[Freedombox-discuss] Chef and Puppet experts?
Silvio
silvio at fluxo.info
Tue Sep 13 13:43:32 UTC 2011
Em Fri, Sep 09, 2011 at 08:31:08PM -0700, FreedomBox-Discuss.NeoPhyte_Rep at OrdinaryAmerican.net escreveu:
> On Fri, Sep 9, 2011 at 6:55 PM, nick.m.daly at gmail.com wrote:
> >
> > On Fri, Sep 9, 2011 at 1:05 PM,
> > <FreedomBox-Discuss.NeoPhyte_Rep at ordinaryamerican.net> wrote:
> >>
> >> On Fri, Sep 9, 2011 at 1:32 AM, Jonas Smedegaard - dr at jones.dk wrote:
> >>>
> >>> Chef and Puppet are tools to help do system administration, and the
> >>> intent of this project is not only to set the server up, but keep it
> >>> running *without* system administration.
> >>
> >> I will definitely defer to the Chef and Puppet users on this, but it
> >> is my lightly informed understanding (one presentation from one user
> >> who teaches the use of Puppet for the League Of Professional System
> >> Administrators (LOPSA) < lopsa.org >) that Puppet, at least, is
> >> designed to keep the system in conformance to a described
> >> configuration and take action if conformance is violated.
> >
> > Puppet/Chef could do that well, but I'm wary. It seems to operate at
> > too low a level and exerts too strong (too perfect) a control over the
> > system (particularly, the system configs). IIUC, FreedomBoxes would
> > need to be slaves to the source Puppetmaster to be kept in sync. This
> > leads me to three concerns:
> >
> > 1. It enforces centralization in a project designed to decentralize.
> >
> > 2. What happens when the Puppetmaster is taken over? Will 300,000,000
> > FreedomBoxes install spyware and send their BitCoin wallets to
> > Russia?
> >
> > 3. Will it prevent users from *customizing their own systems* because
> > they're kept in sync with the Puppetmaster?
> >
> > Of course, 2 won't happen if the puppets aren't pulling updates from the
> > server, but if that's the case, why are you running puppets? Also,
> > rewriting the packaging scripts for Puppet or Chef seems like a mighty
> > task.
> >
> > I could certainly be wrong in my understanding, but I'd appreciate if
> > someone with P or C experience could clarify. Neo, would you be willing
> > to take this up with the P or C mailing lists? Maybe ask them to post
> > clarifications here?
> >
> > Nick
>
> Given your understanding of Puppet and Chef, I think you raise
> legitimate concerns.
>
> I was looking to discover what Chef and Puppet expert we had here on
> the FreedomBox project and whether there was sufficient support for
> inviting some experts from their mailing lists to join the
> conversation.
I'm far from being an expert in Puppet, but I do have a SheevaPlug configured
by Puppet and it runs smoothly.
Puppet usually fills the gap between the configuration shipped in a package and
the one needed by the user/admin. The more a package config has a desired
configuration, the less puppet is needed for that purpose.
--
Silvio
More information about the Freedombox-discuss
mailing list