[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Newbie help with how to implement update andcfagent.conffiles

From: Edward F. Brown
Subject: Re: Newbie help with how to implement update andcfagent.conffiles
Date: Wed, 18 May 2005 19:40:18 -0600 (MDT)
User-agent: SquirrelMail/1.4.4-2

> So, from what I gather, this is the what I need to have a
> successful minimalist cfengine environemt in this specific order:


Starting simply is a good focus, and your efforts to summarize your
experience may fill a gap in the documentation.

It might be possible to pare your list even more.  I don't have experience
with cfengine on solaris, but on linux anyway, you don't have to run
cfenvd, and you don't need to bother with cfkey, or manually copying keys.
 That is because the init script for cfservd will check for and create
keys if they don't exist.  Also the cfengine package installation scripts
will create keys when the package is installed.  (Hopefully you don't have
to install from source or a tarball everywhere...)  Anyway, whether or not
you have to create keys, you can allow an initial exchange of keys by
using TrustKeysFrom in your cfservd.conf, and trustkey in your very first
copy action in update.conf.  (This really isn't a significant security
issue, as Mark has described here in the past, and is really worthwhile in
terms of making things easier for you.)

Your list places generating cfservd.conf a few steps after starting
cfservd, of course the config file comes first.

As you suggest, getting cfservd running on the policy server, and getting
cfagent working on the same machine, so that it copies from the Master
area to cfengine's working area, is a good first step.  That is, starting
cfagent with just an update.conf and successfully copying and running a
cfagent.conf file.  Then, cfagent running on a remote client.  After that,
you're somewhere beyond writing the Complete Newbie's Guide!


reply via email to

[Prev in Thread] Current Thread [Next in Thread]