Tag Archives: cfengine

Thoughs on cfengine, bcfg2, and puppet

Yesterday I posted about my first steps with cfengine. By the end of the day today, I had things far along that I can:

  • cdebootstrap a directory
  • Run a special cfengine script to get the base files like /etc/fstab and /etc/hosts set up
  • Bring it up in Xen, apt-get install cfengine2, and use cfagent to bring up the rest of the system and install the necessary base packages (like xfsprogs)

Very nice.

I’ve had a few annoyances with the cfengine packages support, which doesn’t quite seem to work as documented al the time.

I also took a look at bcfg2 thanks to a comment yesterday. It looks very interesting, but I have a few gripes about it. I find cfengine files easier to read. I can look at a file, having never used cfengine before, and have a reasonable idea of what is trying to be done and how it will be accomplished. I can’t say the same for bcfg2, plus bcfg2 uses XML config files (ick) and a bunch of small otherfiles. While the architecture as the authors have described it certainly sounds appealing, I’m not sure that bcfg2 is a simple as cfengine. I am a strong believer in the KISS (Keep It Simple, Stupid) principle. But THANKS to the person that left the comment, and I hope that bcfg2 continues to evolve and provide an alternative to cfengine.

I also looked at Puppet. This thing looks very slick. Seems to be cfengine with a nicer syntax. On the other hand, it’s not really clear that anybody is using it. That makes me nervous — this is the kind of thing that can seriously harm machines if it does something unexpected.

First steps with cfengine

This afternoon I started looking at cfengine. In very little time, I’ve already set up rules that can bring a system from pretty much cdebootstrap state up to a minimal production system in our environment. I’ve still got a little ways to go, but it’s already hacking on /etc/hosts, hosts.deny, sources.list, installing appropriate Debian packages for our systems, etc.

It’s come a long way since I last looked at it six years ago.

One thing I can’t figure out…

I have a /etc/bacula/bacula-fd.conf file that contains, among other things, this:

Director {
  Name = backup-dir
  Password = "foo"

Director {
  Name = backup-mon
  Password = "bar"
  Monitor = yes

I can’t figure out how to make cfengine delete just that second section. I tried this:

       BeginGroupIfLineMatching "  name = .+-mon"
         IncrementPointer "-1"
         DeleteToLineMatching "\}"
         DeleteNLines "1"

But it seems that the pointer is never actually being decremented, even when examined under verbose mode. That is, it leaves the leading “Director {” line in the file.