On 2014-04-15 20:01, Paul Graydon wrote:
At my last place we had a chef cookbook set up that pulled public keys out of a chef databag. Every server, virtual or physical, included a core cookbook that enforced certain standards across the fleet, which in turn ingested the public key cookbook. Within an hour of checking the new key in, every server would have picked it up, and the old key would have been expired. Having it automated in such a simple way allowed us to easily expand it to handle other conditions, e.g. if the server was a virtual one in a public cloud, require our cloud specific ssh keys. The additional workload on the server and client was pretty negligible.
That's where having a pull mechanism such as puppet or chef is nice, but for eveyrthing else, push is better, and ansible suits what we are doing better. I really don't want to have another conf manager system in the mix.
-- Yves. _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
