Cfengine client not updating
As the communication is key to getting something working if you don't manage to get the keys setup correctly you'll not get anything working if you have problems. So instead of using keys I'm going to ignore keyfiles completely - and trust all machines on the LAN. /var/lib/cfengine2/masterfiles/inputs *flat # # /etc/cfengine/- for the clients # control: actionsequence = ( copy ) domain = ( ) policyhost = ( flat ) # smtpserver = ( smtp.) # sysadm = ( [email protected]) master_cfinput = ( /var/lib/cfengine2/masterfiles/inputs ) repository = ( /var/lib/cfengine2/outputs ) # # Download the most recent 'cfagent.conf' file from the # server, and install it to /etc/cfengine # copy: $(master_cfinput)/dest=/etc/cfengine/mode=600 server=$(policyhost) force=true trustkey=true # # /etc/cfengine/for the clients # control: domain = ( ) Allow Connections From = ( 192.168.1.0/24 ) Trust Keys From = ( 192.168.1.0/24 ) cfrun Command = ( "/usr/sbin/cfagent" ) Allow Users = ( root ) Log All Connections = ( true ) If Elapsed = ( 1 ) Expire After = ( 15 ) Max Connections = ( 50 ) Multiple Connections = ( true ) grant: /usr/sbin/cfagent *flat [email protected]:~# ls -l /var/lib/cfengine2/ppkeys/ total 12 -rw------- 1 root root 1743 2005-08-22 -rw------- 1 root root 426 2005-08-22 -rw-r--r-- 1 root root 426 2005-08-22 [email protected]:~# cfrun flat cfrun(0): .......... cfengine:: Update of image /etc/cfengine/from master /var/lib/cfengine2/masterfiles/inputs/on flat cfengine:: Moved /etc/cfengine/cfsaved to repository location /var/lib/cfengine2/outputs/_etc_cfengine_cfsaved cfengine:scratchy: Object /etc/gshadow had permission 0, changed it to 640 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - I finally got cfengine going after reading the article, thanks. You might want to check the follow mkdir -p /var/lib/cfengine/masterfiles/inputs probably meant to be mkdir -p /var/lib/cfengine2/masterfiles/inputs as that's what's in the update.conf, and Once you've created the update file you're ready to create the file for this client. Each managed client will retrieve this rule file and then execute the rules locally. The server itself will be able to force "pushes" of this file, and thus execute the rules upon any of the managed clients, either individually or en masse. This means that the server's public key must be copied to the client, and the client's key must also be known to the server.
However, there is something that I cannot get done, and I wonder if someone could provide a working example. at leat your post easily let me work out what I wanted to do.. cfengine:myhost:/usr/bin/apt-get -y install %s: Building dependency tree...we'll now look at actually installing it and using it for real on a number of different hosts. The rules will come from one central host and be automatically pushed to a collection of managed servers where they will be executed. The rules file dialog asking if you wish to start several processes at boot time, along with an explanation of what each process is used for. I chose to enable all services at boot time for the moment, although you'll likely not need all services running upon each host.
Thereafter, there is NO trust, keys have to match on both ends or no communication takes place.