Transitioning From Cfengine
Version 3 (Anonymous, 04/27/2010 05:01 pm)
| 1 | 3 | Anonymous | # Status of this module |
|---|---|---|---|
| 2 | 3 | Anonymous | |
| 3 | 3 | Anonymous | The Puppet cfengine module has been removed from the source tree because we did not hear of anyone using it |
| 4 | 3 | Anonymous | and did not wish to continue to maintain it. However, if you are interested in this feature and would like us to bring |
| 5 | 3 | Anonymous | this feature back in the latest Puppet, please ask info@puppetlabs.com and we can easily do that for you. We |
| 6 | 3 | Anonymous | can also share other advice on migrating to Puppet without using this module, and ways other users have handled |
| 7 | 3 | Anonymous | their cfengine migrations. |
| 8 | 3 | Anonymous | |
| 9 | 1 | # Transitioning From Cfengine: Puppet and Cfengine integration |
|
| 10 | 1 | ||
| 11 | 1 | For those who are still using Cfengine but would like either to |
|
| 12 | 1 | take advantage of Puppet's greater abstractive or modeling |
|
| 13 | 1 | capabilities, we have created a Cfengine module that can connect |
|
| 14 | 1 | the two tools. |
|
| 15 | 1 | ||
| 16 | 1 | ## How to Use It |
|
| 17 | 1 | ||
| 18 | 1 | This module works by taking the classes set in Cfengine and using |
|
| 19 | 1 | them in Puppet. Cfengine automatically sets quite a few classes for |
|
| 20 | 1 | you, and you can set any custom classes you want; you can reuse |
|
| 21 | 1 | this class structure to decide what to do within Puppet. |
|
| 22 | 1 | ||
| 23 | 1 | Puppet treats classes somewhat differently from Cfengine; they look |
|
| 24 | 1 | like classes in most other languages, in that they are syntactical |
|
| 25 | 1 | elements that wrap other Puppet code, like so: |
|
| 26 | 1 | ||
| 27 | 1 | class apache { |
|
| 28 | 1 | package { apache: ensure => installed } |
|
| 29 | 1 | service { apache: ensure => running } |
|
| 30 | 1 | } |
|
| 31 | 1 | ||
| 32 | 1 | Puppet classes can be organized in any file structure; I usually |
|
| 33 | 1 | put each class in a separate file in a classes subdirectory and |
|
| 34 | 1 | load the whole directory at once: |
|
| 35 | 1 | ||
| 36 | 1 | # site.pp |
|
| 37 | 1 | import "classes/*" |
|
| 38 | 1 | ||
| 39 | 1 | ## Setting Up Cfengine |
|
| 40 | 1 | ||
| 41 | 1 | Currently, the module must be retrieved [[Puppet Source]] . |
|
| 42 | 1 | ||
| 43 | 1 | It must be placed into Cfengine's module directory (which, I |
|
| 44 | 1 | believe, still defaults to /var/cfengine/modules. If you have not |
|
| 45 | 1 | used modules in Cfengine before, you will have to set up Cfengine |
|
| 46 | 1 | to pull this extra directory down in your update.conf file, most |
|
| 47 | 1 | likely. |
|
| 48 | 1 | ||
| 49 | 1 | In addition, you'll want to pull all of your Puppet manifests down. |
|
| 50 | 1 | This doesn't necessarily need to be done in the update.conf file, |
|
| 51 | 1 | but it'd likely make your life easier if it were, since then you |
|
| 52 | 1 | don't have to worry about ordering. It's also probably a good idea |
|
| 53 | 1 | to follow the same basic structure that Puppet already uses, naming |
|
| 54 | 1 | your topmost file site.pp. The location of the files is not |
|
| 55 | 1 | terribly important, so we'll use /var/puppet/manifests in the |
|
| 56 | 1 | examples. |
|
| 57 | 1 | ||
| 58 | 1 | Once the module is set up, execute it: |
|
| 59 | 1 | ||
| 60 | 1 | control: |
|
| 61 | 1 | actionsequence = ( |
|
| 62 | 1 | "module_puppet /var/puppet/manifests/site.pp" |
|
| 63 | 1 | ) |
|
| 64 | 1 | ||
| 65 | 1 | It is up to you where this code is in your configuration, and you |
|
| 66 | 1 | might need to rename the module to module:puppet; check the |
|
| 67 | 1 | Cfengine documentation. |
|
| 68 | 1 | ||
| 69 | 1 | By default, the module will just load classes set in cfengine, but |
|
| 70 | 1 | you can add --no-nodes to have it load node configurations if |
|
| 71 | 1 | desired (see the rest of the Puppet documentation for more detail) |
|
| 72 | 1 | and of course you can set classes in Puppet based on the Cfengine |
|
| 73 | 1 | classes.. |
|
| 74 | 1 | ||
| 75 | 1 | ## Setting Up Puppet |
|
| 76 | 1 | ||
| 77 | 1 | Once Cfengine is configured properly, you need to add the |
|
| 78 | 1 | appropriate classes to Puppet. Cfengine will be passing Puppet a |
|
| 79 | 1 | list of all enabled classes, and Puppet will search for any defined |
|
| 80 | 1 | classes named for any of those defined classes. Only classes that |
|
| 81 | 1 | are set in Cfengine and exist in Puppet will be applied; classes |
|
| 82 | 1 | that are only set in Cfengine or only defined in Puppet will not |
