Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Configuring a System
Using Distributed Systems Administration Utilities
Chapter 3 165
These same domain edits must also be performed in cf.main and
cfservd.conf as well. See the next steps. Use cfagent -p (or
--parse-only) flag to verify the syntax of update.conf.
4. Distribute the master update.conf to each managed client. This
step is described in “Configuring a Synchronization Managed Client”
on page 176.
5. Create the master server’s security keys. cfengine uses a
public/private key exchange to authenticate remote clients. A
public/private key pair is generated on the master server and all
managed clients. The public key for each managed client is copied to
the master server and from the master server to the managed
clients. It is important to exchange keys securely using a tool like
secure copy, (see scp (1)) or using tape or CD-ROM. Start by
generating the keys for the master server:
# /opt/dsau/sbin/cfkey
# cd /var/opt/cfengine/ppkeys
This creates the files localhost.pub and localhost.priv.
Copy the public key to root-
master server IP address
.pub. For
example, assuming this system’s IP address is 10.0.0.5, use this
command:
# cp localhost.pub root-10.0.0.5.pub
See “Configuring a Synchronization Managed Client” on page 176 for
details on copying the client keys to this master server.
6. On the master server, configure the cfservd daemon to start at
system startup. Edit /etc/rc.config.d/cfservd and change the
line CSYNC_CONFIGURED=0 to CSYNC_CONFIGURED=1. Optionally, if
you want to be able to push changes out to the managed clients using
cfrun, replicate this change to all the managed clients.
7. cfrun requires that the managed clients be listed in the file
cfrun.hosts. In the default configuration, this file is located in
/var/opt/dsau/cfengine_master/inputs. Edit it and add the
hostnames of each managed client, one per line. It is simplest to
make sure that all the host names are fully qualified. When using
fully qualified hostnames, the “domain =” line is not required and
can be deleted. If using unqualified hostnames find the line