[CentOS] Keeping iptables in sync across multiple machines

Sun Nov 1 15:10:10 UTC 2009
mark <m.roth at 5-cent.us>

Marcus Moeller wrote:
> Dear Karan.
> ...
>> So, what I am looking for really is feedback on what people are using in
>> the wild on multiple machines, and bonus points for people who only use
>> tools and mechanisms already built into the CentOS [base] repo.
> 
> We are using Spacewalk to manage /etc/sysconfig/iptables files. The
> files are version controlled with the integrated config management
> tool. As SW does not (yet) support depended command execution, we are
> using remote command execution through osad to reload iptables,
> afterwards.
<snip>
So, what version is Spacewalk up to? When I installed it this past spring, it 
was version 0.4, and I upgraded to 0.5, which had just been released, the week 
before my contract ended the end of April.

*I* would *never* put something that was under 1.0 (actually, 1.0.1) into 
production.

At work, we're getting pressure to provide all kinds of info and control on 
what's on the servers and desktops (we're heavy tech - a lot of our users are 
on Linux), and he just brought up OCS Inventory. He said it took him about 5 
min (sounded more like half an hour, actually), and though there are a number 
of things - docs not great, and the translations leave something to be desired 
(it from the French), I'm impressed. It's a *lot* slicker, a lot more finished, 
and easier to install and configure, it seems, than Spacewalk, which took me 
*many* weeks to install, configure, and get working correctly.

OCS Inventory *looks* (I've only played with it for an hour or two) as though I 
can build scripts for it to run, to install, upgrade, etc, remote systems.

	mark

-- 
Frodo: "(Gollum) deserves death!"
Gandalf: "...I daresay he does. Many that live deserve death.
   And some that die deserve life. Can you give it to them?
   Then do not be too eager to deal out death in judgement."