> So, from what I gather, this is the what I need to have a > successful minimalist cfengine environemt in this specific order:
Paul, Starting simply is a good focus, and your efforts to summarize your experience may fill a gap in the documentation. It might be possible to pare your list even more. I don't have experience with cfengine on solaris, but on linux anyway, you don't have to run cfenvd, and you don't need to bother with cfkey, or manually copying keys. That is because the init script for cfservd will check for and create keys if they don't exist. Also the cfengine package installation scripts will create keys when the package is installed. (Hopefully you don't have to install from source or a tarball everywhere...) Anyway, whether or not you have to create keys, you can allow an initial exchange of keys by using TrustKeysFrom in your cfservd.conf, and trustkey in your very first copy action in update.conf. (This really isn't a significant security issue, as Mark has described here in the past, and is really worthwhile in terms of making things easier for you.) Your list places generating cfservd.conf a few steps after starting cfservd, of course the config file comes first. As you suggest, getting cfservd running on the policy server, and getting cfagent working on the same machine, so that it copies from the Master area to cfengine's working area, is a good first step. That is, starting cfagent with just an update.conf and successfully copying and running a cfagent.conf file. Then, cfagent running on a remote client. After that, you're somewhere beyond writing the Complete Newbie's Guide! -Ed _______________________________________________ Help-cfengine mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-cfengine
