[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: where is the best moment to populate the keys
From: |
Lumpkin, Buddy |
Subject: |
RE: where is the best moment to populate the keys |
Date: |
Wed, 29 May 2002 18:23:22 -0600 |
Mark,
How do you have cfengine generate and replicate keys? What would be a good
(sane) practice that get's rid of the more manual burdon of generating the keys
manually?
I am about to setup our jumpstart server so that it copies over the cfengine
binaries and a startup script under /etc/rc2.d. I would like it to do
everything necessary to get keys in place and be properly bootstapped and ready
to run from then on.
My update.conf file makes sure that there is an entry in crontab that will run
cfexecd so im covered there ...
--Buddy
-----Original Message-----
From: Mark.Burgess@iu.hio.no [mailto:Mark.Burgess@iu.hio.no]
Sent: Tuesday, May 28, 2002 10:00 AM
To: Eric.Doutreleau@int-evry.fr
Cc: help-cfengine@gnu.org
Subject: Re: where is the best moment to populate the keys
Why don't you simply let cfengine distribute the keys?
Mark
On 28 May, Eric Doutreleau wrote:
>
> Hi
>
> I'm trying to set up cfengine 2.0.2 on my network of redhat 7.x machine
> and i have a little problem.
>
> I have one "master" server which have all the files and which run the
> cfservd whose name is crotale
>
> I distribute the public key of the server to the client through the
> installation of a rpm package which contain the public key of the server.
>
> To secure the transfer i have to transfer the public key of the client to
> the server.
>
> in interactive mode i use an scp command and it works well.
> scp -v /var/cfengine/ppkeys/localhost.pub
> crotale:/var/cfengine/ppkeys/root-$ip.pub
> It prompts for the crotale root password and transfer the file
>
> I would like to do that during the first boot sequence.
> I add the following file cfinit in the /etc/init.d/ directory
>
> #!/bin/bash -i
> #
> # cfengine starts cfd
> #
> # chkconfig: - 99 99
> # description: initialisation de cfengine
>
> # Source function library.
>
> . /etc/rc.d/init.d/functions
>
> case "$1" in
> start)
>
>
> /var/cfengine/sbin/cfkey
> server="crotale"
> host=`hostname`
> ip=`host -t a $host | awk '{ print $4 }'`
> scp /var/cfengine/ppkeys/localhost.pub
> crotale:/var/cfengine/ppkeys/root-$ip.pub
> /sbin/chkconfig --level 345 cfinit off
> ;;
>
> esac
>
> exit 0
>
>
> The file is executed but i never got the prompt for the root crotale
> password and the transfer failed.
>
> does someone know how to have an elegant way to do the transfer without
> the need to log on client after the installation?
>
> Thanks in advance for any help
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://mail.gnu.org/mailman/listinfo/help-cfengine