[Freedombox-discuss] Chef and Puppet experts?
Nick Daly
nick.m.daly at gmail.com
Sat Sep 10 01:55:36 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, Sep 9, 2011 at 1:05 PM,
<FreedomBox-Discuss.NeoPhyte_Rep at ordinaryamerican.net> wrote:
>
> On Fri, Sep 9, 2011 at 1:32 AM, Jonas Smedegaard - dr at jones.dk wrote:
>>
>> Chef and Puppet are tools to help do system administration, and the
>> intent of this project is not only to set the server up, but keep it
>> running *without* system administration.
>
> I will definitely defer to the Chef and Puppet users on this, but it
> is my lightly informed understanding (one presentation from one user
> who teaches the use of Puppet for the League Of Professional System
> Administrators (LOPSA) < lopsa.org >) that Puppet, at least, is
> designed to keep the system in conformance to a described
> configuration and take action if conformance is violated.
Puppet/Chef could do that well, but I'm wary. It seems to operate at
too low a level and exerts too strong (too perfect) a control over the
system (particularly, the system configs). IIUC, FreedomBoxes would
need to be slaves to the source Puppetmaster to be kept in sync. This
leads me to three concerns:
1. It enforces centralization in a project designed to decentralize.
2. What happens when the Puppetmaster is taken over? Will 300,000,000
FreedomBoxes install spyware and send their BitCoin wallets to
Russia?
3. Will it prevent users from *customizing their own systems* because
they're kept in sync with the Puppetmaster?
Of course, 2 won't happen if the puppets aren't pulling updates from the
server, but if that's the case, why are you running puppets? Also,
rewriting the packaging scripts for Puppet or Chef seems like a mighty
task.
On Fri, Sep 9, 2011 at 1:05 PM,
<FreedomBox-Discuss.NeoPhyte_Rep at ordinaryamerican.net> wrote:
>
> On Fri, Sep 9, 2011 at 1:32 AM, Jonas Smedegaard - dr at jones.dk wrote:
>>
>> Debconf preseeding... Tell the Debian packages at install time how
>> it should behave, and rely on the package to then maintain that
>> behaviour also across updates/upgrades of that package.
>
> Please support that last assertion, "... way more reliable and
> sustainable ...". I would like to understand your worldview better.
>
> I can readily understand that there are Debian Developers who take
> pride in their work and who might be motivated to work this issue. On
> the other hand, you've admitted, "... this needs more work ...".
I could certainly be wrong in my understanding, but I'd appreciate if
someone with P or C experience could clarify. Neo, would you be willing
to take this up with the P or C mailing lists? Maybe ask them to post
clarifications here?
Nick
- --
GPG: 0x4C682009 | 084E D805 31D8 5391 1D27 0DE1 9780 FD4D 4C68 2009
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk5qw5kACgkQl4D9TUxoIAkNxQCg1iQyz3hDlUJWGYZ2wCg6kXLz
YocAnAihQyiHY1kp9FOu3M5M6OHw4QMo
=WCjZ
-----END PGP SIGNATURE-----
More information about the Freedombox-discuss
mailing list