On Tue, Aug 5, 2008 at 9:38 PM, David Van Assche <[EMAIL PROTECTED]> wrote: >> 1 - I'll incorporate them into xs-config :-) >> 2 - don't have to hack the network startup scripts to remove the part >> that reloads rules >> 3 - you don't have to redo the in step 2 hack with every upgrade - as >> xs-config updates will nuke your changes > > The main reason for shorewall is traffic shaping... its the only
Get SW to spit out a nice traffic shaping ruleset, clean it up, and we can see if it can be merged into network_config > Anyway, shorewall is already a done deal for us and works wonderfully... Reread my notes above - an XS update will probably kill it, and you won't be around to help fix it. It's not that SW is not good - I've used it myself quite happily - but that it is not a sustainable move. > Would u care to elaborate on how to do this I've outlined two options. Pick one, yum install the packages and read the man pages :-) Also note that openldap is very brittle when it comes to unexpeted poweroffs and stuff like that. It gets its BDB DB in a tangle even when running normally - a simple ldapsearch <pattern> | sed | ldapmodify script can corrupt the DB. Bad juju with openldap. Very bad. >>> 5. Install Webmin for overall (internal) gui manipulation of the server... >> >> Ugh! Not recommended and xs-config in its current incarnation is >> lilkely to just make a mess of it all. I am not too proud of >> xs-config, and Webmin is too horrible for words. > > Its a matter of opinion... It is a lot more serious than that David. I can almost guarantee xs-config and webmin will interact disastrously. Not just webmin (though I worked with its internal code circa 1999 and... ), but anything that wants to change the config files. Any changes to config files that xs-config controls will bring grief, my worry with Webmin is that it makes it easy to change a lot of stuff that xs-config will later re-change. And I am sure modern Webmin will try and be smart about it - with a good chance of making things worse. Unless it has developed mind-reading abilities, the result will be <ka-boom>. It's not just Webmin: any "administration" program, web-based or not - is *not* recommended on a XS. And by that I mean "the next yum update very likely leave the machine in non-working state". xs-config is a bit nasty ATM, but even if we make it better, it wil _never_ interact well with a webmin-type app. Sorry. Life is hard like that. > need... I have no idea what xs-config is... but I'll gladly take a > look... It is what configured everything in the XS. Dragons. There. Yes, right there. Nah, I'm not kidding. >>> 6. Install various server monitoring tools >> >> Install whatever tickles your fancy but do install sysstat and make >> sure it's logging. If you need help, or can provide load stats, it >> will be the sysstat logs that we'll want to look at. > > yeah, I think we've settled for Nagios... seems to be allround for > what we need... Ill make sure to sysstat and post the logs... Yup, nagios is ok. Cacti too. And BB if you want. As long as you get sysstat in there, we're _sorted_. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff _______________________________________________ Server-devel mailing list [EMAIL PROTECTED] http://lists.laptop.org/listinfo/server-devel
