Harry Hoffman wrote: > This is awesome! > > Can you integrate iptables into the %post snippet or should that just be > left as a exercise per deployment? >
My first thought was that it should be a per-deployment thing. However, it may encourage best practices if we do something about this with regard to the sample templates. Interesting idea. If it's as simple as "cobbler profile edit --name=foo --iptables-rules=/etc/iptables.template" (default nothing) that's not too intrusive at all. We could then have SNIPPET::enable_iptables_if_configured and SNIPPET::install_assigned_iptables_rules as special snippets. And we could ship some good starter rules/templates so people could use them, ones that were set up to auto-allow Func and Cobbler and other similar services. Naturally the default for this should be "no assignment" and folks who didn't want to use this feature could still do things their own way. I kind of like this.... what did you have in mind? Does that sound similar? > Cheers, > harry > > > > Michael DeHaan wrote: > >> I'm working on some features on the development branch (Cobbler 1.3 and >> later) that will make it very easy for admins to set up new >> machines/nodes so that they are running Func out of the box. I think >> this is a very powerful way to deploy things so that they are >> controllable later and should hopefully introduce more people to Func >> (http://fedorahosted.org/func). >> You can read more about what I'm doing here: >> >> https://fedorahosted.org/cobbler/wiki/FuncIntegration >> >> On a related note, I still need some help testing the Puppet external >> nodes integration feature on the devel branch ... >> https://fedorahosted.org/cobbler/wiki/UsingCobblerWithConfigManagementSystem >> >> In conjunction these become nicely powerful in that you have a config >> management system and also a system (Func!) for one-off tasks, misc >> scripting, and "do this now!" type activity. Coupled with a deployment >> system (Cobbler) this becomes especially nice. >> >> Read an outside view on this in terms of Francesco Crippa's presentation >> to Linux TAG this year: >> >> http://people.byte-code.com/fcrippa/wp-content/uploads/2008/06/fcrippa_large-scale-env.pdf >> >> --Michael >> >> >> >> >> >> >> _______________________________________________ >> cobbler mailing list >> [email protected] >> https://fedorahosted.org/mailman/listinfo/cobbler >> > _______________________________________________ > cobbler mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/cobbler > _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
