Forum: CFEngine Help Subject: Re: Bootstrapping / Files copied Author: sauer Link to topic: https://cfengine.com/forum/read.php?3,27314,27344#msg-27344
All I put in the hard-coded "masterfiles" is a minimal failsafe.cf (and a promises.cf, which gets overwritten) that knows how to pull down the "real" policy from another location. Partially because I have a collection of host-specific policies and files which include things like admin passwords for the individual host, private SSL & SSH keys, etc. The other reason is to facilitate a longer-term structure where I can eventually allow any host access to the "general" policy, while only specifically trusted hosts are allowed access to the "real" policy. The idea's to trust any keys that come in on the first stage system, and have an automated process approve keys which came from systems which were expected to be rebuilt, while unexpected new keys trigger a manual approval process. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
