[CentOS] Spacewalk or Puppet?
mail-lists at karan.org
Wed Nov 4 13:42:36 UTC 2009
On 11/04/2009 12:15 PM, Marcus Moeller wrote:
> I am personally not that big fan of Puppet, as things are getting quite
> complex in large scenarios and as Puppet does not scale well (this has
> been improved in the latest version if you are using passenger instead
> of webrick).
Puppet is actually easier to scale beyond a few nodes than spacewalk is.
Remember that the client->server model for puppet is optional. eg. One
set of people I introduced puppet to use git as a policy distribution
layer and run ~ 12k instances using puppet, with average delivery time
being less than 4 minutes from released, with less than 10 min
guaranteed for role/policy implementation on the designated nodes ( its
a large hosing setup, we did these calculations just last weekend ).
> If you are willed to set up complex configurations with depends and
> variables, Puppet may be a good choice. In addition of Cobbler or
> TheForeman you will get provisioning functionality, too. IMHO you should
> also be familiar with Ruby, too.
I dont agree with either of the two, puppet is one package with ruby on
the machine, how many dozens of thigns do you need to install for
spacewalk ? What is the stability and maintenance loop like for each
component ? And how many hoops do you need to jump through in order to
get your app rollout linked into state management with spacewalk ? Try
the same for puppet or even bcfg2 /chef/cfengine - its just a case of
comparing apples and oranges. They dont do the same thing and they are
both good to have, you just need to make up your mind what level you
want to abstract at and how you want to split roles. Eg. Spacewalks's
config policy management capabilities are about 3 generations behind
what puppet is able to give you today.
> Spacewalk is one single tool for all Lifecycle Management task. It is
> capable of bare provisioning (using Cobbler integration),
> re-provisioning (using Koan), configuration management, errata
> generation and package management. It also scales quite well if you are
> using Oracle Standalone instead of XE. With PostgreSQL, a free database
> backend will be integrated in the near future.
I think you highlighted the main issues yourself - spacewalk does a fair
bit of different things than puppet - the only real overlap is on config
management ( which I prefer to call policy - since its a case of policy
that defines the role of a specific box ). And at that puppet is way
ahead of the capabilities of spacewalk.
The other massive win you can get from an integrated spacewalk/puppet
deployment is the ability to stop running ssh and any remote access to a
machine. Which in turn means that your spacewalk setup will have (
almost by force ) a good representation of the platform and the puppet
manifests give you a fantastic view of the entire policy deployment
across the entire infrastructure - just this is worth a lot when you
have employee churn and/or need to consider platform re-factoring. And
with a vcs to back up the puppet manifests, you get all the audit, track
and management around that policy that you need.
btw, I also dont agree with the idea that using puppet needs knowledge
of ruby - its like saying using cfengine needs knowledge of 'C' or using
OpenOffice needs intricate knowledge of Java. On the other hand, Chef
aims to be closely associated within ruby - and if you said that Chef
needed a fair ruby mindset, I'd agree :)
PS: Your email client is broken. Its not preserving thread sanity.
London, UK | http://www.karan.org/ | twitter.com/kbsingh
ICQ: 2522219 | Yahoo IM: z00dax | Gtalk: z00dax
GnuPG Key : http://www.karan.org/publickey.asc
More information about the CentOS