Date: Wed, 10 Jan 2007 19:55:39 -0600 From: Vulpes Velox <v.velox@vvelox.net> To: Lamont Granquist <lamont@scriptkiddie.org> Cc: freebsd-hackers@freebsd.org, Doug Barton <dougb@freebsd.org> Subject: Re: LDAP integration Message-ID: <20070110195539.68e60812@vixen42> In-Reply-To: <Pine.GSO.4.60.0701101701160.6289@sploit.scriptkiddie.org> References: <20070107190616.73dee7b0@vixen42> <45A1DE76.7000201@FreeBSD.org> <20070108185247.2b6e1f69@vixen42> <45A407D1.9030101@FreeBSD.org> <20070109184346.135e0bf4@vixen42> <Pine.GSO.4.60.0701101316300.5305@sploit.scriptkiddie.org> <45A56107.5050205@FreeBSD.org> <20070110174709.534b1f16@vixen42> <Pine.GSO.4.60.0701101701160.6289@sploit.scriptkiddie.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 10 Jan 2007 17:10:36 -0800 (PST) Lamont Granquist <lamont@scriptkiddie.org> wrote: > > > On Wed, 10 Jan 2007, Vulpes Velox wrote: > > On Wed, 10 Jan 2007 13:56:23 -0800 > > Doug Barton <dougb@FreeBSD.org> wrote: > >> Lamont Granquist wrote: > >>> Why are you doing this in the FreeBSD rc scripts directly? Why > >>> not install cfengine and work on making cfengine play better > >>> with database-driven config? > >> > >> Indeed. For a "many systems" problem, cfengine is a great tool. I > >> think the OP is more interested in the "dynamically configured > >> laptop" problem, which is also an interesting/difficult one, but > >> I don't think it's a good problem for LDAP to solve. It still > >> feels like "I have LDAP that I want to use as a solution, so > >> what problem can I point it at?" to me. > > > > Stuff like this is what LDAP truely shines for. It keeps > > everything in a nicely organized manner that is easily accessible > > and searchable. > > I agree that database-driven config management is good. I do not > agree that LDAP is the best way to go about doing it since LDAP > works best as a read-mostly directory service and not as an > mixed-read/write database which is what I've seen these kinds of > configuration management databases scale and turn into. LDAP is > great for stuff that barely ever changes. When you add SOX audit > trails and error reporting and other junk into the database LDAP > stops being appropriate. Right. LDAP should not be used for logging at all. That is what SQL is awesome for. :) > I also don't understand the focus on dynamically > generating /etc/rc.conf since that is actually not what I want in > my database. Inside my database I want to configure a machine as > an ftp server or a web server and deal with the high-level roles > that the machine plays. In order to generate an rc.conf file I > want to take the roles as inputs and construct the rc.conf file > specific to the machine. I am starting with rc.conf because it is a logical place to start for what I want. I am not interested in the autoconfiguration stuff in this project. Just reeling in the configuration, I am largely focusing LDAP because it is what would be most handy in my situation, but I am aiming at the idea of making that part is interchangable. I plan to start work the actual parts, once I am happy with the schema. That is going to take a bit of time to get worked out because there are a few things to iron out. There is also a lot of attributes that need to be defined.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070110195539.68e60812>