> You can distribute your users with LDAP. Authenticate via PAM and use
> pam_listfile to restrict the users for your services. You can manage
> these lists (per service) with cfengine.
Another way to do this is with LDAP backed NIS netgroups, and
/etc/security/access.conf.
~wes
_
We go to DEV and test, peer review and once it has passed it flows
through the change control procedure into PROD.
Wes
2010/1/28 :
> Greetings,
> For those of you running CF in a production environment how develop,
> qualify and promote your policies? Do you follow a traditional DEV, QA
> and P
We use the purge feature on /inputs. It works fine - as our cfengine
infrastructure is HA (of course, there have been a few times where a
client or two inputs dir was wiped out).
Wes
On Mon, Feb 22, 2010 at 1:03 PM, Justin Lloyd wrote:
> Is there a safe way to use the purge feature? I can see
I agree it probably shouldn't do this, but for us it has only happened
a handful of time over the last 3 years on thousands of systems so it
wasn't worth debugging further. For us originally, purging /inputs
helped combat errant configurations, although now we use other
external methods to solve t
Why is the domain getting redefined in cf2?
update.conf :
control:
any::
actionsequence = ( directories files copy shellcommands processes tidy )
workdir = ( /var/cfengine )
any.!domain_p::
domain = ( domain.i)
domain_p::
domain = ( domain.p )
cfservd.conf :
con
We just monitor the TCP port of cfengine servers with nagios.
Wes
On Tue, Apr 27, 2010 at 5:15 PM, Justin Lloyd wrote:
> This is a follow-on to my original thread about creating a Solaris SMF
> service. Since I'm no longer doing that and have decided to let Zenoss
> do that, I was curious about
Seems like too much effort to me, IMO when I can just add another
'cfservd server' behind my LB VIP and call it a day.
Some organizations which have different groups managing multiple sets
of configs would have a harder time doing that but..
Wes
2010/5/2 Ted Zlatanov :
> On Fri, 30 Apr 2010 11:3
For us, our policy gets refreshed every hour from SVN on all "servers"
(or whenever manually).
Wes
2010/5/3 Ted Zlatanov :
> On Mon, 3 May 2010 15:07:43 -0400 Wes Rogers wrote:
>
> WR> Seems like too much effort to me, IMO when I can just add another
> WR> 'cfs
