Re: Central configuration storage
On 06/10/10 19:22, Nick Douma wrote:
-----BEGIN PGP SIGNED MESSAGE-----
You appear to be about to reinvent Active Directory. There's quite a bit
of material around the Net concerning that. Look particularly at Group
Policy within domains.
I indeed did check briefly, but came to the conclusion that LDAP was
mostly suited for authentication, because it's not really possible (or
supported by the various applications) to store the complete
configuration in LDAP, as I initially did expect. The tips on Puppet and
Cfengine seem to match more what I want to do. That is defining in LDAP
that "there is an Apache vhost with these general parameters" and
letting Puppet/Cfengine handle the actual creation of the config file.
If I'm wrong, please correct, as I started this discussion to learn :P.
Sorry, I didn't mean to suggest any implementation details, just that MS
have been doing this for many years now, and there may be aspects of
Group Policies that would interest you. While LDAP may not be the way to
store detailed configurations, it lends itself well to the creation of a
hierarchy of policies.
Also, if you do implement this for Windows machines, by way of remote
registry writing, you may need to avoid stepping on the toes of the
local policies. If you are working with domain machines, you will almost
certainly need to alter the domain policies themselves rather than try
to fight the domain controllers for mastery of the computers.
It took MS a while to get this to an acceptable stage, and there are
still a few oddities, but there's no reason not to pick up any tips you
can from them. And before anyone jumps in, I have learned considerable
respect for Microsoft's programmers, and considerable sympathy for the
way they are treated by the marketing men.