[[cfengine3]]
Trace:
Show pageOld revisions
AdminRecent ChangesSitemap

* ancien site

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
docpublic:systemes:linux:cfengine3 [2013/07/19 13:11]
PROCACCIA [bundlesequence] 		docpublic:systemes:linux:cfengine3 [2013/12/24 15:14] (current)
procacci@tem-tsp.eu [references]
Line 18: Line 18:
   * http://pix-mania.dyndns.org/mediawiki/index.php/Cfengine_-_tutoriels   * http://pix-mania.dyndns.org/mediawiki/index.php/Cfengine_-_tutoriels
   * http://www.k-tux.com/cfengine-cet-outil-qui-facilite-la-vie-des-asr/2   * http://www.k-tux.com/cfengine-cet-outil-qui-facilite-la-vie-des-asr/2
 +  * https://cfengine.com/blog/ten-reasons-for-5-minute-configuration-repair
 ===== install server ===== ===== install server =====
  
Line 93: Line 94:
 ===== install client ===== ===== install client =====
  
-here we install manually cfengine package on the client (next we'll do it automatically via cobbler)+here we install manually cfengine package on the client (next we'll do it  [[.:cfengine3&#bootstrap_cfengine_from_cobbler|automatically via cobbler)]]
  
 <code> <code>
Line 396: Line 397:
 </code> </code>
  
 +Now that "$(sys.workdir)/master_disi_files" is a defined variable, we can use it in the acces rules of cf_served :
 +<code>
 +[root@cfengine3 masterfiles]# vim controls/cf_serverd.cf 
 +bundle server access_rules()
 +{
 + access:
 +  any::
 +  # disi
 +   "$(def.dir_master_disi_files)"
 +       handle => "server_access_rule_grant_access_disi_policy",
 +      comment => "Grant access to the policy disi updates",
 +        admit => { ".*\.$(def.domain)", @(def.acl) };
 +</code>
  
 otherwise you get an error on the client telling you  otherwise you get an error on the client telling you 
Line 431: Line 445:
  
 and from https://cfengine.com/docs/3.5/reference-promise-types-files.html reference we learn that what we needed was a compare based on digest and not mtime in our case ! and from https://cfengine.com/docs/3.5/reference-promise-types-files.html reference we learn that what we needed was a compare based on digest and not mtime in our case !
 +
 +
 +===== bootstrap cfengine from cobbler =====
 +
 +we use cobbler to install +100 stations (fedora) via PXEboot + kickstart.
 +in order to fully automate the install + configuration of those stations we need to tell cobbler in its post install process to install cfengine and bootstrap the client station on the cfengine server
 +
 +reference
 +
 +  * https://lists.fedorahosted.org/pipermail/cobbler/2011-July/006553.html
 +  * https://groups.google.com/forum/?fromgroups&hl=en#!topic/help-cfengine/bQRv0vHpWLs
 +
 +in our kickstart template we call 2 snippets to do the job
 +<code>
 +[root@cobbler2 cobbler]# grep disi kickstarts/basef19.ks
 +$SNIPPET('disi_post_install_packages')
 +$SNIPPET('disi_cfengine_bootstrap')
 +</code>
 +
 +those snippet repectlively install cfengine and then bootstrap the client the easy way since the version 3.2.0, if you are willing to automatically accept keys from the clients , cf http://blog.normation.com/en/2012/01/03/interactive-key-exchange-with-cfengine/
 +
 +<code>
 +[root@cobbler2 snippets]# cat disi_post_install_packages
 +yum -y install cfengine-community
 +yum -y install autofs
 +
 +[root@cobbler2 snippets]# cat disi_cfengine_bootstrap
 +# start cfengine3 registration 
 +/var/cfengine/bin/cf-agent -B --policy-server 157.157.211.144 > /root/disi_cfengine3_bootstraped.txt
 +# end cfengine3 registration
 +</code>
docpublic/systemes/linux/cfengine3.1374239461.txt.gz ยท Last modified: 2013/07/19 13:11 by PROCACCIA
Show pageOld revisions
[unknown link type]Back to top
CC Attribution-Noncommercial-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0