Cdist

cdist is a free software configuration management tool for Unix-like systems. It manages
nodes over SSH using the
Bourne Shell, and does not require any additional software to be installed on target nodes.

Cdist differentiates itself from competing configuration management systems by choosing the Bourne Shell as the primary language for writing configuration scripts and requiring effectively no dependencies on target nodes. Although cdist's core is written in Python, an interpreter is only required on the host machine, not target nodes.

Cdist was forked in August 2022 as skonfig.

Development

cdist development started in 2010 at ETH Zurich and
is actively being developed and is maintained primarily by Nico Schottelius and
Steven Armstrong.
cdist is being used at various companies in Switzerland (such as ETH Zurich and The OMA Browser project), the US, Germany and France.

Features

cdist is a zero dependency configuration management system: It requires only ssh and a bourne-compatible shell on target hosts, which are provided by default on most Unix-like machines. Because of this, cdist can be used to bootstrap other configuration management systems.

Installation and configuration

cdist is not typically installed as a package (like .deb or .rpm), but rather via git.
All commands are run from the created checkout.
The entry point for any configuration is the shell script conf/manifest/init, which is called initial manifest in cdist terms.

The main components of cdist are so called types, which bundle functionality.
The types essentially consists of a number of shell scripts to define which types a type
reuses and which code is generated to be executed on the target host.

Architecture

cdist is split into two components:
* The core
* The configuration scripts

Core

Cdist's core handles reading configuration and communicating with remote hosts. Like Ansible, cdist uses a "push" model to apply configuration changes: A cdist process on the "host" machine connects to any number of remote nodes via SSH and then performs configuration updates on those nodes. Cdist can configure multiple hosts in parallel to reduce the time spent configuring.

Configuration

The configuration scripts define how the targets shall be configured. They are typically written in Bourne Shell and consists of
* The initial manifest, an entry point where all configuration runs begin. This script typically uses information about the target node, such as its hostname and operating system, to call other, more specific scripts which perform the actual configuration.
* Global Explorers, small scripts which glean information about the target system (such as operating system, init system, and hostname)
* Types, which describe reusable chunks of configuration. Types are instantiated in manifests and are the only way to actually run code on the target machines. The name "type" is meant as an analog to "class" in an object-oriented language, because a type can be turned into multiple "objects" depending on what parameters are passed to it. For instance, the __file type can be turned into multiple "objects", each one representing the creation of a certain file. Ansible's "roles" are the equivalent of cdist's types. Types can have many components:
**Object ID: When a type is turned into an object, it is passed a unique object ID. The same type cannot be instantiated twice with the same ID. This ID is not random like a UUID, but rather is some unique identifier that is meaningful in relation to the type. For example, the __file type's ID is the absolute path to the file.
**Parameters: Many types cannot be fully described by the object ID, and take additional information in the form of parameters. The __file type takes a group parameter which specifies to which Unix group should own the file.
**Explorers: In addition to the global explorers described above, types sometimes have their own explorers that collect type-specific information from the remote machine. The __file type uses explorers to determine whether the file being created already exists. It sometimes uses this information to skip creation of the file.
**Manifest: A type manifest can instantiate other types, making code re-use easy.
**Gencode Scripts: The gencode-remote script is the main way to actually update the configuration of target nodes. gencode-remote runs on the local machine, but its standard output is sent to the remote machine and executed as a shell script. There is also a less frequently used gencode-local script which outputs code to be run locally.

Shell is the de facto language for writing cdist configuration scripts, but most of the scripts can be written in any language if they contain a suitable shebang line. Shell scripting is favored because of how simple it is to access environment variables, read files, and execute system commands.

Configuration language

All user configurable parts are contained in manifests or gencode-scripts, which are shell scripts.
Shell scripts were chosen, because Unix System Administrators are usually proficient in reading
and writing shell scripts. Furthermore, shell is also commonly available on potential target systems,
thus avoiding the need to install additional software there ("zero dependencies").

cdist reads its configuration from the initial manifest (conf/manifest/init), in which hosts are mapped to
types:

case "$__target_host" in
myhostname)
__package zsh --state present
__addifnosuchline /tmp/cdist-welcome --line "Welcome to cdist"
;;
esac

When using the types in cdist, they are called like normal programs in manifests and can make use of
advanced parameter parsing as well as reading from stdin:

# Provide a default file, but let the user change it
__file /home/frodo/.bashrc --source "/etc/skel/.bashrc" \
--state exists \
--owner frodo --mode 0600

# Take file content from stdin
__file /tmp/whatever --owner root --group root --mode 644 --source - << DONE
Here goes the content for /tmp/whatever
DONE

Dependencies are expressed by setting up the require environment variable:

      __directory /tmp/foobar
      require="__directory//tmp/foobar" __file /tmp/foobar/baz

Access to paths and files within types is given by environment variables like .

Similar software

Ansible, like cdist, uses an agentless push model to configure nodes. However, Ansible requires Python for some types of targets, whereas cdist does not. Ansible makes a distinction between roles, written in a declarative YAML-based language, and modules, written in Python. Cdist only has "types" which serve the purposes of both modules and roles and are mostly written in Bourne Shell. Cdist's approach might be preferable because Shell is familiar to many system administrators who have never used a configuration management system before, but Ansible's declarative language is arguably more readable and appropriate.

References

External links

* {{Official website, https://www.cdi.st/

source code

cdist mailinglist

cdist on freecode

Configuration management
Free software programmed in Python
2010 software
Linux configuration utilities
MacOS
Linux package management-related software
Unix package management-related software