[nycbug-talk] Do you guys/gals _____ify your _____ boxes?

Isaac Levy isaac at diversaform.com
Mon May 18 15:48:01 EDT 2009


Hi Matt,

On May 18, 2009, at 3:31 PM, Matt Juszczak wrote:

> The subject is confusing, I know.
>
> But you can fill in almost anything:
>
> Do you guys/gals cfengineify your cfengine boxes?
> Do you guys/gals ldapify your ldap boxes?
> Do you guys/gals puppetify your puppet boxes?
>
> In other words, on the boxes where these services are running, do  
> you set
> those services up?
>
> Say you have 5 boxes.
>
> box1
> box2 - hosts LDAP server
> box3 - hosts puppet daemon
> box4
> box5
>
>
> box1, box4, and box5 would obviously be setup to authenticate to LDAP
> (box2) and have their configurations managed by puppet (box3).  But  
> would
> you have box2 authenticate to LDAP?  and would you have box3 managed  
> by
> puppet?
>
> Thanks for everyone's opinion :)
>
> -Matt
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>

I would think this kind of recursion is terribly bad practice- but  
this would depend on your requirements.  For example, I tend to see  
glaring problems letting the LDAP server machine auth to iteslf, but  
heck- there may be a need to provide users in LDAP, some kind of  
access to that box.  Still smells like a terrible idea.

The Puppet daemon, that seems a bit odd- unless one has many different  
puppet boxes to manage- but I can't really get creative enough on a  
monday to think up a scenario when that'd happen.

DNS, is a no-brainer not sane...  Etc... Etc...

my .02¢

Best,
.ike





More information about the talk mailing list