About
Introduction
Pullconf is a configuration management system for Debian GNU/Linux and other Debian-based Linux servers. It is heavily influenced by Puppet (a very popular and widely-used configuration management system). In contrast to other configuration management systems this project focuses a lot on simplicity and ease of use. Or to put it in other words: its primary goal is being boring. Ideally as boring as its name.
Pullconf works like this: Clients (i.e. Linux servers running the pullconf binary) communicate with a central server (pullconfd) in order to retrieve a catalog of resources via an HTTP API. These resources are then applied on the client to achieve a desired state, e.g. create a file at a certain location.
As the name already implies, Pullconf employs a pull-based approach to system configuration: a client actively fetches its resource catalog and applies it according to a schedule (e.g. every 5 minutes).
Resources such as file, directory or user are defined on the pullconfd server, in files following the TOML format.
Scripting and the development of custom modules is not supported and out of scope of this project. It focuses instead on including all kinds of resources directly into the project source. It should ultimately be possible to create simple files but also operate a Prometheus server by defining them as resources.
This is a basic example for a client configuration file to get a sense of the way TOML is used to define resources:
# /etc/pullconfd/resources/clients/blechbuechse.local.toml
api-key = "<...>"
groups = [ "sshd", "postfix", "nginx", "hardening" ]
[variables]
ip-address = "172.16.5.6"
proxy-ip-address = "172.16.10.5"
[[resources]]
type = "host"
# "$pullconf::hostname" is a pre-defined variable that evaluates to "blechbuechse.local".
hostname = "$pullconf::hostname"
ip-address = "$pullconf::ip-address"
[[resources]]
type = "host"
hostname = "proxy"
ip-address = "$pullconf::proxy-ip-address"
aliases = [ "proxy.local" ]
[[resources]]
type = "file"
path = "/etc/logrotate.d/rsyslog"
owner = "root"
group = "root"
mode = "0644"
content = """
/var/log/syslog
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
rotate 4
weekly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}