Manualshelf

Distributed Systems Administration Utilities User's Guide, Linux, March 2009

ManualsBrandsHP ManualsSoftwareHP Linux Caliper Software Electronic LTU
31323334353637383940
# scp localhost.pub master_server:\
/var/opt/cfengine/ppkeys/root-client_IP_address.pub
It is important to use a utility such as secure copy (see scp(1)) when transferring the key in
order to protect its integrity.
3. Finally, copy the master servers key to this managed client:
# scp master_server:/var/opt/cfengine_master/ppkeys/localhost.pub
root-master_IP_address.pub
4. Next, copy the master server update.conf to the managed client:
# mkdir -p /var/opt/dsau/cfengine/inputs
# cd /var/opt/dsau/cfengine/master_files/inputs
# cd /var/opt/dsau/cfengine/inputs
# scp master_server:/var/opt/dsau/cfengine/inputs/update.conf
./update.conf
To allow this client to accept cfrun requests, do the following:
1. Edit /etc/rc.config.d/cfservd and set the CSYNC_CONFIGURED variable to "1" --
this will start cfservd at system boot time.
2. Start cfservd:
# /etc/init.d/cfservd start
3. Test the configuration with cfagent (see cfagent(8)):
# cfagent --no-lock --verbose --no-splay
The verbose output will display the client, checking for updated copies of the master policy
files, copying them down to /var/opt/cfengine/inputs if needed, and then executing
the contents of cfagent.conf/cf.main.
For additional troubleshooting information, refer to the section “cfengine Troubleshooting”
(page 42).
2.3.2.4 Choosing a Synchronization Invocation Method
As the administrator, you can push changes out to managed clients by using the cfrun command
(see cfrun(8)). cfrun contacts the cfservd daemon on each managed client and cfservd
invokes cfagent which does the actual synchronization work. You can also choose to have
cfagent run at intervals on the client. There are two approaches:
Run cfagent from a cron job.
When running cfagent from cron, invoke it using cfexecd -F. An example crontab
entry is shown below:
0 * * * * /var/opt/dsau/cfengine/bin/cfexecd -F
This crontab entry will cause cfagent to be run every hour.
In this example, cfexecd (see cfexecd(8)) acts a wrapper for cfagent and collects any output
and places it in /var/opt/dsau/cfengine/outputs. cfexecd can also cause mail to
be sent to the administrator if specified in the cfagent.conf file. For details, refer to the
cfengine reference manual in /opt/dsau/doc/cfengine.
Note that the default cf.main has an example for automatically adding the above line to
the crontab file of each managed client.
Run cfexecd in daemon mode.
cfexecd has cron-like features based on cfengine’s time classes and can be used instead
of cron to run cfagent. cfexecd defaults to running cfengine every hour. When first
getting started with cfengine, it is probably easiest to use cron for scheduling client side
2.3 Configuring cfengine 39