[TriLUG] Tool for new build system

Igor Partola igor at igorpartola.com
Tue Oct 29 12:46:49 EDT 2013


> I gather you are more interested in hand installing then running a script
> that will check for certain configurations, users added, packages
> installed, certain configurations, etc. I would prefer puppet, chef

Bryan is right: puppet, chef, etc. are the way to go. I am primarily a
puppet user, for better or for worse, but even with its warts, I cannot
recommend it enough over doing nothing at all or using shell scripts to
deploy systems.

The reason configuration management is great is that it makes your
configurations deterministic. Once you get your puppet manifests to work,
every server you apply them to will be identical. There is no more guessing
of "which version of Python does this machine have?" or "Is there BIND9
running on these servers?".

The configuration is also repeatable: bring up one server, destroy it,
bring up another. This is where combining it with something like Vagrant is
great: you get to test your configuration locally.

Also, your server configuration now does not live on the server. You don't
need to back up your /etc/ dirs from the servers, since the puppet
manifests are likely stored in git or another version control system. You
know exactly who made each change, when, and why. If the server dies a
horrible death, you get to keep all the configuration completely up to date.

Lastly, the puppet manifests seem to be somewhat less dependent on the
exact versions of packages. For example, you can specify that you want
puppet to install the latest version of apache2. When you manually roll
static OS images, the version of apache2 is frozen in place until you run
something like `yum upgrade` or `apt-get dist-upgrade` after the image is
used to initialize the server.

I now have several machines, both VM's and physical devices that I use for
various purposes (file server, video baby monitor, web host, Tor exit node,
etc.) All of these are now under the control of puppet, in case any of them
kick the bucket and I have to start from scratch.

One bad thing: puppet is ugly. It has its own language, and its own ideas
of how to specify things. It includes many features that the developers
have labeled as "use with caution". It also is notorious for having more
than one way to do things (defines vs classes, stages vs notifications,
templates vs built-in commands). It also isn't great at working with
services like MySQL: saying something like "install MySQL, then create
database "example" with user "example_user" and password "foo" given these
privileges" requires a download of the MySQL wrapper from Puppet Forge.

However, on the whole if you take the two days or so it takes to become
proficient with it, it's an invaluable tool that will make your life as a
sysadmin a whole lot easier.

Rant over, Igor out.


More information about the TriLUG mailing list