Forum: CFEngine Help Subject: Re: Bootstrapping / Files copied Author: tjavo87 Link to topic: https://cfengine.com/forum/read.php?3,27314,27568#msg-27568
sauer Wrote: ------------------------------------------------------- > All I put in the hard-coded "masterfiles" is a > minimal failsafe.cf (and a promises.cf, which gets > overwritten) that knows how to pull down the > "real" policy from another location. Partially > because I have a collection of host-specific > policies and files which include things like admin > passwords for the individual host, private SSL & > SSH keys, etc. > > The other reason is to facilitate a longer-term > structure where I can eventually allow any host > access to the "general" policy, while only > specifically trusted hosts are allowed access to > the "real" policy. The idea's to trust any keys > that come in on the first stage system, and have > an automated process approve keys which came from > systems which were expected to be rebuilt, while > unexpected new keys trigger a manual approval > process. That's a solution I also wanna achieve. The promises.cf is for you a dynamic file? This file is extended based on classes, per host/group? Or is the cliƫnt instructed to pick up files from an other location? I'm interested how you've build the cfengine configuration.. Would you be so kind to share some more information please? Thanx _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
