On Thu, Apr 2, 2009 at 11:51 AM, chakkerz <[email protected]> wrote:
> > > for hosts in `puppetca --list --all | grep ^+ | cut -d ' ' -f 2` > do > ssh $hosts sudo puppetd -vt > done sure, I know / do this, but I though that one of the goals of puppet is to avoid ssh and a for loop.... but seriously, what happens if ssh doesn't work? ( I mean, usually you need push when something is broken) or you need to deploy something only on a subset of machines, restart a service, or whatever? > but a push architecture is significantly more security vulnerable... > on the bright side though, if your central configuration host is > compromised, it being able to ssh to hosts is the least of your > worries (why attack individual hosts if you have the master key?) > why care about the master key when you can simply change the puppet manifest ? ;) > > Ohad --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
