On Tue, Nov 22, 2005 at 12:59:01PM +0100, Tomasz Chmielewski wrote: > I'm new to cfengine and I'm just starting to read about it. > > I have a "master" server thet can connect to the other servers using > SSH, but "slaves" can't connect to the master. > > Will I still be able to use cfengine? After reading the docs, I'm still > not sure if I can: > > - use SSH *only* (no NFS etc.) for cfengine > - if one-way SSH (from master to slave) will be enough
You can do it, but it's no longer a client "pull" system (as has already been mentioned). I've implemented the same process -- I just run cfagent through ssh, and set up a tunnel from the client back to the server over SSH, and tell the client to talk to cfservd on 127.0.0.1. The SSH tunnel ensures that when the client is "talking to itself", it's actually talking to the master server. Some care is needed with the keys, but it's not brain surgery if you read and understand the relevant parts of the cfengine reference manual. - Matt _______________________________________________ Help-cfengine mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-cfengine
