On 09/11/2009 03:22 AM, Dominic LoBue wrote:
Hello lists,
As many of you may have already guessed from my subject line and To
field, this email is about some ideas I've been thinking about what it
would take to bring Cobbler and Func up to a point where they could
completely replace Puppet. I've come across some hurdles in the
planning stages, and since I'm a sysadmin whose hobby is Python
programming, I'm hoping you guys can help me flesh out the ideas some
more.
My main reason for wanting to replace Puppet is that between Func and
Cobbler, they already can replicate between 70-80% of Puppet's
features. They also do so in a manner that I believe is more usable.
As an added bonus they contain features that Puppet will never be able
to incorporate, or at least not easily (yay PXE booting and
Func-transmit!). Plus a project like this definitely strains my
current skills and knowledge to the brink, which is how I learn best.
Just one note before going further: it is not my intention to remake
Puppet where the only difference is that this is written in Python
(ie- transcribe the Ruby code into equivalent Python code). Rather, my
intention is to create something that builds on top what already
exists in Python (namely Cobbler and Func) that fills the gaps that
only Puppet can fill at this time (favorite uses of which at this time
are keeping the root password and authorized SSH keys up to date
across all Linux servers).
As I see it, the important tools already present that are required to
make this happen are distributed between Cobbler, Func, and Certmaster
like so:
Certmaster:
-Authorization (by this I mean managing the signing and clearing out of certs)
-Encryption/Decryption
-Key store for crypto
Func:
-Secure communication to all servers from central point
-Secure communication between peer servers
-Secure communication routes made available to third party
applications (specifically I mean func-transmit here)
-Access to client servers and all their information
Cobbler:
-Repository of server profile data
-Repository of server configuration data
-Template engine.
What's missing in order to make replacing Puppet a reality:
-Cobbler repository data needs to be decentralized and made available for use.
-Same goes for the template engine.
-SCM like git in order to track changes to configuration files.
-Client servers need to ask the server if there have been any changes
to their configs rather than rely on being told when there are
changes.
-Communication needs not only to be secure, but also to be reliable
and guaranteed.
The major hurdles I see, and am getting stuck on, are the following:
-Making repository data and template engine open.
I'm not sure whether the better way of achieving this is via
decoupling the templating engine and data repositories from Cobbler,
and forking them off into a seperate project (like Certmaster), or if
a reworked and expanded API would be better. Or if any change is even
needed at all!
-Git-like versioning of the template files.
Not even sure where to begin. The ability to go back and forward
through the different revisions on the fly without having to be a
master at git-fu is important. This may be a job for Couchdb with its
btree backend, but there are too many things I don't know to be able
to make an informed decision either way.
The final two are the relatively easy ones from what I can tell. I
know AMQP was discussed about being added to func as a transmission
method, and that would certainly solve the guaranteed requirement. The
final requirement is solved with a timer on the client side that
queries the master func server every X minutes.
Thoughts? Comments? Suggestions? Is there any interest in either using
or working on something like this?
Dominic
_______________________________________________
cobbler-devel mailing list
cobbler-devel@xxxxxxxxxxxxxxxxxxxxxx
https://fedorahosted.org/mailman/listinfo/cobbler-devel
Hi Dominic,
I think we are already pretty close to what you want in Cobbler land.
Cobbler has a built-in templating for arbitrary files thing now.
It works like:
cobbler profile edit --name=foo
--template-files="/opt/stuff/etc/foo.conf=/etc/conf.conf
/opt/stuff/etc/bar.conf=/etc/bar.conf" # etc
Where you are essentially mapping a template file on the Cobbler
filesystem to a destination on the installed system. These are installed
at kickstart
time or can be re-applied any time later with:
koan --update-files
One thing I've thought about is extending this so we can also template
out scripts (perhaps into /var/spool ?) and then run them, in the same way:
cobbler profile edit --name=foo --template-scripts=/opt/stuff/dostuff.sh
And these would be downloaded in %post of the kickstart, or whenever
--update-scripts was run, and then executed.
What is currently lacking is:
* Adding --template-scripts that works just like --template-files does now
* Providing a better interface in the WebUI (and possibly the CLI) so
it's just not a big list of paths
Now this doesn't really address usage via Func, and so forth, but since
it's a client pull, perhaps it is not needed. This is not to say, of
course, that we couldn't use Func to launch --update-files and
--update-scripts ?
How does that sound?
--Michael
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
