LDAP integration
Lamont Granquist
lamont at scriptkiddie.org
Wed Jan 10 22:12:57 UTC 2007
On Wed, 10 Jan 2007, Doug Barton wrote:
> Lamont Granquist wrote:
>
>> Why are you doing this in the FreeBSD rc scripts directly? Why not
>> install cfengine and work on making cfengine play better with
>> database-driven config?
>
> Indeed. For a "many systems" problem, cfengine is a great tool. I
> think the OP is more interested in the "dynamically configured laptop"
> problem, which is also an interesting/difficult one, but I don't think
> it's a good problem for LDAP to solve. It still feels like "I have
> LDAP that I want to use as a solution, so what problem can I point it
> at?" to me.
Yeah, I've also found LDAP to be more of a problem than a solution itself.
Once the data starts to be dynamically updated and acquires a higher rate
of change you no longer have a 'directory service' that you're working
with and MySQL becomes a better tool than LDAP. System config has a way
of creeeping into becoming more dynamic over time, particularly when you
start logging audit trails in the database, success codes, error
conditions, state machines, etc.
>> And if you're looking specifically at the /etc/rc.conf config file, what
>> would be more useful would be an /etc/rc.conf.d/ directory.
>
> Good news for you, we already support that. :) I agree that it makes a
> great tool for the "many systems" problem, and could reasonably be
> used for part of the "dynamic laptop" problem too.
7-current feature? I'm not seeing it in rc.conf(5) on my RELENG_6-ish
system...
>> That gets
>> away from the need to tweak and edit the /etc/rc.conf config file with
>> multiple inputs tweaking a single file. Instead you can drop whole
>> orthogonal fragments into /etc/rc.conf.d/inetd to manage the inetd
>> config which would make it more friendly to radmind-like approaches. It
>> also makes it easier to use with cfengine since orthogonal cfengine
>> modules aren't doing editfiles touches to the same files.
>
> Yes yes yes all around. At one time I suggested that we add support
> for /usr/local/etc/rc.conf.d and encourage port authors to drop files
> in there, but I didn't get much enthusiasm for it. Perhaps it's time
> to revisit that?
sounds great to me, but i don't have the CFT
>> The
>> /etc/cron.d directory that (most?) linux distros have is similarly very
>> useful to drop in files that contain completely orthogonal config (and
>> may be written by entirely different config management tools -- e.g.
>> system config management vs. application deployment/management), and the
>> /etc/periodic functionality is not flexible enough to cover all cases.
>
> That's not a bad idea, but you'll have to find some other huckleberry
> to address it, I've got my hands full at the moment.
yup, hear ya.
More information about the freebsd-hackers
mailing list