Martin Simons <mjcm....@gmail.com> writes:
Now the issue: I looked at the cf-key output and I noticed that only a couple of machines were reported. The different machines seem to share the same MD5 key.How does CFEngine generate those keys?
If the keys are identical then I would expect that those hosts were cloned from a machine that had cfengine installed.
Typically, when you install a cfengine package cf-key is executed to generate a key pair. In environments with more stringent requirements keys are generated ahead of time and placed during provisioning.
If you install cfengine into a template then you should clear out the ppkeys and state dir so that those are fresh for a vm provisioned from that template.
Personally, I prefer to have cfengine installed on first boot so that I don't have to update the template later but there are numerous ways to skin that cat.
Martin Simons <mjcm....@gmail.com> writes:
Well, not quite. cf-key keeps generating the same md5 hash key after removal of the original one. So the first question remains. I feel I have to dive into UUID's a bit.
That sounds pretty strange to me.
Generating a key should result in different output each time:
exec 2>&1 cf-key --output-file /tmp/key1 cf-key --output-file /tmp/key2 cf-key -p /tmp/key1.pub cf-key -p /tmp/key2.pub :
SHA=93342875b1b9b4a7df3ec84baae749c93c9e706b65fe4d75c0cd80617d53ec62 SHA=d7db6aa18990edb18a9ba2da4cc4052a00859b11bf076d782572e0d0101158d5