RE: where is the best moment to populate the keys

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: where is the best moment to populate the keys

From:	Lumpkin, Buddy
Subject:	RE: where is the best moment to populate the keys
Date:	Wed, 29 May 2002 18:23:22 -0600

Mark,

How do you have cfengine generate and replicate keys? What would be a good 
(sane) practice that get's rid of the more manual burdon of generating the keys 
manually?

I am about to setup our jumpstart server so that it copies over the cfengine 
binaries and a startup script under /etc/rc2.d. I would like it to do 
everything necessary to get keys in place and be properly bootstapped and ready 
to run from then on.

My update.conf file makes sure that there is an entry in crontab that will run 
cfexecd so im covered there ...

--Buddy

-----Original Message-----
From: Mark.Burgess@iu.hio.no [mailto:Mark.Burgess@iu.hio.no]
Sent: Tuesday, May 28, 2002 10:00 AM
To: Eric.Doutreleau@int-evry.fr
Cc: help-cfengine@gnu.org
Subject: Re: where is the best moment to populate the keys



Why don't you simply let cfengine distribute the keys?

Mark





On 28 May, Eric Doutreleau wrote:
> 
> Hi
> 
> I'm trying to set up cfengine 2.0.2 on my network of redhat 7.x machine
> and i have a little problem.
> 
> I have one "master" server which have all the files and which run the
> cfservd whose name is crotale
> 
> I distribute the public key of the server to the client through the
> installation of a rpm package which contain the public key of the server.
> 
> To secure the transfer i have to transfer the public key of the client to 
> the server.
> 
> in interactive mode i use an scp command and it works well.
> scp -v /var/cfengine/ppkeys/localhost.pub 
> crotale:/var/cfengine/ppkeys/root-$ip.pub
> It prompts for the crotale root password and transfer the file
> 
> I would like to do that during the first boot sequence.
> I add the following file cfinit in the /etc/init.d/ directory 
> 
> #!/bin/bash -i
> #
> # cfengine        starts cfd
> #
> # chkconfig: - 99 99
> # description: initialisation de cfengine
> 
> # Source function library.
> 
> . /etc/rc.d/init.d/functions
> 
> case "$1" in
>   start)
> 
> 
> /var/cfengine/sbin/cfkey
> server="crotale"
> host=`hostname`
> ip=`host -t a $host | awk '{ print $4 }'`
> scp /var/cfengine/ppkeys/localhost.pub 
> crotale:/var/cfengine/ppkeys/root-$ip.pub
> /sbin/chkconfig --level 345 cfinit off
> ;;
> 
> esac
> 
> exit 0
> 
> 
> The file is executed but i never got the prompt for the root crotale 
> password and the transfer failed.
> 
> does someone know how to have an elegant way to do the transfer without 
> the need to log on client after the installation?
> 
> Thanks in advance for any help
> 
> 
>  



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://mail.gnu.org/mailman/listinfo/help-cfengine

[Prev in Thread]

Current Thread

[Next in Thread]

where is the best moment to populate the keys, Eric Doutreleau, 2002/05/28
- Re: where is the best moment to populate the keys, Mark . Burgess, 2002/05/28
- RE: where is the best moment to populate the keys, Lumpkin, Buddy <=
  - Re: where is the best moment to populate the keys, Brian Youngstrom, 2002/05/30
- Re: Re: where is the best moment to populate the keys, Eric.Doutreleau, 2002/05/30

Prev by Date: Installing lots of packages (was Re: editfiles: DefineClasses ...)
Next by Date: Re: Re: where is the best moment to populate the keys
Previous by thread: Re: where is the best moment to populate the keys
Next by thread: Re: where is the best moment to populate the keys
Index(es):
- Date
- Thread