Forum: Cfengine Help Subject: Re: Cfengine Help: How to configure a client machine to contact the policy server and downloads updates? Author: phnakarin Link to topic: https://cfengine.com/forum/read.php?3,19909,19947#msg-19947
It would be nice if you could have 2 versions of failsafe.cf. (1) A tmp failsafe.cf which has trustkey -> "true"; in the in the copy_from body and it would be should only one time bootstrap to the policy-hub on the fresh installation machines. (2) A proper working robust lifetime failsafe.cf on the policy-hub (trustkey -> "false";) which would replace the first one when the clients fetch the latest policy from the hub. Once you have a new machine with cfengine installed, then just put the tmp failsafe.cf to somewhere (I would prefer /var/cfengine/inputs) and run it once. The keys would be exchanged automatically and the machine would fetch the policy from the hub nicely. If you have copy_backup => "true"; on, the tmp one would be appeared as failsafe.cf.cfsaved. If not, the contents in the file should be identical as the one on the policy-hub. Cheers, --Nakarin _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
