[TriLUG] Curious

[magnus at yonderway.com]

On 27.10.2014 09:12, William Sutton wrote:

> The good:
> Puppet does guarantee that it reaches a final known (and knowable)
> state. CFE doesn't.  It just keeps rerunning the ruleset until it
> thinks it got the right answer.

Bear in mind, there is some really staggeringly deep philosophy behind 
how CFEngine is meant to be used. Part of it is, according to my 
understanding, a rejection of the command & control model. CFEngine is a 
system built on the negotiation and fulfillment of *promises*. There are 
core tenets like no entity can make a promise on behalf of another 
entity, that the only promises worth keeping are the ones that the 
promissee is willing to accept, etc. There are a number of deep largely 
academic books on Promise Theory, and it helps to have some 
understanding of Game Theory before you go into them.

I think Puppet & Chef copied CFEngine from a purely feature-based 
perspective, without any enlightenment of the intent behind its use, so 
it's sort of dangerous to try to apply Puppet philosophy to CFEngine 
when evaluating both tools.

> CF Engine is client-based, so each machine processes its ruleset,
> leaving the server (policy hub in CFE-speak) relatively bored.

It's also a compiled agent, so no hilarity ensues when a minor Ruby or 
Gem update breaks half your world. ;)

> The bad:
> CFE and Puppet have similar, but not identical rule language.  Sort
> of like how Perl and C have similar syntax, but not identical.

Similar language, but very different culture. A casual observer may 
notice conversational similarities between an Algerian and a Frenchman.

> Also on the minus side for CFE--they routinely have bugs that haven't
> been fixed.

That was my experience, too.

The thoughtful design behind CFEngine is fairly superior to most other 
models, I think. But the execution starves because of the lack of people 
maintaining the code, and *possibly* some management issues of the 
company sponsoring the code.

> I actually ranted for 5-10 minutes on their Freenode IRC
> channel about how crummy it was, and its biggest supporters, while
> conceding that it was pretty crummy, argued that it wasn't as bad as
> it could be.

The most valuable thing to come out of CFEngine, so far, has probably 
been the working proof of concept that a configuration management tool 
is an invaluable resource for scaling infrastructure and the 
capabilities of a small operations team.

It's also been a good laboratory for fine tuning Promise Theory.

Honestly, I think there is still a huge hole in the market for a tool 
kit that more comprehensively implements Promise Theory in a more 
relevant way.

-M