From owner-freebsd-questions@FreeBSD.ORG Wed Apr 30 21:47:59 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E1FC7DF2 for ; Wed, 30 Apr 2014 21:47:58 +0000 (UTC) Received: from mail-oa0-x229.google.com (mail-oa0-x229.google.com [IPv6:2607:f8b0:4003:c02::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A4C191AA7 for ; Wed, 30 Apr 2014 21:47:58 +0000 (UTC) Received: by mail-oa0-f41.google.com with SMTP id m1so171073oag.28 for ; Wed, 30 Apr 2014 14:47:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:mime-version:in-reply-to:content-type :content-transfer-encoding:message-id:cc:from:subject:date:to; bh=+Hue6GSbIMI+zoDyDJ0l3UKdPdW/lTGwXhRhsaHOHEY=; b=gRfzwlaeq4TskCvCPsKIT0gScoNbYRB2xz2t/X2LD6PvqqJF6+qPoEaqULjSw+970I 9kTJQiFZpmXSMDv4qyNKyxU5/1MV3IAyu8cMfG+KibJrAcJd9V6crGOEUHV12MEX9yd5 SaYpuTiJRoMyXwszRFXl9wMCCmUU/QoYLoz4zslYSLx2Sd1van6zLZK3LnH1mVQ/0GYl h9K1bQZzF4M7xMTZMfiY+kYV1Yn3Ry/xNF/miDOmjPScEc1sPcgCGORxXVgdgwLy8pIg mOauQqO/qOPVINTIdIyqKcREgG+6LYBWH6MVuKoXXtpmM+cNn5jXIMbbJ0mScjLslHhe uBDw== X-Received: by 10.182.142.37 with SMTP id rt5mr3627141obb.76.1398894477950; Wed, 30 Apr 2014 14:47:57 -0700 (PDT) Received: from [192.168.1.64] (pool-71-170-112-253.dllstx.fios.verizon.net. [71.170.112.253]) by mx.google.com with ESMTPSA id tz6sm54117317obc.10.2014.04.30.14.47.57 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 30 Apr 2014 14:47:57 -0700 (PDT) References: Mime-Version: 1.0 (1.0) In-Reply-To: Message-Id: X-Mailer: iPad Mail (11D201) From: Matthew Pherigo Subject: Re: best configuration management tool for FreeBSD? Date: Wed, 30 Apr 2014 16:47:58 -0500 To: Aleksandr Miroslav Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: "freebsd-questions@freebsd.org" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2014 21:47:59 -0000 > On Apr 15, 2014, at 5:33 PM, Aleksandr Miroslav w= rote: >=20 > hi, >=20 > We have a few (~15) FreeBSD boxes that we are running here. They are > all running 8.4, but they are up to date on their ports/patches. >=20 > We have some custom shellscripts (along with rsync) to deploy our > code and and content, but we recently decided to use a proper > configuration manager tool to run our cluster. Internally, we've had a > lot of debate about that and have no clear winners (puppet seems to > get the most votes though). >=20 > What is the best configuration management tool for FreeBSD? We make > heavy use of installing things from ports, so any tool that > understands how to install upgrade stuff from ports would be great. >=20 > Thank you. > Alex > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.or= g" Hey Alex, There are several different options for that available. There's Puppet, Ansi= ble, CFengine (much older than all the others), Chef, Salt, and a few others= . All of these things are going to handle at least 90% of what you could want t= o do with your systems with only some very specific features being present o= r not present. With that in mind, however, a big part of choosing the right s= olution is not just what features are built-in, but considering what the ext= ernal factors are. The external factors that I'm thinking of specifically ar= e add-ons, and community(which both heavily influence each other). If it is e= asy to develop add-ons for the software (add-ons meaning specifications for c= onfiguration management of certain applications or environments), and there i= s a large community, then that means there'll be a lot of add-ons posted onl= ine that you can use, and therefore not have to develop. With that said, that's why my preferred choice is Puppet. Puppet has a lot o= f interest behind it, and it's accelerating pretty rapidly. You tell puppet w= hat you want on a server by putting it in a "manifest", which is a file whic= h declares what the server should be configured like. For example, you might= write something like this: node 'www.example.com' { package { apache: ensure =3D> present, } file { '/usr/www/httpd.conf': ensure =3D> present, source =3D> 'puppet:///files/httpd.conf', } service { 'httpd': ensure =3D> running } } By using declarative language instead of instructional language, you are tel= ling puppet what the server should look like; when this configuration is app= lied, puppet will do the things it needs to do to make sure the server looks= right, and nothing more. For example, if the package "Apache" is already in= stalled, then Puppet won't try to install it again (as opposed to, say, a sh= ell script). It also has a git-based website called the Puppet Forge, where people can po= st modules for use in puppet; for example, a module which allows you to easi= ly declare an Nginx server to be set up on a certain machine, like: class { nginx: } # installs nginx if not present nginx::resource::vhost { 'www.puppetlabs.com':=20 www_root =3D> '/var/www/www.puppetlabs.com', } Since puppet has so much interest from so many people, it has quite a lot of= modules. Most of the things that you're going to want to use in the product= ion environment will have a module already made for them, if it wasn't alrea= dy built in as part of Puppet itself. I use a ruby gem called librarian-pupp= et that manages modules and dependencies for me. All this isn't to say that you shouldn't research all the other systems; the= y all have strengths and weaknesses, and will be easier to use depending on w= hat language they have their roots in (Puppet is based on Ruby). But, if you= don't find any preference towards any particular one, my advice is to go fo= r Puppet since it has the community and growth behind it. Sorry for writing such a long email. =C2=AF\_(=E3=83=84)_/=C2=AF --Matt=