I hope this doesn't reopen a closed topic, I know it was left at "low priority, but patches may be accepted". I disagree. I don't think func should ever use SSH. SSH is a great protocols for what it does, RPC is not it. One of the reasons to use func is the limitations of SSH. To use SSH as a transport you could either pipe to stdin/stdout, create a new SSH subsystem (like sftp does), be expect like and parse lines, or create a new SSHD deamon so you can control both ends like you do now. Piping to stdin/stdout would lose a lot of functionality of XMLRPC, you could only return a string from a function. Using expect like commands is just pron to error, and isn't that what we're trying to get away from? Creating a new SSH subsystem would probably work OK, but it seems like a lot of work for no benefit over the current system, and may have some limitations I'm not aware of. Making your own SSHD would work fine, and wouldn't be that much work if you used twisted conch libraries, but it would be a hard sell replacing every running OpenSSH instance with your own beta SSHD. You could run your SSHD on a different port, but then why not just run your XMLRPC server? I've been using some form of SSH to manage many systems for years. I finally decided that SSH as a transport is not suited for managing many systems at once. When people say "cool does it do SSH" there missing the point, they should be saying "It doesn't use use SSH, Cool!". What is needed is a simple RPC protocol authenticated by a signed key chain. SSL and XMLRPC fit the bill. If puppet weren't written in Ruby I'd probably use that. Eli Criffield _______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list
