Skip to main content

Open source config management and AV

I have a new engineer on my team this week, and a couple of the first projects he's working on are open source config mgmt. (for basic config files) as well as open source AV.

On the config management front, we're leaning towards Puppet. I have a good friend who uses cfengine on a big server farm, and he loves it. From what I've read Puppet seems to be a newer more modern version, and we don't have a huge farm to manage so I think it would work perfectly for us. Looking forward to learning and implementing it!

http://en.wikipedia.org/wiki/Comparison_of_open_source_configuration_management_software


 

With AV we are runnin some tests with Clamwin, and we'll see how well it can pickup incoming viruses uploaded via our Resin application servers. We shall see.

Next project will be bringing a CentOS yum repo locally and patching over the LAN versus the internet, another project I've wanted to get done, but haven't yet completed.

Comments

Unknown said…
I wouldn't believe everything you read. The Puppet guys seems mainly good at self-promotion. Cfengine 3 has been around for a while now and it is way cool. Check out the Facebook group for CFengine, or the website and you'll see some pretty interesting stuff. In my experience Puppet has tried to steal CFengine's show but they Puppet can't do half the stuff the cfengine can do native, and they're not real strong on technology. If you dig into the "recipes" they have, they're pretty much smoke and mirrors, embedded perl scripts or real trivial stuff. Cfengine now has a community library which seems to be active and has solutions. I think it still needs work, but it's still ahead of Puppet. See also the interesting stats on Cfengine 3 being 25x faster!! More modern version? I'd say Puppet was a step backwards.
Tuesday, February 16, 2010 10:47:00 PM
Anonymous said…
Ant, you are spot on!

Puppet is like any Microsoft product - a lot of advertisement noise around it, but the technology is extremely bloated and barely works.
Wednesday, February 17, 2010 9:41:00 AM
Post a Comment

Popular posts from this blog

Dynatrace Growth Misinformation

For my valued readers: I wanted to point out some issues I’ve recently seen in the public domain. As a Gartner analyst, I heard many claims about 200% growth, and all kind of data points which have little basis in fact. When those vendors are asked what actual numbers they are basing those growth claims on, often the questions are dodged. Dynatrace, recently used the Gartner name and brand in a press release. In Its First Year as an Independent Company, Gartner Ranks Dynatrace #1 in APM Market http://www.prweb.com/releases/2015/06/prweb12773790.htm I want to clarify the issues in their statements based on the actual Gartner facts published by Gartner in its Market Share data: Dynatrace says in their press release: “expand globally with more than three times the revenue of other new generation APM vendors” First, let’s look at how new the various technologies are: Dynatrace Data Center RUM (DCRUM) is based on the Adlex technology acquired in 2005, but was cr...
10 comments
Read more

Patching and updating for home and corporate

We all are well aware of the Microsoft patches and windows update.  Same goes for those of us who use itunes and iOS devices, we know Apple Software Update.  Some of us may even patch our Adobe products, which we should since they have been the largest attack vector (http://goo.gl/bOQ3D) for the past 2 years hands down.  This is just at home.... How do you expect the security experts to keep on top of all of these patches in a corporate environment.  The number of patches for Oracle alone is daunting to understand and analyze. There are ways to do this, you can use some clever software which I will outline below, or you can read ~25 RSS feeds and analyze vendor security bulletins.  I do enjoy doing some of this, but I don't have time to keep on top of all the releases.  Here is some software for home and corporate use to help manage this. Corporate Patch Management: Microsoft WSUS and SCCM - This is free and a no brainer for patchi...
2 comments
Read more

Misunderstanding "Open Tracing" for the Enterprise

When first hearing of the OpenTracing project in 2016 there was excitement, finally an open standard for tracing. First, what is a trace? A trace is following a transaction from different services to build an end to end picture. The latency of each transaction segment is captured to determine which is slow, or causing performance issues. The trace may also include metadata such as metrics and logs, more on that later. Great, so if this is open this will solve all interoperability issues we have, and allow me to use multiple APM and tracing tools at once? It will help avoid vendor or project lock-in, unlock cloud services which are opaque or invisible? Nope! Why not? Today there are so many different implementations of tracing providing end to end transaction monitoring, and the reason why is that each project or vendor has different capabilities and use cases for the traces. Most tool users don't need to know the implementation details, but when manually instrumenting wi...
2 comments
Read more