Some of the configuration files created and modified on the master needs to be
synchronized to all agent hosts. Examples of this are
tl-desktop-customizer.hconf, all files under /opt/thinlinc/desktops, files
created by the KDE Kiosk Tool, VSM Server configuration in a HA setup etc.
We do provide one way to do this - tl-rsync-all, but in order to use it, either
passwordless ssh + cron must be used which is bad security practice (a malicious
attacker gaining access to the VSM server host will have access to all hosts),
or one must login to the master and run a command, which is not very
This bug is now a blocker for the GUI bug 2078. This bug should only cover the actual mechanism and command line tool.
IMHO, I don't think that the SSH publickey requirement is a big problem. I doubt that we can create another mechanism that is more secure.
I think that it would be very useful with some kind of sync script. In Alingsås, I created such a script on top of tl-rsync-all, with the obvious name "alingsynk". It synced a selected set of files and directories, such as /opt/thinlinc/desktop and xstartup.d. For the latter dir, it's important to correctly handle the symbolic links.
It might be useful to solve bug 2561 also, which would allow one to typically use the same vsmagent.hconf on all machines.
Perhaps lsyncd could be worth a look:
Instead of synchronising files we can also consider using some form of distributed database to store the configuration. A text based interface might still be possible (e.g. like ldapvi) even if the data is no longer stored as modifiable text files.
One example would be etcd that is popular in the container world: