Re: will cfengine work if the "master" is behind a firewall?

[Brendan Strejcek]

Tomasz Chmielewski wrote:

> I have a "master" server thet can connect to the other servers using
> SSH, but "slaves" can't connect to the master.

The recommended cfengine setup uses a "pull" architecture; what you
describe (the master connecting to the slaves) is a "push" architecture.
There is a pretty good summary of those two ideas at:

    http://www.infrastructures.org/bootstrap/pushpull.shtml

> Will I still be able to use cfengine?

Not with cfengine's standard usage model. You could still use cfagent
as a general interpreter, if you found some other way to get the policy
files to the clients.

> After reading the docs, I'm still not sure if I can:
> 
> - use SSH *only* (no NFS etc.) for cfengine

cfengine uses its own protocol to transfer files (though cfagent can
copy files from NFS shares, that would be considerably less robust).

Best,
Brendan

--
Senior System Administrator
The University of Chicago
Department of Computer Science

http://www.cs.uchicago.edu/people/brendan

http://people.cs.uchicago.edu/~brendan