration file management (over and above the bacula/amanda DR solutions) will be best? -- (602) 791-8002 Android (623) 239-3392 Skype (623) 688-3392 Google Voice ** HomeSmartInternational.com