[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: standalone cfagent script execution
|
From: |
Brendan Strejcek |
|
Subject: |
Re: standalone cfagent script execution |
|
Date: |
Wed, 25 Jan 2006 11:19:35 -0600 |
|
User-agent: |
Mutt/1.5.6+20040818i |
Peter Daum wrote:
> What I would like, is to use just the script-processing part from
> cfagent without the environment that it normally expects to read some
> commands from a file and execute them without worrying about host keys
> or anything else that is not part of the script to be executed - sort
> of a fancier "sed" or "awk".
>
> (In my case, it would mostly be called as a utility tool for
> configuration file editing and similar stuff and running from a shared
> NFS root file system, so creating any files/directories would not be
> acceptable.)
cfagent always requires host keys, even if there are no network copies.
It seems like it might be good to relax this requirement, but I don't
understand all the issues involved. If you run cfagent as an unprivileged
user, keys should be in ~/.cfagent/ppkeys/.
$ cfkey
Making a key pair for cfengine, please wait, this could take a minute...
Writing private key to /home/asdf/.cfagent/ppkeys/localhost.priv
Writing public key to /home/asdf/.cfagent/ppkeys/localhost.pub
$
Other than that though, cfagent does not require any infrastructure
(like /var/cfengine) to exist to be able to be used as an interpreter in
#! scripts.
So, if creating *any* files or directories is not acceptable to you,
then you will not be able to use cfengine as it currently exists. If
you are willing to create keys (that will never be used in your setup),
then it should work fine. If you run cfagent as root, keys may need to
be in the workdir (/var/cfengine/ppkeys). This could be identical on all
machines though.
Best,
Brendan
--
Senior System Administrator
The University of Chicago
Department of Computer Science
http://www.cs.uchicago.edu/people/brendan
http://praksys.blogspot.com/