HP Mini UX System Adstration 2.3.2.1 Manually Configuring a Standalone Synchronization Server

NOTE: You can use csshsetup to configure a trust relationship between the master server and the managed clients. This will allow you to use command fanout commands such as cexec and ccp (see cexec(1) and ccp(1)). Using these commands can simplify the configuration steps described below when files need to be distributed to managed clients.

Perform the following one-time steps to configure a standalone system as a cfengine master server:

1.Start by creating the master copies of the cfengine configuration files. These files are placed in a well known directory and are distributed to each managed client. The default directory is /var/opt/dsau/cfengine_master/inputs, referenced in the default templates.

Start by creating the directory:

#mkdir -p /var/opt/dsau/cfengine_master/inputs

2.Copy the default template files to the following directories:

#cd /var/opt/dsau/cfengine_master/inputs

#cp /opt/dsau/share/cfengine/templates/cf.main.template cf.main

#cp /opt/dsau/share/cfengine/templates/update.conf.template update.conf

#cp /opt/dsau/share/cfengine/templates/cfagent.conf.template cfagent.conf

#cp /opt/dsau/share/cfengine/templates/cfrun.hosts.template cfrun.hosts

#cp /opt/dsau/share/cfengine/templates/cfservd.conf.template cfservd.conf

3.Next, edit update.conf. This file has a format similar to cfengine’s main configuration file cfagent.conf. It is used to transfer and update cfengine binaries and any updated configuration definitions files (for example, cfagent.conf) to the managed clients. It is critical to keep this file very simple and avoid errors. Errors in this file will require manually copying a new version to each managed client.

The file contains tokens in the form <%token-name%> that are replaced by the

csync_wizard with the administrator’s answers to questions. Replace the tokens as follows:

a.Replace the <%POLICYHOST_NAME%> token with the fully qualified domain name of the master server. Note that it is critical that this be a fully qualified domain name. This file is copied to and evaluated on the managed clients. If a managed client is in a different DNS domain from the master server, the client will be unable to communicate with the master server if the hostname is not fully qualified.

b.Note that the cfengine domain variable is set as follows:

domain = ( ExecResult(/bin/sh -c ${dblquote}nslookup ‘hostname‘ awk ${quote}/Name:/ {print $2}${quote} cut -d . -f 2-${dblquote}) )

The domain variable is used by cfagent’s “resolve” action. The ExecResult command above assumes that the client’s /etc/resolve.conf and /etc/nsswitch.conf are already appropriately configured. The command expects to get a fully qualified hostname when using nslookup of the client’s own hostname. If this assumption is not appropriate for your environment, other techniques for setting the domain are possible. For example, the client’s domain could be determined based on the client’s IP address or subnet, as follows:

classes:

#host in these ip address ranges xyz_domain = ( IPRange(10.0.0.1-15) ) abc_domain = ( IPRange(192.0.0.1-254) )

control: xyz_domain::

domain = ( “xyz.example.com” ) abc_domain::

domain = ( “abc.example.com”)