| 1 |
Well, as you point it out: |
| 2 |
"If the tool forces the user to do things a particular way, then |
| 3 |
the tool is working against, rather than for, the user." |
| 4 |
|
| 5 |
My experience with infrastructures and especially configuration |
| 6 |
management tools is that you can't have both automatic-easy-no-hands-on |
| 7 |
configuration and manual configuration of the same application |
| 8 |
simultaneously. If one attempts to make a "perfect" configuration tool, |
| 9 |
he will quickly realize the human being is unpredictable and sometimes, |
| 10 |
god forbid, stupid. Compensating for the human factor is a never ending |
| 11 |
quest which eventually force the choice between total control over the |
| 12 |
configuration by the tools or total configuration by the user/admin. If |
| 13 |
you don't believe me, look at a popular OS called Windows, made by |
| 14 |
Microsoft. Their attempt at providing a unified "interface" to all |
| 15 |
configuration and management aspects of the machines inadvertently fails |
| 16 |
as one almost always has to go into the "registry" to fix something a |
| 17 |
user (also called viruse) did or didn't do. |
| 18 |
|
| 19 |
Furthermore, totally interfaced control over a complex backend is |
| 20 |
also failure-proned. One of my IT colleagues experienced weird name |
| 21 |
resolution problems that were eventually resolved by deleting entries in |
| 22 |
an AD using OpenLDAP tools accessing the said AD through a translation |
| 23 |
backend (the interface to the AD failed to report the keys...even the |
| 24 |
search engine for the advanced management) |
| 25 |
|
| 26 |
Obviously, this view is a can-O-worms and I really don't want to |
| 27 |
start this philosophical debate. My point is actually that I want the |
| 28 |
project to adhere to the Gentoo philosophy as closely as possible and I |
| 29 |
can hardly see how this can be the case when I _impose _ some |
| 30 |
configuration decisions (ie: I'm not asking the user what ACL to put |
| 31 |
into slapd and how to construct system-auth). |
| 32 |
|
| 33 |
This said, my approach at modifying the configuration files is using |
| 34 |
a "general" .conf file (ie: we could call it either a domain-def.conf or |
| 35 |
local-machine-def.conf file) which (would/should) sources as much |
| 36 |
information form the gentoo-specific /etc/conf.d file and patch in where |
| 37 |
specifics aren't defined. If this can be accepted by the powers that my |
| 38 |
be in Gentoo as an approach to "guiding" the initial setup of a machine |
| 39 |
(as performed by src_install (or should it be pkg_setup) ) then fine! |
| 40 |
|
| 41 |
But, like I said when choosing to make the script, some of the steps |
| 42 |
need to be accomplished in an authoritative manner and in a specific |
| 43 |
sequence, which cannot be guaranteed by portage. |
| 44 |
|
| 45 |
Now, following what Donnie pointed me to on the Seed Linux mailing list |
| 46 |
(http://groups.google.com/group/seed-linux-dev/browse_frm/thread/d5ab069f47de4b76? |
| 47 |
) and more specifically this post about global configuration management: |
| 48 |
http://groups.google.com/group/seed-linux-dev/browse_thread/thread/73cb8a4fef940903 |
| 49 |
, I believe we have something interesting that may result from merging |
| 50 |
my script into proper Seed Linux Ebuilds and getting some consensus on |
| 51 |
the configuration definition. |
| 52 |
|
| 53 |
Eric |
| 54 |
|
| 55 |
PS: To answer the original e-mails question: yeah, I think the |
| 56 |
philosophy applies to the project. At the end, the user is supposed to |
| 57 |
end up with a working system that remains 100% a Gentoo system (with |
| 58 |
minimal overlay interaction) most of the hard work being |
| 59 |
auto-configuration to _get going_... The user is then free to go and |
| 60 |
break it all by modifying the config files, the I will painstakingly |
| 61 |
keep as close to the proposed ones from the original ebuilds ;) |
| 62 |
|
| 63 |
Donnie Berkholz wrote: |
| 64 |
> On 22:07 Mon 16 Jun , Eric Thibodeau wrote: |
| 65 |
> |
| 66 |
>> _*LDAP:*_ |
| 67 |
>> I spent many hours (way over the 30 hours I had promised myself to |
| 68 |
>> pass/week on SoC) creating an LDAP-as-auth-backend auto-install script. |
| 69 |
>> It's not simple because Gentoo's philosophy is that ebuilds do as little as |
| 70 |
>> possible and the admin does the work. |
| 71 |
>> |
| 72 |
> |
| 73 |
> Hmmm ... you might want to read |
| 74 |
> http://www.gentoo.org/main/en/philosophy.xml again and consider how it |
| 75 |
> applies to this project. |
| 76 |
> |
| 77 |
> Thanks, |
| 78 |
> Donnie |
| 79 |
> |
Archives