Edit the cfservd.conf File

The file /var/opt/dsau/cfengine_master/inputs/cfservd.conf controls which managed clients have access to the files served by cfservd on the master. Make the following edits to cfservd.conf:

Replace the “<%CFSERVD_DOMAIN_LIST%>” token with a comma-separated list of wildcard DNS domains or hostnames for the systems that are allowed to access this server. For example:

domain_list

= ( “*.abc.xyz.com,*.cde.xyz.com” )

This statement allows all hosts in the abc.xyz.com and cde.xyz.com domains to access the master server. No spaces are allowed in this comma-separated list. Each domain must be prefixed with the “*.” wildcard.

NOTE: The csync_wizard only supports specifying wildcard domain names in cfservd.conf. If you manually edit cfservd.conf and include a combination of specific hostnames or IP address and wildcard domains, then subsequent runs of csync_wizard will replace this line with a list of wildcard domains based on the list of hosts present in cfrun.hosts.

This example allows all hosts in the listed domains to access files on the master server.

You can also specify lists of specific host, IP address ranges, and so on. Refer to the cfengine reference manual for additional information.

Distribute the Master update.conf to Each Cluster Member Use the following commands:

#cd /var/opt/dsau/cfengine_master/inputs

#ccp update.conf /var/opt/dsau/cfengine/inputs/

cfengine itself will take care of distributing the remaining files both cluster-wide and to all managed clients.

Distribute the cfengine Security Keys

Since cfengine uses a public/private key exchange model to validate the authenticity of managed clients, a key must be configured that is associated with the relocatable IP address of the package. That address is the one that remote clients see as the master server. Since any cluster member can become the adoptive node, this key must be identical across all cluster members. cfengine’s cfkey generates a public/private key pair for the current system. cfkey creates the files localhost.priv and localhost.pub.

cfengine expects keys to be named using the following convention: username-IP_address.pub

For example, root-10.0.0.3.pub

The administrator copies the localhost.pub key to the correct name based on the system’s IP address. For the case of a cluster, the keys for the current member are used to generate the keys cluster-wide using the following steps:

1. Use cfkey to create the public and private key pair for this cluster member:

# /opt/dsau/sbin/cfkey

32 Configuration Synchronization

Page 32
Image 32
HP UX System Adstration manual Edit the cfservd.conf File, # /opt/dsau/sbin/cfkey