HP Mini UX System Adstration 2.3.2.3 Configuring a Synchronization Managed Client

1.On a managed client, use the command:

#cfagent --no-lock --verbose --no-splay

The verbose output will display the client, checking for updated copies of the master policy files, copying them into /var/opt/dsau/cfengine/inputs if needed, and then executing the contents of cfagent.conf/cf.main.

2.On the master server, test the cfrun command:

# cfrun -- --inform

--informinstructs the remote cfagent to use the --informflag which will produce messages for all changes cfengine performs on the system. For additional information, the --verbosecommand can also be helpful:

#cfrun -v -- --verbose

The -vinstructs cfrun itself to be more verbose and the --verboseis passed on to the remote cfagent.

For additional troubleshooting information, refer to “cfengine Troubleshooting” (page 39).

When manually configuring managed clients, the basic steps are:

•Exchanging security keys. This establishes the trust relationship between the managed client and master server.

•Copying update.conf from the master server to the managed client.

•Setting a schedule for which cfagent will perform synchronization operations.

For a Serviceguard cluster, each member must be individually configured as a cfengine client. After configuring each member, if you add new members to the cluster, you must manually configure each new member as well. Repeat the configuration tasks described below on each cluster member.

For all other newly managed clients, start by configuring the trust relationship between the client and the master server. The master and client systems exchange security keys to authenticate each other. The master server’s public key needs to be copied to the client and the client’s public key is copied to the master server:

1.As root, use cfkey to create the public and private key pair for this cluster member:

#/opt/dsau/sbin/cfkey

This creates keys named localhost.priv and localhost.pub in the directory /var/opt/dsau/cfengine/ppkeys.

2.Copy this client’s key to the master server. The master server uses the following naming convention for the client keys: username-client_IP_address.pub.

Using this naming convention, push the client’s public key to the master server’s ppkeys directory using the following naming convention:

#scp localhost.pub master_server:\ /var/opt/cfengine/ppkeys/root-client_IP_address.pub

It is important to use a utility such as secure copy (see scp(1)) when transferring the key in order to protect its integrity.

3.Finally, copy the master server’s key to this managed client:

#scp master_server:/var/opt/cfengine_master/ppkeys/localhost.pub root-master_IP_address.pub

4.Next, copy the master server update.conf to the managed client: