How to configure servers with cdist » History » Revision 3
Revision 2 (Timothée Floure, 02/16/2021 04:13 PM) → Revision 3/4 (Timothée Floure, 02/16/2021 04:22 PM)
h1. How to configure servers with cdist h2. Introduction We are using "cdist":https://www.nico.schottelius.org/software/cdist/ to manage our system configurations. This software has originally been developped by ungleich-folk, but now has a much broader community. h2. The ungleich cdist environment Our environment is composed of 4 repositories: * "ungleich-intern/cdist-workdir":https://code.ungleich.ch/ungleich-intern/cdist-workdir: ungleich-intern/cdist-workdir: meta-repository used as convenience helper to run access types across our 3 type repositories. * "ungleich-intern/dot-cdist":https://code.ungleich.ch/ungleich-intern/dot-cdist: ungleich-intern/dot-cdist: internal (= private) and historic cdist repository. Contains our manifests. * "ungleich-public/cdist-ungleich":https://code.ungleich.ch/ungleich-public/cdist-ungleich: ungleich-public/cdist-ungleich: public (infrastructure transparency, sharing with the community) ungleich types that are too specific to be upstream to core cdist or cdist-contrib. * "ungleich-public/cdist-contrib":https://code.ungleich.ch/ungleich-public/cdist-contrib: ungleich-public/cdist-contrib: community-managed repository for types that do not fit into core-cdist. h2. Applying changes to servers Initial setup: * Clone "ungleich-intern/cdist-workdir":https://code.ungleich.ch/ungleich-intern/cdist-workdir * Install ''myrepos'' and - within cdist-workdir - run ''mr update''. * Set your ''CDIST_PATH'', using - for example - the ''cdist.cfg'' file in cdist-workdir. Day-to-day workflow, within cdist-workdir: * Make sure you have the latest configuration/types When a server needs to be (re-)configured, login to control.ungleich.ch with ''mr update''. * Configure ssh agent forwarding enabled. The username is the target host with ''cdist config -vv <hostname>''. h3. Using same as the control node You can use the control node customer you want to run cdist when you're using an unreliable connection (in a train, far away in Korea, etc.). Note that apply configurations for. If you will have want for instance to forward your SSH agent with configure the ''-A'' ssh flag. ungleich infrastructure, proceed as follows: <pre> # Login to configuration server ssh -A ungleich@control.ungleich.ch # Ensure cdist configuration is up-to-date cd cdist-workdir ~/.cdist mr update git pull # Configure cdist config -vv <hostname> </pre>