Use the cfagent -p(or --parse-only) flag to verify the syntax of update.conf.

4.Distribute the master update.conf to each managed client. This step is described in “Configuring a Synchronization Managed Client” (page 35).

5.Create the master server’s security keys. cfengine uses a public/private key exchange to authenticate remote clients. A public/private key pair is generated on the master server and all managed clients. The public key for each managed client is copied to the master server and from the master server to the managed clients. It is important to exchange keys securely using a tool like secure copy, (see scp(1)) or using tape or CD-ROM. Start by generating the keys for the master server:

#/opt/dsau/sbin/cfkey

#/var/opt/dsau/cfengine/ppkeys

This creates the files localhost.pub and localhost.priv.

Copy the public key to root-master_server_IP_address.pub. For example, assuming this system’s IP address is 10.0.0.5, use this command:

#cp localhost.pub root-10.0.0.5.pub

See “Configuring a Synchronization Managed Client” (page 35) for details on copying the client keys to this master server.

6.On the master server, configure the cfservd daemon to start at system startup. Edit /etc/ rc.config.d/cfservd and change the line CSYNC_CONFIGURED=0 to

CSYNC_CONFIGURED=1. Optionally, if you want to be able to push changes out to the managed clients using cfrun, replicate this change on all of the managed clients.

7.cfrun requires that the managed clients be listed in the file cfrun.hosts. In the default configuration, this file is located in /var/opt/dsau/cfengine_master/inputs. Edit it and add the hostnames of each managed client, one per line. It is simplest to make sure that all the host names are fully qualified. When using fully qualified hostnames, the "domain = " line is not required and can be deleted. If using unqualified hostnames, find the line "domain = " variables and replace the token with the DNS domain of the master system. This restricts all of the unqualified clients to be members of that single domain.

8.The file /var/opt/dsau/cfengine_master/inputs/cfagent.conf is the master policy file. The default cfagent.conf includes the default cf.main template file with examples of common synchronization actions for both standalone systems and Serviceguard clusters. cf.main contains the POLICY HOST_NAME and “domain = “ variables. Perform the same edits described in Step 3 above.

Note that this default cf.main file performs no management actions. All the action lines are commented out. This is a starting point for creating a custom set of cfengine policies and actions for your managed clients. The cfengine reference manual that documents the syntax and all the management actions defined in this file is located in /opt/dsau/doc/cfengine. Other example cfengine configuration files that are included with the open source cfengine distribution are located in /opt/dsau/share/cfengine/examples.

28 Configuration Synchronization

Page 28
Image 28
HP UX System Adstration manual # /opt/dsau/sbin/cfkey # /var/opt/dsau/cfengine/ppkeys, # cp localhost.pub root-10.0.0.5.pub