Forum: Cfengine Help Subject: Re: Question about keys and trust Author: mlebel Link to topic: https://cfengine.com/forum/read.php?3,16739,16756#msg-16756
Neil, Ok so lets step back: What I need is for a host to copy specific files from a host that is running a known application accessible by a well known DNS entry. The application can run on different host over time (i.e. it can be stopped and restarted on a different host within the same cluster) and the host requesting the files does not know on which physical host the application is currently running nor can it find it out. Note that the files exists on all host of the cluster but the one deemed good are the one that are on the host running the application. So what would your proposal be knowing that when the application changes host it has the same IP and DNS entry but runs on a different host breaking the key authetification trust since it is base on the server and not on the virtual address. My reading of skipverify are for physical host that changes IP. (i.e. their public and private key remain the same across reboots only their IP changes). When an application restart on a different host it is like its private/public key have changed. Marco _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
