On Fri, Feb 08, 2008 at 08:48:30PM +0100, Matt wrote: > Alexander Hall schreef: > >Marti Martinez wrote: > >>Do the rsync over SSH -- unless you don't allow root ssh access? > > > >I think that was the "solution" Matt tried to avoid. I suppose he does > >not seem confident with (automated) root access/logins from other boxes. > > > I'd like to avoid root access as OpenBSD disables it by default for a > good reason. But so far it seems the most maintainable solution. > I was just wondering what other people (specifically those using CARP > fail-over setups) use, > but I guess the obvious answer is rsync over ssh.
You could, with some work, do it differently. On the source box, make a tarball of what you want on the destination box. This preserves the ownership of the files. Rsync this over as whatever user. Have a process on the target box, running as root, extract the tarball into place. Since you don't want root access, you probably want some means of verifying on the target that the tarball is authentic. You could use OpenSSL enc to encrypt a file containing the MD5 (or the whole tarbarll could be encrypted) symetrically with a common password known to both the source and target boxes. Doug.
