Re: Disconnected laptop CFEngine ?

[Chris Kacoroski]

David,

I am currently running cfengine on 1500 workstations of which about 300 
are laptops.  In addition to laptops moving between networks, I have 
issues with workstations being turned off at night and on weekends.

1. Definitely put cfengine into the boot process, but run it in the 
background.  First time I did this with my clients, each client sat at a 
 blue screen for 10 minutes while cfengine ran (lots of file copies on 
slow machines) which made for some unhappy users.  Now I run it in the 
background and it works fine.

2. You need to do something to identify the laptops.  My first effort 
was to have cfengine clients put the cfengine keys, mac address, ip 
address, and machine name into ldap.  Then the cfengine server would 
pull these down and create key files in ppkeys so the client and server 
could authenticate with each other.  Got way to many error messages and 
it made almost any other process I wanted to do very difficult because I 
had nothing that was unique to the machine I could key on.

Current plan is to still have cfengine clients put everything into ldap, 
but my dhcp server pulls down the data and creates host records for each 
client that ties a machine name to a mac address (or in the case of 
laptops, to two different mac addresses).  I then update dns dynamically 
from dhcp.  This has worked very well for my backup application 
(backuppc) as it just looks up the hostname and gets whatever the 
current IP address is.  My next step is to change cfengine to key off 
the hostname instead of the IP address (use HostnameKeys  directive). 
Then I do not have to re-create the ppkeys files all the time.

3. I am getting errors where cfengine tries to run from a non-internal 
network and attempts to access internal servers.  You need to do 
something to stop all copy statements when cfengine is not on the 
internal network.

cheers,

ski

David Masterson wrote:
> Has anyone done anything with CFEngine in an environment where many of your 
> systems are (Linux) laptops that are potentially disconnected from your network 
> from time to time?  Are there issues associated with it?  What if the laptop 
> migrates from place to place (that is, today it's connected to the SJ network 
> whereas tomorrow it's connect to the NY network)?
>
> I'm starting to consider such an environment and wondering about the gotchas.
>
> David Masterson
> Symbol Technologies
>
>
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://lists.gnu.org/mailman/listinfo/help-cfengine

--
"When we try to pick out anything by itself, we find it
  connected to the entire universe"                John Muir

Chris "Ski" Kacoroski, ckacoroski@nsd.org, 425-489-6263