Hi,
is it possible to manually add some DNS entries to bind without having the
relevant machines controlled by Foreman/puppet.
In addition I should add some CNAME entries.
What's the preferred way to solve this problem.
Thanks in advance
Markus
the whole point of Foreman Smart Proxies is to negate manual entries…
however, i've done something similar to this using the Hooks plugin to add
reverse lookup records.
forman hooks:
https://github.com/theforeman/foreman_hooks
and a howto:
http://www.brian2.net/posts/foreman_hooks_aws_vpc/
···
On Thursday, December 18, 2014 9:39:46 PM UTC+8, hirnschmalz wrote: > > Hi, > > is it possible to manually add some DNS entries to bind without having the > relevant machines controlled by Foreman/puppet. > In addition I should add some CNAME entries. > > What's the preferred way to solve this problem. > > Thanks in advance > > > Markus >Hi,
Just wondering is there any firewall management plugin in progress or
planned.
It would be extremely handy to manage the firewall rules centrally and
set different rules for different host collections/content views/host
groups/locations/organizations.
Implementation should be doable using firewalld or just iptables.
The most difficult thing would be the gui I think, how best to organize
things.
Kind regards,
Jorick Astrego
Met vriendelijke groet, With kind regards,
Jorick Astrego
Netbulae Virtualization Experts
···
----------------Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A KvK 08198180
Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
Maybe this: https://forge.puppetlabs.com/jpopelka/firewalld
I have always used the Puppetlabs firewall module.
···
On 29 Dec 2014 14:19, "Jorick Astrego" wrote:Hi,
Just wondering is there any firewall management plugin in progress or
planned.It would be extremely handy to manage the firewall rules centrally and
set different rules for different host collections/content views/host
groups/locations/organizations.Implementation should be doable using firewalld or just iptables.
The most difficult thing would be the gui I think, how best to organize
things.Kind regards,
Jorick Astrego
Met vriendelijke groet, With kind regards,
Jorick Astrego
*Netbulae Virtualization Experts *
Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A KvK 08198180 Fax:
053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01–
You received this message because you are subscribed to the Google Groups
“Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
I will look at the puppet forge. It was more of a feature request to have it working in satellite/katello.
The Project URL link doesn't work by the way:
https://forge.puppetlabs.com/jpopelka/(https://forge.puppetlabs.com/jpopelka/firewalld)
Central management in the satellite gui is the way if you want to have
lower level admins manage the infrastructure I think. We try to keep
puppet classes to a minimum in our environment as it gets very complex
quickly.
We admin's != developers and I personally find it very error prone and lot's of work to have basic things in all kinds of puppet classes that may or may not get updated.
I used a lot of puppet forge classes in the last year that didn't really work in 7 and never get updated. So I had to write my own, and maintain them, and share them with other people in our company.
It becomes far easier for us to just use firewall-cmd or just use old school iptables.
We try to manage dozens of different systems and have different levels of sysadmins with different privileges. As you can let a puppet class do anything you don't want any low level admin creating these on their own, while adding a port/service in the gui should be a normal thing for any low level admin. Also when using puppet classes we cannot restrict the hosts an admin is allowed to change the firewall settings for.
As I said it would be nice to have… think of this guy:
http://projects.theforeman.org/projects/katello/wiki/Personas-SystemAdministrator
*Role Description*
In my role I add/remove systems from Katello/Foreman, run remote
commands, schedule updates, provision new systems, etc. I run he
maintenance window. We are responsible for the new hardware and VMs
running in our organization. We are the centralized support of host
deployment within our business unit. There are two other business
suits in this organization.
Kind regards,
Jorick Astrego
Met vriendelijke groet, With kind regards,
Jorick Astrego
Netbulae Virtualization Experts
···
On 12/29/2014 03:55 PM, Jakub Bittner wrote: > Maybe this: https://forge.puppetlabs.com/jpopelka/firewalld > -- > You received this message because you are subscribed to the Google > Groups "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to foreman-users+unsubscribe@googlegroups.com > . > To post to this group, send email to foreman-users@googlegroups.com > . > Visit this group at http://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout.Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A KvK 08198180
Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01