help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: running cfengine across firewall


From: Christian Pearce
Subject: Re: running cfengine across firewall
Date: Mon, 31 Jan 2005 08:34:53 -0500

Our product uses both approaches.  If we need to get data from a client
back to a centralized server we use rsync of ssh.

If we need to get configs and binaries through a firewall we rsync push
them to a proxy node.  This box can then handle all the traffic both
cfengine and rsync from the client inside that firewall.  Then a
centralized server will copy all the data the clients pushed to the
proxy node.

It works out quite well.

On Sun, 2005-01-30 at 21:04, Russell Adams wrote:
> Perhaps we should compare notes. ;]
> 
> Then again, I should clarify. I only use rsync/ssh to transfer data
> back from my hosts, not to copy to them.
> 
> Updates via rsync/ssh is a push type of solution, which I experimented
> with only briefly. I preferred pull vs push, and worked out another
> method using signed, per-host tarballs on a webserver.
> 
> Russell
> 
> On Mon, Jan 31, 2005 at 12:02:47PM +1100, Tim Nelson wrote:
> > On Sat, 29 Jan 2005, Russell Adams wrote:
> > 
> > >Hence I use rsync/ssh over an existing protocol. ;]
> > 
> >     That's what I was doing too.  I generated different config files 
> > for the internal and external networks (so that if anyone got into an 
> > external machine, they wouldn't be able to see my internal config), and 
> > then pushed the external version via scp.
> > 
> >     :)
> > 
> > -- 
> > Tim Nelson
> > Server Administrator
> > WebAlive Technologies Global
> > Level 1 Innovation Building, Digital Harbour
> > 1010 LaTrobe Street
> > Docklands, Melbourne, 
> > Vic, 3008
> > Phone: +61 3 9934 0812
> > Fax: +61 3 9934 0899
> > E-mail: address@hidden
> > http://www.webalive.biz/
> > 
> > "Your Business, Your Web, Your Control"
> > 
> -----------------------------
> Russell Adams
> address@hidden
> http://www.adamsinfoserv.com/
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/help-cfengine
-- 
Christian Pearce
http://www.commnav.com
http://www.perfectorder.com






reply via email to

[Prev in Thread] Current Thread [Next in Thread]