From owner-freebsd-arch@FreeBSD.ORG Sun Apr 8 23:03:05 2007 Return-Path: X-Original-To: freebsd-arch@freebsd.org Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A56D416A401 for ; Sun, 8 Apr 2007 23:03:05 +0000 (UTC) (envelope-from minimarmot@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.247]) by mx1.freebsd.org (Postfix) with ESMTP id 6243713C448 for ; Sun, 8 Apr 2007 23:03:05 +0000 (UTC) (envelope-from minimarmot@gmail.com) Received: by an-out-0708.google.com with SMTP id c24so1478572ana for ; Sun, 08 Apr 2007 16:03:04 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=kQQmOOJARUFDUhTnOwmhWDGxLtL7lZznCBZLcokdtsI6Jv2OB3mIn3bhqLX9iuaUymLFbEkCb+jMKWJxuvm8mjfaRpEOWnKJoUDYELdI4nS4+Ta2izuds9NmMh16OVeCMSPy7VASi8M/a2+WDXbRzXZbTh1J5Bn53todcfi86UI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=IKjtsjvG0TEHJJjiHnvgyQdK6OjFii6oclBzOryc8yVH01WTWraNYaZGB83iKXPMq0Bb6rt8ifoBBB3+F8scpzEpay/YquJUkiTH0BEfswqvxVNSVoKhXsdJOJtK6tM4MgT1eaqiT+B+kWjtt7AhuyxlDHdukozVWhe/m4cgSkI= Received: by 10.100.43.9 with SMTP id q9mr3540579anq.1176071669729; Sun, 08 Apr 2007 15:34:29 -0700 (PDT) Received: by 10.100.237.19 with HTTP; Sun, 8 Apr 2007 15:34:29 -0700 (PDT) Message-ID: <47d0403c0704081534k2aece4cx7516d073bdb7f3ea@mail.gmail.com> Date: Sun, 8 Apr 2007 17:34:29 -0500 From: "Ben Kaduk" To: "Robert Watson" In-Reply-To: <20070408105140.L77212@fledge.watson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20070407120656.GD63916@garage.freebsd.pl> <20070407145154.GG63916@garage.freebsd.pl> <86d52fut50.fsf@dwp.des.no> <20070408105140.L77212@fledge.watson.org> Cc: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= , Pawel Jakub Dawidek , freebsd-arch@freebsd.org Subject: Re: Host ID. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Apr 2007 23:03:05 -0000 On 4/8/07, Robert Watson wrote: > [snip] > > Yes, one of the nice properties of FreeBSD -- as opposed to, say, Windows, is > that it's trivial to install a hundred boxes by dropping the same image onto > all of them and configuring host-specific parameters using DHCP. But there is > a tricky tension here: the notion of a persisting host ID is very useful, in > the a similar way to the way in which a persisting SSH host key is useful. > If we're going to adopt a host ID model, we may want to make generation and > configuration of the host ID conditional on an explicit variable in rc.conf > (i.e., hostid_enable="YES" which causes it to be generated the first time and > loaded future times, similar to SSH keys), and make it very easy to force a > regen. That way, you can image the boxes with the rc.conf setting set, but > they don't generate host IDs until they boot the first time. > > Robert N M Watson > Computer Laboratory > University of Cambridge I like this proposal a lot -- FreeBSD is very flexible, and people can and will use any mechanism available to make their lives simpler; this can call for some very creative installation mechanisms. Robert's proposal is the most general one I've seen (well, it's orthogonal to a lot of this thread). Also, it allows for the paranoid or highly-secure types to change their hostid (or prevent it from being generated in the first place) -- I have not yet decided if I would maintain a local diff to block a unique ID from my systems. -Ben Kaduk