Yep! that's exactly what I had in mind. This could extend out to
other
services that would be configured at install time and ppl could chose
whether or not to enable the firewall rules via snippets :-)
Cheers,
Harry
iptables seems a logical fit as that's one you definitely want working
at the end of kickstart, config management or no. You /need/ that one
configured at the end of kickstart so there's no window.
Other services could just be a simple as providing some good snippets
for them, so I think it's up the users to supply them.
One of my definite goals is to get more of the snippets in the stock
templates and also ship more in /var/lib/cobbler.
--Michael
Michael DeHaan wrote:
> Harry Hoffman wrote:
>
>> This is awesome!
>>
>> Can you integrate iptables into the %post snippet or should that just be
>> left as a exercise per deployment?
>>
>>
> My first thought was that it should be a per-deployment thing.
> However, it may encourage best practices if we do something about this
> with regard to the sample templates. Interesting idea.
>
> If it's as simple as "cobbler profile edit --name=foo
> --iptables-rules=/etc/iptables.template" (default nothing) that's not
> too intrusive at all.
>
> We could then have SNIPPET::enable_iptables_if_configured and
> SNIPPET::install_assigned_iptables_rules as special snippets.
>
> And we could ship some good starter rules/templates so people could use
> them, ones that were set up to auto-allow Func and Cobbler and other
> similar services.
>
> Naturally the default for this should be "no assignment" and folks who
> didn't want to use this feature could still do things their own way.
>
> I kind of like this.... what did you have in mind? Does that sound
> similar?
>
>
>> Cheers,
>> harry
>>
>>
>>
>> Michael DeHaan wrote:
>>
>>
>>> I'm working on some features on the development branch (Cobbler 1.3 and
>>> later) that will make it very easy for admins to set up new
>>> machines/nodes so that they are running Func out of the box. I think
>>> this is a very powerful way to deploy things so that they are
>>> controllable later and should hopefully introduce more people to Func
>>> (
http://fedorahosted.org/func).
>>> You can read more about what I'm doing here:
>>>
>>>
https://fedorahosted.org/cobbler/wiki/FuncIntegration
>>>
>>> On a related note, I still need some help testing the Puppet external
>>> nodes integration feature on the devel branch ...
>>>
https://fedorahosted.org/cobbler/wiki/UsingCobblerWithConfigManagementSystem
>>>
>>> In conjunction these become nicely powerful in that you have a config
>>> management system and also a system (Func!) for one-off tasks, misc
>>> scripting, and "do this now!" type activity. Coupled with a
deployment
>>> system (Cobbler) this becomes especially nice.
>>>
>>> Read an outside view on this in terms of Francesco Crippa's presentation
>>> to Linux TAG this year:
>>>
>>>
http://people.byte-code.com/fcrippa/wp-content/uploads/2008/06/fcrippa_la...
>>>
>>> --Michael
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> cobbler mailing list
>>> cobbler(a)lists.fedorahosted.org
>>>
https://fedorahosted.org/mailman/listinfo/cobbler
>>>
>>>
>> _______________________________________________
>> cobbler mailing list
>> cobbler(a)lists.fedorahosted.org
>>
https://fedorahosted.org/mailman/listinfo/cobbler
>>
>>
> _______________________________________________
> cobbler mailing list
> cobbler(a)lists.fedorahosted.org
>
https://fedorahosted.org/mailman/listinfo/cobbler
>
_______________________________________________
cobbler mailing list
cobbler(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/cobbler