[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bootstrapping <= LDAP and authority
|
From: |
Chip Seraphine |
|
Subject: |
Re: Bootstrapping <= LDAP and authority |
|
Date: |
Thu, 19 Feb 2004 13:33:29 -0600 |
|
User-agent: |
KMail/1.5 |
On Thursday 19 February 2004 11:13, Luke A. Kanies wrote:
> At my last client, I had something like 40 unique host types, and the
> heirarchy was probably about 5 levels deep. This was an organization with
> less than 100 hosts. These host classes were used for all decision making
> -- what packages to install, what processes to start, what filesystems to
> create, what config files to load, etc.
>
> Yes, I could build an equivalent logic system outside of cfengine, but why
> would I? I would then have to maintain a different interpreter; I know,
> because that's what I was doing. I have complete cross-pollination
> between cfengine and ISconf -- cfengine got all of ISconf's types via a
> module, and ISconf received all of cfengine's types on the CLI.
We're shooting at the notion of having such information living in LDAP, and
cfengine gets it via a module query. The reason for this is twofold:
a) Authority. (Example: Do I know machine X is a DNS because it is running
BIND, or do I know it should be running BIND because my cfagent.conf says
its "dnsserver" class is set?) Always a big problem; cfengine likes being
an authority source and is good at it. So does/is LDAP, but LDAP is more
flexible and understanding of hierarchy. (Cfengine code degenerates into
spaghetti and sequence-of-events hell if you try to get too abstract, IME.)
Besides, having cfengine convey the information in it's groups: section to
an LDAP server is less cumbersome than the other way around, so if you have
both cfengine and LDAP but only want one to be authoritative the easiest
way is to make your LDAP database the ubermaster from which all data
floweth.
b) Interface. Unfortunately, if you have a lot of detail in your configs
you also see a lot of changes. Cfengine's syntax is good for what it does,
but a single RCS'd cfengine file does not make an ideal enterprise
configuration interface for a large team of admins (especially if a few of
them tend to be prone to injecting syntax errors). There are some nice
tools out there for updating/adding to LDAP databases, and it is easy to
whip up your own web-gui or whatever.
- Re: Bootstrapping, (continued)
- Re: Bootstrapping, Luke A. Kanies, 2004/02/18
- Re: Bootstrapping, John Sechrest, 2004/02/18
- Re: Bootstrapping, Chip Seraphine, 2004/02/19
- Re: Bootstrapping, Luke A. Kanies, 2004/02/19
- Re: Bootstrapping, John Sechrest, 2004/02/19
- Re: Bootstrapping, Luke A. Kanies, 2004/02/19
- Re: Bootstrapping, John Sechrest, 2004/02/19
- Re: Bootstrapping <= LDAP and authority,
Chip Seraphine <=
- Re: Bootstrapping, Mark . Burgess, 2004/02/19
- Re: Bootstrapping, Luke A. Kanies, 2004/02/19
- Re: Bootstrapping, Nate Campi, 2004/02/19
- Re: Bootstrapping, John Sechrest, 2004/02/19
- Re: Bootstrapping, Nate Campi, 2004/02/19
- Re: Bootstrapping, Russell Adams, 2004/02/19
- Re: Bootstrapping, Jamie Wilkinson, 2004/02/19
- Re: Bootstrapping, Chip Seraphine, 2004/02/20
Re: Bootstrapping, Jamie Wilkinson, 2004/02/19
Re: Bootstrapping, Luke A. Kanies, 2004/02/16