I do have experience with Solaris, although I'm somewhat new to cfengine as well. I came up with a procedure to add new Solaris hosts to my cfengine setup. This is how I do it. It might not be the best way, but it works:
1. Install Blastwave pkg-get on the Solaris host. You can get this at http://www.blastwave.org. 2. pkg-get -i cfengine (First I do a (pkg-get -i gpgme;pkg-get -i textutils;wget http://blastwave.org/mirrors.html;gpg --import mirrors.html) in order to enable GPG signature checking of downloaded packages) 3. cfkey 4. scp -p /var/cfengine/ppkeys/localhost.pub masterserver:/var/cfengine/ppkeys/root-xxx.xxx.xxx.xxx.pub (client's IP address goes in the filename) 5. scp -p masterserver:/var/cfengine/ppkeys/localhost.pub /var/cfengine/ppkeys/root-xxx.xxx.xxx.xxx.pub (server's IP address goes in the filename) 6. scp -p masterserver:/etc/cfengine/*.conf /tmp (this is where I store the master cfagent.conf and update.conf) 7. export CFINPUTS=/tmp 8. cfagent 9. Add 0 * * * * /opt/csw/sbin/cfexecd -F to cron I have to admit I'm a little jealous of the Linux sysadmins out there for having such a great installer script. Perhaps someone could share the script that does this? I bet it's just an /etc/rc.local or /etc/rcX.d script that only runs the first time you boot your system, similar to the script that does an ssh-keygen on your server the first time you boot it. Hope this helps, Luke -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edward F. Brown Sent: Wednesday, May 18, 2005 9:40 PM To: PAUL WILLIAMSON Cc: help-cfengine@gnu.org Subject: Re: Newbie help with how to implement update andcfagent.conffiles > So, from what I gather, this is the what I need to have a > successful minimalist cfengine environemt in this specific order: Paul, Starting simply is a good focus, and your efforts to summarize your experience may fill a gap in the documentation. It might be possible to pare your list even more. I don't have experience with cfengine on solaris, but on linux anyway, you don't have to run cfenvd, and you don't need to bother with cfkey, or manually copying keys. That is because the init script for cfservd will check for and create keys if they don't exist. Also the cfengine package installation scripts will create keys when the package is installed. (Hopefully you don't have to install from source or a tarball everywhere...) Anyway, whether or not you have to create keys, you can allow an initial exchange of keys by using TrustKeysFrom in your cfservd.conf, and trustkey in your very first copy action in update.conf. (This really isn't a significant security issue, as Mark has described here in the past, and is really worthwhile in terms of making things easier for you.) Your list places generating cfservd.conf a few steps after starting cfservd, of course the config file comes first. As you suggest, getting cfservd running on the policy server, and getting cfagent working on the same machine, so that it copies from the Master area to cfengine's working area, is a good first step. That is, starting cfagent with just an update.conf and successfully copying and running a cfagent.conf file. Then, cfagent running on a remote client. After that, you're somewhere beyond writing the Complete Newbie's Guide! -Ed _______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine _______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine
