Cdist: Real Configuration Management, No Hand-Holding Required
Cdist isn’t trying to hold your hand. It’s not here to teach you YAML or hide logic behind pretty dashboards. It does one thing well: lets you manage Unix systems using just shell scripts, SSH, and your own common sense.
You won’t find agents. No background daemons. No dependencies that require a PhD. Just a straightforward way to declare how your systems *should* look — and make it so, one machine at a time or a hundred at once.
Core Features (and Why They Actually Matter)
| Feature | Why It’s Useful |
| Agentless over SSH | Targets don’t need anything except a shell and SSH |
| Written entirely in shell | No need to learn a new language — it’s just shell scripting |
| Declarative “type” system | Reusable units of config with parameters — powerful but simple |
| Pull or push compatible | Run it by hand, from CI, cron, or a wrapper — your call |
| Works across UNIX variants | Supports Linux, BSD, and others without modification |
| Idempotent behavior | Nothing runs unless it needs to — no redundant changes |
| Zero magic | No hidden state, no agent drift, nothing outside your control |
| Git-friendly | Everything lives in plain files — version and audit with ease |
What You Need
– Control Machine: Python 3.x, SSH access to target nodes
– Target Systems: POSIX-compatible (Linux, BSD, etc.), basic shell and core utilities
– No agent, ever
– Network: Only SSH (usually port 22), no open APIs or special tooling
Getting Started (Example on Debian/Ubuntu)
- Install basic tools:
sudo apt update
sudo apt install python3 git
- Clone the repo and export the path:
git clone https://code.ungleich.ch/ungleich-public/cdist
export PATH=$PWD/cdist/bin:$PATH
- Set up your configuration:
mkdir ~/cdist-config && cd ~/cdist-config
cdist config-init
- Write your manifests and types, then run:
cdist config -v -i your.server.name
Real-World Use Cases
Cdist finds its niche where things are deliberately simple — or *need* to be. Think:
– Teams that live in the shell and want repeatability, not ceremony
– Environments where introducing daemons is frowned upon
– Air-gapped machines with tight software policies
– CI jobs that need to configure boxes without installing extra tools
– Places where bash scripts already rule — this just makes them cleaner
Pros and Cons (Let’s Be Honest)
Why people stick with it:
– Dead simple once you get the flow
– Nothing running in the background means no surprises
– Debugging is easy — it’s just scripts
– Transparent and versionable
– Doesn’t fight with your system — it works *with* it
But you should know:
– Not for folks who dislike the command line
– No GUI, no metrics dashboard, nothing fancy
– Can feel raw compared to Ansible or Puppet
– Doesn’t scale well without parallelism tooling (like `xargs` or `pssh`)
– You’ll probably need to build some helper scripts as you grow
Final Thought
If you’ve ever wanted a configuration system that respects your intelligence — one that doesn’t abstract away everything useful — Cdist is probably worth a try. It’s not for everyone, but for seasoned admins who want control, clarity, and zero hidden state? It hits the sweet spot.
It’s like managing servers with a sharpened shell script — only smarter, and a whole lot more scalable.
