Yep! that's exactly what I had in mind. This could extend out to other services that would be configured at install time and ppl could chose whether or not to enable the firewall rules via snippets :-)
Cheers, Harry Michael DeHaan wrote: > Harry Hoffman wrote: >> This is awesome! >> >> Can you integrate iptables into the %post snippet or should that just be >> left as a exercise per deployment? >> > > My first thought was that it should be a per-deployment thing. > However, it may encourage best practices if we do something about this > with regard to the sample templates. Interesting idea. > > If it's as simple as "cobbler profile edit --name=foo > --iptables-rules=/etc/iptables.template" (default nothing) that's not > too intrusive at all. > > We could then have SNIPPET::enable_iptables_if_configured and > SNIPPET::install_assigned_iptables_rules as special snippets. > > And we could ship some good starter rules/templates so people could use > them, ones that were set up to auto-allow Func and Cobbler and other > similar services. > > Naturally the default for this should be "no assignment" and folks who > didn't want to use this feature could still do things their own way. > > I kind of like this.... what did you have in mind? Does that sound > similar? > >> Cheers, >> harry >> >> >> >> Michael DeHaan wrote: >> >>> I'm working on some features on the development branch (Cobbler 1.3 and >>> later) that will make it very easy for admins to set up new >>> machines/nodes so that they are running Func out of the box. I think >>> this is a very powerful way to deploy things so that they are >>> controllable later and should hopefully introduce more people to Func >>> (http://fedorahosted.org/func). >>> You can read more about what I'm doing here: >>> >>> https://fedorahosted.org/cobbler/wiki/FuncIntegration >>> >>> On a related note, I still need some help testing the Puppet external >>> nodes integration feature on the devel branch ... >>> https://fedorahosted.org/cobbler/wiki/UsingCobblerWithConfigManagementSystem >>> >>> In conjunction these become nicely powerful in that you have a config >>> management system and also a system (Func!) for one-off tasks, misc >>> scripting, and "do this now!" type activity. Coupled with a deployment >>> system (Cobbler) this becomes especially nice. >>> >>> Read an outside view on this in terms of Francesco Crippa's presentation >>> to Linux TAG this year: >>> >>> http://people.byte-code.com/fcrippa/wp-content/uploads/2008/06/fcrippa_large-scale-env.pdf >>> >>> --Michael >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> cobbler mailing list >>> [email protected] >>> https://fedorahosted.org/mailman/listinfo/cobbler >>> >> _______________________________________________ >> cobbler mailing list >> [email protected] >> https://fedorahosted.org/mailman/listinfo/cobbler >> > > _______________________________________________ > cobbler mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/cobbler _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
