Updating core by rsync
19 views
Skip to first unread message
Christian Linden
Apr 27, 2016, 10:09:20 AM4/27/16
to help-cfengine
Hi,
for the case there're several hubs and /var/cfengine gets rsynced from one "sourcehub" to all others..
If I update that source hub.. =) Will the other hubs get updated by the next rsync, right?
Maybe better to "service cfengine3 restart"..
Thanks,
Chris
Nick Anderson
Apr 27, 2016, 10:13:50 AM4/27/16
to help-c...@googlegroups.com
On 04/27/2016 09:09 AM, Christian Linden wrote:
> Hi,
>
> for the case there're several hubs and /var/cfengine gets rsynced from
> one "sourcehub" to all others..
> If I update that source hub.. =) Will the other hubs get updated by the
> next rsync, right?
If your rsync job is working it probably would.
> Hi,
>
> for the case there're several hubs and /var/cfengine gets rsynced from
> one "sourcehub" to all others..
> If I update that source hub.. =) Will the other hubs get updated by the
> next rsync, right?
Just curious, do you have an rsync job on your one "sourcehub" to *push*
the policy to other hubs, or do your other hubs *pull* from your
"sourcehub".
> Maybe better to "service cfengine3 restart"..
Christian Linden
Apr 27, 2016, 10:21:07 AM4/27/16
to Nick Anderson, help-c...@googlegroups.com
I’ve an rsync job pushing from source, it’s the complete /var/cfengine directory including the policy.
The others can’t pull from where they are, this is why they do exist.
Great easy updating! =)
The others can’t pull from where they are, this is why they do exist.
Great easy updating! =)
Nick Anderson
Apr 27, 2016, 10:26:33 AM4/27/16
to Christian Linden, Nick Anderson, help-c...@googlegroups.com
On 04/27/2016 09:21 AM, Christian Linden wrote:
> I’ve an rsync job pushing from source, it’s the complete /var/cfengine directory including the policy.
> The others can’t pull from where they are, this is why they do exist.
I think pushing the entirety of /var/cfengine is a *bad* idea.
> I’ve an rsync job pushing from source, it’s the complete /var/cfengine directory including the policy.
> The others can’t pull from where they are, this is why they do exist.
There are logs and state files and embedded databases. Those things
should not be shared between hubs.
Distributing the policy itself makes sense.
Distributing other directories that you may have created under
/var/cfengine makes sense.
Distributing /var/cfengine/ppkeys *might* make sense, or it might not
depending on the specifics of your environment.
Distributing /var/cfengine/ppkeys/localhost* will result in the
conflation of your hub identities. Maybe that's what you want, maybe not.
Christian Linden
Oct 11, 2016, 7:24:01 AM10/11/16
to help-cfengine, lindo...@gmail.com, nick.a...@cfengine.com
In which conditions does it make sense to distribute /var/cfengine/ppkeys?
And in which to conflate their identities? If one is too weak? In order to loadbalance one big hub with several small ones?
If the hubs can't reach each other due to firewalls it's a bad idea to conflate their identities, right?
c
Reply all
Reply to author
Forward
0 new messages