354 lines
10 KiB
Text
354 lines
10 KiB
Text
|
[[!meta title="cdist - usable configuration management"]]
|
||
|
|
||
|
|
||
|
.. . .x+=:. s
|
||
|
dF @88> z` ^% :8
|
||
|
'88bu. %8P . <k .88
|
||
|
. '*88888bu . .@8Ned8" :888ooo
|
||
|
.udR88N ^"*8888N .@88u .@^%8888" -*8888888
|
||
|
<888'888k beWE "888L ''888E` x88: `)8b. 8888
|
||
|
9888 'Y" 888E 888E 888E 8888N=*8888 8888
|
||
|
9888 888E 888E 888E %8" R88 8888
|
||
|
9888 888E 888F 888E @8Wou 9% .8888Lu=
|
||
|
?8888u../ .888N..888 888& .888888P` ^%888*
|
||
|
"8888P' `"888*"" R888" ` ^"F 'Y"
|
||
|
"P' "" ""
|
||
|
|
||
|
|
||
|
[[!toc levels=3]]
|
||
|
|
||
|
## Introduction
|
||
|
|
||
|
cdist is a usable configuration management system. It adheres to
|
||
|
the KISS principle and is being used in small up to enterprise grade
|
||
|
environments.
|
||
|
cdist is an alternative to other configuration management systems like
|
||
|
[cfengine](http://www.cfengine.org/),
|
||
|
[bcfg2](http://trac.mcs.anl.gov/projects/bcfg2),
|
||
|
[chef](http://wiki.opscode.com/display/chef/)
|
||
|
and [puppet](http://www.puppetlabs.com/).
|
||
|
But cdist ticks differently, here is the feature set that makes it unique:
|
||
|
|
||
|
[[!table data="""
|
||
|
Keywords | Description
|
||
|
Simplicity | There is only one type to extend cdist called ***type***
|
||
|
Design | Type and core cleanly seperated
|
||
|
Design | Sticks completly to the KISS (keep it simple and stupid) paradigma
|
||
|
Design | Meaningful error messages - do not lose time debugging error messages
|
||
|
Design | Consistency in behaviour, naming and documentation
|
||
|
Design | No surprise factor: Only do what is obviously clear, no magic
|
||
|
Design | Define target state, do not focus on methods or scripts
|
||
|
Design | Push architecture: Instantly apply your changes
|
||
|
Small core | cdist's core is very small - less code, less bugs
|
||
|
Fast development | Focus on straightforwardness of type creation is a main development objective
|
||
|
Fast development | Batteries included: A lot of requirements can be solved using standard types
|
||
|
Modern Programming Language | cdist is written in Python
|
||
|
Requirements, Scalability | No central server needed, cdist operates in push mode and can be run from any computer
|
||
|
Requirements, Scalability, Upgrade | cdist only needs to be updated on the master, not on the target hosts
|
||
|
Requirements, Security | Uses well-know [SSH](http://www.openssh.com/) as transport protocol
|
||
|
Requirements, Simplicity | Requires only shell and SSH server on the target
|
||
|
UNIX | Reuse of existing tools like cat, find, mv, ...
|
||
|
UNIX, familar environment, documentation | Is available as manpages and HTML
|
||
|
UNIX, simplicity, familar environment | cdist is configured in POSIX shell
|
||
|
"""]]
|
||
|
|
||
|
### Documentation
|
||
|
|
||
|
The cdist documentation is included as manpages in the distribution.
