Do you remove unwanted packages (*NIX), or do you disable them?

puppet optimization virtualization packages cobbler

Im currently building a cobbler and puppet setup. One thing I do is disabling unwanted services with puppet, but then I thought: Should I remove them with cobbler, rather than disabling them after they are intalled?

For example, my base class in puppet informs the client to disable smartd, cpuspeed, microcode_ctl, and readahead_early if its a virtual machine.

Why not remove then? If I do need some of these packages on a later stage, I could just install. Of course, if the machine is converted to a physical hardware, I would have to remeber to install these packages again.

I think that the best solution to my question is to create a puppet class which disables service A if its virtual, and enables it if its not. But, maybe someone else have some other insight?


Solution 1:

I think disabling things is a far better solution as a general rule. You start yanking stuff out and they might be dependencies of other packages, or other things might expect it to be there etc. All they will do after you disable them is take up a small amount of space and maybe add a little time to the updates. I think the idea is if you can you want to keep your system close to the system that distribution maintainers will be testing with.

Also, you say that 'I would have to remember to install...'. I think you might want to change your mindset, maybe a future sysadmin will manage these, spend hours trying to troubleshoot some strange problem only to find out is because some package that is normally there is not.

You're stuff is quite specific though, so if it documented removing it would be okay I guess. And if you are doing hundreds of deploys of these VMs then maybe that is a scale where this level of tweaking makes sense. In the end though, I like your puppet idea best.

Solution 2:

I disagree wholeheartedly with Kyle.

If it is not necessary, it should be removed. It's a best practice to not install unnecessary software.

The person undertaking the task, such as yourself, should be confident in the implications of the decisions they are making. Removing standard system utilities and libraries is generally frowned upon but that will partially depend on your environment and server role.

If there are package dependencies, they will be identified in modern systems.

If later, code you are compiling requires a library you removed, you install it then -- as it is then required.

I'm not going to leave GTK installed on a server just because some future system administrator might be an idiot.

Related

iptables, blocking large numbers of IP Addresses
Small TTL values
SQL Server Agent Job - Schedule daily except 1 day per month
How do I renew a Web Server certificate in Windows Server 2008?
CPU's on Hyper-V host system is just idling, even though VM's are at full throttle
easiest way to automate all software installations for new users/computers?
Dedicate a NIC to a Virtualbox VM
Windows7 IIS7: can't turn off read-only flag for InetPub\wwwroot. Can't edit website files!
Can I create and manipulate unix "screens" in a script?
How to Login to Windows XP/7 Using a USB stick for authentication
Maven authentication to Sonatype Nexus repository
How to simplify Nagios config in giant datacenter