We start by installing the package: apt-get install cfengine2
Then we enable the cfagent daemon by editing /etc/default.cfengine2
:
RUN_CFSERVD=0 RUN_CFEXECD=1 RUN_CFENVD=0 CFSERVD_ARGS=""
|
Then we should download an update.conf
:
rm /var/lib/cfengine2/inputs/update.conf && wget -nc -P /var/lib/cfengine2/inputs ftp://master.grid.rug.nl/pub/local/os/linux/distributions/sl/installer/scripts/update.conf
... and run cfagent: cfagent -vqK
control: domain = ( mynet ) TrustKeysFrom = ( 10.0.3.0/24 ) MaxConnections = ( 50 ) ######################################################### admit: # or grant: /var/lib/cfengine2/inputs/masterfiles *.mynet /etc/cfengine/masterfiles *.mynet /etc/cfengine/trees *.mynet
With this line, clients that don't have identification keys may generate them and the server will trust them the first time they connect. Without it, new keys will have to be transferred either from server to client or the other way around by other means than CfEngine. | |
Access needs to be granted to |
update.conf
control: # Keep this simple and constant actionsequence = ( copy links processes tidy ) # Needed for remote copy domain = ( mynet ) # This is the host part of where our config comes from policyhost = ( master.mynet ) # This is the directory part of where our config comes from master_cfinput = ( /var/lib/cfengine2/inputs/masterfiles ) AddInstallable = ( new_cfenvd new_cfservd ) # # Workdir is not identical on all clients # workdir = ( /var/cfengine ) linux:: workdir = ( /var/lib/cfengine ) debian:: workdir = ( /var/lib/cfengine2 ) scientific_sl_3:: workdir = ( /var/cfengine ) solaris:: cf_install_dir = ( /usr/local/sbin ) linux:: cf_install_dir = ( /usr/local/sbin ) # Serve proxy servers first !AllBinaryServers:: SplayTime = ( 1 ) # This is the section that does the copy of # update.conf and cfagent.conf from server to client copy: $(master_cfinput) dest=$(workdir)/inputs r=inf mode=700 type=binary exclude=*.lst exclude=*~ exclude=#* server=$(policyhost) trustkey=true # We clean up old data tidy: $(workdir)/outputs pattern=* age=7
cfagent.conf
control: actionsequence = ( files copy shellcommands ) domain = ( mynet ) timezone = ( MET ) smtpserver = ( smtphost.mynet ) # used by cfexecd sysadm = ( jurjen@cs.rug.nl ) # where to mail output policyhost = ( master.mynet ) #################################################################### copy: any:: /etc/cfengine/trees/any dest=/ r=inf timestamps=preserve type=binary exclude=*~ server=$(policyhost) # Never use this, or lose _all_ data on your client! # purge=true shellcommands: "/etc/iserv/client/scripts.all" useshell=true background=true #ifelapsed=15 #expireafter=15