Distributing static content
Karsten Wade
kwade at redhat.com
Fri May 25 22:39:23 UTC 2007
On Fri, 2007-05-25 at 12:08 -0400, seth vidal wrote:
> How about you use the puppet cert it makes on the client for auth and
> see if we can have wget or urlgrabber or curl use it to talk to
> mod_auth_cert on apache.
>
> Then we'd have a secure-auth + good static content replication.
+1
It also keeps you from increasing the number of *keys that need to be
tracked and distributed to hosts -- with rsync + ssh, you have to manage
the sshkey relationship for *all* hosts. Since the _content_ isn't
secret but we do have a desire to ensure the host is authentic, this
idea is the best so far. It uses known and working secure-auth, and
lets you deploy content to hosts that you don't want to have an sshkey
relationship with.
A related item is the trigger for content pushing. There are two
general situation when we want to push out new content:
1. I'm updating something, no worries
2. I really, really want/need to see the change RIGHT NOW
I presume puppet has something for this with configurations.
Personally, I'd be comfortable with a longer lead-time on a cronjob from
the subservient host (two to four times an hour), if it were possible to
push a Big Red Button and have content updated from the master
immediately.
Open for suggestions on methodology, natch. :)
- Karsten
--
Karsten Wade, 108 Editor ^ Fedora Documentation Project
Sr. Developer Relations Mgr. | fedoraproject.org/wiki/DocsProject
quaid.108.redhat.com | gpg key: AD0E0C41
////////////////////////////////// \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20070525/7e3473cd/attachment.sig>
More information about the Fedora-infrastructure-list
mailing list