Anyone ever implimented cfengine on 4.x ? I am just looking for background and if there are any traps to fall into?
thanks
On Wed, Mar 29, 2006 at 10:00:46PM +0100, Tom Brown enlightened us:
Anyone ever implimented cfengine on 4.x ? I am just looking for background and if there are any traps to fall into?
I use it very sparingly, and not in production yet. There is the possibility of RPM vs. cfengine races (e.g. the format of a config file changes, so your carefully crafted editfiles section is now broken). I try my best to limit it to things that RPM won't/doesn't touch.
Matt
On Wed, 29 Mar 2006, Tom Brown wrote:
Anyone ever implimented cfengine on 4.x ? I am just looking for background and if there are any traps to fall into?
I install and use it on CentOS (and Debian, and Gentoo, and Solaris, and OS X), but only for configuration; I don't rely on it for package management at all.
The only "traps" I've encountered are:
1) make sure your config repository is solid, with a clear and conservative set of guidelines concerning change management
2) use "-nv" liberally while formulating your configuration
3) for now, anyway, you have to add special shellcommands to manipulate SELinux contexts
4) document whatever you do, because it's likely that none of your colleagues are familiar with cfengine (a sadly true fact of life...)
On 3/29/06, Tom Brown tom.brown@goodtechnology.com wrote:
Anyone ever implimented cfengine on 4.x ? I am just looking for background and if there are any traps to fall into?
We use Dag's Cfengine RPM on 4.x and do package management with it.
The only trap that we've encountered, beyond those already listed, is that cfengine executes shellcommands with umask 077, and many RPMs don't install correctly with umask 077. To fix this, make sure that you always add a umask=022 option to any rpm shellcommands.
Josh Kelley
We use Dag's Cfengine RPM on 4.x and do package management with it.
The only trap that we've encountered, beyond those already listed, is that cfengine executes shellcommands with umask 077, and many RPMs don't install correctly with umask 077. To fix this, make sure that you always add a umask=022 option to any rpm shellcommands.
thanks all - useful tips and something for me to digest slowly i think
cheers
-
Josh Kelley -
Matt Hyclak -
Paul Heinlein -
Tom Brown