|
||
|
You can browse the documentation online as well:
|
||
|
|
||
|
* [latest version](man/latest)
|
||
|
* [all versions (>= 2.0.4)](man)
|
||
|
|
||
|
### OS support
|
||
|
|
||
|
cdist was tested or is know to run on at least
|
||
|
|
||
|
* [Archlinux](http://www.archlinux.org/)
|
||
|
* [Debian](http://www.debian.org/)
|
||
|
* [CentOS](http://www.centos.org/)
|
||
|
* [Fedora](http://fedoraproject.org/)
|
||
|
* [Gentoo](http://www.gentoo.org/)
|
||
|
* [Mac OS X](http://www.apple.com/macosx/)
|
||
|
* [OpenBSD](http://www.openbsd.org)
|
||
|
* [Redhat](http://www.redhat.com/)
|
||
|
* [Ubuntu](http://www.ubuntu.com/)
|
||
|
* [XenServer](http://www.citrix.com/xenserver/)
|
||
|
|
||
|
|
||
|
## Requirements
|
||
|
|
||
|
### Server
|
||
|
|
||
|
* A posix like shell
|
||
|
* Python (>= 3.2 required)
|
||
|
* SSH client
|
||
|
* Asciidoc (for building the manpages)
|
||
|
|
||
|
### Client ("target host")
|
||
|
|
||
|
* A posix like shell
|
||
|
* SSH server
|
||
|
|
||
|
|
||
|
## Installation
|
||
|
|
||
|
### Preparation
|
||
|
|
||
|
Ensure you have Python 3.2 installed on the machine you use to **deploy to the targets**
|
||
|
(the ***source host***).
|
||
|
|
||
|
#### Archlinux
|
||
|
|
||
|
Archlinux already has python >= 3.2, so you only need to do:
|
||
|
|
||
|
pacman -S python
|
||
|
|
||
|
#### CentOS
|
||
|
|
||
|
See the "From source" section
|
||
|
|
||
|
#### Debian
|
||
|
|
||
|
For Debian >= wheezy:
|
||
|
|
||
|
aptitude install python3
|
||
|
|
||
|
On squeeze you can add following line in **/etc/apt/sources.list**
|
||
|
|
||
|
deb http://ftp.debian.org/debian wheezy main
|
||
|
|
||
|
And add pinning entry in **/etc/apt/preferences.d/wheezy**:
|
||
|
|
||
|
Package: *
|
||
|
Pin: release n=wheezy
|
||
|
Pin-Priority: 1
|
||
|
|
||
|
Please be aware that both **openssh-server** and **openssh-client** might be
|
||
|
removed on **python3.2** installation. You surely want to reinstall them:
|
||
|
|
||
|
apt-get install -t wheezy openssh-server openssh-client
|
||
|
|
||
|
For older Debian versions, installing python 3.2 manually is required.
|
||
|
|
||
|
|
||
|
#### Fedora
|
||
|
|
||
|
For Fedora >= 15:
|
||
|
|
||
|
yum install python3
|
||
|
|
||
|
#### FreeBSD
|
||
|
|
||
|
For the port:
|
||
|
|
||
|
cd /usr/ports/lang/python32/ && make install clean
|
||
|
|
||
|
For the package:
|
||
|
|
||
|
pkg_add -r python32
|
||
|
|
||
|
#### Gentoo
|
||
|
|
||
|
Gentoo only provides python 3.2 in testing packages (http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=3&chap=3).
|
||
|
If you want to ensure nothing breaks you must set back the python version to what was default before.
|
||
|
|
||
|
emerge -av =python-3.2.2 --autounmask-write
|
||
|
emerge -av =python-3.2.2
|
||
|
eselect python list
|
||
|
eselect python list set python3.2
|
||
|
|
||
|
#### Max OS X
|
||
|
|
||
|
You can choose between Homebrew and Macports, either way works:
|
||
|
|
||
|
[Homebrew](http://mxcl.github.com/homebrew/) variant:
|
||
|
|
||
|
brew install python3
|
||
|
|
||
|
[Macports](http://www.macports.org/install.php) variant:
|
||
|
|
||
|
port install python32
|
||
|
ln -s /opt/local/bin/python3.2 /opt/local/bin/python3
|
||
|
|
||
|
#### From Source
|
||
|
|
||
|
For those operating systems not yet support Python 3.2:
|
||
|
|
||
|
pyversion=3.2.3
|
||
|
wget http://www.python.org/ftp/python/$pyversion/Python-${pyversion}.tar.bz2
|
||
|
tar xvfj Python-${pyversion}.tar.bz2
|
||
|
cd Python-${pyversion}
|
||
|
./configure
|
||
|
make
|
||
|
sudo make install
|
||
|
|
||
|
This installs python 3.2 to /usr/local/bin. Ensure this directory is in
|
||
|
your PATH environment variable.
