On Thu, Oct 2, 2008 at 5:02 PM, dd-b <[EMAIL PROTECTED]> wrote: > That article is quite a good description of one position, definitely. > I believe in all the problems he describes happening; I've seen them > or things closely related, in various contexts. > > Storing a whole file and pulling it down is the obvious alternative, > and I've done that, but I have misgivings about that approach, too. > When I'm doing too much of that, I feel kind of the same way he seems > to when he sees file editing going on in config scripts. > > If (to go back to my original example) I keep my own copy of > sendmail.cm, and copy it onto each managed server, I'm creating a > Frankenstein -- all but one config file and all the executables from > the package, this one config file from my archive. And with the > package being kept current by "yum update" on a regular basis, I don't > know whether my file is going to work with the rest of the package or > not. If I'm editing the file instead of replacing it, there's still a > possibility that it breaks, and there are more interesting ways for it > to break (as mentioned in the cited article), but *most* of the time > even if the file changes somewhat in the package, my edit will apply > (this edit replaces one line) and the file will work. By making a > private copy, I've locked down a bunch of stuff that the package > maintainer *thinks* they are maintaining; not just the part I'm > actually altering. > > I don't have the time in my budget to really carefully consider and > try out each possible package change before allowing it onto my > servers. That's why we use an enterprise linux distribution, is to > have automatic updates that cover security holes and still work with > each other. (Small site -- currently an entire *6* physical linux > servers on the premises.) And most of my time is budgeted as a > developer. > > (The "editfiles" is a cfengine thing, right, not a puppet thing?) >
Another reason that people use Enterprise Linux distributions is because they don't do silly things like overwrite config files that you've already edited every time you update the package. No one would stand for that. Also, they don't change the packages around so you suddenly have a totally new package version with a completely new config file scheme. At some point you have to have config files that tells the system how to act, and you have to change them. Any file that you didn't create completely by yourself at some point came out of the package system somewhere. You would just have to edit them and the package system would have to know how to handle it. Based on all the evidence and discussions about it, I think you should forget about editing files and instead keep copies as recommended. There are so many people doing it successfully, the market has spoken. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
