[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: mln (was: Re: Bootstrapping)
|
From: |
John Sechrest |
|
Subject: |
Re: mln (was: Re: Bootstrapping) |
|
Date: |
Thu, 19 Feb 2004 10:39:47 -0800 |
Thank you for the list, it is interesting.
I would like to differentiate "roles" from "service"
A role is an abstract task, which may take many "services"
to implement. And that "role" impacts how other systems
do what they do. IE, the "web server" needs to have
port 80 open on the gateway.
Some of your services below, can be grouped into
services offered by machines which have a specific role.
If you can take one of them.....
Like Backend mail server.
And identify the services that that role needs:
imap
pop
mounting user mail directories
having port 25 open
having port 109 open
having port 110 open
Having these same ports monitored by the monitoring machine.
....
What are the rules that you would put out for a
debian box, that was a backend mail server, and nothing
but a backend mail server?
Roy MARANTZ <marantz@jla.rutgers.edu> writes:
% Here is the stuff from my global cf.groups file.
%
% Roy
%
% These are the "roles" a machine can subscribe too
% # services defined in this file:
% # s_dns - dns server
% # s_frontend - timeshared
% # s_ftpd - ftp server
% # s_pop3 - pop mail reader daemon support
% # s_imapd - imap mail reader daemon support
% # s_imaps - imap over ssl mail reader daemon support
% # s_inetd - runs inetd
% # s_xinetd - runs xinetd
% # s_mysql - mysql server
% # s_nfsd - NFS server
% # s_lpd - line printer server
% # s_rexecd - rexec server
% # s_rlogind - rlogin server
% # s_rshd - rsh server
% # s_smtp - mail delivery support
% # s_ssh - ssh server
% # s_save_precious_files - save.precious.files
% # s_tapeuser - accessable tapedrive
% # s_telnetd - telnet server
% # s_httpd - web server
% # s_php - web server with php
% # s_weblog - webserver log processing
% # s_workstation - workstation
% # s_ypmaster - NIS master server (also used in jumpstart final script)
% # s_ypslave - NIS slave server
% # s_no_yp - NIS is not used on this machine
% # s_do_patches - do patch this machine
% # s_netscape - netscape browser
% # s_rm6 - rm6 raidmanager software RSM-2000 support
% # s_turbomon_5300 - Dot/BoxHill turbo 5300 raidmanager software
% # s_webmail - webmail server
% # s_netgroup - netgroups are supported on this ypmaster
% # s_rats - rats support maching/server
% # s_webalizer - webalizer processing machine
% # s_cvs - cvs server
% # s_cricket - cricket service
% # s_netsaint - netsaint client or server
% # s_nagios - nagios client or server
% # s_rpm - rpm server
% # s_pks - pks server
% # s_jabber - jabber server
% # s_sqwebmail - sqwebmail server
% # s_webster - webster dict server
% # s_webtools - webtools dict server
% # s_syslogng - uses syslog-ng instead of syslogd
% # s_amavis - amavis anti-spam, anti-virus
% # s_ldap - ldap (openldap) server
% # s_sun_studio_8 - install sun studio_8 compilers
% # s_R - install R
% # s_imapproxy - install imapproxy agent
% # s_samba - samba server
% # s_dhcp - dhcp server
% # s_rsync - rsync server
%
% These are tuning attribute to select variants of how the services are
% configured. Some probably won't make sense outside of solaris and
% Rutgers.
%
% # boolean attributes defined in this file
% # a_enigma_only - allow enigma/secure only login/access
% # a_allow_nonpriv_login - allow non slide people to loginrci
% # (these should be moved elsewhere since they aren't manually defined)
% # a_hme - has at least one hme interface configured
% # a_eri - has at least one eri interface configured
% # a_sulogin_saved - sulogin is a link ?is this needed???
% # a_apt_installed - apt has been installed
% # a_apt_updated - apt-get update has been done
% # a_install_user - install user (in addition to core) software
% # a_qmail - use qmail for mta
% # a_postfix - use postfix for mta
% # a_courier - use courier-imap
% # a_courier_listen - a courier-imap listener (server)
% # a_uwash_imap - use University of Washington imap
% # a_maildrop - use maildrop for local mail delivery
% # a_mail_local - use mail.local for local mail delivery
% # a_smtpauth - authenticated smtp listening
% # a_pureftp - use pureftp for ftpd
% # a_proftp - use proftp for ftpd
% # a_apache - use apache for httpd
% # a_ssh_keygen_comment - set the comment on an ssh keygen command
% # a_64bit_host - host can run 64bit binaries
% # a_aid_64bit_kernel - encourage 64bit kernel on slower UltraSPARC-I
% # a_needs_backup - has disks which should be backedup
% # a_needs_remote_backup - backup is started remotely
% # a_rsync_backup - backup is via nubs/rsync
% # a_runs_backup - backups are run here
% # a_allow_autoneg - allow autonegotiation to work
% # a_mysql_from_nfs - mysql via nfs instead of installed
% # a_apache_from_nfs - apache via nfs instead of installed
% # a_set_pt_cnt - whether to set pt_cnt
% # a_set_maxuprc - whether to set maxuprc
% # a_netsaint_master - netsaint master host
% # a_nagios_master - nagios master host
% # a_nagios_radius - nagios monitors radius server
% # a_nagios_act_svt - nagios active servant (collector + editor + tester) host
% # a_nagios_psv_svt - nagios passive servant (collector + tester) host
% # a_nagios_act_clnt - nagios active client (remote + local tester) host
% # a_nagios_psv_clnt - nagios passive client (local tester) host
% # a_proftpd_conf - proftpd conf file from this nfs place
% # a_dhcp_on_boot - true to allow dhcp to configure network always
% # a_remote_loghost - syslogd listens for remote(UDP) logging
% # a_maildir_only - mail ONLY goes in maildir i.e. no /var/mail anything
% # a_reel - runs reel librarian
% # a_mysql_socat - runs mysql/socat tunnel
% # a_plp - plp printing
% # a_lprng - lprng printing
% # a_lpd_driver - a lpd printer driver
% # a_all_xinetd - all services are run with xinetd
% # a_telnetd_xinetd - telnetd via xinetd
% # a_rshd_xinetd - rshd via xinetd
% # a_rexecd_xinetd - rexecd via xinetd
% # a_rlogind_xinetd - rlogind via xinetd
% # a_ftpd_xinetd - ftpd via xinetd
% # a_redirector - passwd, chfn, ... are web tools only
% # a_ldap_client - ldap (openldap) client (tools and pam support)
% # a_nscd_disable - prevent nscd from running
% # a_ldap_updater - ldap (openldap) updater server
% # a_ldap_reader - ldap (openldap) reader server
% # a_amavisd_4_daemons - use 4 daemons not default
% # a_rpm_testing_repository - uses the testing repository by default
% # a_turck_mmcache - use turck-mmcache php accelerator
% # a_samba_client - a samba client
%
% these macros furture tune the services so I can uses common nis setup
% code with different nis doamins. again YMMV
%
% # macro/variable attibutes defined in this file
% # nis_domain - value is the nis domainname
% # cluster_name - value is the cluster name (like nis_domain)
% # check_backup_time - cron job time(s) for check_backup script
% # a_nfsds - number of nfsds for a nfsserver
% # a_lockds - number of lockds for a nfsserver
% # a_rpm_type - apt/sources.list type
% # a_rpm_uri - apt/sources.list respository URI
% # a_rpm_distro - apt/sources.list distribution
% # a_rpm_component - apt/sources.list compented to use (testing, stable...)
% # a_hostname - hostname of this host
% # a_netgroups - netgroups this machine needs/wants
% # a_tape_drives - "export" tape drives for the machine (get from device_map?)
% # a_passwd_people - (servants only) who gets accounts on the machine
% # a_group_people - (servants only) who gets special groups on the machine
% # ch_apache - path to production apache, ex /usr/local/apache-1.3.24
% # ch_mysql - path to production mysql, ex /usr/local/mysql-3.23.47
% # ch_php - path to production php, ex /usr/local/php-4.1.2
% # a_rats_home - path to rats common (etc...) directory
% # a_pt_cnt - number of ptys
% # a_maxuprc - max number of per user processes
% # a_outside - file extension for in/out-side specific files
% # a_jabber_name - jabber hostname
% # a_courier_pem - imapd-pop3d.pem file path for courier
%
% These are global defaults which are similar to the last group, but
% intended to not be machine (or cluster) dependent.
%
% # program names defined in this file
% # (if you don't know what they do leave them alone)
% # p_perl
% # p_ftpd
% # p_rexecd
% # p_rlogind
% # p_rshd
% # p_rstatd
% # p_save_precious_files
% # p_tcpd
% # p_telnetd
% # p_tftpd
% # p_netscape
% # p_mknetgroup
% # p_tcp_env
% # p_qmail_smtpd
%
%
% On Thu, 19 Feb 2004, John Sechrest wrote:
%
% > Date: Thu, 19 Feb 2004 08:14:59 -0800
% > From: John Sechrest <sechrest@peak.org>
% > To: Roy MARANTZ <marantz@jla.rutgers.edu>
% > Cc: help-cfengine@gnu.org
% > Subject: Re: mln (was: Re: Bootstrapping)
% >
% > Can you name the variants that you have used?
% >
% > And can you outline what the "rules" in an abstract sense
% > are for those variants (IE, OS independent descriptions of what is needed)
% >
% > Like:
% > mysql => port 3306 is open
% > mysql => mysql-server package is installed
% > mysql => database owners/names/permissions derived from ldap
% >
% ...
-----
John Sechrest . Helping people use
. computers and the Internet
. more effectively
.
. Internet: sechrest@peak.org
.
. http://www.peak.org/~sechrest