help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfengine ran from redhat kickstart file


From: David Douthitt
Subject: Re: cfengine ran from redhat kickstart file
Date: Wed, 25 Sep 2002 12:02:04 -0500
User-agent: Mutt/1.4i

On Wed, Sep 25, 2002 at 08:25:53AM +0200, Mark.Burgess@iu.hio.no wrote:
> 
> > ...at the end - so I've been trying to get it working from the shell prompt.
> > 
> > I could never get the "TrustKeysFrom" to work, neither on the master
> > nor on the client.  Here's the questions I would have in this situation:
> > 
> > * What goes into TrustKeysFrom?  Clients?  The master?  Both?  Neither?  Do 
> > the
> >   client and master configurations use the same TrustKeysFrom?
> >   What does the client use it for?  What does the master use it for?
> > 
> > * Does cfservd have to be running on the client?
> > 
> > * Does cfservd have to be running on the master?
> > 
> > * Does the client require the master's key to start?
> > 
> > * Does the master require the client's key to respond?
> > 
> > * Does cfservd.conf have to have the client in AllowConnections from in 
> > order
> >   to allow connections from the client?
> > 
> > * Does cfservd.conf have to have the client in admit: from in order
> >   to allow the client to access /var/cfengine and subdirectories?
> > 
> > None of this seems to be well explained anywhere.  What would be nice,
> > as someone suggested, was a step by step guide.  The URL previously
> > mentioned doesn't give you a guide on how to configure a brand new client
> > to use a master and to boot strap it and so forth.
> 
> I think this is a it exaggerated, but I will try to write a how-to
> on this. It will have to be in skeleton form and someone else
> can flesh it out. I'm snowed under at the moment.

I discovered some of my troubles and actually got it to work.  Here is
the steps I would recommend:

    - On the (preconfigured) Master:
         * Add the new host's IP address to cfservd.conf:
             1. TrustKeysFrom
             2. AllowConnectionsFrom
             3. admit: (or grant: )
         * Make sure cfservd is running

    - On the new host:
        * Install cfengine
        * Install /var/cfengine/inputs/update.cfg
        * Install the master's public key to
          /var/cfengine/ppkeys/root-<masterIP>.pub
        * Run cfagent

Does this match up with what you know?

I put the public key into the Red Hat kickstart post-config script,
as well as a copy of update.conf, by using the shell construct:

cat - <<'!*' > /var/cfengine/inputs/update.conf
....
!*

...and...

cat - <<!* > /var/cfengine/ppkeys/root-10.0.0.1.pub
....
!*

Now it works like a charm.  cfengine is fantastic once you learn its
quirks and details.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]