Nico Schottelius/ blog/ Migrating away from puppet to cdist

For those not being subscribed to the puppet-users mailing list, here's my "goodbye and thanks for the fish"-message:

Date: Mon, 4 Apr 2011 19:26:06 +0200
From: Nico -telmich- Schottelius <nico-puppet-users --at-- schottelius.org>
To: puppet-users --at-- @googlegroups.com
Cc: steven-puppet-users --at-- @armstrong.cc
Subject: [Puppet Users] Migrating away from puppet to cdist

Good morning puppet users,

we, some sysadmins [0] at the computer science departement [1]
at ETH Zurich [2], developed a new configuration management
system called cdist [3], to which we migrate from our puppet
configuration.

I'm writing to this list for two reasons:

1) Say thanks and goodbye to puppet-*

  Puppet in contrast to other systems emphasised on "define what I want"
  versus "define what todo", which is a great approach and we've
  shameless cloned this approach.

  Also we discussed a lot of ideas used in puppet (as well as other
  systems), from which we learned.

  Puppet was the first CM I seriously adopted and it initially saved
  me a lot of time. Thanks to the puppet team!

2) Show other puppet users how to get around (common) puppet problems

  We're pretty confident that cdist solves some issues we've seen
  in puppet and in the sense of FOSS, we'd like to inform others
  how we've solved those issues in cdist:

  Bootstrap problem
    With puppet we needed to have ruby + some gems on the target
    hosts. In cdist we only use a posix shell on the target plus
    common UNIX tools (like find, rm, grep), as defined by POSIX.

  Complex CA / SSL setup / issues
    We've had some trouble using ssl certificates, especially with
    multi master and frequent reinstallations. In cdist we only   
    rely on SSH.                                               

  Defining configuration in multiple locations
    Defining a type multiple times in different locations in puppet
    requires use of virtual ressources. In cdist you don't need to 
    care about this, as long as the parameters stay exactly the   
    same.                                                      

  Error messages
    If you encountered errors like "400 Bad Request",
    "undefined method `closed?'", "can't convert nil into String",
    or "undefined method `closed?' for nil:NilClass", you'll be   
    happy to hear that cdist's error messages contain usable
    information.

  Very easy extension
    Whereas puppet has modules, types and providers, cdist only knows
    about types. A type in cdist contains some functionality,
    independent of whether you or upstream decided to implement it.

  Pull versus Push approach
    Puppet requires one (or more for redundancy reasons) central server,
    because clients usually contact the master and ask for changes.

    Cdist operatas in push mode and can be run from a small machine
    like the sysadmin notebook.

  Integrated version control
    Cdist is usually cloned via git from upstream and changes are
    kept in a different git branch. This encourages you to use the
    existing version control for your own configuration.

  Integrated clean documentation
    All cdist documentation is included into the release and can be
    compiled into HTML or manpages. Cdist also includes a reference
    document that contains all available paths, types and environment
    variables.

  Unobstrusive upgrade path
    Upgrading cdist just requires one "git pull" on your master machine,
    no update needed on any client.

  Clean release cycle
    When in puppet things stopped to work within a minor version,
    the cdist release cycle clearly defines that any incompatibility
    forces a change on at least the minor (1.x -> 1.y) version.

    If you stay on a specific version, like 1.5, things will not break. Promised.

  No automatic (magic) behaviour
    In puppet you can use title or name without setting it explicitly.
    This may be useful in some parts, but maybe surprising as well.

    In cdist only the globally available environment variables are
    documented and have the same meaning everywhere.

  Codebase / Bugs
    Puppet contains around 100k lines of code, with cdist you only need
    to debug ~ 1k/2k lines (core/with types) lines of code
    (according to sloccount[5]).

  Age
    Warning: Although most pointers above may make cdist look like
    superior compared to puppet, cdist is still pretty young
    (~4 months old) and may lack some functionality puppet already has.

    cdist is usable in production environments already.
    It may just not work in very fancy or ancient environments.


If you've any questions, do not hesitate to subscribe to the cdist
mailing list [4] and ask them there.

Cheers,

Nico

[0]: http://sans.ethz.ch
[1]: http://www.inf.ethz.ch
[2]: http://www.ethz.ch
[3]: http://www.nico.schottelius.org/software/cdist/
[4]: http://l.schottelius.org/mailman/listinfo/cdist
[5]: http://www.dwheeler.com/sloccount/