Luca Foppiano wrote:
On Mon, 2008-03-31 at 12:04 -0400, Michael DeHaan wrote:
Yep, discussion in IRC brought some of that up as a possible way to also
resolve some NAT problems. It's also similar to the way some other
distributed tools build up some really speedy command dispatch (though I
think Func with nforks=50 is probably close).
sry, when did you spoke about it?
Some last week.
When we were talking about it on IRC, client1 was an overlord of
sub_client1, that is, the certs for sub_client1 were not stored on the
machine running the commands in question. Is that the way we would want
to do it? Support both? I am kind of in favor of tiered
overlords for very large organizations and that seems to be very valuable.
I guess certificate are stored like now...server1 contain certificate
about his network, and client1 the same...what do you suggest?
What I'm talking about is whether client1 can be an overlord for the
subclients, therefore requiring
that certificates do not all have to request certs from one central
certmaster, but only have to request
certs from their "proxy" certmaster. This wouldn't require a change in
the certmaster code/libraries,
as it could all be done (I think) in the "proxy" module.
What might command line syntax for that look like? What about for
"send this command to every machine I have in the entire world"?
I don't have idea right now :-)
I guess you can register a proxy before launch command, and then launch
command on sub network attached to that proxy/proxies...
That was just some stuff to think about... :)
If we do it right, we probably get multiple hops for free.
oh yes, but ATM I don't yet have idea about the best design
implementation
Yep, that's the fun part!
regards
Luca
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
