[Beowulf] Configuration management tools/strategy

Adam DeConinck ajdecon at ajdecon.org
Sun Jan 6 09:06:34 PST 2013 

Hi Walid,

Currently our primary tool for both provisioning and configuration
management is Warewulf. (http://warewulf.lbl.gov/) In addition to being
a good provisioning system, Warewulf provides a rudimentary
configuration management system in the form of "file provisioning". This
is just a database of files, with a basic templating language, which can then
be assigned to different nodes to be downloaded after the base image is
provisioned (but before running init). They can also be automatically 
updated while the node is online.

File provisioning provides a much less extensive set of options that a
system like Puppet, Chef, etc.  But the combination of base images with
all their software installed (a "generic compute node image") with
specialization via file provisioning on each node (scheduler
configuration, network options, etc) seems to hit our sweet spot. It's
also extremely lightweight, and we like having our entire provisioning
solution in one tool.

I've also used Puppet, Chef, and Ansible. Currently my
favorite is Ansible, which I've been using for occasional "cloud"
deployments to external services that I can't target with our internal
Warewulf. But they're all decent tools, and they're all worlds better
than *not* using configuration management.

A few random +/- observations of the tools I know:

Puppet:

+ Relatively easy to install and set up
+ Easy-to-understand configuration language
+ All operations should be idempotent (and were, in my experience)
+ Puppet Labs has pretty good support

- Ran into limits of configuration language pretty quickly, and found it
  hard to extend
- Spent a lot of time fighting with the authentication system,
  especially if I wanted to use diskless nodes
- Had trouble getting the puppet-master daemon to scale well with larger
  clusters (but this was a couple years ago)


Chef:

+ Extremely flexible configuration language (basically Ruby with some
  extras)
+ Lots of "batteries included": if you want to do something
  "mainstream", it's likely to be already built in. (Not much
  HPC-specific though.)
+ Relatively easy to build extensions in Ruby
+ Has good version control as a built-in concept

- Because it's just Ruby, it's easy to accidentally build non-idempotent
  recipes. 
- Chef install (server or client) requires a lot of supporting software,
  so node images get big.
- Support for RHEL-like distros not as good (IMO) as for Debian-like
  distros. Though FrameOS provides good packages in their third-party 
  RBEL distro.


Ansible:

+ Extremely lightweight: only requirement on the client nodes is Python 2.6
  (or Python 2.4 + python-simplejson).
+ Transport and authentication are provided by SSH, rather than building
  yet another custom transport/auth scheme.
+ Configuration language is extremely simple, and extensions can be
  built in any language (even bash)
+ Supports both "push" and "pull" models
+ Also provides easy ad-hoc command execution (pdsh replacement)

- Very new on the scene compared to most others (Puppet, Chef,
  Cfengine), still not a 1.0 product
- Fewer "batteries included" than Puppet or Chef, smaller communities,
  less widely available recipes out there
- Community support only, don't know of any commercial support


And I seem to have written a novel. :)  Can you tell I have opinions on
this?

Hope this helps...

-Adam


On Sun, Jan 06, 2013 at 04:38:40PM +0300, Walid wrote:
> Dear All,
> 
> At work we are starting to evaluate Configuration management to be used to
> manage several diverse hpc clusters, and their diverse node types. I wanted
> to see what are other admins, and HPC users experience like,  the ones that
> we will start evaluating are CFEngine3, Puppet, Chef, Saltstack, ansible,
> and blueprint. there might other products that we need to evluate in
> partnership such as Foreman, spacewalk, ..etc.
> 
> I would like to hear from you if you did evaluate such tools, or using one,
> or have a different strategy in keeping and maintaining configurations.
> 
> Thank you,
> 
> Walid

> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://www.beowulf.org/pipermail/beowulf/attachments/20130106/0681ed55/attachment.sig>

More information about the Beowulf mailing list