[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: will cfengine work if the "master" is behind a firewall?
From: |
Tim Nelson |
Subject: |
Re: will cfengine work if the "master" is behind a firewall? |
Date: |
Fri, 25 Nov 2005 09:44:33 +1100 (EST) |
On Tue, 22 Nov 2005, Tomasz Chmielewski wrote:
I'm new to cfengine and I'm just starting to read about it.
I have a "master" server thet can connect to the other servers using SSH, but
"slaves" can't connect to the master.
Correct terms here are "server" and "client". "Master" and
"slave" are used for something else (see below).
Will I still be able to use cfengine? After reading the docs, I'm still not
sure if I can:
- use SSH *only* (no NFS etc.) for cfengine
- if one-way SSH (from master to slave) will be enough
Cfengine implements its own protocol (with the model based on
ssh's security model, but specific to cfengine's needs), rather than using
SSH/NFS. I think it's possible to make it work over SSH instead, though.
The best solution I've seen to the internal/external problem
mentioned above, rather than moving to a totally push-based setup, is to
have an external machine that acts as a slave *server*. The master
cfengine server (internal) pushes to the slave server, and then the
external clients all fetch their config from the slave server. That way
you only have one push in the network, and it reduces the problems
associated with push documented in the links supplied by others in this
thread.
--
Kind Regards,
Tim Nelson
Server Administrator
P: 03 9934 0888
F: 03 9934 0899
E: tim.nelson@webalive.biz
W: www.webalive.biz
WebAlive Technologies
Level 1, Innovation Building
Digital Harbour
1010 La Trobe Street
Docklands Melbourne VIC 3008
This email (including all attachments) is intended solely for the named
addressee. It is confidential and may contain legally privileged information. If
you receive it in error, please let us know by reply email, delete it from your
system and destroy any copies. This email is also subject to copyright. No
part of it should be reproduced, adapted or transmitted without the written
consent of the copyright owner.
Emails may be interfered with, may contain computer viruses or other defects
and may not be successfully replicated on other systems. We give no
warranties in relation to these matters. If you have any doubts about the
authenticity of an email purportedly sent by us, please contact us immediately.