Migrating away from puppet to cdist

Skip to first unread message

Nico -telmich- Schottelius

Apr 4, 2011, 1:26:06 PM4/4/11
to puppet...@googlegroups.com, steven-pu...@armstrong.cc
Good morning puppet users,

we, some sysadmins [0] at the computer science departement [1]
at ETH Zurich [2], developed a new configuration management
system called cdist [3], to which we migrate from our puppet

I'm writing to this list for two reasons:

1) Say thanks and goodbye to puppet-*

Puppet in contrast to other systems emphasised on "define what I want"
versus "define what todo", which is a great approach and we've
shameless cloned this approach.

Also we discussed a lot of ideas used in puppet (as well as other
systems), from which we learned.

Puppet was the first CM I seriously adopted and it initially saved
me a lot of time. Thanks to the puppet team!

2) Show other puppet users how to get around (common) puppet problems

We're pretty confident that cdist solves some issues we've seen
in puppet and in the sense of FOSS, we'd like to inform others
how we've solved those issues in cdist:

Bootstrap problem
With puppet we needed to have ruby + some gems on the target
hosts. In cdist we only use a posix shell on the target plus
common UNIX tools (like find, rm, grep), as defined by POSIX.

Complex CA / SSL setup / issues
We've had some trouble using ssl certificates, especially with
multi master and frequent reinstallations. In cdist we only
rely on SSH.

Defining configuration in multiple locations
Defining a type multiple times in different locations in puppet
requires use of virtual ressources. In cdist you don't need to
care about this, as long as the parameters stay exactly the

Error messages
If you encountered errors like "400 Bad Request",
"undefined method `closed?'", "can't convert nil into String",
or "undefined method `closed?' for nil:NilClass", you'll be
happy to hear that cdist's error messages contain usable

Very easy extension
Whereas puppet has modules, types and providers, cdist only knows
about types. A type in cdist contains some functionality,
independent of whether you or upstream decided to implement it.

Pull versus Push approach
Puppet requires one (or more for redundancy reasons) central server,
because clients usually contact the master and ask for changes.

Cdist operatas in push mode and can be run from a small machine
like the sysadmin notebook.

Integrated version control
Cdist is usually cloned via git from upstream and changes are
kept in a different git branch. This encourages you to use the
existing version control for your own configuration.

Integrated clean documentation
All cdist documentation is included into the release and can be
compiled into HTML or manpages. Cdist also includes a reference
document that contains all available paths, types and environment

Unobstrusive upgrade path
Upgrading cdist just requires one "git pull" on your master machine,
no update needed on any client.

Clean release cycle
When in puppet things stopped to work within a minor version,
the cdist release cycle clearly defines that any incompatibility
forces a change on at least the minor (1.x -> 1.y) version.

If you stay on a specific version, like 1.5, things will not break. Promised.

No automatic (magic) behaviour
In puppet you can use title or name without setting it explicitly.
This may be useful in some parts, but maybe surprising as well.

In cdist only the globally available environment variables are
documented and have the same meaning everywhere.

Codebase / Bugs
Puppet contains around 100k lines of code, with cdist you only need
to debug ~ 1k/2k lines (core/with types) lines of code
(according to sloccount[5]).

Warning: Although most pointers above may make cdist look like
superior compared to puppet, cdist is still pretty young
(~4 months old) and may lack some functionality puppet already has.

cdist is usable in production environments already.
It may just not work in very fancy or ancient environments.

If you've any questions, do not hesitate to subscribe to the cdist
mailing list [4] and ask them there.



[0]: http://sans.ethz.ch
[1]: http://www.inf.ethz.ch
[2]: http://www.ethz.ch
[3]: http://www.nico.schottelius.org/software/cdist/
[4]: http://l.schottelius.org/mailman/listinfo/cdist
[5]: http://www.dwheeler.com/sloccount/

PGP key: 7ED9 F7D3 6B10 81D7 0EC5 5C09 D7DC C8E4 3187 7DF0

Reply all
Reply to author
0 new messages