On Fri, Sep 17, 2010 at 3:52 PM, Paul Heinlein <heinlein at madboa.com> wrote: [snip] > I've keyed configuration repositories to HOSTNAME before (and still do > for very small installations), but over the long haul I've found > the service-keyed repository more to my liking. In particular, > cfengine makes it easy to work that way: > > /etc/motd -> /r/systems/motd/motd.HOSTNAME > /etc/openldap/slapd.conf -> /r/services/openldap/slapd.conf.HOSTNAME > One benefit of this method is that you can have a single file that > works for a whole class of machines, e.g., > > /etc/syslog.conf -> /r/services/syslog/syslog.conf.client-linux > > where "client" becomes "server" for syslog servers and "linux" > becomes "macosx" or "sunos" depending on the platform. > > As I said, however, a lot of that arrangement is a function of the way > that cfengine works. I'd probably do it differently if I were using a > different tool. There is a benefit of a service centered view and may adopt it at some point. I have used cfengine, and more recently, puppet and they do lend themselves to that approach. I am still looking to be able to provision a system with minimal interaction *and* layer on an identity. However it's done though, I completely agree with your original point that it needs be managed whether on 5 systems or 500.