On Thu, 25 Feb 2010, Andreas Thienemann wrote:
On 02/23/2010 09:33 PM, Seth Vidal wrote:
Policy-wise delegation is godsend. At many places it is much, much easier to
get firewall changes approved for one machine crossing firewall boundaries
than have every machine cross it. If compliance issues (e.g. PCI) come into
play, this can be very important.
We are extremely happy with func itself. ssh and sshpass works for accessing
a large number of machines and doing stuff but func is easier for both
one-off calls as well as regular things. The latter is especially easy with
the ability to extend func with modules.
Delegation however would need a bit of work. The current func release
horribly breaks delegation but ssalevan helpfully patched that part on his
github tree but it is not completely there yet. Globbing works, concatting
with a semicolon doesn't which is what I am looking into right now. :-)
If you have any further questions I am happy to go a bit more into detail how
we use func.
Andreas,
thanks for the input - this is valuable to know how it is being used.
What I'm working on right now is to make it possible for func to use
puppet certificates w/o breaking any of the other features of func. So I
may ask you to test some code with the minion delegation feature before I
check it in, if you're willing to. And I'd like to make sure ssalevan's
new code is included.
Thank you,
-sv
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
