1 |
On 17/09/2014 11:34, J. Roeleveld wrote: |
2 |
> |
3 |
> On Wednesday, September 17, 2014 12:19:37 PM Eray Aslan wrote: |
4 |
>> On Tue, Sep 16, 2014 at 10:43:18PM +0200, Alan McKinnon wrote: |
5 |
>>> Puppet seems to me a good product for a large site with 1000 hosts. |
6 |
>>> Not so much for ~20 or so. |
7 |
>> |
8 |
>> I find that for a few machines, puppet is overkill. For a lot of |
9 |
>> machines, puppet can become unmanageable - with puppet master and |
10 |
>> security being the culprit. |
11 |
>> |
12 |
>> We have used puppet a lot but recently settled on salt (strictly |
13 |
>> speaking not my decision so cannot really compare it with ansible) and |
14 |
>> we are happy with the outcome. You might want to consider |
15 |
>> app-admin/salt as well. |
16 |
> |
17 |
> Looks good (had a really quick look). |
18 |
>>From what I read (and please correct me if I'm wrong), a difference between |
19 |
> salt and ansible is: |
20 |
> |
21 |
> Salt Requires a daemon to be installed and running on all machines |
22 |
> and the versions need to be (mostly) in sync |
23 |
> |
24 |
> For Alan, this might work, but for my situation it wouldn't, as I'd need to |
25 |
> keep various VMs in sync with the rest where I'd prefer to simply clone them |
26 |
> and then enforce changes. Relying on SSH and powershell makes that simpler. |
27 |
> |
28 |
> But, it does mean that all nodes need to have incoming ports open. With Salt, |
29 |
> all nodes connect back to the master. This allows a tighter security. |
30 |
|
31 |
|
32 |
I'm not too stressed either way. All my hosts run sshd anyway and the |
33 |
security is not in whether tcp22 is open or not, it's in what I put in |
34 |
sshd_config. With the puppet design, the puppet daemon must be running |
35 |
(or a cronjob) and puppet can self host that along with nrpe, munin and |
36 |
all the other crap that gets installled so I can do my job :-) |
37 |
|
38 |
|
39 |
My issue with puppet is not it's network architecture but with it's |
40 |
convoluted config language that I can't wrap my brains around. Plus the |
41 |
re-use of similar keywords to mean quite different things meaning I have |
42 |
to read 5 topics in the manual to get stuff working. Nagios btw has the |
43 |
same problem hence why I'm switching to Icinga 2 which fixes Nagios's |
44 |
config language once and for all. |
45 |
|
46 |
|
47 |
-- |
48 |
Alan McKinnon |
49 |
alan.mckinnon@×××××.com |