You can always use a transparent proxy if you want inetnet access, but don't want all ports with direct access outbound...
P.
Bryan J. Smith wrote:
Les Mikesell lesmikesell@gmail.com wrote:
There are places where you might want to hand-configure IP addresses too, but DHCP is a lot handier.
So what's the difference between configuring your system to use DHCP and configuring your system to use a proxy? I honestly don't get it. @-o
How is that a solution? Proxies are used where you don't allow direct outbound access. How do you do ftp without configuring a proxy on every client?
The question is, why aren't you configuring software for a proxy in the first place? You do it once ... done.|
How do you propose this should work without per-box configuration?
Why don't you just configure it at install-time, like everything else? Again, I don't understand how this is different than anything else you configure at install-time.
Furthermore, we're back to the "how to you change anything on all systems when you need to?" Don't you have some sort of configuration management of all your Linux systems? Something that can redistribute system changes to all systems?
This has nothing to do with YUM.
OK - ftp breaks when you NAT it too - sometimes.
I'm not talking about just FTP, I'm talking about HTTP too. HTTP can and _does_ break because it's a stream protocol that carries a lot of rich service data over it. Some of those rich service data streams don't take kindly to transparent proxies.
[ As a side note, I mentioned that HTTP-based repositories should use WebDAV services instead. Because WebDAV adds file management to the protocol. ]
Of what?
Of the CentOS repository.
Yes, just mirror the whole internet locally - or at least all yummable repositories...
Of the packages you use, yes. Take some load off the CentOS mirrors if you have enough systems.
And all of the fedora repositories, and all the 3rd party add on repositories, and the k12ltsp variations, and the ubuntu/debian apt repositories.
Yes! Once you have the first sync, it is not much to download a day. In fact, if you're about conserving the bandwidth you use for updates, hell yes! If your point is that you have all those repositories to sync from and that is a "burden," then my counter-point is "Exactly! You're yanking from all those different repositories from _multiple_ systems already -- so why not just do it from _one_?" ;->
When you have a number of systems, there is _no_negative_ to this, other than having the disk space required! APT And YUM repositories are "dumb" FTP/HTTP stores. rsync down and serve. Save your bandwidth and save your headaches.
It doesn't make sense to cache things unless at least one person uses it.
Now I'm really confused. If you're not using a repository, then do _not_ mirror it. I don't understand that point you just made. Or are you adding yet more unrelated items just to make a point?
The point of the internet is that you can get the latest when you need it, and the point of a cache is that only one person has to wait.
We're talking about software repositories. If you are pulling multiple files from multiple systems, mirror it. These aren't some arbitrary web sites, they are known repositories.
If you have enough systems, you should be doing this anyway -- out of sheer configuration management principles. You don't want people grabbing arbitrary software on a mass number of systems, but only what you allow from your own repositories.
If you don't have a lot of systems, then take the few seconds to add the proxy line during install -- or make it part of your Kickstart post-install script, etc... (whatever you normally do at install-time).
Yes, CentOS is as much a victim as the other distros on this point.
I just don't know what you expect CentOS to solve.