Re: cfengine ran from redhat kickstart file

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfengine ran from redhat kickstart file

From:	David Douthitt
Subject:	Re: cfengine ran from redhat kickstart file
Date:	Tue, 24 Sep 2002 19:53:22 -0500
User-agent:	Mutt/1.4i

On Tue, Sep 24, 2002 at 03:14:20PM -0400, Hugo Gayosso wrote:

> In my kickstart I don't run cfengine directly, I copy a shell script
> that will be executed next time the machine is rebooted (which is
> immediately after doing the basic install).
> 
> Ok, enough background, the fact is that this script first "bootstraps"
> cfengine by doing:
> 
> # Bootrstrapping cfengine
> ## Generate authentication keys
>       /usr/local/sbin/cfkey
> ## Store public key from policy host (mypolicyhost)
>       cat <<EOF_cfphkey > /var/cfengine/ppkeys/root-IP-FROM-POLICY-HOST.pub
> - -----BEGIN RSA PUBLIC KEY-----
> MIIBCAKCAQEAqmqLZekTpl8qvfte3SdHt1J1GhAOommQg20OAOkTvzrS9j8Ui4w2
> llhtervIR+mkshfkdhjskdfhsjmns9T8dr7wxR7SliWiU+a6/H24xtKYecvHNWfH
> Mlwzxq6PH6DWXjWOBDBBvWCpBvSQIM0N8lFwN1TFH1wWDTEuXTnXT3NLVwkqBKGt
> 5Rt3Aj5rNYkoxg1j0sdkfljhskj sjsx4Zu95ldkcZI6kPEB01HwWoc97Xaj0b2V
> dNFtvk92YkwLNzoWfV3EcIqBGDZOaxMlZLW8/smrB6TH2tCVy0i/vewX7DDKLED1
> LCm4bISv2lsmxifcXosS2Yp5L8ydEsEQ7wIBIw==
> - -----END RSA PUBLIC KEY-----
> EOF_cfphkey
> 
> 
> Then I call cfagent in different ways (to enable specific classes):
> 
> e.g:
>       /usr/local/sbin/cfagent -DinstallRPMs

> and everything works fine.

This is what I'm working on right now!

I'm trying to run it from my kickstart file, and I had a:

read X?"Press [ENTER] to continue..."

...at the end - so I've been trying to get it working from the shell prompt.

I could never get the "TrustKeysFrom" to work, neither on the master
nor on the client.  Here's the questions I would have in this situation:

* What goes into TrustKeysFrom?  Clients?  The master?  Both?  Neither?  Do the
  client and master configurations use the same TrustKeysFrom?  What does the 
client
  use it for?  What does the master use it for?

* Does cfservd have to be running on the client?

* Does cfservd have to be running on the master?

* Does the client require the master's key to start?

* Does the master require the client's key to respond?

* Does cfservd.conf have to have the client in AllowConnections from in order
  to allow connections from the client?

* Does cfservd.conf have to have the client in admit: from in order
  to allow the client to access /var/cfengine and subdirectories?

None of this seems to be well explained anywhere.  What would be nice,
as someone suggested, was a step by step guide.  The URL previously
mentioned doesn't give you a guide on how to configure a brand new client
to use a master and to boot strap it and so forth.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: cfengine ran from redhat kickstart file, Hugo Gayosso, 2002/09/24
- Re: cfengine ran from redhat kickstart file, David Douthitt <=
  - Re: cfengine ran from redhat kickstart file, Mark . Burgess, 2002/09/25
    - Re: cfengine ran from redhat kickstart file, David Douthitt, 2002/09/25
    - Cfengine key exchange, Mark . Burgess, 2002/09/25
    - Re: Cfengine key exchange, David Douthitt, 2002/09/25
- Re: cfengine ran from redhat kickstart file, Juha Ylitalo, 2002/09/25
- RE: cfengine ran from redhat kickstart file, Lumpkin, Buddy, 2002/09/26

Prev by Date: Re: cfengine ran from redhat kickstart file
Next by Date: Re: cfengine ran from redhat kickstart file
Previous by thread: Re: cfengine ran from redhat kickstart file
Next by thread: Re: cfengine ran from redhat kickstart file
Index(es):
- Date
- Thread