|
||
|
|
||
|
|
||
|
### Get cdist
|
||
|
|
||
|
You can clone cdist from git, which gives you the advantage of having
|
||
|
a version control in place for development of your own stuff as well.
|
||
|
To install cdist, execute the following commands:
|
||
|
|
||
|
git clone git://git.schottelius.org/cdist
|
||
|
cd cdist
|
||
|
export PATH=$PATH:$(pwd -P)/bin
|
||
|
|
||
|
# If you want the manpages
|
||
|
./build man
|
||
|
export MANPATH=$MANPATH:$(pwd -P)/doc/man
|
||
|
|
||
|
|
||
|
### Available versions
|
||
|
|
||
|
There are at least the following branches available:
|
||
|
|
||
|
* Development: master
|
||
|
* 2.0: Python rewrite of cdist core [stable branch]
|
||
|
|
||
|
Old versions:
|
||
|
|
||
|
* 1.7: Bugfixes, cleanups, new type and explorer rename
|
||
|
* 1.6: New types, cleaned up \_\_package* types, internal cleanup
|
||
|
* 1.5: Focus on object orientation instead of global stage orientation
|
||
|
* 1.4: Support for redefiniton of objects (if equal)
|
||
|
* 1.3: Support for local and remote code execution (current stable)
|
||
|
* 1.2: Dependencies supported
|
||
|
* 1.1: \_\_file to \_\_file, \_\_directory, \_\_link migration
|
||
|
* 1.0: First official release
|
||
|
|
||
|
Other branches may be available for features or bugfixes, but they
|
||
|
may vanish at any point. To select a specific branch use
|
||
|
|
||
|
# Generic code
|
||
|
git checkout -b <name> origin/<name>
|
||
|
|
||
|
# Stay on a specific version
|
||
|
version=2.0
|
||
|
git checkout -b $version origin/$version
|
||
|
|
||
|
### Mirrors
|
||
|
|
||
|
* git://github.com/telmich/cdist.git ([github](https://github.com/telmich/cdist))
|
||
|
* git://git.code.sf.net/p/cdist/code ([sourceforge](https://sourceforge.net/p/cdist/code))
|
||
|
|
||
|
## Update
|
||
|
|
||
|
To upgrade cdist in the current branch use
|
||
|
|
||
|
git pull
|
||
|
|
||
|
# Also update the manpages
|
||
|
./build man
|
||
|
export MANPATH=$MANPATH:$(pwd -P)/doc/man
|
||
|
|
||
|
If you stay on a version branche (i.e. 1.0, 1.1., ...), nothing should break.
|
||
|
The master branch on the other hand is the development branch and may not be
|
||
|
working, break your setup or eat the tree in your garden.
|
||
|
|
||
|
### Upgrading from 1.7 to 2.0
|
||
|
|
||
|
* Ensure python (>= 3.2) is installed on the server
|
||
|
* Use "cdist config host" instead of "cdist-deploy-to host"
|
||
|
* Use "cdist config -p host1 host2" instead of "cdist-mass-deploy"
|
||
|
* Use "cdist banner" for fun
|
||
|
* Use **\_\_object_fq** instead of **\_\_self** in manifests
|
||
|
|
||
|
### Upgrading from 1.6 to 1.7
|
||
|
|
||
|
* If you used the global explorer **hardware_type**, you need to change
|
||
|
your code to use **machine** instead.
|
||
|
|
||
|
### Upgrading from 1.5 to 1.6
|
||
|
|
||
|
* If you used **\_\_package_apt --preseed**, you need to use the new
|
||
|
type **\_\_debconf_set_selections** instead.
