Re: cfengine, debconf and ldap

[Steve Wray]

Matthew Palmer wrote:
> On Mon, Dec 05, 2005 at 09:07:42AM +1300, Steve Wray wrote:
>
> > Matthew Palmer wrote:
[snip]
> Some degree of debconf preseeding is necessary to make the installer quiet,
> but practically speaking that's no different to Kickstart config files.
>
>
> > and help to get the initial install of a package to be sane.
>
>
> Define "sane".  Unless you can get the config exactly as you need using the
> Debconf questions (not a common experience) you need to copy/editfiles your
> way to where you want to be anyway.

Actually I often find that packages will have debconf entries that none 
of their maintainer scripts use.

Alternatively, there may be config things you want to do that arn't 
covered by the maintainer script.

Or even cases where the maintainer scripts will totally ignore debconf 
if there is existing configuration file content.

In these cases, its well worth producing a 'wrapper' package which 
depends on the base debian package and which does its own thing with 
debconf.

For example, the cfengine bootstrapping problem; I have a cfengine-local 
package which contains my base cfengine starter pack.

apt-get install cfengine-local gets it ready for its first cfengine update.

Its actually relatively easy to do this sort of thing, though you 
wouldn't think so from reading Debians own documentation...



[snip]
> > I disagree... copy is fine but editfiles, for anything non-trivial is 
> > not so good.
>
> So only use editfiles for the trivial things then... <grin>

The set of trivial things for editfiles to do turns out to be pretty small!


> > With editfiles, you are left gesticulating at the editfile stanza and 
> > saying something like 'if the sshd_config was like it was supposed to 
> > have been then when this editfiles ran it should have changed it in 
> > *this* way'
[snip]
> Ayup, keeping everything under revision control is great.  I'm a bit up in
> the air about when to editfiles and when to copy.  I can espouse at length
> about my varying opinions, if you need to get to sleep sometime, and I'm
> sure that anyone who's maintaining a cfengine infrastructure will know all
> of the ideas already.

I seem to recall some mailing list posting to the effect 'editfiles 
considered harmful' oh yeah here we go:

http://cfwiki.org/cfwiki/index.php/Editfiles_Considered_Harmful


I have to say, I totally agree with the majority of this article!

Wouldn't mind hearing your espousals (off list) I am sure theres some 
insight to be gained there!

There are a bunch of things that can be aggregated with copy and 
editfiles. For example the /etc/apt/sources.list file can be kept in 
fragments with seperate stanzas for woody and sarge boxes, some boxes 
may be in classes that require some particular backport, some may want 
some external apt source (eg midgard).

These things can be stored seperately on the server and then copied over 
(with singlecopy) and then catted together and dropped into place.

No real need for editfiles on flat format files like that. The icky 
stuff happens when you use editfiles to manipulate multi-line config 
file entries... then I am taken back to the days of getting headaches 
trying to use the MS-DOS 'ed' command...



--
There is nothing more important to good government than good education.