Linux automation/config management options - Puppet, Cfengine, etc?

Has anybody worked with tools like Puppet, Cfengine or similar to assist with reducing time spent on configuration changes, package updates, etc? One of the projects I have on-going is trying to finalize a configuration to replace our branch office file/print servers with Linux servers, and eventually when one final remaining software vendor makes the switch late this quarter away from ActiveX we'll be doing the same for a lot of desktop's as well.

As a result, I'm looking for something I can use to manage configurations and so forth remotely. Puppet seems to come recommended more than Cfengine has, but just wondering what some of you guy's think. I suppose another option is to just do something in-house as well, I could make that work but with my time being so limited and larger projects like this getting drawn out as a result - I'd rather not re-invent the wheel unless I have to.

Thoughts, recommendations, other ideas?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

NightShade03

Funny you should ask as I've been implementing/testing all of these myself. I can offer you the following advise:

Puppet - is the most highly recommended product I have seen. It's easier from a configuration standpoint, does great management, and has a great company backing it. That being said...due to whatever unknown reasons...even following their tutorials it took me a week to get the server portion installed (once it was installed it was no problem). They need to really pick up the pace on documentation, but otherwise a solid product.

Cfengine - Another good product, although more complex to setup and get running. This is more flexible than puppet is and offers more options, but you really need to ask yourself if you really need that complex of a config manager. Most admins just need to deploy packages and a few config files here and there...for that purpose this is just overkill

OpsCode Chef - Something else you might want to look at. Chef is a ruby programmed config manager that is on the rise to compete against Puppet and Cfengine. You actually sign into a web interface on their website and put together modules that you can then drag and drop to individual servers or groups that get deployed to your systems. There are two downsides to this product...you need to know ruby and it's not as mature as the other two so you will have to play the versioning game until a stable release comes out. Still from the demo I did it seems like a viable contender in the area... I just don't think it is there yet.

Kickstart / home built - I actually ended up going this route after looking into all these products. It did seem like reinventing the wheel at first but in the end everything seems to need a more home grown, customized solution. Puppet is used at places like Google where they have thousands and thousands of the same servers. I have about 40 servers and all of the above products where just overkill. I setup a PXE boot kickstart server for complete automation of installation. When the install is complete a simple script checks into a MySQL database and based on the entry for system it sets the IP, hostname, and downloads a second script that performs the configuration (additional package installation, deploys our custom software, sets up SSH, iptables, etc).

Hope this was what you were looking for information wise. Let me know if you'd like further details or clarification on anything.

it_consultant

msteinhilber wrote: »

Has anybody worked with tools like Puppet, Cfengine or similar to assist with reducing time spent on configuration changes, package updates, etc? One of the projects I have on-going is trying to finalize a configuration to replace our branch office file/print servers with Linux servers, and eventually when one final remaining software vendor makes the switch late this quarter away from ActiveX we'll be doing the same for a lot of desktop's as well.

As a result, I'm looking for something I can use to manage configurations and so forth remotely. Puppet seems to come recommended more than Cfengine has, but just wondering what some of you guy's think. I suppose another option is to just do something in-house as well, I could make that work but with my time being so limited and larger projects like this getting drawn out as a result - I'd rather not re-invent the wheel unless I have to.

Thoughts, recommendations, other ideas?

Whats the motivation behind moving only your branch office servers to *nix?

msteinhilber

it_consultant wrote: »

Whats the motivation behind moving only your branch office servers to *nix?

Well, we're not going to be *nix only at the branch offices. I have transitioned a good amount of resources at our corporate office over to *nix already - leaving only our mail servers, accounting (stuck with Great Plains, etc), DC, and a handful of servers that run app's for our Nortel Option 11's. So for the most part, at least for now everything we can reasonably switch over to a *nix based solution at our corporate office already has been done. I'm just now looking into tools like Puppet and so forth, because at the present time it's not much difficulty for me to manage all of the servers I have running now but would be a significant burden once our branch offices are switched over.

Eventually the plan is to implement an LDAP directory and finally introduce centralized management to our network which is something we lack now - why I'm not exactly sure but it's been a battle I've been dealing with here for several years. When that happens, our DC will probably disappear (yea, we have a single DC...) and we will finally have some redundancy in place instead of dozens of single points of failure spread throughout our network like we have now.

Thanks for the input NightShade, that was effectively what I was looking for. Mostly seeking others thoughts who have gone down the road before to help shape the direction I try out and hopefully save trying several options and investing a week or two for each to learn, configure, and trial them.

NightShade03

LDAP is a whole other beast

I'm actually in the middle of that one now. Trying to get SSH public keys to integrate into an LDAP server (not easy).

petedude

Sorry to dredge up an old thread, but--

Getting interested in some of these new config management tools lately. Are any of them a functional replacement for SCCM? I'd be interested in finding something that could deploy, image and provide remote control. Configuration enforcement would be handy too, and Puppet seems to do that.