|
||
|
* The **\_\_package** types accepted either --state deinstalled or
|
||
|
--state uninstaaled. Starting with 1.6, it was made consistently
|
||
|
to --state removed.
|
||
|
|
||
|
### Upgrading from 1.3 to 1.5
|
||
|
|
||
|
No incompatiblities.
|
||
|
|
||
|
### Upgrading from 1.2 to 1.3
|
||
|
|
||
|
Rename **gencode** of every type to **gencode-remote**.
|
||
|
|
||
|
### Upgrading from 1.1 to 1.2
|
||
|
|
||
|
No incompatiblities.
|
||
|
|
||
|
### Upgrading from 1.0 to 1.1
|
||
|
|
||
|
In 1.1 the type **\_\_file** was split into **\_\_directory**, **\_\_file** and
|
||
|
**\_\_link**. The parameter **--type** was removed from **\_\_file**. Thus you
|
||
|
need to replace **\_\_file** calls in your manifests:
|
||
|
|
||
|
* Remove --type from all \_\_file calls
|
||
|
* If type was symlink, use \_\_link and --type symbolic
|
||
|
* If type was directory, use \_\_directory
|
||
|
|
||
|
|
||
|
## Support
|
||
|
|
||
|
### IRC
|
||
|
|
||
|
You can join the development ***IRC channel***
|
||
|
[#cstar on irc.freenode.net](irc://irc.freenode.org/#cstar).
|
||
|
|
||
|
### Mailing list
|
||
|
|
||
|
Bug reports, questions, patches, etc. should be send to the
|
||
|
[cdist mailing list](http://l.schottelius.org/mailman/listinfo/cdist).
|
||
|
|
||
|
### Linkedin
|
||
|
|
||
|
If you have an account
|
||
|
at [Linked in](http://www.linkedin.com/),
|
||
|
you can join the
|
||
|
[cdist group](http://www.linkedin.com/groups/cdist-configuration-management-3952797).
|
||
|
|
||
|
### Commercial support
|
||
|
|
||
|
You can request commercial support for cdist from
|
||
|
[my company](http://firma.schottelius.org/english/).
|
||
|
|
||
|
## Used by
|
||
|
|
||
|
If you're using cdist, feel free to send a report to the mailing list.
|
||
|
Interesting information are for instance
|
||
|
|
||
|
* Which services do you manage?
|
||
|
* How many machines do you manage?
|
||
|
* What are the pros/cons you see in cdist?
|
||
|
* General comments/critics
|
||
|
|
||
|
### Nico Schottelius, Systems Group ETH Zurich, local.ch and privately
|
||
|
|
||
|
Yes, I'm actually eating my own dogfood and currently managing
|
||
|
|
||
|
* [plone](http://plone.org/) (cms)
|
||
|
* [moinmoin](http://moinmo.in/) (wiki)
|
||
|
* [apache](http://httpd.apache.org/) (webserver)
|
||
|
* [kerberos (mit)](http://web.mit.edu/kerberos/) (authentication)
|
||
|
* [nss-pam-ldapd](http://arthurdejong.org/nss-pam-ldapd/) (authentication)
|
||
|
* [ircd-hybrid](http://www.ircd-hybrid.org/) (chat)
|
||
|
* [stunnel](http://stunnel.mirt.net/) (SSL tunnel)
|
||
|
* [mercurial-server](http://www.lshift.net/mercurial-server.html) (version control)
|
||
|
* [xfce](http://www.xfce.org/) (lightweight desktop environment)
|
||
|
* [slim](http://slim.berlios.de/) (graphical login manager for X11)
|
||
|
|
||
|
with cdist on more than **60** production machines of the
|
||
|
[Systems Group](http://www.systems.ethz.ch) at the
|
||
|
[ETH Zurich](http://www.ethz.ch) as well at home.
|
||
|
|
||
|
### Steven Armstrong, CBRG ETH Zurich
|
||
|
|
||
|
The CBRG is managing most of their compute clusters with cdist.
|
||
|
|
||
|
[[!tag cdist unix]]
|