[Freedombox-discuss] Chef and Puppet experts?

[FreedomBox-Discuss.NeoPhyte_Rep at OrdinaryAmerican.net (FreedomBox-Discuss.NeoPhyte_Rep@OrdinaryAmerican.net)]

On Thu, Sep 15, 2011 at 9:59 AM, Jos? Manuel Canelas - jcanelas at gmail.com wrote:
>
> Would the CM tool apply and enforce the configuration
> that the user declares in some way (web interface, whatever)?

Again, I am not a current user, but my understanding of Puppet is that
it was created to implement the knowledge of a community of system
administrators as selected from a repository of manifests by the
administrator of the current system.  That is the local administrator
may decide to implement a rule that the password should be eight
characters long and contain two numbers and a punctuation mark.  S/he
discovers a module that is added to the password changing program to
implement this.  S/he grabs a Puppet manifest or creates one that
checks that the module is applied to the password utility and any
configuration files are as s/he left them.  Puppet's daemon runs
periodically and confirms that remains the case; if not Puppet runs
whatever is necessary to put that policy back into the system, as the
administrator instructed Puppet to do.

> That would
> make possible to defer the configuration of my box or some services to a
> trusted party, like my grandmother administrating the photo service of
> the whole family.

If what your grandmother does to the photo service is sufficiently
consistent, it could be written into a Puppet manifest and run
periodically.  Gradually, as grandma agrees to the results, she would
have less and less she was required to do.  She could then relax and
just enjoy the photos.

That's the objective of Puppet and the other tools, reduce the
administration effort to zero over time.  It takes time invested in
building the tool's instructions in order to eliminate the manual
configuration, but once done for one machine it is done for any number
of machines with only the installation of Puppet and the existing
manifests.

> It could help to share the configurations and the load
> of the administration. But this seems to me very far off, no sense
> discussing this at this point. It may not even be necessary as there may
> not even be an significant administration load to share, given good
> defaults and simple interfaces on the FBX.

My purpose in this discussion is to begin working toward the
self-configuring machine most people here seem to think is possible.
I may be biased against how easy this goal is to achieve because I
retired early from doing a great number of things that I would not yet
know how to automate.  I was working toward that before I retired, but
the idiots still seemed to have the upper hand when I left.  And
besides that the FreedomBox project seems to me to ultimately take on
the professional crackers in a effort to protect innocents.

Now that's a challenge, idiots and professionals!

>
> cheers,
> z?