[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SUMMARY (Re: [SAGE] cfengine install help?)

On Mon, Apr 12, 2004 at 04:15:10PM -0700, Mark C. Langston wrote:
> 
> 1)  Compile and install cfengine (and bdb and the latest OpenSSL if
> you're without them). Note that if you don't have a recent texi2dvi
> (from Gnu texinfo) and a TeX implementation that plays well with it, the
> make install will bomb during prep of the docs (the latest tetex and 
> texinfo did not work for me on Solaris 2.7).
> 

I should have noted here that you'll need bdb and OpenSSL on the clients
as well, or you'll need to force cfengine to statically link against
these libraries when you build.


> 2)  Run /usr/local/sbin/cfagent without options, to get the
> /var/cfengine/* hierarchy built automatically.
> 
> 3)  Run /usr/local/sbin/cfenvd
> 
> 4)  Wait about a week if you have no /dev/random or /dev/urandom, then
> run /usr/local/sbin/cfkey (or just run it without waiting, if you're
> okay with a very low-entropy key generation).
> 
> 5)  mkdir /var/cfengine/inputs
> 
> 6)  create /var/cfengine/update.conf and /var/cfengine/cfservd.conf
> (Eric's examples above are good for starters)

I should also have noted here that you should create a cfagent.conf as
well.

cfservd.conf:  Configuration file for the cfengine daemon.
update.conf:   File containing actions to take, should be restricted
               to basic "get what's necessary to run cfengine set up"
               steps (this restriction is artificial;  it's not necessary 
               from a code standpoint, but sane for deployment purposes.
               The next file should be your workhorse)
cfagent.conf:  File containing actions you wish cfagent to take.  Again,
               one could technically shove all of this into update.conf,
               but this makes more sense architecturally.

As far as I can tell, cfservd.hosts isn't used (or, if it is, I haven't
found a need for it).

> 
> 7)  execute cfservd , and correct any errors if it bails.
> 
> 8)  execute /usr/local/sbin/cfagent -v -n and check the output for
> errors.  If you want, go ahead and run it again, omitting the -n.
> 
> 
> 
> Now, on to the clients you wish to bring up (assuming they're hosts that
> are already built and running):
> 
> 1)  Somehow get cfkey, cfenvd, and cfagent onto the clients.  I did it
> via a routine rsync to the hosts in question.  You could just manually
> copy them over.
> 


Note that here, you'll also need to get a copy of update.conf onto your
client, in into /var/cfengine/inputs, so cfagent will know about the
cfengine server when it runs.

> 2)  Execute steps 2-4 above on the clients.
> 
> 3)  Execute step 8 on the clients.
> 
> 
> Now, you're ready to set up cfagent on the various hosts (server and
> clients) to run periodically (if your cfagent.conf doesn't already do
> this for you).  I have in my cfagent.conf:
> 
> editfiles:
>    # Make sure cfexecd runs hourly from cron too
>    {  /var/spool/cron/crontabs/root
>       AppendIfNoSuchLine
>          "0 * * * * root /usr/local/sbin/cfexecd -F"
>    }
> 
> 
> 
> (note: cfexecd is a local wrapper for executing cfagent)
> 
> 
> 

-- 
Mark C. Langston                                    Sr. Unix SysAdmin
mark@bitshift.org                                       mark@seti.org
Systems & Network Admin                                SETI Institute
http://bitshift.org                               http://www.seti.org