[Population: One] <A HREF="http://popone.innocence.com/ar

[bryant]

cfengine is cool. I dug it. The tutorial was introductory and I was pretty sold on the concepts. If you already know about cfengine there is nothing useful for you in this post.

Cheap summary: a host is classified into a number of groups. Lots of classifications are automatic; there's a linux group (any machine running linux), there's a 129_120_10 group (any host on the 129.120.10 subnet), there's a Hr02 group (any host running cfengine between the hours of 2 AM and 3 AM), etc. Why would you want that last? Maybe you only want to do some checks during that hour. Yes, this is yet another way to schedule periodic jobs in a manner that future sysadmins will be unable to find... but I digress.

You then can specify actions that should take place if a host is in a specific group. Some of the action classes are very generic -- running shell commands, deleting files, checking permissions and owners of files, copying files from a central server, etc. Some are pretty specific -- there's a class that allows you to tweak the nameservers in /etc/resolv.conf. This will not work out so well if your nameserver resolver file lives somewhere else, of course. There's a class that's tuned for defining the NFS server from which a host mounts its mailspool. Cool but not necessarily of general use. However, there's a class for editing files which is pretty featureful, so you can roll your own stuff as needed.

It kinda runs under Windows if you have cygwin installed. Hm.

It reminds me of the system we used at AltaVista, but it is substantially more featureful.

Comments

[rmd.livejournal.com]

we use cfengine where i am now. it's a great tool.

[rmd.livejournal.com]

where by "great" i mean "very powerful so it's easy to do big things but also easy to really fuck things up if you're not careful."

all the really good tools are capable of great damage. :-)

[kniedzw.livejournal.com]

I played around with cfengine at an old client site. Unfortunately, it required that the sysadmins actually had carte blanche to do administration without having to consult the "owners" of the boxes in question for each and every change. ...which made the situation rather impossible.

All in all, I agree with your assessment. It seems like a cool tool, and the model of defining a "desired state" for each machine seemed like a reasonable approach.