Re: anyone running cfengine2 on debian sarge?

[Pau Capdevila/Upcnet]

I have to say that I began using cfengine
compiled from source and had no problem when i sarted using the debian
package.
There is many people that has problems
with the debian way to store things. I feel comfortable with it although
I'm rather new at the distro.

This is my base setup:

#########################################################
#
# /etc/cfengine/cfservd.conf for the
CLIENTS
#
# pau.papdevila@upcnet.es 20040223
#
#
#########################################################

control:

  # Definició de variables globals

  domain = ( domain.edu )
  AllowUsers = ( root )
  AllowConnectionsFrom = ( 197.85
)
  cfrunCommand = ( "/usr/sbin/cfagent"
)
  TrustKeysFrom = ( 197.85 )
  SkipVerify = ( 147.85 )
  LogAllConnections = ( true )
  IfElapsed = ( 1 )
  ExpireAfter = ( 15 )
  MaxConnections = ( 50 )
  MultipleConnections = ( true
)

#########################################################

grant:

  # Permetre la invocació de cfagent
des del servidor

  /usr/sbin/cfagent  *.domain.com

########
#
# END cfservd.conf
#
########

____________________________________________________________


########
# BEGIN update.conf
#
# /etc/cfengine/update.conf for the
CLIENTS
# 
# Pau Capdevila 20040611
#
#######

control:

 actionsequence  = ( copy
)                    
                # Keep this simple
and constant

 domain        
 = ( domain.com )              
                    #
Needed for remote copy
 smtpserver      =
( smtp.domain.com )
 sysadm        
 = ( cfadmin@smtp.domain.com )
 policyhost      =
( smtp.domain.com  )              
          # File server
 master_cfinput  = ( /var/lib/cfengine2/masterfiles/inputs
)    # Remote repository
 repository      =
( /var/lib/cfengine2/outputs )            
          # Local repository for junk files and
so on (.cfsaved files)

############################################################################

copy:          
                     
                     
    # Download cfagent.conf

     $(master_cfinput)/cfagent.conf
   dest=/etc/cfengine/cfagent.conf
           
                     
     mode=600
           
                     
     server=$(policyhost)
           
                     
     force=true            
  # Make sure you have the latest version
           
                     
     trustkey=true            

#######
#
# END update.conf
#
#######

______________________________________________________________________________________

#########################################################
#
# /etc/cfengine/cfservd.conf for the
server
#
# Pau Capdevila 20040218
#
#########################################################

control:

  domain = ( domain.com )
  TrustKeysFrom = ( 197.85 )
  AllowUsers = ( root )

any::

  IfElapsed = ( 0 )
  ExpireAfter = ( 15 )
  MaxConnections = ( 50 )
  MultipleConnections = ( true
)

#########################################################

grant:

   # Grant access to all hosts
at example.org.
   # Files should be world
readable

   /var/lib/cfengine2/masterfiles/inputs
  *.domain.com


########
#
# END cfservd.conf
#
########

Contributions are welcome.

cu


On date 01/07/2004 17:26:23  help-cfengine-bounces+pau.capdevila=upcnet.es
wrote:

>Hello Andrew, Brendan,
>
>first thank you for all the replies. After two weeks, I didn't expect
>anything to come ;-)
>
>Andrew Stribblehill wrote:
>> Quoting Brendan Strejcek <brendan@cs.uchicago.edu> (2004-06-29
20:41:20
>BST):
>>> Karsten Heymann wrote:
>>> > I'm trying to deploy cfengine2 on Debian Sarge and am
having some
>>> > questions about the install-defaults of the debian package.
Especially
>>> > I am wondering wether its default filesystem layout -
workdir is
>>> > /var/lib/cfeninge2, /var/lib/cfengine2/inputs is a symlink
to
>>> > /etc/cfengine and /var/lib/cfengine2/bin is a symlink
to /usr/sbin --
>>> > makes any sense.
>>
>> What would you suggest? I have to keep Cfengine to the FHS and
that
>> means having binaries available from /usr/{s,}bin and config files
from
>> /etc. Equally, I don't want to diverge too far from upstream Cfengine.
At
>> present, I think this is the right balance between the two
>> requirements but I'll listen to arguments otherwise. It *is* ugly;
>> give me something better.
>
>Are you actually *using* this setup? And when, then how? Would you
mind
>sharing your update.conf, maybe putting it into the package as an example?
>The included upstream examples are quite hard to adapt to debians setup.
>
>Or would anybody else mind sharing a running minmal setup for a debian-sarge
>only network? As I'm working on a cfengine setup in parallel to my
normal
>work (to replace our usual selfmade bash+ssh+rsync stuff), my time
for
>cfengine is a bit limited. Some kind of working starting ground would
be a
>very valuable help.
>
>>> I agree with you about the workdir; I find the Debian defaults
quite
>>> annoying.
>
>Yes, and I don't understand cfengine so good (yet) to make arbitrary
changes
>to the config.
>
>But I'll try to implement some of the suggestions made in this thread
next
>week and will post wether they worked.
>
>Yours,
>Karsten
>_______________________________________________
>Help-cfengine mailing list
>Help-cfengine@gnu.org
>http://lists.gnu.org/mailman/listinfo/help-cfengine