cdist is a freesoftware configuration management tool for Unix-like systems. It manages nodes over SSH using the Bourne Shell, and does not require any additional software to be installed on target nodes. Cdist differentiates itself from competing configuration management systems by choosing the Bourne Shell as the primary language for writing configuration scripts and requiring effectively no dependencies on target nodes. Although cdist's core is written in Python, an interpreter is only required on the host machine, not target nodes.
Development
cdist development started in 2010 at ETH Zurich and is actively being developed and is maintained primarily by Nico Schottelius and Steven Armstrong. The major part of the discussion about cdist happens on the mailinglist and on the IRC channel #cstar in the Freenode network. cdist is being used at various companies in Switzerland, the US, Germany and France.
Features
cdist is a zero dependency configuration management system: It requires only ssh and a bourne-compatible shell on target hosts, which are provided by default on most Unix-like machines. Because of this, cdist can be used to bootstrap other configuration management systems.
Installation and configuration
cdist is not typically installed as a package, but rather via git. All commands are run from the created checkout. The entry point for any configuration is the shell script conf/manifest/init, which is called initial manifest in cdist terms. The main components of cdist are so called types, which bundle functionality. The types essentially consists of a number of shell scripts to define which types a type reuses and which code is generated to be executed on the target host.
Cdist's core handles reading configuration and communicating with remote hosts. Like Ansible, cdist uses a "push" model to apply configuration changes: A cdist process on the "host" machine connects to any number of remote nodes via SSH and then performs configuration updates on those nodes. Cdist can configure multiple hosts in parallel to reduce the time spent configuring.
Configuration
The configuration scripts define how the targets shall be configured. They are typically written in Bourne Shell and consists of
The initial manifest, an entry point where all configuration runs begin. This script typically uses information about the target node, such as its hostname and operating system, to call other, more specific scripts which perform the actual configuration.
Global Explorers, small scripts which gleam information about the target system
Types, which describe reusable chunks of configuration. Types are instantiated in manifests and are the only way to actually run code on the target machines. The name "type" is meant as an analog to "class" in an object-oriented language, because a type can be turned into multiple "objects" depending on what parameters are passed to it. For instance, the __file type can be turned into multiple "objects", each one representing the creation of a certain file. Ansible's "roles" are the equivalent of cdist's types. Types can have many components:
*Object ID: When a type is turned into an object, it is passed a unique object ID. The same type cannot be instantiated twice with the same ID. This ID is not random like a UUID, but rather is some unique identifier that is meaningful in relation to the type. For example, the __file type's ID is the absolute path to the file.
*Parameters: Many types cannot be fully described by the object ID, and take additional information in the form of parameters. The __file type takes a group parameter which specifies to which Unix group should own the file.
*Explorers: In addition to the global explorers described above, types sometimes have their own explorers that collect type-specific information from the remote machine. The __file type uses explorers to determine whether the file being created already exists. It sometimes uses this information to skip creation of the file.
*Manifest: A type manifest can instantiate other types, making code re-use easy.
*Gencode Scripts: The gencode-remote script is the main way to actually update the configuration of target nodes. gencode-remote runs on the local machine, but its standard output is sent to the remote machine and executed as a shell script. There is also a less frequently used gencode-local script which outputs code to be run locally.
Shell is the de facto language for writing cdist configuration scripts, but most of the scripts can be written in any language if they contain a suitable shebang line. Shell scripting is favored because of how simple it is to access environment variables, read files, and execute system commands.
Configuration language
All user configurable parts are contained in manifests or gencode-scripts, which are shell scripts. Shell scripts were chosen, because Unix System Administrators are usually proficient in reading and writing shell scripts. Furthermore, shell is also commonly available on potential target systems, thus avoiding the need to install additional software there. cdist reads its configuration from the initial manifest, in which hosts are mapped to types: case "$__target_host" in myhostname) __package zsh --state present __addifnosuchline /tmp/cdist-welcome --line "Welcome to cdist" ;; esac
When using the types in cdist, they are called like normal programs in manifests and can make use of advanced parameter parsing as well as reading from stdin:
Provide a default file, but let the user change it
Access to paths and files within types is given by environment variables like.
Similar software
, like cdist, uses an agentless push model to configure nodes. However, Ansible normally requires Python on its targets, whereas cdist does not. Ansible makes a distinction between roles, written in a declarative YAML-based language, and modules, written in Python. Cdist only has "types" which serve the purposes of both modules and roles and are mostly written in Bourne Shell. Cdist's approach might be preferable because Shell is familiar to many system administrators who have never used a configuration management system before, but Ansible's declarative language is arguably more readable and appropriate.
