Ohad, Did you see func ? https://fedorahosted.org/func/
[]s On Sat, Apr 4, 2009 at 3:45 AM, Geoff Newell <geoffnew...@gmail.com> wrote: > We use something similar. All our servers have the UCE agent installed. So > we can initiate a puppetd run via UCE when required for > 1. Reporting > 2. Urgent updates > 3. Standard updates. > And UCE is ratified by our security bods. Sure UCE is clunky but you have to > use the tools you've got. > > Geoff. > On 3 Apr 2009, at 05:42, Ohad Levy <ohadl...@gmail.com> wrote: > > > > On Thu, Apr 2, 2009 at 11:51 AM, chakkerz <chakk...@gmail.com> wrote: >> >> >> for hosts in `puppetca --list --all | grep ^+ | cut -d ' ' -f 2` >> do >> ssh $hosts sudo puppetd -vt >> done > > > sure, I know / do this, but I though that one of the goals of puppet is to > avoid ssh and a for loop.... > but seriously, what happens if ssh doesn't work? ( I mean, usually you need > push when something is broken) > > or you need to deploy something only on a subset of machines, restart a > service, or whatever? > >> >> but a push architecture is significantly more security vulnerable... >> on the bright side though, if your central configuration host is >> compromised, it being able to ssh to hosts is the least of your >> worries (why attack individual hosts if you have the master key?) > > why care about the master key when you can simply change the puppet manifest > ? ;) >> > > Ohad > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
