On Nov 17, 2019, at 11:58 AM, Nicolas Kovacs <i...@microlinux.fr> wrote > * chrony: I'm using ntpd and ntpdate
You should never be using ntpdate anymore (which is why the ntp project is deprecating it, http://support.ntp.org/bin/view/Dev/DeprecatingNtpdate <http://support.ntp.org/bin/view/Dev/DeprecatingNtpdate> ). I really only ever suggest ntpd unless you’re running an NTP server that provides NTP service to your network, and needs to supported time source hardware. NTPd actually worse for laptops and other devices with intermittent/congested connections, and VMs that experience time jumps during migrations. Chrony also tends to use less RAM and power than NTPd due to how it does time management and generally smaller footprint. > * firewalld: https://github.com/kikinovak/firewall > <https://github.com/kikinovak/firewall> Kinda looks like you’ve reinvented the wheel here, breaking down firewall rules into separate files and managed by a single service. Plus, firewalld supports ipsets along side iptables rules in C7, and uses nftables by default in C8, keeping you with the fastest way of setting up rules. But I get it, not everyone cares for firewalld. On c6, I managed the iptables file with a template in configuration management, breaking up the individual config files into separate, role-based chunks. Also, the ‘fail2ban’ service has firewalld support, which uses ipsets for its blocks, improving overall performance. > * NetworkManager: great on laptops, useless on servers Untrue. NM is great for servers. I think I’ve told this story a dozen times on this list, but nearly all our servers use NM. We experienced a power outage in our datacenter due to some clumsy UPS maintenance people, and when power was restored to the floor, the servers booted faster than the networking equipment. Everything using the old ’network’ service booted up, detected no network, and gave up and completed the boot, with no network at all. Had to visit the datacenter to reboot them. All the NM systems had the network start fail, and continued with the boot, and as soon as the interface comes online, NM brings up the network and triggers all network-dependent services to come online. NM supports event-based dispatching (in /etc/NetworkManager/dispatcher.d/) so you can run custom scripts when the network state changes. NM in CentOS7 is a lot better than you had in C6, the default settings don’t restart the interface if you change the ifcfg-* files (a stupid problem in C6) and supports a lot more features like bridges and bonds that were missing in earlier versions. You can interact with it via dbus (if that’s your thing) and the nmcli tool is really handy for CLI-based settings. The only time I’ve seen a need to use the old network service was when I discovered that you can’t set custom routes on the loopback interface with NM, since it doesn’t manage the loopback interface. -- Jonathan Billings _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
