Le 06/07/2012 18:07, Luke Kanies a écrit :
On Jul 6, 2012, at 1:40 AM, DEGREMONT Aurelien wrote:
Le 05/07/2012 19:00, Daniel Pittman a écrit :
That would ... probably not show a lot of short-term performance gain
for you. The static compiler,
We tested (and proposed some fixes (pull request #769)) and that looks
interesting but static compiler as some bad side effect which are removing some
nice aspect of Puppet.
We like that Puppet, through fileserver, can filter file access based on the
certificate information. We use it to strictly prevent client to access files
they should not.
With static compiler, puppet agent is now accessing file through the filebucket
which does not have such separation. Any client can access all files in the
filebucket we cannot filter this.
It could be nice if static compiler can insert file metadata checksum the
catalog as it already does to reduce agent/master traffic but still keep a file
source that agent can use to retrieve file from the fileserver when needed.
In order to retrieve a file from a filebucket, you must first know the checksum
of that file's content, and to know that, you must (generally) know the actual
content.
We can list the filebucket content (ticket #4871). File bucket is much more
usefull with that.
But you can also bruteforce the filebucket and get all its content.
Filebucket is much nicer for that. This is one the reason we chose to use Puppet. Anyway, It does not seem very
difficult to return in the catalog, the sourcelist AND the computed checksum, instead of only one of those (depending on
static compiler behing enabled or not). The puppet agent can check the checksum and retrieve the file from the
fileserver as it does usually. It seems 99 % of the code is already there :) just a mix of both mode :)
Aurélien
--
You received this message because you are subscribed to the Google Groups "Puppet
Developers" group.
To post to this group, send email to puppet-dev@googlegroups.com.
To unsubscribe from this group, send email to
puppet-dev+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en.
