From: Martin Zobel-Helas <zobel@ftbfs.de>
Date: Thu, 14 Jan 2010 22:39:41 +0000 (+0100)
Subject: blog recent RFH
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fdsa-wiki.git;a=commitdiff_plain;h=a60dedd92e0cd331b7a885a68c80989f832bc148

blog recent RFH
---

diff --git a/input/dsablog/2010/01/[RFH]_ferm_integration_into_dsa-puppet.git.mdwn b/input/dsablog/2010/01/[RFH]_ferm_integration_into_dsa-puppet.git.mdwn
new file mode 100644
index 0000000..2535392
--- /dev/null
+++ b/input/dsablog/2010/01/[RFH]_ferm_integration_into_dsa-puppet.git.mdwn
@@ -0,0 +1,22 @@
+[[!meta author="Martin Zobel-Helas"]]
+
+The Debian Project currently runs about [100 machines](http://db.debian.org/machines.cgi) all over the
+world with different services. Those are mainly managed by the [Debian
+System Administration team](http://wiki.debian.org/Teams/DSA). For central configuration management we
+use [Puppet](http://reductivelabs.com/products/puppet/).
+The Puppet config we use is publicly available [here](http://git.debian.org/?p=mirror/dsa-puppet.git).
+
+Our next goal is to have a more or less central configuration of our
+iptables rules on all those machines. Some of the machines have
+home-brewed firewall scripts, some use ferm.
+
+
+Your mission, if you choose to accept it, is to provide us with a new
+dsa-puppet git branch with a module "ferm" that we can roll out to all
+our hosts. 
+
+It might want to use information from the other puppet modules like
+"apache2_security_mirror" or "buildd" to decide which incoming traffic
+should be allowed.
+
+DSA will of course provide you with all necessary further information.