Today, after wrote a small script (related to my previous one, about zones backup), to clean a FTP server which contains lot of archived filed, I decide to try [[http://www.cfengine.org|cfengine]]. This tool help sysadmin to maintain a collection of server (config files for example) updated. Even if it seem interesting, it's not a trivial tool, especially for the begins. Though, I success to copy files via cfengine from a server to a client, after few hours wasted about the //undocumented// authentication stuff. Here what I done : === Server side === (Non global zone running on Solaris 10) * Build cfengine 2.1.15 * Run cfkey * Write a small cfagent.conf * Write a small cfservd.conf * Copy client's localhost.pub to /var/cfengine/ppkeys/root-.pub * Run cfservd __cfagent.conf__ control: actionsequence = ( links copy ) cfengineserver = ( cfengine.asyd.net ) links: /root/tmp/titi -> /root/tmp/prout /root/tmp/toto -> /root/tmp/prout copy: /etc/ldap.conf dest=/etc/ldap.conf mode=644 owner=root group=root server=$(cfengineserver) __cfservd.conf__ control: AllowUsers = ( root ) domain = ( asyd.net ) HostnameKeys = ( false ) AllowConnectionsFrom = ( 192.168.34.0/24 ) TrustKeysFrom = ( 192.168.34.0/24 ) solaris:: cfrunCommand = ( "/usr/pkg/sbin/cfagent" ) linux:: cfrunCommand = ( "/usr/bin/cfagent" ) any:: IfElapsed = ( 1 ) MaxConnections = ( 10 ) ######################################################### admit: # or grant: /etc *.asyd.net /var/cfengine/inputs *.asyd.net === Client side === Debian GNU/Linux (sid), cfengine v2.1.15 * Install cfengine (via debian packages) * Write update.conf * Copy server's localhost.pub to ppkeys/root-.pub control: actionsequence = ( copy ) domain = ( fimasys.fr ) policyhost = ( cfengine.intranet.fimasys.fr ) workdir = ( /var/cfengine ) linux:: destdir = ( /var/lib/cfengine2 ) solaris:: destdir = ( /var/cfengine ) copy: $(workdir)/inputs dest=$(destdir)/inputs r=inf mode=600 server=$(policyhost) === Description === Let me explain all this stuff. The file //cfagent.conf// is read by cfagent to execute some operations. On clients, the first one is to synchronize cfengine's configuration file (including cfagent.conf). The file //update.conf// describe how contact the cfengine server. On server, cfservd must run, it use //cfvserd.conf//. One section of this file stand for ACL files access. The others are about clients's authentication. As explain above, the //cfagent.conf// contains some actions to process. Lot of options are available, for example : copy, links for files managements, but also process, packages, shellcommands are available. [[geeklog:comments:20050801|Comments]]