[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bootstrapping
From: |
Jamie Wilkinson |
Subject: |
Re: Bootstrapping |
Date: |
Fri, 20 Feb 2004 09:09:41 +1100 |
User-agent: |
Mutt/1.5.5.1+cvs20040105i |
This one time, at band camp, Luke A. Kanies wrote:
>Anyone else have any stories of how they bootstrap their cfengine clients?
>How do you solve the above problems? I hope to incorporate some different
>ideas and solutions into my article, so give me anything you think
>cfengine newbies should know about.
I'm currently using Red Hat's kickstart to bootstrap my servers, and
I've tied in the cfengine bootstrap to that.
At the end of the kickstart, the %pre section installs a homegrown
cfengine RPM, and writes a default update.conf. The update.conf
contains enough to specify server, domain, and trust levels.
The procedure mostly goes like this:
* set up DNS for the new server
* modify cfservd.conf in subversion, adding the TrustKeysFrom variable
in the right place. roll that out to the server.
* kickstart
* after cfengine has finished, remove the TrustKeysFrom and roll that
out again.
So there's a window of trust for one IP only, which is taken fairly
quickly; it isn't ideal but it works.
The newly copied update.conf has some more secure settings, e.g. no
trustkey, so the bootstrapping update.conf only exists during kickstart.
--
jaq@spacepants.org http://spacepants.org/jaq.gpg
- Re: Bootstrapping, (continued)
- Re: Bootstrapping, John Sechrest, 2004/02/19
- Re: Bootstrapping <= LDAP and authority, Chip Seraphine, 2004/02/19
- Re: Bootstrapping, Mark . Burgess, 2004/02/19
- Re: Bootstrapping, Luke A. Kanies, 2004/02/19
- Re: Bootstrapping, Nate Campi, 2004/02/19
- Re: Bootstrapping, John Sechrest, 2004/02/19
- Re: Bootstrapping, Nate Campi, 2004/02/19
- Re: Bootstrapping, Russell Adams, 2004/02/19
- Re: Bootstrapping, Jamie Wilkinson, 2004/02/19
- Re: Bootstrapping, Chip Seraphine, 2004/02/20
Re: Bootstrapping,
Jamie Wilkinson <=
Re: Bootstrapping, Luke A. Kanies, 2004/02/16