[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cfengine ran from redhat kickstart file
From: |
David Douthitt |
Subject: |
Re: cfengine ran from redhat kickstart file |
Date: |
Wed, 25 Sep 2002 12:02:04 -0500 |
User-agent: |
Mutt/1.4i |
On Wed, Sep 25, 2002 at 08:25:53AM +0200, Mark.Burgess@iu.hio.no wrote:
>
> > ...at the end - so I've been trying to get it working from the shell prompt.
> >
> > I could never get the "TrustKeysFrom" to work, neither on the master
> > nor on the client. Here's the questions I would have in this situation:
> >
> > * What goes into TrustKeysFrom? Clients? The master? Both? Neither? Do
> > the
> > client and master configurations use the same TrustKeysFrom?
> > What does the client use it for? What does the master use it for?
> >
> > * Does cfservd have to be running on the client?
> >
> > * Does cfservd have to be running on the master?
> >
> > * Does the client require the master's key to start?
> >
> > * Does the master require the client's key to respond?
> >
> > * Does cfservd.conf have to have the client in AllowConnections from in
> > order
> > to allow connections from the client?
> >
> > * Does cfservd.conf have to have the client in admit: from in order
> > to allow the client to access /var/cfengine and subdirectories?
> >
> > None of this seems to be well explained anywhere. What would be nice,
> > as someone suggested, was a step by step guide. The URL previously
> > mentioned doesn't give you a guide on how to configure a brand new client
> > to use a master and to boot strap it and so forth.
>
> I think this is a it exaggerated, but I will try to write a how-to
> on this. It will have to be in skeleton form and someone else
> can flesh it out. I'm snowed under at the moment.
I discovered some of my troubles and actually got it to work. Here is
the steps I would recommend:
- On the (preconfigured) Master:
* Add the new host's IP address to cfservd.conf:
1. TrustKeysFrom
2. AllowConnectionsFrom
3. admit: (or grant: )
* Make sure cfservd is running
- On the new host:
* Install cfengine
* Install /var/cfengine/inputs/update.cfg
* Install the master's public key to
/var/cfengine/ppkeys/root-<masterIP>.pub
* Run cfagent
Does this match up with what you know?
I put the public key into the Red Hat kickstart post-config script,
as well as a copy of update.conf, by using the shell construct:
cat - <<'!*' > /var/cfengine/inputs/update.conf
....
!*
...and...
cat - <<!* > /var/cfengine/ppkeys/root-10.0.0.1.pub
....
!*
Now it works like a charm. cfengine is fantastic once you learn its
quirks and details.
Re: cfengine ran from redhat kickstart file, Juha Ylitalo, 2002/09/25