On Fri, 2007-05-25 at 12:08 -0400, seth vidal wrote: > How about you use the puppet cert it makes on the client for auth and > see if we can have wget or urlgrabber or curl use it to talk to > mod_auth_cert on apache. > > Then we'd have a secure-auth + good static content replication. +1 It also keeps you from increasing the number of *keys that need to be tracked and distributed to hosts -- with rsync + ssh, you have to manage the sshkey relationship for *all* hosts. Since the _content_ isn't secret but we do have a desire to ensure the host is authentic, this idea is the best so far. It uses known and working secure-auth, and lets you deploy content to hosts that you don't want to have an sshkey relationship with. A related item is the trigger for content pushing. There are two general situation when we want to push out new content: 1. I'm updating something, no worries 2. I really, really want/need to see the change RIGHT NOW I presume puppet has something for this with configurations. Personally, I'd be comfortable with a longer lead-time on a cronjob from the subservient host (two to four times an hour), if it were possible to push a Big Red Button and have content updated from the master immediately. Open for suggestions on methodology, natch. :) - Karsten -- Karsten Wade, 108 Editor ^ Fedora Documentation Project Sr. Developer Relations Mgr. | fedoraproject.org/wiki/DocsProject quaid.108.redhat.com | gpg key: AD0E0C41 ////////////////////////////////// \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Attachment:
signature.asc
Description: This is a digitally signed message part
