[CentOS] Keeping iptables in sync across multiple machines
Les Mikesell
lesmikesell at gmail.com
Tue Nov 3 20:05:46 UTC 2009
mark wrote:
>
>>> So, what I am looking for really is feedback on what people are using in
>>> the wild on multiple machines, and bonus points for people who only use
>>> tools and mechanisms already built into the CentOS [base] repo.
>> We are using Spacewalk to manage /etc/sysconfig/iptables files. The
>> files are version controlled with the integrated config management
>> tool. As SW does not (yet) support depended command execution, we are
>> using remote command execution through osad to reload iptables,
>> afterwards.
> <snip>
> So, what version is Spacewalk up to? When I installed it this past spring, it
> was version 0.4, and I upgraded to 0.5, which had just been released, the week
> before my contract ended the end of April.
>
> *I* would *never* put something that was under 1.0 (actually, 1.0.1) into
> production.
>
> At work, we're getting pressure to provide all kinds of info and control on
> what's on the servers and desktops (we're heavy tech - a lot of our users are
> on Linux), and he just brought up OCS Inventory. He said it took him about 5
> min (sounded more like half an hour, actually), and though there are a number
> of things - docs not great, and the translations leave something to be desired
> (it from the French), I'm impressed. It's a *lot* slicker, a lot more finished,
> and easier to install and configure, it seems, than Spacewalk, which took me
> *many* weeks to install, configure, and get working correctly.
>
> OCS Inventory *looks* (I've only played with it for an hour or two) as though I
> can build scripts for it to run, to install, upgrade, etc, remote systems.
OCS inventory is indeed nice and works across several platforms.
However it is not going to build a system from scratch for you and it
doesn't give you fine-grained control (or much at all) over the timing
of when remote commands or package installs will happen after you've
scheduled them.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list