help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: will cfengine work if the "master" is behind a firewall?


From: Tim Nelson
Subject: Re: will cfengine work if the "master" is behind a firewall?
Date: Fri, 25 Nov 2005 09:44:33 +1100 (EST)

On Tue, 22 Nov 2005, Tomasz Chmielewski wrote:

I'm new to cfengine and I'm just starting to read about it.

I have a "master" server thet can connect to the other servers using SSH, but "slaves" can't connect to the master.

Correct terms here are "server" and "client". "Master" and "slave" are used for something else (see below).


Will I still be able to use cfengine? After reading the docs, I'm still not sure if I can:

- use SSH *only* (no NFS etc.) for cfengine
- if one-way SSH (from master to slave) will be enough

Cfengine implements its own protocol (with the model based on ssh's security model, but specific to cfengine's needs), rather than using SSH/NFS. I think it's possible to make it work over SSH instead, though.

The best solution I've seen to the internal/external problem mentioned above, rather than moving to a totally push-based setup, is to have an external machine that acts as a slave *server*. The master cfengine server (internal) pushes to the slave server, and then the external clients all fetch their config from the slave server. That way you only have one push in the network, and it reduces the problems associated with push documented in the links supplied by others in this thread.

--
Kind Regards,
 
Tim Nelson
Server Administrator
 
P: 03 9934 0888
F: 03 9934 0899
E: address@hidden
W: www.webalive.biz
 
WebAlive Technologies
Level 1, Innovation Building
Digital Harbour
1010 La Trobe Street
Docklands Melbourne VIC 3008

This email (including all attachments) is intended solely for the named 
addressee. It is confidential and may contain legally privileged information. If
you receive it in error, please let us know by reply email, delete it from your 
system and destroy any copies. This email is also subject to copyright. No
part of it should be reproduced, adapted or transmitted without the written 
consent of the copyright owner.

Emails may be interfered with, may contain computer viruses or other defects 
and may not be successfully replicated on other systems. We give no
warranties in relation to these matters. If you have any doubts about the 
authenticity of an email purportedly sent by us, please contact us immediately.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]