I read your discussion link before I did my setup, and was put off a little bit by the strange hostnames (no offense intended, but it's much easier to understand an example configuration when the hostnames are similar to the server role, eg. DNS servers are called ns1 and ns2, etc.) Also, the script was called cf-customize-me-harder-baby.sh!!! :-)
Anyway, I would be very much interested in seeing the scripts you use on the master server to generate the master overlay for each host. This seems like a very nice solution which allows you to verify file integrity for each server, without having to hand-code a copy statement for each file, and also not sharing passwd/shadow information with servers in other departments that shouldn't see that information. Cheers, Luke -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of "Sami J. Mäkinen" Sent: Monday, May 09, 2005 4:21 PM To: cfengine help list Subject: Re: cfengine and revision control Just click on the "discussion" link on that page. :) Briefly, my setup is (err, was) something like this: 1) Everything is stored in CVS, cfengine inputs as well as the "overlay" directory tree that is copied to each host. 2) On the master server, a shell script is responsible of cvs update, cvs tagging and rsync-copy excluding the CVS metadata directories from the master directory that is finally copied to the clients. 3) The master overlay directory is copied (cfengine internal or external - rsync) to each client into /etc/NWS/, for example. 4) On each client, a special shell script is run. It will generate or symlink the files according to the hints found in the overlay directory hierarchy. Recent development has moved the whole customization process into the master server. The overlay directory is generated for each individual host separately. This way, you cannot see other host's configurations (/etc/sudoers, passwd etc) on every host even if you can get a root shell. Less information leakage. Please contact me if you want me to contribute. :) -sjm _______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine