cfagent always requires host keys, even if there are no network copies.
It seems like it might be good to relax this requirement, but I don't
understand all the issues involved. If you run cfagent as an unprivileged
user, keys should be in ~/.cfagent/ppkeys/.
$ cfkey
Making a key pair for cfengine, please wait, this could take a minute...
Writing private key to /home/asdf/.cfagent/ppkeys/localhost.priv
Writing public key to /home/asdf/.cfagent/ppkeys/localhost.pub
$
Other than that though, cfagent does not require any infrastructure
(like /var/cfengine) to exist to be able to be used as an interpreter in
#! scripts.
So, if creating *any* files or directories is not acceptable to you,
then you will not be able to use cfengine as it currently exists. If
you are willing to create keys (that will never be used in your setup),
then it should work fine. If you run cfagent as root, keys may need to
be in the workdir (/var/cfengine/ppkeys). This could be identical on all
machines though.
Best,
Brendan
--
Senior System Administrator
The University of Chicago
Department of Computer Science
http://www.cs.uchicago.edu/people/brendan
http://praksys.blogspot.com/