The State of Open Source System Automation
The days of DIY system administration are rapidly coming to a close. Why? Because the open source tools available are just too good not to use. Presenting Bcfg2, Cfengine, Chef and Puppet.
Thursday, August 19th, 2010
Appendix – Quick Comparisons
What Language Is The Tool Written In?
- Bcfg2 Python.
- Cfengine C.
- Chef Ruby.
- Puppet Ruby.
How Long Has it Been Around?
- Bcfg2 2004
- Cfengine 1993
- Chef 2009 – currently in beta
- Puppet 2005
How Widely Is It Used?
- Bcfg2 Used at at least 100 sites.
- Cfengine Used in over 5000 companies. Mark’s conservative estimate is over 1,000,000 computers running Cfengine today. There are over two thousand sites with tens of servers; and thirteen sites with tens of thousands of servers.
- Chef The OpsCode Wiki lists 7 organizations using Chef, including VMWare, Etsy and RightScale.
- Puppet Puppet has over 80 organizations using it. Top users are:
- Google: 45K Macs + internal servers.
- Zynga: 80k servers.
- JPMorganChase: 35k servers.
Does It Allow Re-use of Configuration Policies?
Bcfg2 Recipes are in the source code control repo in version 2 but sharing is not easy, group names need to be standardized first.
Cfengine Promises are shared through the Cfengine company which vets and standardizes them in the Community Open Promise Body Library:http://www.cfengine.org/manuals/CfengineStdLibrary.html
Chef Recipes are very actively shared at http://cookbooks.opscode.com/
Puppet Manifests are shared at http://forge.puppetlabs.com/
Presenters’ Slides
Learning More, Getting Help.
USENIX Configuration Management Summit 2010
Comments on "The State of Open Source System Automation"
We run Bcfg2 pretty extensively at our offices, and it certainly has its pluses and minuses. However, one of the things that is a real stick in the side is TGenshi, the Bcfg2 templating system. One of the great things about TGenshi is, well, it allows you to add logic to your file–so you can generate files from the Properties plugin, dynamically encrypt passwords, etc.. Great feature, right?
Debugging is AWFUL. The errors TGenshi throws by defaulty largely generic; for example, if you have a 100 line Python file being run in the template, and an error occurs anywhere, you’ll just get a message saying “Could not generate this file.” No line number, no raising of the original Python exception, nothing. If you want to do any serious work, you’ll have to write your own wrapper to catch errors–or at least a line number for what failed.
Bcfg2′s strongest feature is keeping everything the same on every server, so I would consider combining this for day-to-day maintenance, and maybe Puppet or cfengine for deployment.
Andrew
We’ve been using cfengine 1+2 for 11 years.
we use cfengine2 with some logic of our own to control around 130 computers, and is very nice and powerfull, when you get to understand it.
Now we are thinking to get in puppet. I’d like to post soon to tell you how it was.
We just ran into the sccm cenlit performance issue. We had a script blow out the sccm cenlit to the domain, and the support team did this on sunday at about 1am. Every sunday at 1am since then our VMware farm grinds to a halt. Cpu spikes, storage spikes.We found that sccm was launching a dir /s inventory on all of its cenlits on the 7 day aniversary. About 200 vms.Still not sure how we will fix this, but ideas would be appreciated.
G6179Y akxxosibwevp