Forum: Cfengine Help Subject: Re: Question about keys and trust Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,16739,16761#msg-16761
Now I think I see. It sounds to me as though you have a cfservd process running on each cluster node. You want a client to pull from the node that has the VIP. However, each node has its own Cfengine key pair thus making the agent wary and mistrusting. I'm still not fond of making the keys the same for each node. Perhaps Mark can comment for us. Another option might be to cluster a cfservd service on another port in addition to the regular service on each node. That's a lot of work but I think it would work. I assume you are pulling from a some sort of share storage. How is the storage setup? Is there any way another host could get read only access? _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
