Alexander Todorov wrote:
Hello,
I apologize if this has been asked before, if so please point me to relevant
documentation.
I'd like to know how the communication between the minions and the master func
server works. Is it initiated by the server and pushing jobs to the client nodes
or the minions are pulling jobs from the server?
For minions ("clients"), the only time they initiate a connection out is
when they request and
pick up a cert from the certmaster.
Otherwise, all request are from the overlord to the minions.
What about the requirement to have host names resolvable by DNS or /etc/hosts.
Currently, the certs are stored based on the hostname of the minion.
There are plans to make this
more flexible, but thats the current state.
I'd like to experiment with func/symbolic in environment where client machines
will be not directly connected to the server and will be isolated by a firewall.
Even the server could be somewhere on the Internet and the clients on a private
newtwork NAT-ed to the outside world.
Func has some provisions for working around tricky networks if need
be. See the docs
on delegation (https://fedorahosted.org/func/wiki/DelegationModule).
This is basically setting up
a func proxy so the overlord can reach all the minions.
Currently, managing hosts behind a private NAT is probably going to
be painful/impossible. The
overlord assumes the name of the cert is also a hostname that it can
reach the minion with. If that is
not the case, and it generally isn't in NAT'ed scenario's, the overlord
will not know how to reach the
minions behind the NAT.
I've not actually tested delegation in this scenario, so I'm not
sure it would help. Steve Salevan or
other could probably comment more intelligently on that case.
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
