Originally Posted by szboardstretcher
Which do you prefer and why?
I did a cursory analysis of all three, and ultimately selected CFEngine. The promise syntax for CFEngine seemed the most logical to me (personally), and I like that it's written primarily in C (rather than Ruby). In practice, these may not be major pros or cons, but they were enough to nudge me in that direction.
I currently have CFEngine 3.5 Community Edition deployed for 35+ production RHEL (5 and 6), Scientific Linux (6), and Debian (6 and 7) servers. The types of problems I need to solve mainly consist of:
- Installing baseline packages for every system
- Installing specialty packages on some systems
- Configuring each server as an LDAP client (for ssh sessions)
- Creating local accounts and groups for various purposes on some systems
- Deploying an ssh_known_hosts file to every system
- Configuring sshd, nfs, rsyslogd, ntpd
- Setting up home directories with proper ownership and permissions
- Deploying a set of standard scripts and cronjobs to each servers (e.g. backups, performance monitoring)
- Enabling specific packet filtering on some systems
- And a few other quirky things
Given some trial and error (and eventually putting together my own set of documenation), none of this was particularly difficult to implement or troubleshoot. If you take an interest in CFEngine, I have some advice to share on particular strengths and pitfalls.