help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bootstrapping


From: John Sechrest
Subject: Re: Bootstrapping
Date: Mon, 16 Feb 2004 09:11:11 -0800

I appreciate that you are working on making this question explicit.
We are working on the same set of problems with a UML based package
we are working on.

to solve the problem you are describing below, can't you
create a specific IPnumber/hostname which is specifically bound.

So if I have a system foobar.x.com and it has three interfaces
   eth0   10.0.1.25
   eth1   10.23.1.23
   eth2   10.3.3.3

Then if I want to be able to specifically talk about a specific
interface, I can can create a set of specific DNS records that are:

   foobar-eth0.x.com
   foobar-eth1.x.com
   foobar-eth2.x.com

Or since this is a bit strange, you don't really care about
the interface, you care about the network, you can say:

    foobar-0-net.x.com
    foobar-23-net.x.com
    foobar-3-net.x.com

And in this way bind one address for a specific network to a specific
name. 

In fact, if you wanted to subsume all of these on multiple domains into
a single domain, you could create a "cfengine configuration domain"
where:

    a.x.com
    b.y.com
    c.z.com

All having multiple interfaces, would aliases in another comain:

    a-x.cfconf.com
    b-y.cfconf.com
    c-z.cfconf.com

(One for each host+interface pair)

The difficulty with this path, is that it does not deal with the
reverse DNS question. And since Reverse DNS and forward DNS are
not one to one, you always in a sense have this problem.

Sometimes you want reverse DNS to return the main host name,
sometimes you want it to return the interface name. Sometimes
you want it to return the virtual host name. 

If you can live with different reverse DNS, then it is ok.

If you can't, then one solution is to spoof the return address lookup
by creating your own reverse maps in your own dns server for those 
domains. 

        


           


"Luke A. Kanies" <luke@madstop.com> writes:

 % I forgot something WRT allowing IP addresses:
 % 
 % There are also problems on hosts with multiple IP addresses.  I'm pretty
 % sure you can tell cfservd to only listen on a given IP address, but
 % cfagent always connects out of the "default" IP, and I don't think that's
 % configurable.
 % 
 % This is particularly problematic on certain clusters -- HACMP (IBM's
 % clustering for AIX), for instance, changes the hostname when the cluster
 % fails over, so you'll suddenly have a different host with different keys
 % connecting under the same hostname.  The only way I know for this to work
 % is to copy the same key pair to each member of the cluster.  This is kind
 % of unfortunate, but unless I can tell cfagent to connect as a specific
 % host through a specific IP address, I don't see a way around this.
 % 
 % As to how to go about automating this sharing of keys, I don't know of a
 % good way.  I have not yet done so (although I need to).
 % 
 % Luke
 % 
 % -- 
 % I never think of the future.  It comes soon enough.  --Albert Einstein
 % 
 % 
 % _______________________________________________
 % Help-cfengine mailing list
 % Help-cfengine@gnu.org
 % http://mail.gnu.org/mailman/listinfo/help-cfengine

-----
John Sechrest          .         Helping people use
                        .           computers and the Internet
                          .            more effectively
                             .                      
                                 .       Internet: sechrest@peak.org
                                      .   
                                              . http://www.peak.org/~sechrest




reply via email to

[Prev in Thread] Current Thread [Next in Thread]