Hi,
On Wednesday 16 May 2007 19:37, David Lutterkort wrote:
One thing that makes that clunky is that AFAIK no good way to ask
whether the current iptables has a certain rule installed, and if not
install it. If something like that existed, it would be fairly easy to
write a puppet type that made this a little less clunky.
I'm doing the same what is done with puppet here, with FAI
(
http://www.informatik.uni-koeln.de/fai/ and
http://faiwiki.debian.net). I'll
post a short howto tomorrow.
And with FAI I would use a cfengine script for such "edits", and I think you
can use cfengine with puppet, too.
FAI used to be a debian only installer, but since some time (years..) it's
also possible to update and manage running systems with it, also rpm based
systems. (It doesn't support installations of rpm based systems yet, mostly
because there seems to be no aquivalent to debootstrap.)
regards,
Holger