From akrherz at iastate.edu  Thu Mar 31 13:15:01 2011
From: akrherz at iastate.edu (daryl herzmann)
Date: Thu, 31 Mar 2011 08:15:01 -0500 (CDT)
Subject: [rhn-users] RedHat will no longer use rhn-outage-list, why?
Message-ID: <alpine.LRH.2.00.1103310806470.3489@akrherz-laptop.agron.iastate.edu>

Howdy,

After the recent outages with RHN hosted (most recent being on the 28th), 
I inquired with Red Hat GSS on why Red Hat no longer announces outages on 
the rhn-outage-list list.  The mailman page has:

rhn-outage-list -- Announcements Related to RHN Service Interruptions

The GSS response was:
   "outage emails have been stopped intentionally for business reason"

Okay, I suspect we can't be told what that business reason is either. 
Would anybody on this list care to clarify the outage notification policy?

This page here appears to be wrong given the above.

https://access.redhat.com/knowledge/docs/Red_Hat_Network/Outage_Policy/index.html

" Red Hat Network will send a notification through the mailing list (see
   below) in advance of unscheduled maintenance whenever possible. In the
   event that we are unable to send advance notification of unscheduled
   maintenance, we recommend that you contact Customer Service for
   additional details."

Which means GSS will tell you that they can't tell you what happened!

daryl



From felmasper at gmail.com  Thu Mar 31 16:33:03 2011
From: felmasper at gmail.com (Felipe Pereira)
Date: Thu, 31 Mar 2011 13:33:03 -0300
Subject: [rhn-users] Access control using RHN
Message-ID: <AANLkTim3Dv0z3C1XrkBQBuhuOn+J2=fGCo5-SLUg4sW7@mail.gmail.com>

Hello,

I was wondering how do people use RHN to do access control.

I'm interested in hosts.allow but I'd like to hear about other types
(pam_access, iptables, etc).

Consider the following scenario:
- two classes of hosts, C1 and C2 (each class has a configuration channel)
- only a group of stations/people G1 may login on C1
- I want a group of stations/people G2 besides G1 to access C2

How can C2 inherit access control of C1 appending new items to it? Consider
that files from a conf. channel override channels below it.

I'm doing this way: (just wanted to know if you see a flaw or a better way
to do it)

The "base" conf. channel has these files:
/etc/hosts.allow:
sshd: /etc/hosts.d/G1-sshd.allow
sshd: /etc/hosts.d/G2-sshd.allow

/etc/hosts.deny:
sshd: ALL

/etc/hosts.d/G1-sshd.allow:
# empty
/etc/hosts.d/G2-sshd.allow:
# empty

Now we create channels "G1-allow" and "G2-allow" which will be used above
the base class (top priority). G1-allow has the file
/etc/hosts.d/G1-sshd.allow with the respective hosts. Same for G2-allow.

Base must have /etc/hosts.d/*.allow empty so we can disable login when we
unsubscribe hosts from a Gn-allow channel, by deploying the empty base file.

Now I can choose to allow for any combinations of G1 and G2 to C1 and C2.
It's not really inheritance, but it's easy to see which group of hosts can
login to which class.

-- 
Felipe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhn-users/attachments/20110331/c32ca428/attachment.htm>

From inode0 at gmail.com  Thu Mar 31 19:39:45 2011
From: inode0 at gmail.com (inode0)
Date: Thu, 31 Mar 2011 14:39:45 -0500
Subject: [rhn-users] RedHat will no longer use rhn-outage-list, why?
In-Reply-To: <alpine.LRH.2.00.1103310806470.3489@akrherz-laptop.agron.iastate.edu>
References: <alpine.LRH.2.00.1103310806470.3489@akrherz-laptop.agron.iastate.edu>
Message-ID: <AANLkTimeFhS_tL5yC0VDuY0Q03Z=TELXEWx3kFRBWK6j@mail.gmail.com>

On Thu, Mar 31, 2011 at 8:15 AM, daryl herzmann <akrherz at iastate.edu> wrote:
> Howdy,
>
> After the recent outages with RHN hosted (most recent being on the 28th), I
> inquired with Red Hat GSS on why Red Hat no longer announces outages on the
> rhn-outage-list list. ?The mailman page has:
>
> rhn-outage-list -- Announcements Related to RHN Service Interruptions
>
> The GSS response was:
> ?"outage emails have been stopped intentionally for business reason"
>
> Okay, I suspect we can't be told what that business reason is either. Would
> anybody on this list care to clarify the outage notification policy?
>
> This page here appears to be wrong given the above.
>
> https://access.redhat.com/knowledge/docs/Red_Hat_Network/Outage_Policy/index.html
>
> " Red Hat Network will send a notification through the mailing list (see
> ?below) in advance of unscheduled maintenance whenever possible. In the
> ?event that we are unable to send advance notification of unscheduled
> ?maintenance, we recommend that you contact Customer Service for
> ?additional details."
>
> Which means GSS will tell you that they can't tell you what happened!

Seems to be an outage now ... but honestly I don't think I can keep up
with posting such things here. :)

John



From inode0 at gmail.com  Thu Mar 31 20:57:18 2011
From: inode0 at gmail.com (inode0)
Date: Thu, 31 Mar 2011 15:57:18 -0500
Subject: [rhn-users] RedHat will no longer use rhn-outage-list, why?
In-Reply-To: <AANLkTimeFhS_tL5yC0VDuY0Q03Z=TELXEWx3kFRBWK6j@mail.gmail.com>
References: <alpine.LRH.2.00.1103310806470.3489@akrherz-laptop.agron.iastate.edu>
	<AANLkTimeFhS_tL5yC0VDuY0Q03Z=TELXEWx3kFRBWK6j@mail.gmail.com>
Message-ID: <AANLkTimrvOoex5tb8csAOYPxGfV9=DUHUN3hxY+E-NX-@mail.gmail.com>

On Thu, Mar 31, 2011 at 2:39 PM, inode0 <inode0 at gmail.com> wrote:
> Seems to be an outage now ... but honestly I don't think I can keep up
> with posting such things here. :)

And we are back now. No information on the cause of the outage or the
ETA for the next outage at this time.

John