Forum: Cfengine Help Subject: Re: Question about keys and trust Author: mlebel Link to topic: https://cfengine.com/forum/read.php?3,16739,16762#msg-16762
Neil, I thought of your suggestion but if my understanding of key exchange is correct I would still end up with mistrust since on the first key exchange, the local public key of the server on which the application is running would map to the VIP of the application assuming trustkey was enabled. Then once the application is bounced to a different server I would be back with the same dilemma the key that the new server is proposing for the application VIP(the server local public key) would not match the one that was provided by the initial server. Hence my proposal to make all of the private/public key of my cluster identical. Marco btw: It would be impractical for me to have one cf-serverd per application each mapping a different port I have well over 100 applications of that type running on one cluster and I have multiple cluster to manage... I can only imagine the nightmare of managing all this... and on top of this I am not even sure you can run multiple cf-serverd on a host... can you? _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
