Re: How to manage a firewall script with minor tweaks for different machines?
Hello,
On Sat, Jun 12, 2021 at 07:02:50PM +0300, Anssi Saari wrote:
> But then... One machine has a radius server that needs UDP port 1812
> open. And another is a print server with CUPS and SMB which apparently
> need at least TCP ports 631 and 137 open.
It sounds like you need configuration management software. You
already have several machines by the sounds of it, so it's a good
time to look in to it.
Ansible can be very simple and quick to learn and everything you've
mentioned in your post can easily be done with it.
I found Puppet a bit of a nicer thing to develop in, but a lot more
complicated and a lot more work to keep up to date, so I switched to
Ansible.
Other configuration management software is available and I don't
think it matters that much which one you go for; you will no doubt
discover your preferences.
All configuration management solutions will cover the use case of
different config for different hosts or groups of hosts, templating
of configuration files, and pushing files and assets out to where
they need to be.
You can invent your own with a big shell script and an ssh loop but
to be honest, Ansible is really very simple, may as well use
something that has solved all these problems.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Reply to: