From owner-freebsd-hackers@FreeBSD.ORG Thu Jan 11 01:10:37 2007 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E9C6C16A523; Thu, 11 Jan 2007 01:10:36 +0000 (UTC) (envelope-from lamont@scriptkiddie.org) Received: from sploit.scriptkiddie.org (sploit.scriptkiddie.org [216.231.47.214]) by mx1.freebsd.org (Postfix) with ESMTP id B6AE213C474; Thu, 11 Jan 2007 01:10:36 +0000 (UTC) (envelope-from lamont@scriptkiddie.org) Received: from sploit (sploit [216.231.47.214]) by sploit.scriptkiddie.org (8.12.11/8.12.11) with ESMTP id l0B1Aa79006476; Wed, 10 Jan 2007 17:10:36 -0800 (PST) Date: Wed, 10 Jan 2007 17:10:36 -0800 (PST) From: Lamont Granquist To: Vulpes Velox In-Reply-To: <20070110174709.534b1f16@vixen42> Message-ID: References: <20070107190616.73dee7b0@vixen42> <45A1DE76.7000201@FreeBSD.org> <20070108185247.2b6e1f69@vixen42> <45A407D1.9030101@FreeBSD.org> <20070109184346.135e0bf4@vixen42> <45A56107.5050205@FreeBSD.org> <20070110174709.534b1f16@vixen42> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-hackers@freebsd.org, Doug Barton Subject: Re: LDAP integration X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jan 2007 01:10:37 -0000 On Wed, 10 Jan 2007, Vulpes Velox wrote: > On Wed, 10 Jan 2007 13:56:23 -0800 > Doug Barton wrote: >> Lamont Granquist wrote: >>> Why are you doing this in the FreeBSD rc scripts directly? Why >>> not install cfengine and work on making cfengine play better with >>> database-driven config? >> >> Indeed. For a "many systems" problem, cfengine is a great tool. I >> think the OP is more interested in the "dynamically configured >> laptop" problem, which is also an interesting/difficult one, but I >> don't think it's a good problem for LDAP to solve. It still feels >> like "I have LDAP that I want to use as a solution, so what problem >> can I point it at?" to me. > > Stuff like this is what LDAP truely shines for. It keeps everything > in a nicely organized manner that is easily accessible and searchable. I agree that database-driven config management is good. I do not agree that LDAP is the best way to go about doing it since LDAP works best as a read-mostly directory service and not as an mixed-read/write database which is what I've seen these kinds of configuration management databases scale and turn into. LDAP is great for stuff that barely ever changes. When you add SOX audit trails and error reporting and other junk into the database LDAP stops being appropriate. I also don't understand the focus on dynamically generating /etc/rc.conf since that is actually not what I want in my database. Inside my database I want to configure a machine as an ftp server or a web server and deal with the high-level roles that the machine plays. In order to generate an rc.conf file I want to take the roles as inputs and construct the rc.conf file specific to the machine.