Le 17/11/2019 à 18:56, Jonathan Billings a écrit :
You should never be using ntpdate anymore (which is why the ntp project is deprecating it, http://support.ntp.org/bin/view/Dev/DeprecatingNtpdate http://support.ntp.org/bin/view/Dev/DeprecatingNtpdate ). I really only ever suggest ntpd unless you’re running an NTP server that provides NTP service to your network, and needs to supported time source hardware. NTPd actually worse for laptops and other devices with intermittent/congested connections, and VMs that experience time jumps during migrations. Chrony also tends to use less RAM and power than NTPd due to how it does time management and generally smaller footprint.
I know ntpdate has officially been deprecated for ages. This being said, it works reliable when you have some serious lagging on the server.
Kinda looks like you’ve reinvented the wheel here, breaking down firewall rules into separate files and managed by a single service. Plus, firewalld supports ipsets along side iptables rules in C7, and uses nftables by default in C8, keeping you with the fastest way of setting up rules. But I get it, not everyone cares for firewalld. On c6, I managed the iptables file with a template in configuration management, breaking up the individual config files into separate, role-based chunks.
This is probably my Slackware background, but for many years, firewalling was essentially a shell script with iptables rules. From this point of view, firewalld has reinvented the wheel, so I simply stick with what works and what I'm familiar with. And since Linux obeys the Great Rule of Herding Cats, along comes nftables. BTW, the file snippets are just templates meant to be copy/pasted with Vim using split mode. :o)
- NetworkManager: great on laptops, useless on servers
Untrue. NM is great for servers. I think I’ve told this story a dozen times on this list, but nearly all our servers use NM. We experienced a power outage in our datacenter due to some clumsy UPS maintenance people, and when power was restored to the floor, the servers booted faster than the networking equipment. Everything using the old ’network’ service booted up, detected no network, and gave up and completed the boot, with no network at all. Had to visit the datacenter to reboot them. All the NM systems had the network start fail, and continued with the boot, and as soon as the interface comes online, NM brings up the network and triggers all network-dependent services to come online.
Again, this is probably the ex-Slacker in me throwing all the junk out and just keeping what's really needed.
Cheers & thanks for your detailed explanations. You've tickled my curiosity, so as soon as I finish writing my current Linux book (around X-mas I guess) I'll have a deeper look at all that stuff.
Niki