[Freedombox-discuss] don't sidestep /etc as configuration storage

Mon Nov 4 14:13:47 UTC 2013

On Mon, 2013-11-04 at 10:27 +0100, Jonas Smedegaard wrote:
> Quoting Simo (2013-11-04 03:46:56)
> > On Sun, 2013-11-03 at 18:54 +0100, Jonas Smedegaard wrote:
> > > Quoting Simo (2013-11-03 18:02:56)
> > > > On Sun, 2013-11-03 at 13:38 +0100, Jonas Smedegaard wrote:
> > > > > Quoting Petter Reinholdtsen (2013-11-03 09:49:24)
> > > > > > In addition, we get a central and structured place to store 
> > > > > > configuration for at least some of the services, but that is 
> > > > > > of less importance to me.
> > > > > 
> > > > > It is of *big* importance to me that we do *not* move storage 
> > > > > from /etc to a database: It may seem tempting to use that 
> > > > > approach when needing a setup different from what the 
> > > > > corresponding package maintainer offers, but since we have *no* 
> > > > > administrator on our systems, our setup *must* be supported by 
> > > > > package maintainers.
> > > > 
> > > > I am not sure what this means, package maintainers normally call 
> > > > adduser/addgroup or similar, how is that a problem ?
> > > 
> > > LDAP is a registry.  Slapd supports using its own database to 
> > > configure itself, and some other applications also support storing 
> > > configuration in LDAP as alternative to files below /etc.
> > > 
> > > Debian packages generally store site-wide configuration as files 
> > > below /etc.  That means the maintainers of packages ensure that 
> > > configurations work and can be smoothly upgraded across releases of 
> > > those packages.
> > > 
> > > It is technically possible to avoid coordinating needs for 
> > > customization of configuration with package maintainers, by using 
> > > another registry than files below /etc - e.g. by use of the LDAP 
> > > registry.
> > > 
> > > That's bad! Debian packages is all about maintenance.  Sidestepping 
> > > that is sidestepping the reliability of Debian.
> > 
> > To be honest I do not have that great faith about maintenance of 
> > Debian packages, especially across releases. In my limited use I've 
> > had way too many breakages of service due to Debian's "helpful" policy 
> > of meddling in package configuration. The last horror story was an 
> > upgrade of a system with dovecot, I was so upset I nuked Debian and 
> > went back to CentOS.
> 
> So you suggest to start a project similar to FreedomBox, based on 
> Centos?

No.

>   Or what is your point?

> My point is that when(!) we choose to rely on Debian, we should do so 
> also for configuration handling.

My point is that you need your own configuration handling if you hope to
have anything that a non-expert can use. The DEbian configuration
management is little more than continuously prompting an expert admin on
what to do when there are configuration file changes, that's not
configuration management at all, that's just deferring to an expert
admin. And I hope the target audience is a little bit broader than that.

That means having a overall package that drags in the right dependencies
and simplifies configuration decisions by abstracting away the details
of low level service configuration into an interface manageable by
common users, where the hard choices are predetermined.

Simo.