•Edit the cfservd.conf File
The file /var/opt/dsau/cfengine_master/inputs/cfservd.conf controls which managed clients have access to the files served by cfservd on the master. Make the following edits to cfservd.conf:
—Replace the “<%CFSERVD_DOMAIN_LIST%>” token with a
domain_list | = ( “*.abc.xyz.com,*.cde.xyz.com” ) |
This statement allows all hosts in the abc.xyz.com and cde.xyz.com domains to access the master server. No spaces are allowed in this
NOTE: The csync_wizard only supports specifying wildcard domain names in cfservd.conf. If you manually edit cfservd.conf and include a combination of specific hostnames or IP address and wildcard domains, then subsequent runs of csync_wizard will replace this line with a list of wildcard domains based on the list of hosts present in cfrun.hosts.
This example allows all hosts in the listed domains to access files on the master server.
You can also specify lists of specific host, IP address ranges, and so on. Refer to the cfengine reference manual for additional information.
•Distribute the Master update.conf to Each Cluster Member Use the following commands:
#cd /var/opt/dsau/cfengine_master/inputs
#ccp update.conf /var/opt/dsau/cfengine/inputs/
cfengine itself will take care of distributing the remaining files both
•Distribute the cfengine Security Keys
Since cfengine uses a public/private key exchange model to validate the authenticity of managed clients, a key must be configured that is associated with the relocatable IP address of the package. That address is the one that remote clients see as the master server. Since any cluster member can become the adoptive node, this key must be identical across all cluster members. cfengine’s cfkey generates a public/private key pair for the current system. cfkey creates the files localhost.priv and localhost.pub.
cfengine expects keys to be named using the following convention:
For example,
The administrator copies the localhost.pub key to the correct name based on the system’s IP address. For the case of a cluster, the keys for the current member are used to generate the keys
1. Use cfkey to create the public and private key pair for this cluster member:
# /opt/dsau/sbin/cfkey
32 Configuration Synchronization