help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfengine and hosts using DHCP

From: John Sechrest
Subject: Re: cfengine and hosts using DHCP
Date: Sat, 27 Apr 2002 08:36:29 -0700 
Mark.Burgess@iu.hio.no writes:


 % I don't know anything useful about LDAP. I have never seen
 % a presentation which answered any questions I had about it
 % If you have specific suggestions...otherwise I try to
 % avoid gratuitous use of other technologies as much as possible.



 As we are moving to managing our systems as a single cluster, 
 instead of as a collection of different machines,
 we are working towards using LDAP as our main carrier of information.

 One of the reasons is that we want to have a single place to stash things.
 Another reason is that we want to be able to integrate Unix systems and
 NT systems together.

 There are tools that will let us authenticate off of Ldap.

 In addition, there are already pre-defined methods for having 
 Ldap replicated over several servers, so that single server
 failures don't take out a service.

 As well as having ACL control mechanisms that will allow us to limit
 who gets what information.

 And so we get some greater sense of security, while still distributing
 information.

 What are the questions you have about LDAP that need answering?


 






 % On 27 Apr, John Sechrest wrote:
 % > 
 % > 
 % >  While you are looking at how cfengine works with DHCP....
 % > 
 % >  It might be a worth while effort to take the next step, and
 % >  look at what it would look like for CFengine to get some of its
 % >  data out of LDAP.
 % > 
 % >  If you have your authentication for your systems running
 % >  out of ldap, it might be worth while to be able to 
 % >  use LDAP as a configuration database too. 
 % > 
 % >  It provides security models and pre-existing tools to access
 % >  the system.
 % > 
 % > 
 % > 
 % > Mark.Burgess@iu.hio.no writes:
 % > 
 % >  % 
 % >  % This is a good poiny which I had not really considered up to this point.
 % >  % here needs perhaps to be an option on cfservd which allows one to
 % >  % specify a DHCP range. I shall look into this
 % >  % 
 % >  % M
 % >  % 
 % >  % On 27 Apr, Juha Ylitalo wrote:
 % >  % > Current mode in cfservd <-> cfagent interaction seems to be based on
 % >  % > idea that both parties have static IP and they have been introduced to
 % >  % > each others at some point by administration.
 % >  % > Are there any best practises on how to use cfengine in environments 
were
 % >  % > you have mixed environment of static and DHCP addresses (i.e. 
Linux/*BSD
 % >  % > workstations and laptops), where your cfservd or other central file
 % >  % > repository can give all its configuration files
 % >  % > (/var/cfengine/masterfiles/inputs/*), but clients should somehow be 
able
 % >  % > to verify that downloaded files came from trusted source?
 % >  % > I guess I could create script that would download PGP signed tarballs,
 % >  % > verify signature and then untar them to /var/cfengine/inputs, but if
 % >  % > there are better solutions, I would like to hear about them.
 % >  % >  
 % >  % 
 % >  % 
 % >  % 
 % >  % ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 % >  % Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
 % >  % Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
 % >  % ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 % >  % 
 % >  % 
 % >  % 
 % >  % _______________________________________________
 % >  % Help-cfengine mailing list
 % >  % Help-cfengine@gnu.org
 % >  % http://mail.gnu.org/mailman/listinfo/help-cfengine
 % > 
 % > -----
 % > John Sechrest          .         Helping people use
 % > CTO PEAK -              .           computers and the Internet
 % > Public Electronic         .            more effectively
 % > Access to Knowledge,Inc       .                      
 % > 1600 SW Western, Suite 180       .            Internet: sechrest@peak.org
 % > Corvallis Oregon 97333               .                  (541) 754-7325
 % >                                             . http://www.peak.org/~sechrest
 % > 
 % > _______________________________________________
 % > Help-cfengine mailing list
 % > Help-cfengine@gnu.org
 % > http://mail.gnu.org/mailman/listinfo/help-cfengine
 % 
 % 
 % 
 % ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 % Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
 % Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
 % ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 % 

-----
John Sechrest          .         Helping people use
CTO PEAK -              .           computers and the Internet
Public Electronic         .            more effectively
Access to Knowledge,Inc       .                      
1600 SW Western, Suite 180       .            Internet: sechrest@peak.org
Corvallis Oregon 97333               .                  (541) 754-7325
                                            . http://www.peak.org/~sechrest
reply via email to
[Prev in Thread] Current Thread [Next in Thread]