1 |
Well, as you point it out: |
2 |
"If the tool forces the user to do things a particular way, then |
3 |
the tool is working against, rather than for, the user." |
4 |
|
5 |
My experience with infrastructures and especially configuration |
6 |
management tools is that you can't have both automatic-easy-no-hands-on |
7 |
configuration and manual configuration of the same application |
8 |
simultaneously. If one attempts to make a "perfect" configuration tool, |
9 |
he will quickly realize the human being is unpredictable and sometimes, |
10 |
god forbid, stupid. Compensating for the human factor is a never ending |
11 |
quest which eventually force the choice between total control over the |
12 |
configuration by the tools or total configuration by the user/admin. If |
13 |
you don't believe me, look at a popular OS called Windows, made by |
14 |
Microsoft. Their attempt at providing a unified "interface" to all |
15 |
configuration and management aspects of the machines inadvertently fails |
16 |
as one almost always has to go into the "registry" to fix something a |
17 |
user (also called viruse) did or didn't do. |
18 |
|
19 |
Furthermore, totally interfaced control over a complex backend is |
20 |
also failure-proned. One of my IT colleagues experienced weird name |
21 |
resolution problems that were eventually resolved by deleting entries in |
22 |
an AD using OpenLDAP tools accessing the said AD through a translation |
23 |
backend (the interface to the AD failed to report the keys...even the |
24 |
search engine for the advanced management) |
25 |
|
26 |
Obviously, this view is a can-O-worms and I really don't want to |
27 |
start this philosophical debate. My point is actually that I want the |
28 |
project to adhere to the Gentoo philosophy as closely as possible and I |
29 |
can hardly see how this can be the case when I _impose _ some |
30 |
configuration decisions (ie: I'm not asking the user what ACL to put |
31 |
into slapd and how to construct system-auth). |
32 |
|
33 |
This said, my approach at modifying the configuration files is using |
34 |
a "general" .conf file (ie: we could call it either a domain-def.conf or |
35 |
local-machine-def.conf file) which (would/should) sources as much |
36 |
information form the gentoo-specific /etc/conf.d file and patch in where |
37 |
specifics aren't defined. If this can be accepted by the powers that my |
38 |
be in Gentoo as an approach to "guiding" the initial setup of a machine |
39 |
(as performed by src_install (or should it be pkg_setup) ) then fine! |
40 |
|
41 |
But, like I said when choosing to make the script, some of the steps |
42 |
need to be accomplished in an authoritative manner and in a specific |
43 |
sequence, which cannot be guaranteed by portage. |
44 |
|
45 |
Now, following what Donnie pointed me to on the Seed Linux mailing list |
46 |
(http://groups.google.com/group/seed-linux-dev/browse_frm/thread/d5ab069f47de4b76? |
47 |
) and more specifically this post about global configuration management: |
48 |
http://groups.google.com/group/seed-linux-dev/browse_thread/thread/73cb8a4fef940903 |
49 |
, I believe we have something interesting that may result from merging |
50 |
my script into proper Seed Linux Ebuilds and getting some consensus on |
51 |
the configuration definition. |
52 |
|
53 |
Eric |
54 |
|
55 |
PS: To answer the original e-mails question: yeah, I think the |
56 |
philosophy applies to the project. At the end, the user is supposed to |
57 |
end up with a working system that remains 100% a Gentoo system (with |
58 |
minimal overlay interaction) most of the hard work being |
59 |
auto-configuration to _get going_... The user is then free to go and |
60 |
break it all by modifying the config files, the I will painstakingly |
61 |
keep as close to the proposed ones from the original ebuilds ;) |
62 |
|
63 |
Donnie Berkholz wrote: |
64 |
> On 22:07 Mon 16 Jun , Eric Thibodeau wrote: |
65 |
> |
66 |
>> _*LDAP:*_ |
67 |
>> I spent many hours (way over the 30 hours I had promised myself to |
68 |
>> pass/week on SoC) creating an LDAP-as-auth-backend auto-install script. |
69 |
>> It's not simple because Gentoo's philosophy is that ebuilds do as little as |
70 |
>> possible and the admin does the work. |
71 |
>> |
72 |
> |
73 |
> Hmmm ... you might want to read |
74 |
> http://www.gentoo.org/main/en/philosophy.xml again and consider how it |
75 |
> applies to this project. |
76 |
> |
77 |
> Thanks, |
78 |
> Donnie |
79 |
> |