From Fedora Project Wiki
fp-wiki>ImportUser
(Imported from MoinMoin)
 
(→‎bcfg2: authentication is now either global or per-client, password or PKI/cert based...)
 
(One intermediate revision by one other user not shown)
Line 35: Line 35:
* Uses SSL to encrypt XML-RPC communication
* Uses SSL to encrypt XML-RPC communication
* Configuation files are in XML
* Configuation files are in XML
* Supports global or per-host UUIDs, passwords, and certs/keys to authenticate clients.
* Bug fixes and new features committed upstream in less than a week, usually hours.


== Con ==
== Con ==


* Uses a simple shared secret to authenticate clients
* Not currently in Extras [https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220284]  
* Not currently in Extras [https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220284]  
* Currently uses a license similar to BSD with the attribiution clause, although there is support upstream for swicthing to a different license.
* Currently uses a license similar to BSD with the attribiution clause, although there is support upstream for switching to a different license.


= puppet =
= puppet =

Latest revision as of 20:38, 26 September 2008

glump

[1]

Pro

  • Uses apache/mod_python so we have full range of authentication/access including
  • Does one thing: serves up customized configuration files
  • Implemented in python
  • Upstream maintainer is closely associated with Fedora (SethVidal)

Con

  • Would have to write custom scripts to perform many of the tasks that the other solutions offer

cfengine

[2]

Pro

  • Already packaged in Extras

Con

  • Cryptic configuration language

bcfg2

[3]

Pro

  • Implemented in Python
  • Uses SSL to encrypt XML-RPC communication
  • Configuation files are in XML
  • Supports global or per-host UUIDs, passwords, and certs/keys to authenticate clients.
  • Bug fixes and new features committed upstream in less than a week, usually hours.

Con

  • Not currently in Extras [4]
  • Currently uses a license similar to BSD with the attribiution clause, although there is support upstream for switching to a different license.

puppet

[5]

Pro

  • Uses SSL to encrypt communication
  • Uses X.509 certificates to authenticate clients
  • Already packaged in Extras

Con

  • Implemented in Ruby (which makes it difficult for Fedora infrastructure people to hack on it since few know Ruby)
  • Must learn new domain-specific language to configure.