Hi list,Okay, so I finally produced something and can present you with a patch. Please review it and give me feedback. It also replaces the current cfengine dependency with cfengine2. Someone commented in the first thread about this topic, that there was a problem with cfengine2 in the thin-client configuration. Does anyone remember what exactly? I'll test the patch with a thin-client setup on Monday.
A few notes about it:- Basically the configuration is, that the /etc/cfengine2/inputs directory on the server contains the support files for the clients. That directory is copied to the clients (also to the /etc/cfengine2/inputs path) and the cfagent.conf script is then executed on the client (a sample cfagent.conf is
included).- The server IP is currently hardwired in the cfservd.conf file. I'll have to debug if it is really impossible to use host names for the TrustKeysFrom value (as it currently appears to me) or if I just made a mistake in my
tests. - It's set to automatically accept trust keys from the server. How big a security risk do you think that actually is? - Also adds a default configuration on the server, but a few steps are required to actually get it going on the server (such as sharing/etc/cfengine2/inputs by uncommenting a line in cfservd.conf and creating a
cfrun.hosts) - cfengine is also run on reboot. This makes sure that clients that were offline during the last update get updated as well. - The hostname cfservd is checked during workstation installation. If it exists and is pingable, cfservd gets activated on the client. The configuration files are always installed. Please tell me, what you think about it. Patrice
Attachment:
cfengine.patch
Description: Binary data