[Freedombox-discuss] Chef and Puppet experts?

[FreedomBox-Discuss.NeoPhyte_Rep at OrdinaryAmerican.net]

On Fri, Sep 9, 2011 at 6:55 PM,  nick.m.daly at gmail.com wrote:
>
> On Fri, Sep 9, 2011 at 1:05 PM,
> <FreedomBox-Discuss.NeoPhyte_Rep at ordinaryamerican.net> wrote:
>>
>> On Fri, Sep 9, 2011 at 1:32 AM, Jonas Smedegaard - dr at jones.dk wrote:
>>>
>>> Chef and Puppet are tools to help do system administration, and the
>>> intent of this project is not only to set the server up, but keep it
>>> running *without* system administration.
>>
>> I will definitely defer to the Chef and Puppet users on this, but it
>> is my lightly informed understanding (one presentation from one user
>> who teaches the use of Puppet for the League Of Professional System
>> Administrators (LOPSA) < lopsa.org >) that Puppet, at least, is
>> designed to keep the system in conformance to a described
>> configuration and take action if conformance is violated.
>
> Puppet/Chef could do that well, but I'm wary.  It seems to operate at
> too low a level and exerts too strong (too perfect) a control over the
> system (particularly, the system configs).  IIUC, FreedomBoxes would
> need to be slaves to the source Puppetmaster to be kept in sync.  This
> leads me to three concerns:
>
> 1. It enforces centralization in a project designed to decentralize.
>
> 2. What happens when the Puppetmaster is taken over?  Will 300,000,000
>   FreedomBoxes install spyware and send their BitCoin wallets to
>   Russia?
>
> 3. Will it prevent users from *customizing their own systems* because
>   they're kept in sync with the Puppetmaster?
>
> Of course, 2 won't happen if the puppets aren't pulling updates from the
> server, but if that's the case, why are you running puppets?  Also,
> rewriting the packaging scripts for Puppet or Chef seems like a mighty
> task.
>
> I could certainly be wrong in my understanding, but I'd appreciate if
> someone with P or C experience could clarify.  Neo, would you be willing
> to take this up with the P or C mailing lists?  Maybe ask them to post
> clarifications here?
>
> Nick

Given your understanding of Puppet and Chef, I think you raise
legitimate concerns.

I was looking to discover what Chef and Puppet expert we had here on
the FreedomBox project and whether there was sufficient support for
inviting some experts from their mailing lists to join the
conversation.

I don't yet have a good feeling of the consensus of the FreedomBox
project on this idea.