[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bootstrapping

From: John Sechrest
Subject: Re: Bootstrapping
Date: Wed, 18 Feb 2004 14:50:28 -0800

Nate Campi <address@hidden> writes:

 % On Wed, Feb 18, 2004 at 02:37:40PM -0600, Luke A. Kanies wrote:

 % > There is a distressing lack of 'best practices' in the cfengine world, I
 % > think.  As I've developed my own I am trying to publish them (and my
 % > cfengine series will focus much more on best practices than on the
 % > technology, since the reference is so good), but (as has been mentioned
 % > many times) it'd be great if we as a community could work more on this.

 % Well I know what I plan to do once I'm done writing a book (unrelated to
 % cfengine) - come up with some cfengine best practices and system
 % administration best practices all wrapped around debian linux.

 Sounds very nice.

 % I want to bootstrap an entire small network, DNS, DHCP,
 % routing/gateway/firewalling, web site under CVS control with staging
 % site, mail server (postfix/courier or postfix/cyrus), fileserver (NFS
 % and samba I guess, maybe AFS if I get around to learning it), directory
 % services (LDAP for accounts, probably kerberos for auth and win2k domain
 % trusts), automated installation as well.

 I am the midst of working on that very instance. I am using a tool
 that we are working on (mln) to automatically deploy this out 
 as a collection of User-Mode-Linux instances. And then have them
 all automatically self configure. 

 % There's no reason setting up new a network needs to include reinventing
 % everything. More small networks could be standardized, and benefit from
 % the collective wisdom of the cfengine community (at least the ones
 % contributing to this effort) for all the small things that make a system
 % run better (like automatically syncing /etc/hosts and /etc/resolv.conf
 % to a postfix chroot, which is easy to forget when you move a host to a
 % new subnet).

 Yes. I agree. 

 % A surprising amount of configuration could be shared across sites,
 % enabling networks to get up quickly, and run better. Consultants could
 % come into networks they've never been on before, but quickly solve
 % problems and roll out new services, since he/she already understands the
 % cfengine setup.

 Yes, but to do this, the cfengine community needs to start abstracting
 the (global practices) from the (local issues).

 So you can't just create the classes in CFengine, you have to 
 get them from some alternative source.
 Right now, I am using Files to simulate what I need to get
 as I reach thru all of this stuff.


        TrustedKeyFrom = ( Readfile(/var/mln/trustedhosts,1000))

 instead of saying

        TrustedKeyFrom = ( My list of hosts goes here)

 In this way, I should be able to mail to you a cf.XXX file and
 you should be able to put it into use.

 Mark mentions that there are CFengine Packages that can be built
 which end up with seperate name spaces, so that sharing 
 files does not lead to collisions in the name spaces of the classes.

 % This is what I'd want the community-contributed cfengine configs to come
 % from - actual use, practices proven on real networks. It would need to
 % be it's own project, with active contributers. I plan on starting it on
 % my own, then seeing if people want to join in once I have something
 % working to get at least a small network up from scratch. It would
 % probably need to be a custom debian distro on a CD, to bootstrap the
 % whole process from a gold server.

 This brings up many questions for me...

 A) Why would this not work as a component of the CFengine work that
    is already going on?

 B) Why would it need to be a seperate project?

 C) Do you care that there already is an ongoing project working
    on the same issue? (We got our sourceforge project approved recently)

 % Sorry if this is off-topic.
 % -- 
 % Nate
 % Backups?  We doan *NEED* no steenking baX%^~,VbKx    NO CARRIER
 % _______________________________________________
 % Help-cfengine mailing list
 % address@hidden

John Sechrest          .         Helping people use
                        .           computers and the Internet
                          .            more effectively
                                 .       Internet: address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]