[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Newbie help with how to implement update andcfagent.conffiles
From: |
PAUL WILLIAMSON |
Subject: |
Re: Newbie help with how to implement update andcfagent.conffiles |
Date: |
Wed, 18 May 2005 20:02:42 -0400 |
>>> "Eric Sorenson" <eric@explosive.net> 05/18/05 5:27 PM >>>
> You would need to run cfservd on client machines if you wanted
> to use 'cfrun' to trigger execution on them.
Being a newbie here, I'll bite. Why would I want to run
cfrun on a machine? Is it possible to push out a modification
to cfagent.conf to start cfrun or cfservd, or should it
be running as a daemon?
I guess I'm a little confused on what needs to be running on the
policy master vs. the clients. There are some main programs, and
I don't know what they all do. I've read the reference here:
http://www.cfengine.org/docs/cfengine-Reference.html
And gotten the following from it. I've also read the tutorial,
but that is more a of beginner's reference, not a tutorial.
Maybe I'll try to do a beginner's how to on the wiki (I couldn't
find one) for those of us bothering the more experienced
of you out there.
cfkey - generates keys for public-private pairs. Should really
only be needed when first setting up a machine or when
the keys need to be regenerated.
cfshow - should only be run if you want to see when a host was
last communicated with.
cfagent - the meat of the system. Can either be run in daemon
mode or via crontab. Either way, this needs to be
run at certain intervals to get to the point of
"convergence nirvana" on all hosts.
cfservd - has to be running on the policy master (and backups)
to distribute necessary information. Can run on
non-policy master hosts for a number of reasons.
cfexecd - I'm a little confused on this one. It says it is a wrapper
for cfagent. Why does there need to be a wrapper?
Does cfagent not have the flexibility of cfexecd? Is
it bad to run cfagent via cron?
cfenvd - mentioned with cfkey, but nothing very specific about
what is does other than "detect anomalies" on the host
on which it is running.
cfenvgraph - run on demand to look for things if cfenvd is running.
Since I'm a heavy RRDTool user, I really like
graphs.
This one should be cool to dive into.
So, from what I gather, this is the what I need to have a
successful minimalist cfengine environemt in this specific order:
1. cfenvd running for at least a week on every machine where I want
to use cfengine. Keep this running if you want to use cfenvgraph
later down the road.
2. cfkey to generate pub-priv key on same machines.
3. copy all pub keys from individual machines to the $cfengine/ppkeys
in the format of user-ip.address.of.system.pub
4. cfservd running on the policy master. Can be running on
non-masters
for other purposes (like cfrun).
5. Generate an update.conf and put it in your masterfile location.
6. Generate a cfservd.conf ...
7. Generate a cfagent.conf ...
8. Test out (if possible) on the policy master.
9. Copy update.conf to all systems.
10. Roll it out.
I know I'm probably being very dense about this, but I wanted
to make sure I wrote everything down just to make sure I
understand it all.
Thanks,
Paul