On Fri, Sep 17, 2010 at 3:52 PM, Paul Heinlein heinlein@madboa.com wrote: [snip]
I've keyed configuration repositories to HOSTNAME before (and still do for very small installations), but over the long haul I've found the service-keyed repository more to my liking. In particular, cfengine makes it easy to work that way:
/etc/motd -> /r/systems/motd/motd.HOSTNAME /etc/openldap/slapd.conf -> /r/services/openldap/slapd.conf.HOSTNAME
One benefit of this method is that you can have a single file that works for a whole class of machines, e.g.,
/etc/syslog.conf -> /r/services/syslog/syslog.conf.client-linux
where "client" becomes "server" for syslog servers and "linux" becomes "macosx" or "sunos" depending on the platform.
As I said, however, a lot of that arrangement is a function of the way that cfengine works. I'd probably do it differently if I were using a different tool.
There is a benefit of a service centered view and may adopt it at some point. I have used cfengine, and more recently, puppet and they do lend themselves to that approach. I am still looking to be able to provision a system with minimal interaction *and* layer on an identity. However it's done though, I completely agree with your original point that it needs be managed whether on 5 systems or 500.