Forum: CFEngine Help
Subject: cfengine versus standard system tools
Author: matt_garman
Link to topic: https://cfengine.com/forum/read.php?3,23938,23938#msg-23938
Yet another post from a CFE newbie. I'm basically at the "working with
examples" stage. A common example is to make sure some service (e.g. ntpd) is
running. This got me to thinking... My OS (Linux CentOS) provides a mechanism
for enabling services at startup ("chkconfig"). Before CFE, part of my new
server deployment checklist was to make sure needed services are enabled.
Every now and then, a service doesn't start when the system is rebooted.
Either I forgot to enable the service, or some other thing I did implicitly
disabled the service, or ??? Anyway, in this case, the CFE approach would be
nice, to make sure the required services are in fact running.
But it leads to a situation where there's an inconsistency between what CFE
believes the system state should be, and what the standard OS tools (chkconfig
in my case) think it should be. I.e., CFE says "run this service" and the OS
on its own says "I don't need to run this".
So I believe the real solution to this specific scenario is to extend on the
examples I've seen. A "check service running" promise should probably both
start the service (if necessary) and update the system config to run it by
default. On the one hand, I like this: it sort of feels like redundancy to
ensure the service is running. But on the other hand, it sort of feels like a
duplication of effort.
Another example is user accounts. CFEngine has facilities (and lots of
examples) for Unix account management (i.e. /etc/passwd file)... but there are
also whole systems dedicated to this purpose, such as NIS and LDAP. Same goes
for the /etc/hosts file. Why run a DNS server if you can use CFE to have a
consistent /etc/hosts file on every server? Cron is another obvious example
(discussed in the documentation).
For the latter examples, I suppose the answer is "it depends". Pick the right
tool for the job, etc. But at this point, I can see arguments for going one
way or the other. So this is really an open-ended "best practices"
question---what kinds of things do you take into consideration when looking at
areas where CFEngine's functionality overlaps with some other tools? Why might
you have CFE manage part of your system instead of another tool, or vice-versa?
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
