Khosrow Ebrahimpour wrote:
On December 14, 2012 07:06:13 PM Michael Ströder wrote:
That's what SVN/puppet is for in my current project which generates static configuration files for all the nodes based on templates. We can specify as many MMR replica instances as needed and use the same Puppet manifests for MMR setups in different stages.
And that works *much* better than tracking changes to back-config because it is easier to automate configuration without an "internal" state change in a DB.
But managing back-config using any config management tool remains an issue. I don't think I can just push the entire slapd.d directory using chef or puppet.
Of course not. slapd.d is a slapd-internal private database. if you're doing any manipulation of its contents "You're Doing It Wrong."
Use slapcat -n0 / slapadd -n0. As Documented.
That's why I thought of tracking the changes.
Having said all that I do agree with you that using a static configuration is better suited for this kind of thing.
IIRC the static configuration will be dropped not before 2.5.x is out.
That's good to know, though we are entirely on back-config now.
I found something interesting as well. Openldap seems to ignore dotfiles in slapd.d directory. This can help avoid having to check for config changes using a script and I can simply commit the entire slapd.d to my VCS.
No. *Never* do anything with the files in slapd.d. Use the slapd management tools.