[Config-mgmt] so many tools to choose from

Lars Wilke lw at lwilke.de
Tue May 15 11:25:26 PDT 2007 

Hi,

I am in the process of researching what CM Tool i should
use to help me administering a few networks (different customers).

I need a tool to help me rollout updates, configuration changes
and maintain an overview what will happen if i would do this change.
Therefor i figured the combo of system imager, vmware/xen and a cm
tool would get me what i want. I can mirror existing machines into
a vm via system imager very easy and i can test every change there.
But keeping about 50+ hosts on a few networks under control is
challenging me quite a bit. As the machines belong to different
customers, meaning they are differently configured etc.

Therefor i hope a CM tool can help me here to manage these machines.
So i wrote some requirements down which i think such a tool should have
and started the search ... but could not find an ideal candidate :)

Now i am posting my requirements list here in hope somebody has some
advice for me. During my research i found this list and a few others
as well as the wikipedia matrix. With the help of these i figured
that bcfg2 or puppet might be capable of what i want. But i did not
look more closely at these two yet.

So here is my list, any comment is highly appreciated. Thanks

   --lars


* extensive logging ideally in a format which is easy parsable
  that would make integration into other sw easier
* cherry picking of changes to apply
* rollback, ideally partial rollback possible i.e. only downgrade httpd
* test mode
* client verification e.g. what has changed on the client
  Ideally in various resolution depth i.e. show my which
  packages changes vs. get me a diff between these two config
  files
* access control and encryption (tls), usage is over the internet
* version control of packages and config, i guess this i get
  automatically
* a way to accept differences on the client and import them
  into the spec i.e. customer himself changes a config file
  1. the tool should detect this
  2. the tool should allow me to say, ok this is part of
     the spec from now on
  3. The tool should also be able to not import these changes
     but instead just accept them and from there on ignore
     the file/package so that these changes do not get
     overwritten.
* An import of the inital state of the client machine(s)
  Ideally the tool would run a program on the client which would
  generate such an initial spec.
  As all systems i want to manage are already setup it would
  make the barrier to use such a tool a *lot* easier.
* hooks or triggers to generate parts of a spec on the fly i.e.
  querry a database for all entries to put in /etc/hosts.
  More (or less) easily expandable via ruby, perl or python would
  be nice.
* GUI support or some kind of rpc support to write my own
* golden client support or some kind of recorder feature if i have
  to do extensive changes on a machine the tool should be able to
  import these changes and apply them to other machines in the same
  class
* The config should be easy readable. If everything is XML this would
  be quite a PITA to work with IMHO. If tools would be available to help
  here this would be fine, though.
  But this is just my personal preference i could live with a tool
  using XML of course.
* The changes done on the client should be done in a transactional style
  Either completly or rollback to the state before the client was
  touched at all. Maybe it would be nice to have a way to split the sum of
  all changes into different transactions. One transaction for updating the
  kernel, another one for updating some sw packages etc. hm this falls together
  with cherry picking i guess
* The tool ideally would be able to cope with linux acls and filesystem attrs
* Target platforms are: Linux, Solaris (9+) and *BSD, with linux the most
  important one.

More information about the Config-mgmt mailing list