| A/I Orange Book (1.0): An how-to for the realization of a resilient network of self-managed servers | ||
|---|---|---|
| Prev | Appendix A. Installation of a new server | Next |
After this initial step, we need the cfagent client to be authorized to connect to the main repository server (where the configurations copy resides). It is then necessary to generate RSA keys for the new server and to copy them to the main server. In the meantime they will be spread on all the servers already belonging to the network:
$ cfkey
cfkey generates the public and private part of an RSA key in
/var/lib/cfengine2/ppkeys/localhost.{pub,priv}
We then have to copy these files to the main repository server in the
/configfiles/ppkeys/ directory, renaming the public key
root-NAME.pub and root-IP.pub,
while the private key has to be renamed as
root-NAME.priv (where NAME and IP are respectively the
qualified hostname and the ip address of the server).
In order to complete the initial distribution of the keys (that afterwards will be
carried on automatically by CFengine) we have to copy the public key
of the main server in the /var/lib/cfengine2/ppkeys
directory.