From owner-freebsd-stable@FreeBSD.ORG Thu Feb 5 12:41:12 2015 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5DA90D3 for ; Thu, 5 Feb 2015 12:41:12 +0000 (UTC) Received: from sasl.smtp.pobox.com (pb-smtp1.int.icgroup.com [208.72.237.35]) by mx1.freebsd.org (Postfix) with ESMTP id 17B833BA for ; Thu, 5 Feb 2015 12:41:11 +0000 (UTC) Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id 33FC731E12 for ; Thu, 5 Feb 2015 07:41:10 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=date:from:to :subject:message-id:references:mime-version:content-type :in-reply-to; s=sasl; bh=BTvhkkLvw5/GGrEgIwYOEotduYY=; b=NLbfJpA iyOsfR7G5mLqWMrxLTlP4xlDwoxk+G2ZYmp/5hBI32rkF3qDd5F8J3o76bqll2uE mWEoiVUEnV02DowxeiWxFINg8ONK9z68JwM+Ur/F5onoC7NS1UPEF8eiRwYk4S27 P9lXLi0W6c3iegeVlewW1rWbdj5XbC8xha+I= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=date:from:to :subject:message-id:references:mime-version:content-type :in-reply-to; q=dns; s=sasl; b=ljoMBkbpyT8nd4O87v5LlALAJmBjtpfsx koJokge2xzFQTPSsLyrzTcWa9B6b5W3kkPt7OLy4bG3zFTQzu/xu6mSTt5dhV2+w KhVpLNlruMOI7B0peCjdIqrAYm2UmktfsTwPaNba32zQku8e5zrLh3X4S0mlPHWz f5SKfCwzxU= Received: from pb-smtp1.int.icgroup.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id 1F05F31E11 for ; Thu, 5 Feb 2015 07:41:10 -0500 (EST) Received: from localhost (unknown [50.90.2.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pb-smtp1.pobox.com (Postfix) with ESMTPSA id 6CB5731E0D for ; Thu, 5 Feb 2015 07:41:09 -0500 (EST) Date: Thu, 5 Feb 2015 07:41:08 -0500 From: Chris Nehren To: freebsd-stable@freebsd.org Subject: Re: push a few config files to dozen or so servers Message-ID: <20150205124108.GA89820@behemoth.lan> Mail-Followup-To: freebsd-stable@freebsd.org References: <20150205130234.3fcbabfb@efreet.mimar.rs> <20150205133253.7ed286e20f30517cafc04335@fastmail.fm> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="k+w/mQv8wyuph6w0" Content-Disposition: inline In-Reply-To: <20150205133253.7ed286e20f30517cafc04335@fastmail.fm> User-Agent: Mutt/1.5.23 (2014-03-12) X-Pobox-Relay-ID: 428F4C4C-AD34-11E4-86B4-7BA29F42C9D4-49531120!pb-smtp1.pobox.com X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Feb 2015 12:41:12 -0000 --k+w/mQv8wyuph6w0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 05, 2015 at 13:32:53 +0100, Schaich, Alonso wrote: > On Thu, 5 Feb 2015 13:02:34 +0100 > Marko Cupa? wrote: >=20 > > Hi, > >=20 > > thanks to virtualization, my fleet of FreeBSD hosts have grown to more > > than dozen, and it still grows. There are some files that need to be > > identical on all of them (aliases, sudoers, root crontab, pkg repo > > files etc.). > >=20 > > I was looking at puppet and cfengine but learning and implementing those > > seem like an overkill for my purpose. > >=20 > > Are there any other elegant solutions which can help me achieve my goal? >=20 > If they really need to be identical all the time, I'd put them on a > network share mounted at boot and symlink on them from etc, var/mail, > and so on. repositories can be mount points themselves, so clearly > candidates for a network share, too. Putting critical files like sudoers and other files in /etc on a network share makes me quite uncomfortable, especially in the case of means to authenticate users or escalate privileges. When (not if) the network or the file share are unavailable, it becomes far harder than it needs to be to troubleshoot the problem. Network filesystems are great, until they break, and then they're far, far worse than all the alternatives. --=20 Chris Nehren --k+w/mQv8wyuph6w0 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJbBAABCABFBQJU02TfPhSAAAAAABUAIHBrYS1hZGRyZXNzQGdudXBnLm9yZ2Nu ZWhyZW4rZnJlZWJzZC1zdGFibGVAcG9ib3guY29tAAoJEBHA+GJAM0vPCd8P/isU 3DgulsnBPx6zRbUPB8dC0XpzU+glKbyGQ57W1hti/91ooGKU1NXpO4H8jJrotdWZ jYqkXXH7yskBlGMEFnVhqzOE9mrftgQnQZ1/twtBQ441R/bIdUOMKTRUOOR4Nhbf SzCR/PlOAZw38YfKRE1VNM0FoEJUTgKt95IjScjiMMzl1bsp8Ny1ZA14xwOqFGzD UmXWAIeQizckTqJVHGpWbEtlSTed2Z6SYqV5dp2GKjmw9jHrNpTjcwrO4c6fV8j4 AEvxTzSfNXwfbmDXfFfgvierZGiU91AnUl77Fa5bfkOudwTjn0IEoJeOudIiyHUT OM7IGmSIY7BH7jntEnGtj6ClOHZp1jdYJyWa+QOvVcuJ0tSBjNicF7vdVwQ/XzOh 9w5uJQFabkvInMc3C8bfS42rMrE8hNTG+vhyVD/YX3H0HEvWX7BkTEhDnxoy3K46 91G2FIFDG62WmIVA7D5EuJqzu65PySR5STuraH7h2rAnDLbSESza4vpPTNJbw1Yy Gf27e2QCRPq71zmnEYrfQv0TEw+9Z2GR/L4XKKDuOfaWKDSia1Ufs+MYjyajXYL4 BhTkkfFp75eGFLD0hYgkpFFWDwUqac9xhl/hw3XDmVabaF8Oq+0NjDYtEoMP+vko 7w9GE/djstr/Qvi757jv2zvbRu1JqERYivmN8eob =Dh7Q -----END PGP SIGNATURE----- --k+w/mQv8wyuph6w0--