A Configuration Management System for computers that are Pets, not Cattle.
This is for people who need to administer a handful of machines, all fairly different from each other and all Very Important. Those systems are not Cattle! They’re actually a bit more than Pets. They’re almost Family. For example: a laptop, workstation, and that personal tiny server in Sweden. They are all named after something dear.
pets works on Linux systems, both Debian-like (APT) and RedHat-like (YUM).
One example is worth a thousand words! Give user "ema" sudo rights with pets.
Create a file with the following contents under $HOME/pets/, run pets as
root, done. The file can be called whatever you want. Note that pets will
install the sudo package for you if missing.
# pets: destfile=/etc/sudoers.d/ema, owner=root, group=root, mode=0440 # pets: package=sudo # pets: pre=/usr/sbin/visudo -cf ema ALL=(ALL:ALL) NOPASSWD:ALL
The idea behind Pets is that Configuration Management of individual hosts shouldn’t be harder than administering the system by hand. Other configuration management tools typically focus on usage scenarios involving complex relationships between multiple, fairly homogeneous systems: for example, setting up a bunch of application servers behind a load-balancer, or configuring a database and its replicas. For that you need a templating language, some way to store and share information about the various systems, and a way to either push the changes to all hosts or pull them from a central location. All that complexity can discourage from using a configuration management tool to begin with: why bother with Chef syntax and ERB templates if you just need to edit a few files?
Pets instead focuses on the individual, local machine. No need to ssh anywhere, no puppetmaster to configure, nada. It works by reading your regular, static configuration files (say muttrc) with added pets modelines, inspired by the concept of vim modelines. Pets can copy your configuration files to the right place, fix permissions, install packages, and run commands upon file update.
Following from this basic idea, here are the design decisions:
-
Runs locally on a single machine
-
One directory holds the full configuration of the system
-
No variables, no templates, just plain static config files
-
No dependencies between different components (eg: updating file A if and after file B was updated)
-
A single one-shot program reading the configuration directory and applying changes
-
Changes are applied only if basic syntax checks pass
-
Main interaction mechanism inspired by vim modelines
Here’s the initial design document in all its beauty. Ignore the "watcher" part, that was before I settled on a one-shot approach.
Here’s an example of custom sshd_config:
# pets: destfile=/etc/ssh/sshd_config, owner=root, group=root, mode=0644 # pets: package=ssh # pets: package=openssh-client-dbgsym # pets: pre=/usr/sbin/sshd -t -f # pets: post=/bin/systemctl reload ssh.service # # Warning! This file has been generated by pets(1). Any manual modification # will be lost. Port 22 Protocol 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords PasswordAuthentication no X11Forwarding yes # Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server UsePAM yes
That’s it! All supported configuration directives are showcased in the example above:
-
destfile (mandatory) — where to install this file. This is the only mandatory directive.
-
owner — the file owner, passed to chown(1)
-
group — the group this file belongs to, passed to chgrp(1)
-
mode — octal mode for chmod(1)
-
package — which package to install before creating the file. This directive can be specificed more than once to install multiple packages.
-
pre — validation command. This must succeed for the file to be created / updated.
-
post — apply command. Usually something like reloading a service.
Configuration directives are passed as key/value arguments, either on multiple lines or separated by commas.
# pets: package=ssh, pre=/usr/sbin/sshd -t -f
The example above and the one below are equivalent
# pets: package=ssh # pets: pre=/usr/sbin/sshd -t -f