|
From: | Chris Kacoroski |
Subject: | Re: Radmind vs CFengine |
Date: | Wed, 7 Jan 2004 14:49:20 -0800 |
On Jan 7, 2004, at 2:15 PM, Mark.Burgess@iu.hio.no wrote:
But is this type of management required? Couldn't I just keep a separate version of inetd.conf for each host (or group of hosts) on the cfengine server? I think that the cfengine code would be the same (e.g. a copy file section, instead of an editfiles section).On 7 Jan, Chris Kacoroski wrote:Hi, I am looking to implement an enterprise infrastructure (see infrastructures.org) and am trying to decide between radmind and cfengine. Searching the archives and google, The only thing I could find was a transcript from a LISA '03 BoF session on configuration management. After looking at both it seems that cfengine allows a person to program into it semantics of the system files (e.g. the editfiles command) while radmind does not have any idea of what may be in a file. As such radmind can only replace files which makes it much simpler to use (e.g. no scripts to write). In addition, radmind enables a person to install software on a machine and then it willautomatically figure out what files were changed and create a script toreplication the installation on other machines.Question1: Does anyone have examples of when just replacing a file willnot work?This is not really the point. The point is that sometimes you do not want to manage the entire content of a file. e.g. you might have very different versions of inetd.conf on each host, and just want to make sure that no host has ftp enabled, or that all machines should definitely have a web server, or whatever. i.e. both complete and differential management is possible with cfengine.
My concern is that the cfengine scripts will quickly become very complex which is why the Radmind approach is attractive. cfengine has a much more flexibility, but is there a point where that flexibility shoots you in the foot (or allows you to shoot yourself in the foot :).
I like the tripwire-like intrusion detection. Radmind also has this ability.Question2: Does cfengine have any way to determine changes to a machineand create a install scripts or is it preferred to use a third party software installer for this functionality?There are many ways to install software. You can copy files or createa special subroutine to unpack, compile and install files, you can installfrom packages etc etc.Cfengine does not tell you how you should do it - it just tries to providea flexible framework for your own choices. It has tripwire-like change management too, if that is of interest for tracking changes. Mark
[Prev in Thread] | Current Thread | [Next in Thread] |