Both Puppet and Chef can do what you want just fine. Your best is going to be to start doing what you’re trying to do and decide which tool you like the best. I think the big questions you have to have to ask is: Do you want a DSL? – Chef recipes are written … Read more
Ansible’s Git Module will do this for you as far as the “pull” is concerned, just make sure that the user that is running the command has key-based access to the git repo. You can specify the user that the command runs as by adding the “sudo_user” parameter to your task: – name: Get stuff … Read more
Configuration Management System’s name: Cfengine Community 3 Why it was created: visit http://cfengine.com/techFaq#create Relative strengths: is very small in size (5MB) with few dependencies allows you to choose freely both between templating and differential modification of the system for integrated management handles organizational complexity very well, i.e. does not require “one model for all” high … Read more
IMHO it’s worth learning even if you’re only managing a single server, Yes, there will be a learning curve. Yes, you will get frustrated. For those costs, though, you will be paid back in multiples through reliable, consistent, one-click deployments, version-controlled server configuration, ease of setting up test/dev environments, etc. In addition to the benefits … Read more
You might (also) look into Vagrant for this. A video is showing how to use the combo of Vagrant and Chef cookbooks. And there’s a dedicated page to Vagrant and Chef on the Opscode site (update 2015-01-23: page has gone…).
An alternative to notify is subscribe: file { “/etc/sshd_config”: source => “….”, } service { sshd: ensure => running, subscribe => File[“/etc/sshd_config”], } The difference being that the relationship is described from the other end. For example, you might make apache subscribe to /etc/apache/httpd.conf, but you’d make a vhost file notify apache, as your apache … Read more
The problem with push based systems is that you have to have a complete model of the entire architecture on the central push node. You can’t push to a machine that you don’t know about. It can obviously work, but it takes a lot of work to keep it in sync. Using things like Mcollective, … Read more
I would recommend using a mixture of Debian pre-seeding, where you give the installer a text file that answers all the questions it would ask, and Puppet. THe reason for using the preseeding, rather than FAI is that you don’t have to set up an image first and deal with keeping it up to date. … Read more
Puppet (I’m pretty sure chef does also) ties in with your apt-get/yum software repositories. Since they do the heavy lifting of figuring out which packages are available, that means ensure => latest just works for Ubuntu/CentOS/Debian the like. As long as you set up the appropriate files correctly (/etc/apt/sources.list, etc).
I have the benefit of understanding the size and complexity of your environment. Seeing as you work for a cloud/hosting provider, it’s safe to assume that you have a large number of small-medium sized environments (10-100 servers). There are certainly daily tasks that are done by the jr. engineers and NOC staff that are repetitive … Read more