[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: will cfengine work if the "master" is behind a firewall?
From: |
Brendan Strejcek |
Subject: |
Re: will cfengine work if the "master" is behind a firewall? |
Date: |
Tue, 22 Nov 2005 08:14:04 -0600 |
User-agent: |
Mutt/1.5.6+20040818i |
Tomasz Chmielewski wrote:
> I have a "master" server thet can connect to the other servers using
> SSH, but "slaves" can't connect to the master.
The recommended cfengine setup uses a "pull" architecture; what you
describe (the master connecting to the slaves) is a "push" architecture.
There is a pretty good summary of those two ideas at:
http://www.infrastructures.org/bootstrap/pushpull.shtml
> Will I still be able to use cfengine?
Not with cfengine's standard usage model. You could still use cfagent
as a general interpreter, if you found some other way to get the policy
files to the clients.
> After reading the docs, I'm still not sure if I can:
>
> - use SSH *only* (no NFS etc.) for cfengine
cfengine uses its own protocol to transfer files (though cfagent can
copy files from NFS shares, that would be considerably less robust).
Best,
Brendan
--
Senior System Administrator
The University of Chicago
Department of Computer Science
http://www.cs.uchicago.edu/people/brendan
http://people.cs.uchicago.edu/~brendan