[nycbug-talk] Do you guys/gals _____ify your _____ boxes?
Isaac Levy
isaac at diversaform.com
Mon May 18 15:48:01 EDT 2009
Hi Matt,
On May 18, 2009, at 3:31 PM, Matt Juszczak wrote:
> The subject is confusing, I know.
>
> But you can fill in almost anything:
>
> Do you guys/gals cfengineify your cfengine boxes?
> Do you guys/gals ldapify your ldap boxes?
> Do you guys/gals puppetify your puppet boxes?
>
> In other words, on the boxes where these services are running, do
> you set
> those services up?
>
> Say you have 5 boxes.
>
> box1
> box2 - hosts LDAP server
> box3 - hosts puppet daemon
> box4
> box5
>
>
> box1, box4, and box5 would obviously be setup to authenticate to LDAP
> (box2) and have their configurations managed by puppet (box3). But
> would
> you have box2 authenticate to LDAP? and would you have box3 managed
> by
> puppet?
>
> Thanks for everyone's opinion :)
>
> -Matt
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
I would think this kind of recursion is terribly bad practice- but
this would depend on your requirements. For example, I tend to see
glaring problems letting the LDAP server machine auth to iteslf, but
heck- there may be a need to provide users in LDAP, some kind of
access to that box. Still smells like a terrible idea.
The Puppet daemon, that seems a bit odd- unless one has many different
puppet boxes to manage- but I can't really get creative enough on a
monday to think up a scenario when that'd happen.
DNS, is a no-brainer not sane... Etc... Etc...
my .02¢
Best,
.ike
More information about the talk
mailing list