The client part

The client part
	On configuring CfEngine

We start by installing the package: apt-get install cfengine2

Then we enable the cfagent daemon by editing /etc/default.cfengine2:

RUN_CFSERVD=0
RUN_CFEXECD=1  
RUN_CFENVD=0

CFSERVD_ARGS=""

cfexecd is a wrapper around cfagent, so this enables it. For redundancy, we could also put a cronjob in /etc/cron.hourly that runs cfagent. Cfagent should then restore this setting in /etc/default/cfengine2.

Then we should download an update.conf: rm /var/lib/cfengine2/inputs/update.conf && wget -nc -P /var/lib/cfengine2/inputs ftp://master.grid.rug.nl/pub/local/os/linux/distributions/sl/installer/scripts/update.conf
... and run cfagent: cfagent -vqK

Example 1. Example cfservd.conf

control:

  domain = ( mynet )

  TrustKeysFrom = ( 10.0.3.0/24 ) 


  MaxConnections = ( 50 )

#########################################################

admit:   # or grant:

   /var/lib/cfengine2/inputs/masterfiles   *.mynet 
   /etc/cfengine/masterfiles    *.mynet 
   /etc/cfengine/trees    *.mynet

	With this line, clients that don't have identification keys may generate them and the server will trust them the first time they connect. Without it, new keys will have to be transferred either from server to client or the other way around by other means than CfEngine.
	Access needs to be granted to `/var/lib/cfengine2/inputs/masterfiles`, but also to `/etc/cfengine/masterfiles`, because `/var/lib/cfengine2/inputs` is a link to `/etc/cfengine/masterfiles`

Example 2. Example update.conf

control:

   # Keep this simple and constant
   actionsequence  = ( copy links processes tidy )

   # Needed for remote copy
   domain          = ( mynet )

   # This is the host part of where our config comes from
   policyhost      = ( master.mynet )

   # This is the directory part of where our config comes from
   master_cfinput  = ( /var/lib/cfengine2/inputs/masterfiles )

   AddInstallable = ( new_cfenvd new_cfservd )

   #
   # Workdir is not identical on all clients
   #

   workdir         = ( /var/cfengine )

   linux::
   workdir         = ( /var/lib/cfengine )

   debian::

   workdir         = ( /var/lib/cfengine2 )

   scientific_sl_3::

   workdir         = ( /var/cfengine )

  solaris::

   cf_install_dir  = ( /usr/local/sbin )

  linux::

   cf_install_dir  = ( /usr/local/sbin )

   # Serve proxy servers first
  !AllBinaryServers::

     SplayTime = ( 1 )

# This is the section that does the copy of
# update.conf and cfagent.conf from server to client

copy:

     $(master_cfinput)            dest=$(workdir)/inputs
                                  r=inf
                                  mode=700
                                  type=binary
                                  exclude=*.lst
                                  exclude=*~
                                  exclude=#*
                                  server=$(policyhost)
                                  trustkey=true

# We clean up old data
tidy:

     $(workdir)/outputs pattern=* age=7

Example 3. Example cfagent.conf

control:

   actionsequence = ( files copy shellcommands )

   domain         = ( mynet )

   timezone       = ( MET )

   smtpserver     = ( smtphost.mynet )  # used by cfexecd
   sysadm         = ( jurjen@cs.rug.nl )     # where to mail output

   policyhost      = ( master.mynet )


####################################################################
copy:

any::
        /etc/cfengine/trees/any
                dest=/
                r=inf
                timestamps=preserve
                type=binary
                exclude=*~
                server=$(policyhost)
# Never use this, or lose _all_ data on your client!
#               purge=true


shellcommands:

      "/etc/iserv/client/scripts.all"
        useshell=true
        background=true
        #ifelapsed=15
        #expireafter=15