Your SlideShare is downloading. ×
  • Like
  • Save
Cfengine 2 Overview
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Cfengine 2 Overview

  • 2,315 views
Published

Presented to Seattle Sysadmins Group, SAGE and LOPSA in 2009

Presented to Seattle Sysadmins Group, SAGE and LOPSA in 2009

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
2,315
On SlideShare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
3
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Cfengine 2 Basics
    Understanding the components of a cfengine implementation.
  • 2. What isn’t cfengine?
    An OS deployment system (Jumpstart, Kickstart, ignite, NIM)
    A software repository (yum,apt,depot,yast)
    A one-shot script executor (although it can be used as such)
  • 3. What is cfengine….exactly?
    Cfengine can be a component of a “virtual immune system” but it most often referred to as configuration management.
    Cfengine’s methodology could best be described as “make it so and keep it so”.
    Cfengine can act as a universal tripwire.
    Cfengine is a framework that operates based on what is defined as a healthy state.
  • 4. Where can one use Cfengine?
    Any Linux
    AIX
    HPUX
    Solaris
    Cygwin
    Just about anything unix-like with a compiler and berkeleyDBand openssl.
  • 5. 3 major components of a cfengine implementation
    Version Control
    Internals
    Commands
  • 6. versioning and change control
  • 7. Cfengine Internals
    Binaries
    cfservd
    cfagent
    cfexecd
    cfenvd
    Config files
    cfagent.conf
    update.conf
  • 8. Cfengine Internals
    cfservd
    Master daemon
    Listen Port 5803
    cfservd.conf
    Center of host security determining daemon and directory access
  • 9. Cfengine Internals
    cfagent
    Client program
    Run manually or from cron
  • 10. Cfengine Internals
    cfexecd
    Can be daemon for controlling cfengine execution.
    Most often used as a cron wrapper with the –F option.
    */5 * * * * /var/cfengine/sbin/cfexecd –F
  • 11. Cfengine Internals
    cfenvd
    client-side environment daemon
    gathers information about the host and adds the host to certain classes e.g. linux or compiled_on_cygwin
    these classes determine which sets of work get executed on the host.
  • 12. Cfengine Internals
    cfagent.conf
    Master config file
    Usually just reserved for importing other custom config files.
  • 13. Cfengine Internals
    update.conf
    Unmanaged file that will recover vital cfengine information if a corrupted version is distributed.
  • 14. Everything is a class…except groups.
    Hard Classes
    Soft Classes
    Classes and groups are synonymous in cfengine’s syntax.
  • 15. Cfengine Has a lot of Commands
    Groups
    Homeservers
    Ignore
    Import
    Interfaces
    Links
    Mailserver
    Miscmounts
    Mountables
    Processes
    Required
    Resolve
    Shellcommands
    Tidy
    Unmount
  • Cfengine Commands
    Most frequently used:
    copy
    files
    shellcommands
    processes
    editfiles
    tidy
  • 28. Cfengine Commands/Syntaxes
    Sample cfagent.conf
    control:
    actionsequence = (files )
    domain = ( example.net )
    timezone = ( PST )
    files:
    /etc/passwd mode=644
    owner=root action=fixall
    /etc/shadow mode=600
    owner=root action=fixall
    import:
    any::
    groups.cf
    copy.cf
  • 29. Cfengine Commands/Syntaxes
    This matches all production hosts that are linux and solaris but not hpux.
    This extends the cfagent.conf to other files.
    control:
    actionsequence = (files )
    domain = ( example.net )
    timezone = ( PST )
    files:
    prod!hpux::
    /etc/passwd mode=644
    owner=root action=fixall
    /etc/shadow mode=600
    owner=root action=fixall
    import:
    any::
    groups.cf
    copy.cf
  • 30. Managing configs
    Filesets can be managed many different ways:
    Groups
    Scripts
    “SingleCopy Nirvana”
  • 31. Single Copy Nirvana
    Manage complexity
    Move complexity away from the repository and into groups and filenames.
    Cfenginetemplating
  • 32. Single Copy Nirvana
    cfagent.conf:
    control: singlecopy = ( on )
    DefaultCopyType = ( checksum )
    groups.cf:
    groups:
    specialApp = ( swordfish marlin guppy )
    control:
    AllowRedefinitionOf = ( role ) #redefine “role” for cfengine
    any:: role = ( nevermatch ) #initialize the variable
    specialApp:: role = ( specialApp ) #for machines in specialApp, define role
    copy.cf:
    control:
    dr = ( /path/to/repository )
    fs = ( cfmaster )
    copy:
    ${dr}/etc/ldap.conf.${host} server=${fs} dest=/etc/ldap.conf ${dr}/etc/ldap.conf.${role} server=${fs} dest=/etc/ldap.conf
    ${dr}/etc/ldap.conf server=${fs} dest=/etc/ldap.conf
  • 33. Single Copy Nirvana
    [scott@cfengine /path/to/repository/etc]$ lsldap.conf*
    ldap.confldap.conf.guppyldap.conf.specialApp
  • 34. Questions/Answers