Date: Wed, 10 Jan 2007 17:10:36 -0800 (PST) From: Lamont Granquist <lamont@scriptkiddie.org> To: Vulpes Velox <v.velox@vvelox.net> Cc: freebsd-hackers@freebsd.org, Doug Barton <dougb@freebsd.org> Subject: Re: LDAP integration Message-ID: <Pine.GSO.4.60.0701101701160.6289@sploit.scriptkiddie.org> In-Reply-To: <20070110174709.534b1f16@vixen42> References: <20070107190616.73dee7b0@vixen42> <45A1DE76.7000201@FreeBSD.org> <20070108185247.2b6e1f69@vixen42> <45A407D1.9030101@FreeBSD.org> <20070109184346.135e0bf4@vixen42> <Pine.GSO.4.60.0701101316300.5305@sploit.scriptkiddie.org> <45A56107.5050205@FreeBSD.org> <20070110174709.534b1f16@vixen42>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 10 Jan 2007, Vulpes Velox wrote: > On Wed, 10 Jan 2007 13:56:23 -0800 > Doug Barton <dougb@FreeBSD.org> wrote: >> Lamont Granquist wrote: >>> Why are you doing this in the FreeBSD rc scripts directly? Why >>> not install cfengine and work on making cfengine play better with >>> database-driven config? >> >> Indeed. For a "many systems" problem, cfengine is a great tool. I >> think the OP is more interested in the "dynamically configured >> laptop" problem, which is also an interesting/difficult one, but I >> don't think it's a good problem for LDAP to solve. It still feels >> like "I have LDAP that I want to use as a solution, so what problem >> can I point it at?" to me. > > Stuff like this is what LDAP truely shines for. It keeps everything > in a nicely organized manner that is easily accessible and searchable. I agree that database-driven config management is good. I do not agree that LDAP is the best way to go about doing it since LDAP works best as a read-mostly directory service and not as an mixed-read/write database which is what I've seen these kinds of configuration management databases scale and turn into. LDAP is great for stuff that barely ever changes. When you add SOX audit trails and error reporting and other junk into the database LDAP stops being appropriate. I also don't understand the focus on dynamically generating /etc/rc.conf since that is actually not what I want in my database. Inside my database I want to configure a machine as an ftp server or a web server and deal with the high-level roles that the machine plays. In order to generate an rc.conf file I want to take the roles as inputs and construct the rc.conf file specific to the machine.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.60.0701101701160.6289>