Open Infrastructure

h1. How to configure servers with cdist

h2. Introduction

We are using "cdist":https://www.nico.schottelius.org/software/cdist/ to manage our system configurations. This software has originally been developped by ungleich-folk, but now has a much broader community.

h2. The ungleich cdist environment

Our environment is composed of 4 repositories:

* "ungleich-intern/cdist-workdir":https://code.ungleich.ch/ungleich-intern/cdist-workdir: meta-repository used as convenience helper to run access types across our 3 type repositories.

* "ungleich-intern/dot-cdist":https://code.ungleich.ch/ungleich-intern/dot-cdist: internal (= private) and historic cdist repository. Contains our manifests.

* "ungleich-public/cdist-ungleich":https://code.ungleich.ch/ungleich-public/cdist-ungleich: public (infrastructure transparency, sharing with the community) ungleich types that are too specific to be upstream to core cdist or cdist-contrib.

* "ungleich-public/cdist-contrib":https://code.ungleich.ch/ungleich-public/cdist-contrib: community-managed repository for types that do not fit into core-cdist.

h2. Applying changes to servers

Initial setup:

* Clone "ungleich-intern/cdist-workdir":https://code.ungleich.ch/ungleich-intern/cdist-workdir

* Install ''myrepos'' and - within cdist-workdir - run ''mr update''.

* Set your ''CDIST_PATH'', using - for example - the ''cdist.cfg'' file in cdist-workdir.

Day-to-day workflow, within cdist-workdir:

* Make sure you have the latest configuration/types with ''mr update''.

* Configure the target host with ''cdist config -vv <hostname>''.

h3. Using the control node

You can use the control node to run cdist when you're using an unreliable connection (in a train, far away in Korea, etc.). Note that you will have to forward your SSH agent with the ''-A'' ssh flag.

<pre>

# Login to configuration server

ssh -A ungleich@control.ungleich.ch

# Ensure cdist configuration is up-to-date

cd cdist-workdir

mr update

# Configure

cdist config -vv <hostname>

</pre>