Pullconf - Documentation

About

Introduction

Pullconf is a configuration management system for Debian GNU/Linux and other Debian-based Linux servers. It is heavily influenced by Puppet (a very popular and widely-used configuration management system). In contrast to other configuration management systems this project focuses a lot on simplicity and ease of use. Or to put it in other words: its primary goal is being boring. Ideally as boring as its name.

Pullconf works like this: Clients (i.e. Linux servers running the pullconf binary) communicate with a central server (pullconfd) in order to retrieve a catalog of resources via an HTTP API. These resources are then applied on the client to achieve a desired state, e.g. create a file at a certain location.

As the name already implies, Pullconf employs a pull-based approach to system configuration: a client actively fetches its resource catalog and applies it according to a schedule (e.g. every 5 minutes).

Resources such as file, directory or user are defined on the pullconfd server, in files following the TOML format.

Scripting and the development of custom modules is not supported and out of scope of this project. It focuses instead on including all kinds of resources directly into the project source. It should ultimately be possible to create simple files but also operate a Prometheus server by defining them as resources.

This is a basic example for a client configuration file to get a sense of the way TOML is used to define resources:

	    
# /etc/pullconfd/resources/clients/blechbuechse.local.toml

api-key = "<...>"
groups = [ "sshd", "postfix", "nginx", "hardening" ]

[variables]
ip-address = "172.16.5.6"
proxy-ip-address = "172.16.10.5"

[[resources]]
type = "host"
# "$pullconf::hostname" is a pre-defined variable that evaluates to "blechbuechse.local".
hostname = "$pullconf::hostname"
ip-address = "$pullconf::ip-address"

[[resources]]
type = "host"
hostname = "proxy"
ip-address = "$pullconf::proxy-ip-address"
aliases = [ "proxy.local" ]

[[resources]]
type = "file"
path = "/etc/logrotate.d/rsyslog"
owner = "root"
group = "root"
mode = "0644"
content = """
/var/log/syslog
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
	rotate 4
	weekly
	missingok
	notifempty
	compress
	delaycompress
	sharedscripts
	postrotate
		/usr/lib/rsyslog/rsyslog-rotate
	endscript
}