I have to agree with Joe here. I am not overly security paranoid, but I’d plan to lock down the OS deployment/patch services for 90% of the servers in my company too – whether or not I had a gov’t contract to protect. Also, I am not finding this a “complicated solution.” After working for a banking system, this is comparatively trivial.
Brian *From:* [email protected] [mailto: [email protected]] *On Behalf Of *[email protected] *Sent:* Monday, January 19, 2015 10:49 AM *To:* [email protected]; [email protected] *Subject:* Re: [Spacewalk-list] general inquiry about client install/registration Wow you guys do like complicated solutions why not just put the repo in a subdirectory of /pub off the docroot spacewalk doesn't password protect that directly off the webserver for just such uses. Just to be clear what repos precisely are you intending to mirror? Server, client, EPEL or what? Sent from my BlackBerry 10 smartphone. *From: *Joe Belliveau *Sent: *Monday, January 19, 2015 12:38 *To: *[email protected] *Reply To: *[email protected] *Subject: *Re: [Spacewalk-list] general inquiry about client install/registration Also here is another one. if you want to use nfs as well. http://wiki.centos.org/HowTos/CreateLocalRepos?action=fullsearch&value=linkto%3A%22HowTos/CreateLocalRepos%22&context=180 <http://wiki.centos.org/HowTos/CreateLocalRepos?action=fullsearch&value=linkto:%22HowTos/CreateLocalRepos%22&context=180> —Joe On Jan 19, 2015, at 12:18 PM, Brian Kinney <[email protected]> wrote: Sounds great! Never built a mirror like this. Any suggestions/URLs where a quality example could be found? Brian This e-mail is private and may be confidential and is for the intended recipient only. If misdirected, please notify us by telephone and confirm that it has been deleted from your system and any copies destroyed. If you are not the intended recipient you are strictly prohibited from using, printing, copying, distributing or disseminating this e-mail or any information contained in it. We use reasonable measures to virus scan all E-mails leaving UNICOM Global but no warranty is given that this E-mail and any attachments are virus free. You should ensure you have adequate measures in place for your own virus checking. *From:* [email protected] [mailto: [email protected]] *On Behalf Of *Joe Belliveau *Sent:* Monday, January 19, 2015 5:52 AM *To:* [email protected] *Subject:* Re: [Spacewalk-list] general inquiry about client install/registration This can be done easily. I mirror the packages to a local apache redirect on the spacewalk server… It can easily be done. —Joe On Jan 19, 2015, at 8:32 AM, Edsall, William (WJ) <[email protected]> wrote: Hello list, Just a general question about clients. One reason for my investigation into satellite/spacewalk is due to network security and lack of internet access to our linux machines. I was surprised when the spacewalk documentation mentioned external yum installs in order to get spacewalk ready; was really hoping this was done 100% internal with the spacewalk server. So my question is – what’s the best practice to move everything internal? Can it be done? Should I look further into the bootstrap procedure? Thanks, William _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
