Re: EXIM, LDAP and some pop3 stuff?

To: Florian Bantner <f.bantner@axon-e.de>
Cc: debian-isp@lists.debian.org
Subject: Re: EXIM, LDAP and some pop3 stuff?
From: Donovan Baarda <abo@minkirri.apana.org.au>
Date: Sun, 13 Jan 2002 20:32:41 +1100
Message-id: <[🔎] 20020113093240.GB3855@minkirri.apana.org.au>
In-reply-to: <[🔎] 20020112152318.C15999@axon-e.de>
References: <[🔎] 20020112004747.C18474@axon-e.de> <1010804831.647.4.camel@reverie> <[🔎] 20020112141815.A15999@axon-e.de> <[🔎] 3C403A7A.B96003AC@elbnet.com> <[🔎] 20020112152318.C15999@axon-e.de>

On Sat, Jan 12, 2002 at 03:23:18PM +0100, Florian Bantner wrote:
> On Sam, 12 Jan 2002, Peter Billson wrote:
> 
> > > But I think this is an inherent UNIX / LDAP problem. LDAP seems
> > > a very powerful tool doing for UNIX everything the 'Regestry' has
> > > done for windows - and more. Whats missing here is some standardized
> > > way of how to do it.
> > 
> >   Now there is something to strive for. One monolithic, incomprehensible
> > mess that will cause your entire system to stop functioning if one byte
> > is out of order.
> >   If using a Windows-like registry is "fixing" it, I'll keep the *nix's
> > "broken" method, thank you. 

Unix might crap all over windoze for servers and server admin, but rather
than just dis the oposition, it pays to focus on your own weaknesses and
address them regardless.

I thoroughly agree that the biggest problem at the moment with unix is a
lack of consistancy. This affects everything right through from all the
standard unix components, through servers, to desktop. 

I also believe that a "registry" is a good way to make configuration
consistant, and does not deserve the bad name MS has given it. In typical
Unix/Free/Open fashion, many have consiously or subconsiously recognised
this and have created many implementations in various ways.

The biggest problem is designing and introducing something without breaking
all that has gone before... qmail.

The following is a random list of some stuff that might be relevant.
<disclaimer> I have not used all of these and have only briefly looked at
some </disclaimer>.

LDAP - a directory service that is the ideal place to store config info for
networked access. 

debconf - on a deb-isp list everyone should know this one. Claims to be
designed for various backends, so in theory could use LDAP backend. However,
is probably not ready for multiple machines, which really needs things like
host catagories/classes with deltas/inheritance for specific machines.

gconf - The GNOME answer to the registry. Is primarily designed for desktop
apps to store global and user prefs, but in theory could be used for other
things. Probably has a nasty CORBA based interface, but should be well
designed for network operation. 

cfengine - not really a registry service, but was designed for rapid
configuration of multiple machines. I believe it's perl and works by using
a centralised definition file for constants that are expanded in templates
for standard config files. I think it allows for classes of hosts and only
requires deltas for specific machines. Apparently it is difficult to set up,
but once you have it makes configuring machines a breeze.

webmin - also not a registry service, but provides a consistant modular
web interface to manipulate standard config files. It does seem to have some
multi-host support, but I'm not sure if it allows things like host classes
and deltas.

cvs/prcs - not a registry, but still a neat way to control configs for
multiple machines. The whole /etc directory can be made a project, with
different machines treated as different branches. In particular, prcs's easy
branch/merge management makes it easy-ish treating different host classes as
branches, merging common changes for different classes and hosts. Gives the
added bonus of complete revision control.

I think something like gconf with an LDAP backend, probaby using cfengine to
generate the standard config files, would be ideal. Store the cfengine host
class/delta info in LDAP, throw in revision control of the LDAP contents,
add a web interface, and you'd have something really nice :-) 

Note that backwards compatability with existing config files has lead to the
/etc directory changing roles. Once upon a time this dir contained files
that admins edited directly. Increasingly, editing these files directly is
becoming "not the right way to do it", with tools like adduser and
update-<somethingoranother>, becoming the new admin interface. I don't know
if these are helping much becase these tools themselves are not that
consistant. The /etc directory is becoming like an add-hock config database
with a mish-mash of storage formats and multiple inconsistant access API's.

-- 
----------------------------------------------------------------------
ABO: finger abo@minkirri.apana.org.au for more info, including pgp key
----------------------------------------------------------------------

Reply to:

Follow-Ups:
- Re: EXIM, LDAP and some pop3 stuff?
  - From: Emile van Bergen <e-advies@evbergen.xs4all.nl>

References:
- EXIM, LDAP and some pop3 stuff?
  - From: Florian Bantner <f.bantner@axon-e.de>
- Re: EXIM, LDAP and some pop3 stuff?
  - From: Florian Bantner <f.bantner@axon-e.de>
- Re: EXIM, LDAP and some pop3 stuff?
  - From: Peter Billson <pete@elbnet.com>
- Re: EXIM, LDAP and some pop3 stuff?
  - From: Florian Bantner <f.bantner@axon-e.de>

Prev by Date: Re: xinetd /etc/host.deny ALL:PARANOID
Next by Date: Re: EXIM, LDAP and some pop3 stuff?
Previous by thread: Re: EXIM, LDAP and some pop3 stuff?
Next by thread: Re: EXIM, LDAP and some pop3 stuff?
Index(es):
- Date
- Thread