We have two load balanced CentOS 5.3 webservers that handle a decent number (~20) of individualized shopping websites. The end result being that we have to have a separate secure site per product, resulting in a large number of network aliases, one for each IP so that SSL will work.
Obviously managing this stuff manually would not be fun, especially when servers die and you need to rebuild and want to ensure consistency.
However, the IT manager is not comfortable using CLI tools to manage certain things and is adamant about having a GUI tool like system-config-network
available in case he wants to change something.
The scripts I have written to manage the machine configurations have tried to take that into account and for most of the network configuration, I use system-config-network-cmd -e > netconfig
to dump the config, make changes, and then system-config-network-cmd -i -c -f netconfig
to import the changes back in.
The problem I have found is that different versions of s-c-n-cmd have acted differently and often what is imported is not what actually gets stored. Even simply doing system-config-network-cmd -e > netconfig
followed immediately by system-config-network -i -c -f netconfig
without making any changes results in a different config (running system-config-network-cmd -e > netconfig2
and doing a diff netconfig netconfig2
shows differences).
Whether or not the issues with s-c-n-cmd will get fixed, has anyone else dealt with this issue? I tried modifying /etc/sysconfig/networking/*
directly, but that didn’t always seem to work right either.
Is there some Right Way(TM) that ensures the RH GUI tools and /etc/sysconfig/network-scripts can live in harmony while still being script-friendly?
I’m looking at eventually moving to puppet, but it’s far down in the long list of other projects that need to be done so I’m hoping for something that will keep us going until then.
A question: why would the IT manager want to change network configuration, when he is not even comfortable with a shell? I'd tell him to stay away from production servers if he expects me to do my job right. He does his job (paying me), I do mine (work servers).
Anyway, maybe the 'setup' command can help you out. And how about making /etc/sysconfig/network-scripts a svn or git repository. Than you at least can go back to a previous version. I haven't run into a problem like yours myself, because I tend to script network configuration during deployment, and leave it at that. What you describe sounds like a bug though, so you might want to file a bugreport about inconsequent behavior of that tool.
Setting up puppet for a trivial task like this is not a lot of work by the way, so that might constitute a good solution.