On Wed, May 18, 2011 at 10:12 AM, Andrey Bondarenko <abon...@mail.ru> wrote: >> You lost me after you said 'force policy updates'. >> This is not the Cfengine way. > > "To force" is probably wrong word. I wan't to notify agents that > the policy definition was updated. I beleive that notifying agents > about policy updates and allowing them to obtain new versions > inputs by admin signal is better than periodical checks and scheduled > updates in many cases. At least, it reduces time lag between the time > the policy was updated on a server and time when it is applied by > agents. Why it is not the Cfengine way? What is wrong with it?
Dear Andrey, Let's say you have 200 end nodes. 2 of them are down for maintenance. You have 198 nodes online. You notify all your agents online that the policy definition has been updated and they download and run the new policy. Now your 2 agents come back online, maybe they got new memory or a hard drive was replaced, whatever. They missed your notification and they are still running the old policy! Contrast the Cfengine way -- nodes pull down the policy periodically. The 198 agents get the new policy within 5 minutes. (That's the default check interval.) The 2 agents get the new policy within 5 minutes of coming back online. Very workable approach. Scalable. As a sysadmin, I find this a very elegant solution to managing configuration in a distributed system, with many possibly moving parts (servers going on and off line). Best, Aleksey _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
