From owner-freebsd-hackers@FreeBSD.ORG Wed Jan 10 23:47:10 2007 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A57D616A407 for ; Wed, 10 Jan 2007 23:47:10 +0000 (UTC) (envelope-from SRS0=e45MbK=GT=vvelox.net=v.velox@yourhostingaccount.com) Received: from mailout09.yourhostingaccount.com (mailout09.yourhostingaccount.com [65.254.253.72]) by mx1.freebsd.org (Postfix) with ESMTP id 62A2A13C45A for ; Wed, 10 Jan 2007 23:47:10 +0000 (UTC) (envelope-from SRS0=e45MbK=GT=vvelox.net=v.velox@yourhostingaccount.com) Received: from scan07.yourhostingaccount.com ([10.1.1.237] helo=scan07.yourhostingaccount.com) by mailout09.yourhostingaccount.com with esmtp (Exim) id 1H4n9x-0002iA-Mn for freebsd-hackers@freebsd.org; Wed, 10 Jan 2007 18:47:09 -0500 Received: from authsmtp10.yourhostingaccount.com ([10.1.18.10] ident=exim) by scan07.yourhostingaccount.com with spamscanlookuphost (Exim) id 1H4n9x-0002XT-Ir for freebsd-hackers@freebsd.org; Wed, 10 Jan 2007 18:47:09 -0500 Received: from authsmtp10.yourhostingaccount.com ([10.1.18.10] helo=authsmtp10.yourhostingaccount.com) by scan07.yourhostingaccount.com with esmtp (Exim) id 1H4n9x-0002XP-2s for freebsd-hackers@freebsd.org; Wed, 10 Jan 2007 18:47:09 -0500 Received: from [69.92.217.33] (helo=vixen42) by authsmtp10.yourhostingaccount.com with esmtpa (Exim) id 1H4n9w-0006rt-2c; Wed, 10 Jan 2007 18:47:08 -0500 Date: Wed, 10 Jan 2007 17:47:09 -0600 From: Vulpes Velox To: Doug Barton Message-ID: <20070110174709.534b1f16@vixen42> In-Reply-To: <45A56107.5050205@FreeBSD.org> References: <20070107190616.73dee7b0@vixen42> <45A1DE76.7000201@FreeBSD.org> <20070108185247.2b6e1f69@vixen42> <45A407D1.9030101@FreeBSD.org> <20070109184346.135e0bf4@vixen42> <45A56107.5050205@FreeBSD.org> X-Mailer: Claws Mail 2.7.0 (GTK+ 2.10.7; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-EN-UserInfo: 0d1ca1697cdb7a831d4877828571b7ab:1570f0de6936c69fef9e164fffc541bc X-EN-AuthUser: vvelox2 Sender: Vulpes Velox Cc: freebsd-hackers@freebsd.org, Lamont Granquist Subject: Re: LDAP integration X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jan 2007 23:47:10 -0000 On Wed, 10 Jan 2007 13:56:23 -0800 Doug Barton wrote: > Lamont Granquist wrote: > > > Why are you doing this in the FreeBSD rc scripts directly? Why > > not install cfengine and work on making cfengine play better with > > database-driven config? > > Indeed. For a "many systems" problem, cfengine is a great tool. I > think the OP is more interested in the "dynamically configured > laptop" problem, which is also an interesting/difficult one, but I > don't think it's a good problem for LDAP to solve. It still feels > like "I have LDAP that I want to use as a solution, so what problem > can I point it at?" to me. Stuff like this is what LDAP truely shines for. It keeps everything in a nicely organized manner that is easily accessible and searchable. It is also nicely syncable. > > And if you're looking specifically at the /etc/rc.conf config > > file, what would be more useful would be an /etc/rc.conf.d/ > > directory. > > Good news for you, we already support that. :) I agree that it > makes a great tool for the "many systems" problem, and could > reasonably be used for part of the "dynamic laptop" problem too. Simply put... oh hell no. The rc.conf.d just makes a bloody mess. > > That gets > > away from the need to tweak and edit the /etc/rc.conf config file > > with multiple inputs tweaking a single file. Instead you can > > drop whole orthogonal fragments into /etc/rc.conf.d/inetd to > > manage the inetd config which would make it more friendly to > > radmind-like approaches. It also makes it easier to use with > > cfengine since orthogonal cfengine modules aren't doing editfiles > > touches to the same files. > > Yes yes yes all around. At one time I suggested that we add support > for /usr/local/etc/rc.conf.d and encourage port authors to drop > files in there, but I didn't get much enthusiasm for it. Perhaps > it's time to revisit that? Configuration of for the rc.d scripts should be left to rc.conf. > > The > > /etc/cron.d directory that (most?) linux distros have is > > similarly very useful to drop in files that contain completely > > orthogonal config (and may be written by entirely different > > config management tools -- e.g. system config management vs. > > application deployment/management), and the /etc/periodic > > functionality is not flexible enough to cover all cases. > > That's not a bad idea, but you'll have to find some other > huckleberry to address it, I've got my hands full at the moment. I don't have much to say in this area currently, but I have been kicking around the idea of writing one that pulls from a LDAP database and then logs to SQL for awhile. Not really something to be included in the base system, but would be really interesting.