Josh Lothian wrote:
Has anyone come up with a more elegant solution to this problem? I'd like to implement something similar at my present employer. I really like the recursive copying approach rather than the one listed on http://cfwiki.org/cfwiki/index.php/Singlecopy_Nirvana because it doesn't require any changes to the cfengine configs to add new files to be distributed.
Just click on the "discussion" link on that page. :)
Briefly, my setup is (err, was) something like this:
1) Everything is stored in CVS, cfengine inputs as well as the "overlay" directory tree that is copied to each host.
2) On the master server, a shell script is responsible of cvs update, cvs tagging and rsync-copy excluding the CVS metadata directories from the master directory that is finally copied to the clients.
3) The master overlay directory is copied (cfengine internal or external - rsync) to each client into /etc/NWS/, for example.
4) On each client, a special shell script is run. It will generate or symlink the files according to the hints found in the overlay directory hierarchy.
Recent development has moved the whole customization process into the master server. The overlay directory is generated for each individual host separately.
This way, you cannot see other host's configurations (/etc/sudoers, passwd etc) on every host even if you can get a root shell. Less information leakage.
Please contact me if you want me to contribute. :)
-sjm
_______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine