[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
conf files for review
|
From: |
paul beard |
|
Subject: |
conf files for review |
|
Date: |
Fri, 10 Feb 2006 14:25:39 -0800 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If you all can bear to cast your eyes over these, attached are my
cfservd/cfagent/update.conf files. This became a bit more urgent for
me as I just discovered that the rpm version of net-snmp I rolled out
a week or back across 20+ machines craps out after a while/under
load. So building from scratch and rolling out looms and I'd rather
do it with cfengine.
Apologies in advance if these files are a bit of dog's breakfast. I
suspect I have some stuff I shouldn't or have left something out in
my rounds of trial and guess^H^H^H^H^H^error.
control:
domain = ( waypath.com )
freebsd::
cfrunCommand = ( "/usr/local/sbin/cfagent" )
linux::
cfrunCommand = ( "/usr/sbin/cfagent" )
TrustKeysFrom = ( 192.168.10.0/24 )
AllowUsers = (root )
DenyBadClocks = ( no )
IfElapsed = ( 1 )
ExpireAfter = ( 15 )
MaxConnections = ( 50 )
MultipleConnections = ( true )
admit:
# Grant access to all hosts in waypath.com.
/var/cfengine *.waypath.com
/exports/files *.waypath.com
freebsd::
/usr/local/sbin/cfagent *.waypath.com
linux::
/usr/sbin/cfagent *.waypath.com
control:
domain = ( waypath.com )
access = ( root )
freebsd::
cfrunCommand = ( "/usr/local/sbin/cfagent" )
linux::
cfrunCommand = ( "/usr/sbin/cfagent" )
timezone = ( PST GMT UTC )
maxage = ( 7 )
actionsequence = ( copy editfiles files )
#
# Fix some basic file permissions.
#
files:
freebsd::
/etc/sudoers mode=440 owner=root group=wheel action=fixall
/etc/passwd mode=644 owner=root group=wheel action=fixall
/etc/hosts mode=644 owner=root group=wheel action=fixall
linux::
/etc/shadow mode=640 owner=root group=root action=fixall
/etc/sudoers mode=440 owner=root group=root action=fixall
/etc/passwd mode=644 owner=root group=root action=fixall
/etc/hosts mode=644 owner=root group=root action=fixall
#
# Clean out *ALL* files older than $(maxage) days from /tmp.
#
# Clean out files older than $(maxage) which match the pattern *~
# inside user home directories.
#
copy:
/exports/files/etc/hosts dest=/etc/hosts server=cint0.waypath.com
editfiles:
linux::
{ /etc/fstab
AppendIfNoSuchLine
"cint0:/exports/files /mnt/files nfs noauto,ro 0 0"
}
#
# /etc/cfengine/update.conf - for the clients
#
control:
trustkey = ( true )
domain = ( waypath.com )
actionsequence = ( copy tidy )
DefaultCopyType = ( checksum )
master_cfinput = ( /exports/files )
workdir = ( /var/cfengine )
policyhost = ( cint0.waypath.com )
freebsd::
cf_install_dir = ( /usr/local/sbin )
linux::
cf_install_dir = ( /usr/sbin )
# Download the most recent 'cfagent.conf' file from the
# server, and install it to /var/cfengine
#
SplayTime = ( 5 )
copy:
$(master_cfinput) dest=$(workdir)/inputs
r=inf
mode=700
type=binary
exclude=*.lst
exclude=*~
exclude=#*
server=$(policyhost)
$(cf_install_dir)/cfagent dest=$(workdir)/bin/cfagent
mode=755
backup=false
type=checksum
$(cf_install_dir)/cfservd dest=$(workdir)/bin/cfservd
mode=755
backup=false
type=checksum
$(cf_install_dir)/cfexecd dest=$(workdir)/bin/cfexecd
mode=755
backup=false
type=checksum
tidy:
$(workdir)/outputs pattern=* age=31
- --
Paul Beard
contact info: www.paulbeard.org/paulbeard.vcf
Are you trying to win an argument or solve a problem?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFD7RLmfHLPwpj1/JQRAhNpAJ95CR++xhzomzRNMuIu5i8xaWZabQCggYqr
0/Oa8YuxmXfzbsocSKyaqNs=
=mjf0
-----END PGP SIGNATURE-----
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- conf files for review,
paul beard <=