help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Newbie help with how to implement update andcfagent.conffiles


From: Luke Youngblood
Subject: RE: Newbie help with how to implement update andcfagent.conffiles
Date: Thu, 19 May 2005 08:34:26 -0400

I too would like to know what the hell cfenvd does exactly.  I know on some
systems that don't have proper /dev/random support (Solaris, I'm looking at
you :-) it generates entropy, but what else does it do besides that?

I don't like having daemons running on my box unless I know EXACTLY what
they do.  As near as I can tell, I get the same benefit from running only
cfagent through cron as I do from running the entire cfengine stack.

Would someone be willing to give me a summary?

Thanks,

Luke

-----Original Message-----
From: address@hidden
[mailto:address@hidden On
Behalf Of PAUL WILLIAMSON
Sent: Wednesday, May 18, 2005 8:03 PM
To: address@hidden; address@hidden
Cc: address@hidden
Subject: Re: Newbie help with how to implement update andcfagent.conffiles

>>> "Eric Sorenson" <address@hidden> 05/18/05 5:27 PM >>>

> You would need to run cfservd on client machines if you wanted 
> to use 'cfrun' to trigger execution on them.  

Being a newbie here, I'll bite.  Why would I want to run 
cfrun on a machine?  Is it possible to push out a modification 
to cfagent.conf to start cfrun or cfservd, or should it 
be running as a daemon?

I guess I'm a little confused on what needs to be running on the 
policy master vs. the clients.  There are some main programs, and 
I don't know what they all do.  I've read the reference here:

http://www.cfengine.org/docs/cfengine-Reference.html 

And gotten the following from it.  I've also read the tutorial, 
but that is more a of beginner's reference, not a tutorial.  
Maybe I'll try to do a beginner's how to on the wiki (I couldn't 
find one) for those of us bothering the more experienced 
of you out there.

cfkey - generates keys for public-private pairs.  Should really 
            only be needed when first setting up a machine or when 
            the keys need to be regenerated.

cfshow - should only be run if you want to see when a host was 
              last communicated with.

cfagent - the meat of the system.  Can either be run in daemon 
                mode or via crontab.  Either way, this needs to be 
                run at certain intervals to get to the point of 
                "convergence nirvana" on all hosts.

cfservd - has to be running on the policy master (and backups) 
               to distribute necessary information.  Can run on 
               non-policy master hosts for a number of reasons.

cfexecd - I'm a little confused on this one.  It says it is a wrapper 
                for cfagent.  Why does there need to be a wrapper?
                Does cfagent not have the flexibility of cfexecd?  Is 
                it bad to run cfagent via cron?

cfenvd  - mentioned with cfkey, but nothing very specific about 
                what is does other than "detect anomalies" on the host

                on which it is running.  

cfenvgraph - run on demand to look for things if cfenvd is running.  
                     Since I'm a heavy RRDTool user, I really like
graphs.  
                     This one should be cool to dive into.

So, from what I gather, this is the what I need to have a 
successful minimalist cfengine environemt in this specific order:

1.  cfenvd running for at least a week on every machine where I want 
to use cfengine.  Keep this running if you want to use cfenvgraph 
later down the road.
2.  cfkey to generate pub-priv key on same machines.
3.  copy all pub keys from individual machines to the $cfengine/ppkeys
in the format of user-ip.address.of.system.pub
4.  cfservd running on the policy master.  Can be running on
non-masters 
for other purposes (like cfrun).
5.  Generate an update.conf and put it in your masterfile location.
6.  Generate a cfservd.conf ...
7.  Generate a cfagent.conf ...
8.  Test out (if possible) on the policy master.
9.  Copy update.conf to all systems.
10.  Roll it out.

I know I'm probably being very dense about this, but I wanted 
to make sure I wrote everything down just to make sure I 
understand it all.

Thanks,
Paul



_______________________________________________
Help-cfengine mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/help-cfengine





reply via email to

[Prev in Thread] Current Thread [Next in Thread]