Thanks much all for your inputs, suggestions and ideas. I am a researcher and I am planning to use Puppet as policy-based management system. As we all know that puppet provides a low-level declarative language to define policies so I was interested to know if there is any other way to define QoS and Security related policies in puppet. I have setup a very basic router initially using IPTABLES and TC-ng. With a little effort, I came across with http://github.com/camptocamp/puppet-iptables, but TC (traffic control) support remained an issue. My main research focus is refinement of high-level policies (ponder2/swrl) to low-level policies (puppet) using ontologies.
I would look at Endian (seems quite promising) but my hunch is that it won't solve the problem, which I am addressing as a research problem. If puppet doesn't support any network traffic controller/application now, would it support in the future? Is there anything related to traffic controller in the puppet development plan? How much effort it would require if I develop TC-ng support plugin for puppet? I would really appreciate your ideas and suggestions. Thanks much for your help in advance, I really appreciate your efforts. Regards, Annie On Fri, May 21, 2010 at 11:24 AM, Ken Barber <[email protected]> wrote: > > Personally, I would expect that the right approach was to develop a > simple > > traffic control tool that would take a much ... less difficult input, > then to > > manage the high level configuration of that with puppet. > > I actually abandoned trying to build my own firewall from scratch and > looked into something like Endian instead. I didn't sleep well with my > own firewall to be honest. > > Endian has all the techs we know and love: openvpn, tc, iptables, > routing, spam-assassin, ntop etc. etc. It provides a nice gui, can be > clustered and backs up to a single tarball for easy restoration (which > can be emailed periodically to a user). Endian is also open source - > so you can download the ISO and try it in a VM. Of course I'm sure > there are many solutions like this so its worth shopping around - but > the concept is possibly less painful. > > Of course I did speak to someone recently who wanted to start a > business case doing firewall management in puppet - in that case he > could spend the time to develop such a tool. While that seems cool I > never had such luxury of time myself :-). > > ken. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<puppet-dev%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/puppet-dev?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
