Re: host-specific firewall configurations: I've been looking over Ript (https://github.com/bulletproofnetworks/ript) lately - it does a lot of things in what I would consider The One True Right Way... I still have to figure out how I would want to wedge it into our Chef infrastructure, though. :-) And there are several competing ways to do the same thing, in this case - some already mentioned by other folks.
There's also the not-so-small matter of it (ript) emitting iptables rulesets (rather than ipfilter) when I have thousands of Solaris hosts to deal with.... :-) best, --e On Mon, Dec 31, 2012 at 11:18 AM, Charles Polisher <[email protected]>wrote: > Elijah Wright wrote: > > Rancid. > > > > For some devices (F5 gear, Stingray clusters, some NetApp gear) our > > approach is usually to shovel the configs into git somewhere. > > > > Mike Julian <[email protected]> wrote: > > > What's everyone using for network device configuration management, > aside > > > from RANCID? I'm exploring options. > > Planning a deployment of ~30 Linux servers we're looking at > automating switch, firewall, iptables, and monitoring configs. > RANCID would appear to be workable for updating and tracking > configs for our HP Procurve and Cisco ASA kit, but seems to be > only a part of the solution (I think RANCID only versions and > pushes configs?). Generating the configs would be a help. I've > been eyeing these projects but have yet to try them out -- > > Netomata (generate configs from net models; Brent Chapman) > http://www.netomata.com/tools/ncg > http://www.netomata.com/wiki/web_hosting_example_network_design > > Nedi (visualize net topology, discovery using LLDP/SNMP) > http://www.nedi.ch/about/ > > Netdisco (discovery using SNMP/DNS, port mapping, auditing, > Postgres, web GUI) http://www.netdisco.org/ > > -- > Charles > >
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
