Re: cfengine ran from redhat kickstart file

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfengine ran from redhat kickstart file

From:	Juha Ylitalo
Subject:	Re: cfengine ran from redhat kickstart file
Date:	25 Sep 2002 08:28:40 +0300

On Tue, 2002-09-24 at 22:14, ext Hugo Gayosso wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Allen Bettilyon <allen@about-inc.com> writes:
> 
> > Attached is a full strace of the execution.
> > 
> > It looks like it core dumps on an _llseek call on the
> > /var/cfengine/ppkeys/localhost.pub file. 
> 
> [...]
> 
> In my kickstart I don't run cfengine directly, I copy a shell script
> that will be executed next time the machine is rebooted (which is
> immediately after doing the basic install).
> 
> Ok, enough background, the fact is that this script first "bootstraps"
> cfengine by doing:
> 
> # Bootrstrapping cfengine
> ## Generate authentication keys
>       /usr/local/sbin/cfkey
> ## Store public key from policy host (mypolicyhost)
>       cat <<EOF_cfphkey > /var/cfengine/ppkeys/root-IP-FROM-POLICY-HOST.pub
> - -----BEGIN RSA PUBLIC KEY-----
> MIIBCAKCAQEAqmqLZekTpl8qvfte3SdHt1J1GhAOommQg20OAOkTvzrS9j8Ui4w2
> llhtervIR+mkshfkdhjskdfhsjmns9T8dr7wxR7SliWiU+a6/H24xtKYecvHNWfH
> Mlwzxq6PH6DWXjWOBDBBvWCpBvSQIM0N8lFwN1TFH1wWDTEuXTnXT3NLVwkqBKGt
> 5Rt3Aj5rNYkoxg1j0sdkfljhskj sjsx4Zu95ldkcZI6kPEB01HwWoc97Xaj0b2V
> dNFtvk92YkwLNzoWfV3EcIqBGDZOaxMlZLW8/smrB6TH2tCVy0i/vewX7DDKLED1
> LCm4bISv2lsmxifcXosS2Yp5L8ydEsEQ7wIBIw==
> - -----END RSA PUBLIC KEY-----
> EOF_cfphkey
> 
> 
> Then I call cfagent in different ways (to enable specific classes):
> 
> e.g:
>       /usr/local/sbin/cfagent -DinstallRPMs

Just as yet another way to do things, in my lab networks, I have two
cfengine RPM packages. One is simply cfengine (no config files, private
keys or anything else that might be company/lab specific) and another
RPM, which has all the config files as well as public keys from cfservd
hosts in it. 
When you start cfexecd for the first time (during the first boot after
installation), it will run cfkey, figure out, which network it is in and
copy proper update-this.network.conf into update.conf. When you run it
second time, it will actually update its configuration and start
updating itself. 
If ppkeys or other local information need updating, I simply upgrade
that second RPM package.

-- 
Juha Ylitalo       juha.o.ylitalo@nokia.com           <work e-mail>
+358 40 562 6152   http://linux.nokia.com/~jylitalo/  <work www>
"Some tools are used, because its policy, others because they are good."

[Prev in Thread]

Current Thread

[Next in Thread]

Re: cfengine ran from redhat kickstart file, Hugo Gayosso, 2002/09/24
- Re: cfengine ran from redhat kickstart file, David Douthitt, 2002/09/24
  - Re: cfengine ran from redhat kickstart file, Mark . Burgess, 2002/09/25
    - Re: cfengine ran from redhat kickstart file, David Douthitt, 2002/09/25
    - Cfengine key exchange, Mark . Burgess, 2002/09/25
    - Re: Cfengine key exchange, David Douthitt, 2002/09/25
- Re: cfengine ran from redhat kickstart file, Juha Ylitalo <=
- RE: cfengine ran from redhat kickstart file, Lumpkin, Buddy, 2002/09/26

Prev by Date: Re: cfengine ran from redhat kickstart file
Next by Date: Re: cfengine ran from redhat kickstart file
Previous by thread: Re: Cfengine key exchange
Next by thread: RE: cfengine ran from redhat kickstart file
Index(es):
- Date
- Thread