[CentOS] Keeping iptables in sync across multiple machines

Les Mikesell lesmikesell at gmail.com
Tue Nov 3 20:05:46 UTC 2009

mark wrote:
>>> So, what I am looking for really is feedback on what people are using in
>>> the wild on multiple machines, and bonus points for people who only use
>>> tools and mechanisms already built into the CentOS [base] repo.
>> We are using Spacewalk to manage /etc/sysconfig/iptables files. The
>> files are version controlled with the integrated config management
>> tool. As SW does not (yet) support depended command execution, we are
>> using remote command execution through osad to reload iptables,
>> afterwards.
> <snip>
> So, what version is Spacewalk up to? When I installed it this past spring, it 
> was version 0.4, and I upgraded to 0.5, which had just been released, the week 
> before my contract ended the end of April.
> *I* would *never* put something that was under 1.0 (actually, 1.0.1) into 
> production.
> At work, we're getting pressure to provide all kinds of info and control on 
> what's on the servers and desktops (we're heavy tech - a lot of our users are 
> on Linux), and he just brought up OCS Inventory. He said it took him about 5 
> min (sounded more like half an hour, actually), and though there are a number 
> of things - docs not great, and the translations leave something to be desired 
> (it from the French), I'm impressed. It's a *lot* slicker, a lot more finished, 
> and easier to install and configure, it seems, than Spacewalk, which took me 
> *many* weeks to install, configure, and get working correctly.
> OCS Inventory *looks* (I've only played with it for an hour or two) as though I 
> can build scripts for it to run, to install, upgrade, etc, remote systems.

OCS inventory is indeed nice and works across several platforms. 
However it is not going to build a system from scratch for you and it 
doesn't give you fine-grained control (or much at all) over the timing 
of when remote commands or package installs will happen after you've 
scheduled them.

   Les Mikesell
    lesmikesell at gmail.com

More information about the CentOS mailing list