cfengine

Prevent cfengine from trying to send emails

In /var/lib/cfengine3/inputs/controls/def.cf change:

"cfengine_internal_disable_agent_email" expression => "!any";

To

"cfengine_internal_disable_agent_email" expression => "any";

I.e., invert the test.

/var links

On Debian buster, after installing cfengine3:

cd /var
mkdir cfengine
cd cfengine
ln -s /var/lib/cfengine3/masterfiles .

cf-execd

On Debian buster, after installing cfengine3 using apt-get, before bootstrapping you need to enable the start of cf-execd in /etc/default/cfengine3. Otherwise, the bootstrapping via failsafe.cf will fail. This especially causes policy_server.dat (containing the IP address of the policy hub/server) NOT to be created.

Enablingcf-execd in /etc/default/cfengine3 also causes cf-execd to be started automatically on subsequent reboots.

cf-serverd

Enable cf-serverd in /etc/default/cfengine3. See cf-execd above.

Bootstrapping a node

cf-agent -B 192.168.1.26

root@debian-cfengine-testing:~# cf-agent -B 192.168.1.26
  notice: Bootstrap mode: implicitly trusting server, use --trust-server=no if server trust is already established
  notice: Trusting new key: MD5=136ef5acb045c2c9fdbc0ee8246109c3
R: Bootstrapping from host '192.168.1.26' via built-in policy '/var/lib/cfengine3/inputs/failsafe.cf'
R: This autonomous node assumes the role of voluntary client
R: Updated local policy from policy server
R: Restarted systemd unit cfengine3
  notice: Bootstrap to '192.168.1.26' completed successfully!
root@debian-cfengine-testing:~#

Tags: