Date: Wed, 10 Jan 2007 17:47:09 -0600 From: Vulpes Velox <v.velox@vvelox.net> To: Doug Barton <dougb@FreeBSD.org> Cc: freebsd-hackers@freebsd.org, Lamont Granquist <lamont@scriptkiddie.org> Subject: Re: LDAP integration Message-ID: <20070110174709.534b1f16@vixen42> In-Reply-To: <45A56107.5050205@FreeBSD.org> References: <20070107190616.73dee7b0@vixen42> <45A1DE76.7000201@FreeBSD.org> <20070108185247.2b6e1f69@vixen42> <45A407D1.9030101@FreeBSD.org> <20070109184346.135e0bf4@vixen42> <Pine.GSO.4.60.0701101316300.5305@sploit.scriptkiddie.org> <45A56107.5050205@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 10 Jan 2007 13:56:23 -0800 Doug Barton <dougb@FreeBSD.org> wrote: > Lamont Granquist wrote: > > > Why are you doing this in the FreeBSD rc scripts directly? Why > > not install cfengine and work on making cfengine play better with > > database-driven config? > > Indeed. For a "many systems" problem, cfengine is a great tool. I > think the OP is more interested in the "dynamically configured > laptop" problem, which is also an interesting/difficult one, but I > don't think it's a good problem for LDAP to solve. It still feels > like "I have LDAP that I want to use as a solution, so what problem > can I point it at?" to me. Stuff like this is what LDAP truely shines for. It keeps everything in a nicely organized manner that is easily accessible and searchable. It is also nicely syncable. > > And if you're looking specifically at the /etc/rc.conf config > > file, what would be more useful would be an /etc/rc.conf.d/ > > directory. > > Good news for you, we already support that. :) I agree that it > makes a great tool for the "many systems" problem, and could > reasonably be used for part of the "dynamic laptop" problem too. Simply put... oh hell no. The rc.conf.d just makes a bloody mess. > > That gets > > away from the need to tweak and edit the /etc/rc.conf config file > > with multiple inputs tweaking a single file. Instead you can > > drop whole orthogonal fragments into /etc/rc.conf.d/inetd to > > manage the inetd config which would make it more friendly to > > radmind-like approaches. It also makes it easier to use with > > cfengine since orthogonal cfengine modules aren't doing editfiles > > touches to the same files. > > Yes yes yes all around. At one time I suggested that we add support > for /usr/local/etc/rc.conf.d and encourage port authors to drop > files in there, but I didn't get much enthusiasm for it. Perhaps > it's time to revisit that? Configuration of for the rc.d scripts should be left to rc.conf. > > The > > /etc/cron.d directory that (most?) linux distros have is > > similarly very useful to drop in files that contain completely > > orthogonal config (and may be written by entirely different > > config management tools -- e.g. system config management vs. > > application deployment/management), and the /etc/periodic > > functionality is not flexible enough to cover all cases. > > That's not a bad idea, but you'll have to find some other > huckleberry to address it, I've got my hands full at the moment. I don't have much to say in this area currently, but I have been kicking around the idea of writing one that pulls from a LDAP database and then logs to SQL for awhile. Not really something to be included in the base system, but would be really interesting.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070110174709.534b1f16>