I don't know that I can do a diagram for you at the moment, but i can try to address the questions... inline below:
On Thu, Feb 10, 2011 at 15:21, Joel Krauska <jkrauska@xxxxxxxxx> wrote:
Can someone throw together a simple diagram explaining how func should be setup?
Questions I have that a nice diagram would explain in 10 seconds:
- Does certmaster daemon need to be running on minions and the overlord or just the overlord?
Short Answer: certmaster should only be running on overlord(s).
Long Answer that you can ignore if 1 overlord is enough for you: You can have multiple levels deep via delegation, meaning that several overlords can act as minions of a higher overlord. However at this point I do not suggest more than 2 level of overlords deep based on my current experiences (and if anyone is doing so please contact me, I'd love to talk!)
- Does funcd daemon need to be running on minions and the overlord or just the minions?
Short answer: funcd only runs on minions.
Long Answer that you can ignore if 1 overlord is enough for you: If you use delegation then then any overlord that reports back to another overlord should be running both certmaster and funcd. It acts as a minion to the higher overlord (thus funcd), and an overlord to its minions (thus certmaster).
Re: Configs:
I put the hostname of the overlord in the /etc/certmaster/minion.conf on a minon, but how else do I signal to funcd who's supposed to be acting as a minion and who's supposed to be acting as an overlord?
Your overlord is running certmaster, and its name is placed as the certmaster in /etc/certmaster/minion.conf on all of its minions. that is all you should have to do to assign the relationship. To make it function you must either enable autosign or manually sign the certificate requests. The InstallAndSetupGuide shows you the individual commands. https://fedorahosted.org/func/wiki/InstallAndSetupGuide
If you have a fairly flat network with minimal WAN attached systems that you are attempting to control you are probably good without delegation, so as I suggested above, ignore those statements.
does this help?
-greg
_______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list
