Les Mikesell lesmikesell@gmail.com wrote:
The 'what' is the problem. If our sales person want to demo a product that connects on 6 different ports to places that aren't known until the first connection is established, will it work?
If I setup the proxy to allow all access by default, such as I would in such a situation, then yes. But I do _not_ let just any port out the firewall.
I didn't design the product, but I've had to help make it work in places that don't use a default gateway. It's not pretty.
If people would make such security considerations in the first place, the Internet would be a lot safer. The problem is not the networks, but the apps.
The reason there are other ways is that none of them are perfect. There's nothing wrong with understanding the flaws and tradeoffs of each.
That was my point!
So why were you so hell-bent on talking about how something must work only one way? And you continually discarded countless suggestions from others, and even more from myself, as if they were not options?
Generally I don't want applications to use a proxy unless I know they are going to download the same big files as other systems. Otherwise it slows things down slightly and has no benefit.
No benefit?!?!?! Security???
That's a reasonable approach, but takes an extra step and unless the same programs are installed everywhere the 1st system may not have all the others need.
But it would _still_ cache the programs that are similar, as well as they test at least on the "common" system. Even you mentioned "testing," so I'm now even more curious how you're managing these systems?!
I'm not demanding solutions, but if people don't consider the problems there won't ever be any solutions.
Not the solution you explicitly want, as you seem to want to consider no others, or their merits for that matter.
It's a one-line command. How does making it a script help?
First off, you're aruging that 1 command is easy to do on a lot of systems. So how difficult is it to make a 1 line change to yum.conf? Could you please _stick_ with something, instead of just arguing however it may favor your viewpoint at any given moment?
Secondly, you're forgetting that you're SSH'ing into systems, etc... All those manual steps -- launch the terminal, etc... -- for _each_ system.
Having all systems automagically pull from the same configuration server would mean you make a change in 1 place, and then it is pulled by all other systems.
If you only have a half dozen or so systems, then just select one user's system at the client as the configuration management server. You then run 1 command to say the change has been implemented, and it gets copied into the configuration management repository for all other systems to grab.
You have to spend the time to create the script and then it takes just as long to type it's name as the command itself - or recall it from history.
The time spent to setup a basic configuration management setup is tiny -- especially for multiple systems. It is certainly less time than to launch a terminal, SSH into each one and hit the up arrow on a regular basis.
As I said, I am really starting to question many things at this point. But you keep on at it.