Harry Hoffman wrote: > Yep! that's exactly what I had in mind. This could extend out to other > services that would be configured at install time and ppl could chose > whether or not to enable the firewall rules via snippets :-) > > Cheers, > Harry >
iptables seems a logical fit as that's one you definitely want working at the end of kickstart, config management or no. You /need/ that one configured at the end of kickstart so there's no window. Other services could just be a simple as providing some good snippets for them, so I think it's up the users to supply them. One of my definite goals is to get more of the snippets in the stock templates and also ship more in /var/lib/cobbler. --Michael > > > Michael DeHaan wrote: > >> Harry Hoffman wrote: >> >>> This is awesome! >>> >>> Can you integrate iptables into the %post snippet or should that just be >>> left as a exercise per deployment? >>> >>> >> My first thought was that it should be a per-deployment thing. >> However, it may encourage best practices if we do something about this >> with regard to the sample templates. Interesting idea. >> >> If it's as simple as "cobbler profile edit --name=foo >> --iptables-rules=/etc/iptables.template" (default nothing) that's not >> too intrusive at all. >> >> We could then have SNIPPET::enable_iptables_if_configured and >> SNIPPET::install_assigned_iptables_rules as special snippets. >> >> And we could ship some good starter rules/templates so people could use >> them, ones that were set up to auto-allow Func and Cobbler and other >> similar services. >> >> Naturally the default for this should be "no assignment" and folks who >> didn't want to use this feature could still do things their own way. >> >> I kind of like this.... what did you have in mind? Does that sound >> similar? >> >> >>> Cheers, >>> harry >>> >>> >>> >>> Michael DeHaan wrote: >>> >>> >>>> I'm working on some features on the development branch (Cobbler 1.3 and >>>> later) that will make it very easy for admins to set up new >>>> machines/nodes so that they are running Func out of the box. I think >>>> this is a very powerful way to deploy things so that they are >>>> controllable later and should hopefully introduce more people to Func >>>> (http://fedorahosted.org/func). >>>> You can read more about what I'm doing here: >>>> >>>> https://fedorahosted.org/cobbler/wiki/FuncIntegration >>>> >>>> On a related note, I still need some help testing the Puppet external >>>> nodes integration feature on the devel branch ... >>>> https://fedorahosted.org/cobbler/wiki/UsingCobblerWithConfigManagementSystem >>>> >>>> In conjunction these become nicely powerful in that you have a config >>>> management system and also a system (Func!) for one-off tasks, misc >>>> scripting, and "do this now!" type activity. Coupled with a deployment >>>> system (Cobbler) this becomes especially nice. >>>> >>>> Read an outside view on this in terms of Francesco Crippa's presentation >>>> to Linux TAG this year: >>>> >>>> http://people.byte-code.com/fcrippa/wp-content/uploads/2008/06/fcrippa_large-scale-env.pdf >>>> >>>> --Michael >>>> >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> cobbler mailing list >>>> [email protected] >>>> https://fedorahosted.org/mailman/listinfo/cobbler >>>> >>>> >>> _______________________________________________ >>> cobbler mailing list >>> [email protected] >>> https://fedorahosted.org/mailman/listinfo/cobbler >>> >>> >> _______________________________________________ >> cobbler mailing list >> [email protected] >> https://fedorahosted.org/mailman/listinfo/cobbler >> > _______________________________________________ > cobbler mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/cobbler > _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
