Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Configuring a System
Using Distributed Systems Administration Utilities
Chapter 3178
Choosing a Synchronization Invocation Method As the
administrator, you can push changes out to managed clients by using the
cfrun command (see cfrun (8)). cfrun contacts the cfservd daemon on
each managed client and cfservd invokes cfagent does the actual
synchronization work.
You can also choose to have cfagent run at intervals on the client. There
are two approaches:
• Run cfagent from a cron job.
When running cfagent from cron, invoke it using cfexecd -F. An
example crontab entry is shown below:
0 * * * * /var/opt/dsau/cfengine/bin/cfexecd -F
This crontab entry will cause cfagent to be run every hour.
In this example, cfexecd (see cfexecd (8)) acts a wrapper for cfagent
and collects any output and places it in
/var/opt/dsau/cfengine/outputs. cfexecd can also cause mail to
be sent to the administrator if specified in the cfagent.conf file. For
details, refer to the cfengine reference manual in
/opt/dsau/doc/cfengine.
Note that the default cf.main has an example for automatically
adding the above line to the crontab file of each managed client.
• Run cfexecd in daemon mode.
cfexecd has cron-like features based on cfengine’s time classes
and can be used instead of cron to run cfagent. cfexecd defaults to
running cfengine every hour. When first getting started with
cfengine, it probably easiest to use cron for scheduling client side
synchronization. For details on using cfexecd in daemon-mode, refer
to the cfengine tutorial located in /opt/dsau/doc/cfengine/.
Security Notes
cfengine has many security features that range from parameters to
control denial-of-service attacks to access control lists that prevent
managed clients from accessing reference file directories on the server.
For details on the cfengine security features, refer to the reference
manual located in /opt/dsau/doc/cfengine/.
The security topics discussed below include:
• Key exchange