Distributing static content

Karsten Wade kwade at redhat.com
Fri May 25 22:39:23 UTC 2007


On Fri, 2007-05-25 at 12:08 -0400, seth vidal wrote:

> How about you use the puppet cert it makes on the client for auth and
> see if we can have wget or urlgrabber or curl use it to talk to
> mod_auth_cert on apache.
> 
> Then we'd have a secure-auth + good static content replication.

+1

It also keeps you from increasing the number of *keys that need to be
tracked and distributed to hosts -- with rsync + ssh, you have to manage
the sshkey relationship for *all* hosts.  Since the _content_ isn't
secret but we do have a desire to ensure the host is authentic, this
idea is the best so far.  It uses known and working secure-auth, and
lets you deploy content to hosts that you don't want to have an sshkey
relationship with.

A related item is the trigger for content pushing.  There are two
general situation when we want to push out new content:

1. I'm updating something, no worries
2. I really, really want/need to see the change RIGHT NOW

I presume puppet has something for this with configurations.

Personally, I'd be comfortable with a longer lead-time on a cronjob from
the subservient host (two to four times an hour), if it were possible to
push a Big Red Button and have content updated from the master
immediately.

Open for suggestions on methodology, natch. :)

- Karsten
-- 
   Karsten Wade, 108 Editor       ^     Fedora Documentation Project 
 Sr. Developer Relations Mgr.     |  fedoraproject.org/wiki/DocsProject
   quaid.108.redhat.com           |          gpg key: AD0E0C41
////////////////////////////////// \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20070525/7e3473cd/attachment.sig>


More information about the Fedora-infrastructure-list mailing list