HP Linux Server Management Software User Manual
Page 35
•
Edit the cfservd.conf File
The file /var/opt/dsau/cfengine_master/inputs/cfservd.conf controls which
managed clients have access to the files served by cfservd on the master. Make the following
edits to cfservd.conf:
— Replace the “<%CFSERVD_DOMAIN_LIST%>” token with a comma-separated list of
wildcarded DNS domains or hostnames for the systems that are allowed to access this
server. For example:
domain_list = ( “*.abc.xyz.com,*.cde.xyz.com” )
This statement allows all hosts in the abc.xyz.com and cde.xyz.com domains to access
the master server. No spaces are allowed in this comma-separated list. Each domain
must be prefixed with the “*.” wildcard.
NOTE:
The csync_wizard only supports specifying wildcarded domain names in
cfservd.conf. If you manually edit cfservd.conf and include a combination of specific
hostnames or IP address and wildcarded domains, then subsequent runs of csync_wizard
will replace this line with a list of wildcarded domains based on the list of hosts present
in cfrun.hosts.
This example allows all hosts in the listed domains to access files on the master server.
You can also specify lists of specific host, IP address ranges, and so on. Refer to the cfengine
reference manual for additional information.
•
Distribute the Master update.conf to Each Cluster Member
Use the following commands:
# cd /var/opt/dsau/cfengine/master_files/inputs
# ccp update.conf /var/opt/dsau/cfengine/inputs/
cfengine itself will take care of distributing the remaining files both clusterwide and to all
managed clients.
•
Distribute the cfengine Security Keys
Since cfengine uses a public/private key exchange model to validate the authenticity of
managed clients, a key must be configured that is associated with the relocatable IP address
of the package. That address is the one that remote clients see as the master server. Since
any cluster member can become the adoptive node, this key must be identical across all
cluster members. cfengine’s cfkey generates a public/private key pair for the current system.
cfkey
creates the files localhost.priv and localhost.pub.
cfengine expects keys to be named using the following convention:
username-IP_address.pub
For example,
root-10.0.0.3.pub
The administrator copies the localhost.pub key to the correct name based on the system’s
IP address. For the case of a cluster, the keys for the current member are used to generate
the keys clusterwide using the following steps:
1.
Use cfkey to create the public and private key pair for this cluster member:
# /opt/dsau/sbin/cfkey
2.3 Configuring cfengine
35