help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Configuration now working... [Was Re: Configuration Nightmare]

From: Cory Omand
Subject: Configuration now working... [Was Re: Configuration Nightmare]
Date: Wed, 26 May 2004 18:22:01 -0700 
On Wed, 2004-05-26 at 14:50, Luke A. Kanies wrote:
> cfagent and cfservd are separate processes and neither parses the other's 
> config file; thus, all necessary information must be duplicated between 
> cfservd.conf and cfagent.conf, although you can now import within 
> cfservd.conf (starting around 2.1.3, I think), so you could do all group 
> definitions in an imported file.

The documentation for import says:

"Note that, if you define variables in an imported file they will not be
defined for operations in their parent files. This because cfengine
reads in all the import files after the main file has been parsed--not
at the place where you call import in your script. This means that
variables or macros defined in imported files are only defined after the
main program. Variables from earlier files are inherited by later
includes, but not vice-versa."

So, in this case, I cannot import a file which defines groups which are
used in the file which did the import.  Is this still current for
2.1.3+, or is the doc out of date.

> Please let me know if you have any further questions; feel free to email 
> me personally.

Thanks -- your reply has got me back on track.  I was losing hope ;). 
My next big issue is bootstrapping, which I realize is the topic of your
next ONLamp article.  This is my main concern, as I need this to happen
automatically on the last phase of a Solaris Jumpstart operation.

We frequently release new client OS images, and if we regenerated the
client key every time the image was changed, we would have to update the
public key on the server manually, correct?

How do other people work around this?  As my setup is isolated, network
wise, from any outside attackers, I was considering just using trust to
allow any client to request updates from the server.  Of course, I say
that without really knowing how to do it -- I've just seen some
conversations regarding trust setups on this list, but have no
details...

Thanks again,
Cory.


P.S. Is there somewhere to find examples of real-world configurations
*other* than the iu example in the reference material?



-- 
______________________
C. Omand
Sun Microsystems, Inc.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]