[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: will cfengine work if the "master" is behind a firewall?

From: Brendan Strejcek
Subject: Re: will cfengine work if the "master" is behind a firewall?
Date: Tue, 22 Nov 2005 08:14:04 -0600
User-agent: Mutt/1.5.6+20040818i

Tomasz Chmielewski wrote:

> I have a "master" server thet can connect to the other servers using
> SSH, but "slaves" can't connect to the master.

The recommended cfengine setup uses a "pull" architecture; what you
describe (the master connecting to the slaves) is a "push" architecture.
There is a pretty good summary of those two ideas at:

> Will I still be able to use cfengine?

Not with cfengine's standard usage model. You could still use cfagent
as a general interpreter, if you found some other way to get the policy
files to the clients.

> After reading the docs, I'm still not sure if I can:
> - use SSH *only* (no NFS etc.) for cfengine

cfengine uses its own protocol to transfer files (though cfagent can
copy files from NFS shares, that would be considerably less robust).


Senior System Administrator
The University of Chicago
Department of Computer Science

reply via email to

[Prev in Thread] Current Thread [Next in Thread]