Hi,
Im currently building a cobbler and puppet setup. One thing I do is disabling unwanted services with puppet, but then I thought: Should I remove them with cobbler, rather than disabling them after they are intalled?
For example, my base class in puppet informs the client to disable smartd, cpuspeed, microcode_ctl, and readahead_early if its a virtual machine.
Why not remove then? If I do need some of these packages on a later stage, I could just install. Of course, if the machine is converted to a physical hardware, I would have to remeber to install these packages again.
I think that the best solution to my question is to create a puppet class which disables service A if its virtual, and enables it if its not. But, maybe someone else have some other insight?
-
I think disabling things is a far better solution as a general rule. You start yanking stuff out and they might be dependencies of other packages, or other things might expect it to be there etc. All they will do after you disable them is take up a small amount of space and maybe add a little time to the updates. I think the idea is if you can you want to keep your system close to the system that distribution maintainers will be testing with.
Also, you say that 'I would have to remember to install...'. I think you might want to change your mindset, maybe a future sysadmin will manage these, spend hours trying to troubleshoot some strange problem only to find out is because some package that is normally there is not.
You're stuff is quite specific though, so if it documented removing it would be okay I guess. And if you are doing hundreds of deploys of these VMs then maybe that is a scale where this level of tweaking makes sense. In the end though, I like your puppet idea best.
Kyle Brandt : I think Warner's answer is valid, it kind of depends. If you really know what you are doing and have a big team etc it can make sense to customize things. And of course remove crap like solitaire :-) I think I am against pulling out all sorts of system stuff. Also, as an aside, in Windows removing stuff can be a bad idea, things can be related that might not make sense at first glance (although can't think of an example to back this). In general, I trust the intelligence of the system's designers and recommend not touching things unless you are really sure.From Kyle Brandt -
I disagree wholeheartedly with Kyle.
If it is not necessary, it should be removed. It's a best practice to not install unnecessary software.
The person undertaking the task, such as yourself, should be confident in the implications of the decisions they are making. Removing standard system utilities and libraries is generally frowned upon but that will partially depend on your environment and server role.
If there are package dependencies, they will be identified in modern systems.
If later, code you are compiling requires a library you removed, you install it then -- as it is then required.
I'm not going to leave GTK installed on a server just because some future system administrator might be an idiot.
Kyle Brandt : I'd make an exception for GTK as it is standard not install the whole X windowing system on servers...Warner : Generic example. Some people might want to X-forward apps that depend on GTK libraries. ;)warren : I agree - I always remove what I do not need: with RHEL, CentOS, & Ubuntu (the three Linux distributions I use most), yum or apt-get will handle my dependencies issues if I end up needing something later. Sometimes, though, what I don't "need" is a pre-req for something I do, so I merely disable the service, I don't remove it.tore- : Warner, I never said anything about installing unnecessary software, and how is should address that (disable them, or remove them if i find them), but I see your point :) Of the information I've managed to gather from here and other sources, I think I fall for Kyles response. I'm not trying to save space (although that would be nice but not important), but rather find out how I can optimize a cleaned installed system (no-GUI), without removing packages from the default installation. Yes, I don't need the avahi package installed, but I rather disable it and remove it.David Schmitt : Also, thanks to puppet your decision to remove stuff is well documented and easily revertible.From Warner
0 comments:
Post a Comment