[CentOS] Disappearing Network Manager config scripts

Wed Apr 30 17:46:32 UTC 2014
Les Mikesell <lesmikesell at gmail.com>

On Wed, Apr 30, 2014 at 12:17 PM, Lamar Owen <lowen at pari.edu> wrote:
>
>> You forgot to mention interoperable along with effective and complete.
>
> No, I didn't forget it.
>
>>> Dynamic DNS and/or mDNS with associated addresses deals with the need
>>> for a static IP;
>> Is that secure?
>
> Dynamic DNS can be, yes.  It depends upon the way the zone file is
> updated and whether it's Internet-exposed on not.

So how can it be dynamic, but controlled at the same time?

> But you've been around long enough to know that security and convenience
> are inversely proportional.

Sort-of.  You just have to work out convenient operations over secure channels.

>> Is [the SRV DNS record] a standard that is universal?
>
> RFC 2782.  Becoming more common, and very common for VoIP networks using
> SIP.

I'll take that as a 'no' for the general case.

>> You just pushed the management somewhere else - you didn't eliminate it.
>
> Why yes, yes I did push the management elsewhere.  If you have a hundred
> thousand cloud nodes, where would you rather manage them; at the
> individual node level, or in a centralized manner?

I'd like to mange things the same way, regardless of the count.

>  Go to a cloud panel,
> select 'deploy development PostgreSQL server' and a bit later connect to
> it and get to work.

How is that easier than saying 'ssh nodename yum -y install
postgresql-server'/  Something I already know how to do and how to
make happen any number of ties - and something that works on real
hardware and in spite of the differences in VM cloud tools.

> (Yes, I know you need AAA and all kinds of other
> things, but for the application developer who needs a clean sandbox to
> test something, being able to roll a clean temp server out without admin
> intervention could be very useful).

At the expense of being black magic that won't work outside of that
environment.  I don't like magic.  I don't like things that lock you
in to only one vendor/tool/OS.

>> Your argument makes sense for devices that don't provide a reasonable
>> interface for their own configuration. But how does that apply to a
>> server with a full Linux distribution?
>
> Embedded devices, with what I would consider to be full Linux
> distributions on them, with nothing more than a network device to manage
> them already exist.  Network device meaning Wi Fi, too.  NAS appliances
> are but one application; the WD MyBook Live, for instance, has a
> complete non-GUI Debian on it, and there are repos for various packages
> (for grins and giggles I installed IRAF on one, and ran it with ssh X
> forwarding to my laptop).  Is a NAS appliance not a server?

Actually, I'd like to see a single device do all of that gunk plus
have an HDMI out to act as a media player so a typical home would only
need one extra 'thing' besides the computer/tablet/phone.  But it
doesn't matter - you still have to configure it somehow.  Do you want
things to guess at your firewall rules?

-- 
   Les Mikesell
     lesmikesell at gmail.com