[nycbug-talk] Do you guys/gals _____ify your _____ boxes?
Steven Kreuzer
skreuzer at exit2shell.com
Tue May 19 12:41:23 EDT 2009
On May 18, 2009, at 3:31 PM, Matt Juszczak wrote:
> box1, box4, and box5 would obviously be setup to authenticate to LDAP
> (box2) and have their configurations managed by puppet (box3). But
> would
> you have box2 authenticate to LDAP? and would you have box3 managed
> by
> puppet?
If you have a master puppet server, it makes sense that all the
configuration you do
to the box is done via puppet.
If you master puppet server dies, it will allow you to say this is the
new master puppet server
and have the box back online in a matter of minutes.
If someone changes something on your mater puppet server, its better
to have puppet discover
and change it back and alert you instead of discovering the change
weeks later.
As for LDAP, I prefer to configure every machine to first auth against
the primary ldap server,
the slave ldap sever and then files. You keep root and system level
accounts in /etc/passwd
and user accounts are stored in ldap. This allows you to login to the
box if you break something
but keeps the auth subsystem of each server consistent
--
Steven Kreuzer
http://www.exit2shell.com/~skreuzer
More information about the talk
mailing list