In my time at keyboards, I've had an opportunity to work with (& against) a wide variety of configuration
management tools for computers, including paper changelogs (yes, really), cfengine, bcfg2, puppet,
saltstack, ansible, fabric & others which were bespoke & never received public releases.
Many have had features I've really enjoyed & all have had misfeatures which I really did not enjoy.
What I'm saying is, I don't believe in a perfect tool for all use cases nor are there tools in this list
which I'd caution anyone against using.
So when it came time to look at managing my homenet instances in a consistent, repeatable, durable form beyond
my scribbled notes to myself, I took a look at the landscape. All of the tools I mentioned above are still going,
many of them so far advanced that I barely recognize them. But none of them seemed like the correct fit. This
homenet is a low-tech effort, a low-effort tech, and putting a whole bunch of infrastructure overhead to
manage its configurations seemed like a lot of effort for remarkably little payoff. I kept looking.
Eventually, I found cdist, via a coy mention in the freebsd wiki. It promised something
I'd not been meaningfully offered before: the ability to write configuration declarations in POSIX shell AND
extensibility to write configuration declarations in arbitrary scripting languages. Without agents. Incredibly
low overhead required to implement infrastructure configuration in. The only thing I didn't love about it is
it's written in Python, which means it's now downstream of LLM fuckery by the Python Software Foundation.
But, I gave it a try, anyway.
The first thing which I ran in to is, of course, the march of time. The recommended (supported) Python version is
no longer available in the current FreeBSD-RELEASE and invocation of the cdist binary threw a Python stack trace.
Some simple stfw turned up a bug email for some Linux distribution, reporting the problem & proposing to remove
cdist from their repository as abandoned. That woke up the maintainer to respond. Cdist isn't abandoned, it
just hasn't had a release in 3 years. The bug reported (as well as others) is fixed, but only in HEAD of their
repository, not in a formal release.
So off to the git clone mines I went, installing git and gmake along the way because, like many 'works on all
Unix' tools, cdist has something of a Linux bias. Just as I'd hoped, using the HEAD version of cdist completely
succeeded in my minimalistic tests. So it's probably going to get use.
If you're looking at using it, be aware that cdist ONLY works over ssh (even for localhost executions) AND it
needs to be able to ssh to the root@ account on a managed system. Not blockers to my use but someone with a
more rigorous stance on ssh & root might want to look for a different solution.