Etch, a system configuration management tool for Unix systems, released a new version last week. Etch can help you manage operating system and core service configuration, as well as files like /etc/passwd and /etc/resolv.conf, and more. The application incorporates a lot of lessons learned about how to deploy configuration changes safely across a large, complex environment.
Developer Jason Heiss began working on Etch in 2003, after trying out Cfengine, one of the oldest and best-known system configuration management tools. “I’d tried to learn and use it several times, but always found it complicated, confusing, and limited in what it could do,” he says. “Cfengine tries to cover a lot of areas of system administration, many of which are better covered by other, more focused tools. I started Etch as an alternative that was more narrowly focused on configuration file management, and thus simpler and more powerful. Other alternatives to Cfengine, most notably Puppet, started development around the same time. I try to look at the other tools on a regular basis, and so far I’m happy that Etch does what it does better than the alternatives.”
The first two major versions of Etch were written in Perl, but the current version 3 is written in Ruby and Ruby on Rails. Heiss says, “I switched to Ruby because it’s a more pleasant language to write in. I’m still fond of Perl, but Ruby is cleaner and quicker to work with. Rails was a harder choice. I was already using Rails for another project, but it seemed a bit too heavy for Etch; all I thought I needed was a standard web service protocol. I was leaning toward XML-RPC, but none of the Ruby implementations seemed great. In the end I decided the consistency of using Rails for all of my projects made sense, and that turned out to be the right choice. Initially I wasn’t using a database, but I’ve added optional storage of reporting data into a database, and that was trivial with Rails.”
Heiss plans to add a feature to take advantage of that reporting data to help users predict the impact of changes. “You’ll be able to give Etch a modified copy of your configuration repository and it will give you a report of how many clients would be affected by your changes, which files would be changed, and so on. In a large environment it can be difficult or impossible for administrators to predict the possible impact of their changes, which leads to caution and fear about making changes. This feature should make it easier for folks to identify changes that would have a widespread impact and focus their attention and review on those changes.”
As for packaging the code for various *nix environments, Heiss says, “The Etch distribution comes with packaging config files and make targets for RPM, APT/dpkg/deb, and Solaris packages. We don’t distribute pre-built packages since folks generally want to include their config files and SSL certificates in the packages in their environments.”
To get the word out about the software, Heiss has led talks at conferences, “primarily the USENIX LISA (Large Installation System Administration) conference. We’ve used Etch to manage systems at my last three employers, so word-of-mouth from folks has also spread the word a bit.”
To build the software, Heiss eschews fancy development environments. “Most editing is done in TextMate, with an occasional vim session when I’m not on my Mac. I use the Test::Unit unit testing framework included with Ruby for testing.”
As with most developers who work on projects on their own time, Heiss’s planned release schedule for Etch can vary. “Lately I’ve had time to work on Etch and have been making releases every few weeks. As I get my backlog of feature ideas trimmed down, I’ll probably settle back down to a release every month or two.”
Things may change more quickly if additional developers step forward to work on the project, which Heiss says he welcomes. “There are a number of interesting features I would like to see in Etch, and I’d also be very interested if folks have their own ideas and would like to implement them. The best way for potential developers to contact me is via the etch-devel mailing list, but direct email is also fine.”