[Freedombox-discuss] Chef and Puppet experts?

Wed Sep 14 18:07:49 UTC 2011

On Wed, Sep 14, 2011 at 1:48 AM, Philip Hands - phil at hands.com wrote:
> On Tue, 13 Sep 2011 13:13:50 -0700, FreedomBox-Discuss.NeoPhyte_Rep at OrdinaryAmerican.net wrote:
>>
>> Could you provide more information about how you used Puppet to
>> configure your SheevaPlug?
>
> Since nobody else has mentioned it yet:  cfengine3
>
> (it has fewer dependencies than Puppet, and I'd guess Chef, and a much
> smaller memory footprint)

OK, does anyone here have an interest in starting a discussion of
cfengine3 for the purposes of managing SheevaPlugs as FreedomBoxes?

I think what is said below may be a more important topic, however.

> Having said that, I'm with Jonas and his assertion that effort would
> generally be more efficiently spent if devoted to making
> preseeding/debconf scripting more flexible for any package where you're
> being tempted to use any of these for editing config files.

In general, I favor a minimal number of tools for any given purpose.
So, if preseeding/debconf works in that direction, let's work on
making it happen more often.  Can you point us to a discussion of how
preseeding is done?

> Of course, there's nothing wrong with an individual sysadmin automating
> actions that they would otherwise be forced to perform by hand, but if
> we're making decisions about default behaviour for all FBs, then that
> should be implemented by the relevant packages themselves.

Agreed.  It would seem reasonable that the package maintainers would
be the most knowledgeable about how to configure their package.

> Using any of Puppet/Chef/cfengine to achieve the same effect is
> effectively just an attempt to side-step the edict against one package
> modifying the conffiles of another (which would be another way of doing
> this) -- while that edict is sometimes inconvenient, it's there for good
> reason so one should be very cautious before ignoring it.

I'm sorry, but I'm new around here. ("here" being the Debian project.)
 Can you point us to that edict?  I'm eager to learn the Debian way,
but it's quite difficult to find where to start studying what some
folks seem to believe is common knowledge.

I can understand it might have something to do with security and how
best to implement reliable code.  Am I on the right track?

> Cheers, Phil.