[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Distributing static content



On Fri, 2007-05-25 at 12:08 -0400, seth vidal wrote:

> How about you use the puppet cert it makes on the client for auth and
> see if we can have wget or urlgrabber or curl use it to talk to
> mod_auth_cert on apache.
> 
> Then we'd have a secure-auth + good static content replication.

+1

It also keeps you from increasing the number of *keys that need to be
tracked and distributed to hosts -- with rsync + ssh, you have to manage
the sshkey relationship for *all* hosts.  Since the _content_ isn't
secret but we do have a desire to ensure the host is authentic, this
idea is the best so far.  It uses known and working secure-auth, and
lets you deploy content to hosts that you don't want to have an sshkey
relationship with.

A related item is the trigger for content pushing.  There are two
general situation when we want to push out new content:

1. I'm updating something, no worries
2. I really, really want/need to see the change RIGHT NOW

I presume puppet has something for this with configurations.

Personally, I'd be comfortable with a longer lead-time on a cronjob from
the subservient host (two to four times an hour), if it were possible to
push a Big Red Button and have content updated from the master
immediately.

Open for suggestions on methodology, natch. :)

- Karsten
-- 
   Karsten Wade, 108 Editor       ^     Fedora Documentation Project 
 Sr. Developer Relations Mgr.     |  fedoraproject.org/wiki/DocsProject
   quaid.108.redhat.com           |          gpg key: AD0E0C41
////////////////////////////////// \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]