On Tue, Nov 20, 2012 at 10:02:39AM +0000, "Jóhann B. Guðmundsson" wrote: > On 11/20/2012 09:02 AM, Adam Spragg wrote: > >On Tuesday 20 Nov 2012 01:21:54 Lennart Poettering wrote: > >>My intention was to speak only HTTP for all of this, so that we can > >>nicely work through firewalls. > >Wait, I thought one of the guiding principles of systemd was to do things The > >Right Way, and not use ugly workarounds for other people's brokenness. > > > >If admins want to send network traffic over a port, and their firewall is > >preventing them, surely the problem is in the firewall, and the firewall > >should be fixed? Making everything HTTP-friendly to get around broken > >firewall > >policies is an ugly workaround which just helps perpetuate the problem. > > Agreed + you dont want to use ssh to do this ether I think that firewalls are just one of the reasons... I think that we want to have SSL-encrypted communciations by default, and then the specific protocol used above that is invisible to the firewall anyway.
Having multiple "transports" isn't really a problem -- it is mostly a matter of hooking into some library. HTTP is already spoken by systemd-journal-gatewayd, and SSH is useful because everybody already has it set up. > >Not to mention the fact that HTTP is a horrible protocol for almost anything > >except serving up web pages. It's effectively implements a basic > >request/response datagram protocol (albeit with arbitrarily large "packets"), > >which can only be initiated from one side, but with the overhead of HTTP > >headers and the creation of a TCP connection. If encryption is used, TCP connection overhead is negligible. And we only want mostly one-way communication anyway. > I somehow always imagined remote systemd and systemd journal > integration being handle in similar manner as func [1] and > certmaster[2] are doing. > > 1. https://fedorahosted.org/func/ > 2. https://fedorahosted.org/certmaster/ Certmaster looks great: maybe it can be used to solve the problem of certificate distribution. Zbyszek _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
