Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I recently transitioned to the Linux (RHEL/CentOS) environment roughly 9-ish months ago and have learned so much since then but still consider myself a total newbie. This is my first Linux Administration role and I've never seen other infrastructures compared to what I've been dealing with. Our host/user base is also roughly about 20ish and I'd like to be prepared when that grows in the future.
Currently I feel as if the current infrastructure, that I inherited, isn't setup properly and I'd like everyone's opinion on my thoughts about improving it.
Here is how we have things setup:
RHEL Server (NFS Share): This host has been setup with the CentOS/RHEL kickstarts for NFS deployment and also Open Source Puppet for applying the necessary post imaging configurations.
RHEL Workstation (Sync? Local Repo): This host was setup with downloading RHEL/CentOS packages weekly and have our workstation hosts pointed to it for updates by using reposync. Unfortunately, there isn't a RHEL Server VM spun up setup like this host (yet) and all of our RHEL Servers are being pointed directly to RHN. Our local site requires the hosts to point to a local repo so that it can be managed. The reason why I have yet to stand up another RHEL Server VM for reposync is explained below.
My thought was to purchase Red Hat Satellite Server and utilize the Puppet Enterprise
(https://access.redhat.com/articles/s...pet-enterprise) integration so this way we can just get rid of the jury-rigged repo VM. Our RHEL machines also aren't subscribed since they're just pulling updates from the local repo.
Where you must use RHEL (for whatever reasons, client contract, compliance etc, etc) you first need to fix Licensing and then using Satellite + Puppet does make sense. For those machines that haven't such requirements transitioning to CentOS + Spacewalk (OSS Satellite) may be an option. And not that it's ready right now I believe but also look ahead at what Red Hat has on offer for the future (CloudForms + Foreman vs Katello).
Where you must use RHEL (for whatever reasons, client contract, compliance etc, etc) you first need to fix Licensing and then using Satellite + Puppet does make sense. For those machines that haven't such requirements transitioning to CentOS + Spacewalk (OSS Satellite) may be an option. And not that it's ready right now I believe but also look ahead at what Red Hat has on offer for the future (CloudForms + Foreman vs Katello).
Thank you for your response. Just as you said, for reasons (DoD), we only have RHSS and PE approved or else I would setup CentOS + Spacewalk. Good to know about the CloudForms + Foreman vs Katello, I'll play with those at home to get my feet wet.
Thank you for your response. Just as you said, for reasons (DoD), we only have RHSS and PE approved or else I would setup CentOS + Spacewalk. Good to know about the CloudForms + Foreman vs Katello, I'll play with those at home to get my feet wet.
I'm curious about your DoD site. Since I work DoD too, and we don't allow any of our DoD RHEL Servers to go out to RH Network directly. We have a Red Hat Satellite, disconnected, where we do all of the patching from. So I'm wondering why it is setup this way?
Also for NFS, it is against the STIGs to run this, so I shut all of that down and use scp to move files right now.
I'm curious about your DoD site. Since I work DoD too, and we don't allow any of our DoD RHEL Servers to go out to RH Network directly. We have a Red Hat Satellite, disconnected, where we do all of the patching from. So I'm wondering why it is setup this way?
Also for NFS, it is against the STIGs to run this, so I shut all of that down and use scp to move files right now.
That's interesting, from what I gathered, no regular workstations are allowed to connect directly to RHN just as you said unless it's through a local repo or RHSS. We just went though the new accreditation process with DISA and I don't recall seeing anything saying this wasn't allowed. Could you clarify as to which portion you meant as being setup "this way"?
The STIGs don't specifically say to not use NFS (unless I missed a STIG ID), they say that if you are using it, you need certain options in place such as "nosuid" and "nodev" (list goes on).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.