Re: Need 'UncommentAndSetValue' or some such

From: Luke Kanies
Subject: Re: Need 'UncommentAndSetValue' or some such
Date: Thu, 27 Oct 2005 14:27:41 -0500 (CDT)

On Thu, 27 Oct 2005, Paul Krizak wrote:

> I find option #4 silly...cfengine should most certainly be able to edit
> config files...that's what it's for!  But that's just my opinion.

I'll take point with this, since I'm squarely in the "editfiles is evil"

Cfengine has a clear, mature ability to manage files as a whole (using
copy) and file metadata (i.e., owner, mode, etc.).  I don't agree at all
that cfengine is "for" editing file contents directly, though, and I have
seen very little evidence that that is the case.  Yes, people use editfiles,
but what else can they use to manage portions of the contents of files?
Cfengine has no other mechanisms.

Both as a consultant and as a sysadmin, I relied on editfiles for only the
simplest of jobs, and I usually regretted those.  Instead I pretty much
always wrote external modules that allowed me to address the contents of
files objectively.  I have modules for managing /etc/services (no, I will
not append a 5308 line, thank you), /etc/inetd.conf, cron tabs, and much
else, and I just mention the object names in my cfengine configuration
(e.g., I set up a "rootcrons" variable with things like "logrotate cfengine"
as the contents, this variable gets passed to a module, and the module
creates the cron tab).

I think editfiles should be essentially replaced with a system that allows
people to manage objects contained in files (hosts in /etc/hosts, services
in /etc/services, filesystems in /etc/fstab, cron jobs in
/var/spool/crontabs/*) as objects, not as lines in a file.  The reason
editfiles is so complicated is because it's the wrong approach for complete

I'll allow that it's a good idea to keep a simplistic editfiles around, but
I say cut out 90% of its functionality and put in something that treats most
files the way we think of them -- collections of objects -- not the way the
computer "thinks" of them.

I'm guessing that 90% of all cfengine code out there is devoted to host
grouping, file actions (files, tidy, etc.), shellcommands, and triggering
processes based on changes.  Throw in modules, and you're asymptotic.

> David Scott Coburn wrote:
> >
> > 4) Those who think that letting cfengine edit config files is "evil".
> >    (No criticism of this view intended.)

My favorite was a professor at a University I Used To Be Associated
With who claimed that our requirement of a non-alphabetic character in
our passwords was an abridgement of his freedom of speech.
                -- Jacob Haller
