[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SAGE] cfengine install help?

To: sage-members@sage.org
Subject: [SAGE] cfengine install help?
From: "Mark C. Langston" <mark@bitshift.org>
Date: Mon, 12 Apr 2004 12:34:21 -0700
Sender: owner-sage-members@usenix.org
User-Agent: Mutt/1.4.1i

Hi all -
  I haven't tried cfengine-help-l yet, but have searched rather
extensively. (I also haven't bugged Mark personally -- hi, Mark!)

  Situation:  cfengine 2.x deployment.  Have cfagent working just fine
on single host (which is to become the cfengine server).  Want to deploy
cfengine to multiple clients.

  I think I've just hit a conceptual brick wall, and the various docs,
presentations, and (scant) articles aren't helping me overcome it.  So,
if someone could help me understand the following, I'd really appreciate
it:

Okay, so I've built and installed cfengine from scratch.  Everything's
in /usr/local/sbin per the Makefile.  I ran cfagent once with no config
file, and it created the requisite /var/cfengine stuff.  I manually
added /var/cfengine/inputs, and created an update.conf, cfservd.conf,
cfagent.conf, and cfrun.hosts.  /usr/local/sbin/cfagent -v -n runs
without error, and does what I expect.  /usr/local/sbin/cfagent -v
(non-dry-run) also works properly, and goes into update mode properly,
taking care of the stuff in my update.conf (including starting cfservd,
putting an entry for it into /etc/rc2.d/S72inetsvc, adding the
appropriate line to /etc/services, tacking on a crontab entry, etc.)

In short, single-host mode is working fine.

My conceptual problems deal with multi-host deployments:

1) I know I need to manually execute cfenvd and cfkey on each client.  I
also know that I've got to get the binaries from server to client
somehow (which has been accomplished as part of a daily rsync between
the server and the clients in question).  What I don't get is the
initial run of cfagent on the client.  If I log into a client and run
cfagent manually (remember, the only thing there are the binaries, and a
set of configs in /usr/local/cfengine/* ), it expects
/var/cfengine/inputs/* to exist already.  Must I transfer
/var/cfengine/inputs/* manually as well?

2)  According to what little I can find about it, cfengine 2.x is
supposed to take care of the key transfer between client and host
automagically.  The client accepts the host's public key (per the
directive in cfagent.conf, and per the permissions in cfservd.conf), but
cfagent always gives "cfengine:: Server returned error:  Host
authentication failed. " when attempting to transfer files from server
to client.  It's very much not a name resolution error, cfservd is
running on the server, and the pub/priv keys have been generated on both
the server and client in question.  I've not done any manual
manipulation of either set of keys -- the server's keys remain on the
server, and the client's, on the client, per cfengine.org (as far as I
can tell).

3)  I'm at a loss as to the conceptualization of the normal multi-host
deployment.  I grok that there's a central server and a bunch of
clients, and I grok that cfservd is to be running on the server (and on
the clients, if you want to remotely run cfrun against the clients).
What I'm not grokking is how the clients periodically pull config
changes from the server and execute them, and otherwise execute the
stuff in the existing configs.  The docs I've read all point to a
cfagent entry in a crontab, but they all point to this in the context of
a single-host deployment.  Is this also what needs to happen on each of
the clients?  Does cfagent compare the local confs against those on the
server, and download new confs if they differ, then execute them?

I apologize if these questions seem obvious to some, but after roughly
72 hours of staring at every document on cfengine.org, copious googling,
and asking various people who have played with it in the past, I'm still
left with the above confusion.  I *will* be writing a HOWTO for getting
cfengine 2.x up and running based on this experience (I'm documenting as
I go), so the next person that has to deal with this can have a simple,
stćepwise document that presents a few clearly-defined scenarios, and
walks them through the steps necessary to implement each scenario --
something that seems to be lacking for cfengine, currently.  If Mark's
willing, I'll happily give him license to add it to cfengine.org as
well.

-- 
Mark C. Langston                                    Sr. Unix SysAdmin
mark@bitshift.org                                       mark@seti.org
Systems & Network Admin                                SETI Institute
http://bitshift.org                               http://www.seti.org

Follow-Ups:
- Re: [SAGE] cfengine install help?
  - From: Eric Sorenson <eric@explosive.net>

Prev by Date: Re: [SAGE] Dealing with SCO
Next by Date: Re: [SAGE] Dealing with SCO
Prev by thread: [SAGE] New DB Platform needs your input
Next by thread: Re: [SAGE] cfengine install help?
Index(es):
- Date
- Thread