|
| 83 | 1 | throw errors, they will just be ignored. |
|
| 84 | 1 | ||
| 85 | 1 | Let's say you're running this module on your mail server; you could |
|
| 86 | 1 | set the mailserver class in Cfengine and then create a mailserver |
|
| 87 | 1 | class in Puppet: |
|
| 88 | 1 | ||
| 89 | 1 | class mailserver { |
|
| 90 | 1 | file { "/etc/courier-imap": |
|
| 91 | 1 | source => "...", |
|
| 92 | 1 | recurse => true |
|
| 93 | 1 | } |
|
| 94 | 1 | package { courier-imap: ensure => installed } |
|
| 95 | 1 | service { courier-imap: |
|
| 96 | 1 | ensure => running, |
|
| 97 | 1 | subscribe => [file["/etc/courier-imap"], package[courier-imap]] |
|
| 98 | 1 | } |
|
| 99 | 1 | } |
|
| 100 | 1 | ||
| 101 | 1 | If the mailserver class is set in Cfengine, the Puppet module will |
|
| 102 | 1 | automatically apply this class, which pulls down the configuration |
|
| 103 | 1 | files, installs the package, and starts the service for |
|
| 104 | 1 | courier-imap. The subscribe parameter causes Puppet to restart the |
|
| 105 | 1 | courier-imap service if the configuration files or the package |
|
| 106 | 1 | change (notice how much easier this service restart is than it |
|
| 107 | 1 | would be in Cfengine), and it also makes sure that the |
|
| 108 | 1 | configuration files are synchronized before the service is started |
|
| 109 | 1 | (ordering in Puppet is easily specified using the subscribe, |
|
| 110 | 1 | require, notify, and before parameters). |
|
| 111 | 1 | ||
| 112 | 1 | ## Where to Use Puppet |
|
| 113 | 1 | ||
| 114 | 1 | Puppet was largely developed as a successor to Cfengine, based on |
|
| 115 | 1 | years of Cfengine consulting and development; as a result, it |
|
| 116 | 1 | overcomes some significant shortcomings in Cfengine, and it makes |
|
| 117 | 1 | the most sense to use Puppet in those places where Cfengine is |
|
| 118 | 1 | weakest. Specifically, Puppet provides higher-level types than |
|
| 119 | 1 | Cfengine, supports high-level abstractions akin to functions, and |
|
| 120 | 1 | makes it easy to define your own custom types?. |
|
| 121 | 1 | ||
| 122 | 1 | Generally, it's probably best to start out using Puppet to manage |
|
| 123 | 1 | elements that Cfengine cannot manage or is not good at managing, |
|
| 124 | 1 | such as users, groups, and packages (I know Cfengine can manage a |
|
| 125 | 1 | couple of package types, but Puppet supports more types more |
|
| 126 | 1 | flexibly). Also, managing services and their dependencies can get |
|
| 127 | 1 | very convoluted in Cfengine but are specified directly in Puppet so |
|
| 128 | 1 | they're a bit easier to manage. |
|
| 129 | 1 | ||
| 130 | 1 | If you already have your own custom Cfengine modules for managing |
|
| 131 | 1 | other types, it might also make sense to rewrite these as Puppet |
|
| 132 | 1 | types since your custom types are treated as first-class types |
|
| 133 | 1 | within Puppet's language, rather then being restricted to use |
|
| 134 | 1 | Cfengine's shell-script module interface. |
|
| 135 | 1 | ||
| 136 | 1 | If you are using a templating system with Cfengine or are |
|
| 137 | 1 | generating your Cfengine configurations somehow, you might be |
|
| 138 | 1 | especially happy with this Puppet module, since you can create |
|
| 139 | 1 | reusable types with external templates. For an example, see the |
|
| 140 | 1 | Puppet vs. Cfengine comparison?. |
|
| 141 | 1 | ||
| 142 | 1 | ## Transitioning |
|
| 143 | 1 | ||
| 144 | 1 | It should be possible to use this module to slowly transition from |
|
| 145 | 1 | a pure Cfengine implementation to a pure Puppet implementation. The |
|
| 146 | 1 | easiest code to transition will be those types that both tools |
|
| 147 | 1 | support, like files, or which Puppet supports as a superset of |
|
| 148 | 1 | Cfengine's support, such as services. The hardest code to |
|
| 149 | 1 | transition will be editfiles code, since Puppet does not and |
|
| 150 | 1 | probably never will provide an analogous feature. Instead, you will |
|
| 151 | 1 | need to use something like external templates or create custom |
|
| 152 | 1 | Puppet types. |
|
| 153 | 1 | ||
| 154 | 1 | The more code you transition to being within Puppet, however, the |
|
| 155 | 1 | easier your configuration should be to maintain and develop. If |
|
| 156 | 1 | there is functionality in Cfengine that you cannot find a way to |
|
| 157 | 1 | replicate within Puppet, please join the |
|
| 158 | 1 | [users list](http://groups.google.com/group/puppet-users) or |
|
| 159 | 1 | #puppet on irc.freenode.net and ask for help. |