[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cfengine, debconf and ldap
From: |
Steve Wray |
Subject: |
Re: cfengine, debconf and ldap |
Date: |
Mon, 05 Dec 2005 09:07:42 +1300 |
User-agent: |
Debian Thunderbird 1.0.2 (X11/20051002) |
Matthew Palmer wrote:
On Fri, Dec 02, 2005 at 12:03:03PM -0600, Brendan Strejcek wrote:
Steve Wray wrote:
debconf is set up to query these databases and to *try* not to be
interactive (sometimes this seems a lot harder than it should be :)
[snip]
I solved this problem using the sledgehammer method: get dpkg, apt-get,
debconf, etc to just shut up and install the package with defaults (if
you set enough --force-yes, DEBIAN_FRONTEND=noninteractive, etc, options
it is possible to get it to actually be noninteractive).
Any package that asks questions or otherwise interrupts installation when
"DEBIAN_FRONTEND=noninteractive" is buggy. Report a bug, and if you want to
send me the bug number and I'll try and help get the problem fixed. I'm
quite keen on seeing Debian packages install cleanly in a non-interactive
manner.
Setting the environment variable on the commandline seems to work
reasonably well for dpkg operations, but I have found that in apt-get
operations it sometimes doesn't seem to be passed 'down the chain'.
In other words in:
DEBIAN_FRONTEND=noninteractive apt-get install foo bar baz
the install of package foo will get the environment variable but not bar
or baz. I'm not sure but it could be a problem with the maintainer scripts.
Still, this is *kind* of getting off topic for the cfengine list :)
Then I use copy, editfiles, and other cfengine actions to do any
configuration I need.
I'll second that, from an insiders point of view. Debconf is *not* a
registry; it is not intended, designed, or supposed to record every possible
configuration value in a package. It is merely there to provide a basic,
it sure helps to shut the installer up and help to get the initial
install of a package to be sane.
usable default configuration. As a result, you're going to have to get very
comfy with copy and editfiles to customise your infrastructure anyway; the
amount of assistance that Debconf pre-seeding is going to give you is fairly
minimal in the grand scheme of things.
I disagree... copy is fine but editfiles, for anything non-trivial is
not so good.
For example, you've been maintaining your /etc/ssh/sshd_config using
editfiles.
You are asked to do an audit and to be able to report on how sshd was
configured a month ago.
With editfiles, you are left gesticulating at the editfile stanza and
saying something like 'if the sshd_config was like it was supposed to
have been then when this editfiles ran it should have changed it in
*this* way'
I'd rather keep version-controlled copies of the config file under, say,
svn on a central server and distribute the changes with copy. Thats what
I am doing with the package selection states. This way I can tell
exactly what package selection list was in force a month ago.
- cfengine, debconf and ldap, Steve Wray, 2005/12/01
- Re: cfengine, debconf and ldap, Brendan Strejcek, 2005/12/02
- Re: cfengine, debconf and ldap, Matthew Palmer, 2005/12/02
- Re: cfengine, debconf and ldap, Adrian Phillips, 2005/12/03
- Re: cfengine, debconf and ldap,
Steve Wray <=
- Re: cfengine, debconf and ldap, Matthew Palmer, 2005/12/04
- Re: cfengine, debconf and ldap, Steve Wray, 2005/12/04
- Re: cfengine, debconf and ldap [now editfiles], Brendan Strejcek, 2005/12/04
- Re: cfengine, debconf and ldap, Matthew Palmer, 2005/12/04
Re: cfengine, debconf and ldap, Brendan Strejcek, 2005/12/02