beautypg.com

HP Linux Server Management Software User Manual

Page 30

background image

NOTE:

You can use csshsetup to configure a trust relationship between the master server

and the managed clients. This will allow you to use command fanout commands such as cexec
and ccp (see cexec(1) and ccp(1)). Using these commands can simplify the configuration steps
described below when files need to be distributed to managed clients.

2.3.2.1 Manually Configuring a Standalone Synchronization Server

Perform the following one-time steps to configure a standalone system as a cfengine master
server:

1.

Start by creating the master copies of the cfengine configuration files. These files are placed
in a well known directory and are distributed to each managed client. The default directory
is /var/opt/dsau/cfengine_master/inputs, referenced in the default templates.
Start by creating the directory:

# mkdir -p /var/opt/dsau/cfengine_master/inputs

2.

Copy the default template files to the following directories:

# cd /var/opt/dsau/cfengine_master/inputs

# cp /opt/dsau/share/cfengine/templates/cf.main.template cf.main

# cp /opt/dsau/share/cfengine/templates/update.conf.template

update.conf

# cp /opt/dsau/share/cfengine/templates/cfagent.conf.template

cfagent.conf

# cp /opt/dsau/share/cfengine/templates/cfrun.hosts.template

cfrun.hosts

# cp /opt/dsau/share/cfengine/templates/cfservd.conf.template

cfservd.conf

3.

Next, edit update.conf. This file has a format similar to cfengine’s main configuration file
cfagent.conf

. It is used to transfer and update cfengine binaries and any updated

configuration definitions files (for example, cfagent.conf) to the managed clients. It is
critical to keep this file very simple and avoid errors. Errors in this file will require manually
copying a new version to each managed client.

The file contains tokens in the form <%token name%> that are replaced by the
csync_wizard

with the administrator’s answers to questions. Replace the tokens as follows:

NOTE:

When replacing tokens, do not keep the angle brackets, < >.

a.

Replace the <%POLICYHOST_NAME%> token with the fully qualified domain name of
the master server. Note that it is critical that this be a fully qualified domain name. This
file is copied to and evaluated on the managed clients. If a managed client is in a different
DNS domain from the master server, the client will be unable to communicate with the
master server if the hostname is not fully qualified.

b.

Note that the cfengine domain variable is set as follows:

domain = ( ExecResult(/bin/sh -c ${dblquote}nslookup ‘hostname‘|

awk ${quote}/Name:/ {print $2}${quote} | cut -d . -f

2-${dblquote}) )

The domain variable is used by cfagent’s “resolve” action. The ExecResult command
above assumes that the client’s /etc/resolve.conf and /etc/nsswitch.conf are already
appropriately configured. The command expects to get a fully qualified hostname when
using nslookup of the client’s own hostname. If this assumption is not appropriate for
your environment, other techniques for setting the domain are possible. For example,

30

Configuration Synchronization