[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bootstrapping
From: |
Luke A. Kanies |
Subject: |
Re: Bootstrapping |
Date: |
Wed, 18 Feb 2004 17:04:47 -0600 (CST) |
On Wed, 18 Feb 2004, John Sechrest wrote:
>
>
> "Luke A. Kanies" <luke@madstop.com> writes:
>
>
> % That's basically what I'm doing right now. I keep the hosts in LDAP, and
> % I generate an import file every time cfagent runs (yes, it's generated
> % idempotently).
>
> How do you generate it? An external script?
Yep. It's just a pretty simple ldapsearch, wrapped in a cfengine
statement. Written in ruby. :)
> % This is functional, and I didn't mean to imply that there aren't methods
> % of solving these problems. The problem with my setup is that there is a
> % manual step (add the host to ldap), and then two automatic steps that can
> % take up to 15 minutes each. This delay isn't a technical problem, it's a
> % human problem; people begin thinking of the LDAP repository as the place
> % from where cfservd is getting its access list, so they expect immediate
> % results.
>
> Ahhh. Click. If it is in LDAP , then it should be immediate...
Yup. And they just look in LDAP again, saying, "but it's in LDAP..."
> % Now that Marc has accepted a patch to support returning lists from
> % ExecResult, I will be able to have cfservd get the list directly from LDAP
> % (rather than having to import it), but I'll still have to HUP cfservd to
> % force it to reload the list.
>
> Ok. I see. What would it take for cfservd to use a dynamic structure?
Well, in the case of retrieving data from LDAP or a database, I think
cfservd (and, I guess by extension, cfagent) should just query directly:
control:
AllowConnectionsFrom = (
LdapExists(objectclass=iphost&iphostnumber=$ip)
)
That doesn't work for a bunch of reasons (cfagent has no mechanism for
specifying where to fill in a variable, for instance), but that's the
basic requirement.
> % Basically, this is a classic case of a leaky abstraction. I've built my
> % environment so that it behaves as though cfservd is directly getting
> % information from LDAP, but the truth is leaking through in the delays and
> % HUPping, and that leakiness confuses my users. Really, really confuses
> % them. That, and it's often inconvenient.
>
> In what cicumstances do your users notice things about system
> configurations?
>
> All the vital things like passwords are in ldap... Right?
>
> So what do they notice being slow?
I've got a script called 'newhost' that adds the host information to LDAP.
The user runs that script, ssh's to the appropriate machine, runs 'sudo
cfagent -vq', and the update fails. The configuration is totally correct,
but they need to wait at least 15 minutes for it to propagate. Leaky
abstractions.
Luke
--
2. If 2 + 2 is 4 and 2 x 2 is also 4, what's the big deal
about multiplication anyway?
-- from the Dogbert's New Ruling Class quiz
- Re: Bootstrapping, (continued)
Re: Bootstrapping, Eric Sorenson, 2004/02/18
- Re: Bootstrapping, Luke A. Kanies, 2004/02/18
- Re: Bootstrapping, John Sechrest, 2004/02/18
- Re: Bootstrapping, Luke A. Kanies, 2004/02/18
- Re: Bootstrapping, John Sechrest, 2004/02/18
- Re: Bootstrapping, Mark . Burgess, 2004/02/18
- Re: Bootstrapping, John Sechrest, 2004/02/18
- Re: Bootstrapping, Luke A. Kanies, 2004/02/18
- Re: Bootstrapping,
Luke A. Kanies <=
- Re: Bootstrapping, John Sechrest, 2004/02/18
- Re: Bootstrapping, Luke A. Kanies, 2004/02/18
Re: Bootstrapping, Mark . Burgess, 2004/02/19
Re: Bootstrapping, Luke A. Kanies, 2004/02/19
Re: Bootstrapping, John Sechrest, 2004/02/19
Re: Bootstrapping, Eric Sorenson, 2004/02/18
Re: Bootstrapping, Nate Campi, 2004/02/18
Re: Bootstrapping, John Sechrest, 2004/02/18
Re: Bootstrapping, Tim Nelson, 2004/02/18
Re: Bootstrapping, Nate Campi, 2004/02/18