• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Cfengine 2 Overview
 

Cfengine 2 Overview

on

  • 2,582 views

Presented to Seattle Sysadmins Group, SAGE and LOPSA in 2009

Presented to Seattle Sysadmins Group, SAGE and LOPSA in 2009

Statistics

Views

Total Views
2,582
Views on SlideShare
2,579
Embed Views
3

Actions

Likes
1
Downloads
0
Comments
3

2 Embeds 3

http://www.linkedin.com 2
http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

13 of 3 previous next Post a comment

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Cfengine 2 Overview Cfengine 2 Overview Presentation Transcript

    • Cfengine 2 Basics
      Understanding the components of a cfengine implementation.
    • What isn’t cfengine?
      An OS deployment system (Jumpstart, Kickstart, ignite, NIM)
      A software repository (yum,apt,depot,yast)
      A one-shot script executor (although it can be used as such)
    • What is cfengine….exactly?
      Cfengine can be a component of a “virtual immune system” but it most often referred to as configuration management.
      Cfengine’s methodology could best be described as “make it so and keep it so”.
      Cfengine can act as a universal tripwire.
      Cfengine is a framework that operates based on what is defined as a healthy state.
    • Where can one use Cfengine?
      Any Linux
      AIX
      HPUX
      Solaris
      Cygwin
      Just about anything unix-like with a compiler and berkeleyDBand openssl.
    • 3 major components of a cfengine implementation
      Version Control
      Internals
      Commands
    • versioning and change control
    • Cfengine Internals
      Binaries
      cfservd
      cfagent
      cfexecd
      cfenvd
      Config files
      cfagent.conf
      update.conf
    • Cfengine Internals
      cfservd
      Master daemon
      Listen Port 5803
      cfservd.conf
      Center of host security determining daemon and directory access
    • Cfengine Internals
      cfagent
      Client program
      Run manually or from cron
    • Cfengine Internals
      cfexecd
      Can be daemon for controlling cfengine execution.
      Most often used as a cron wrapper with the –F option.
      */5 * * * * /var/cfengine/sbin/cfexecd –F
    • Cfengine Internals
      cfenvd
      client-side environment daemon
      gathers information about the host and adds the host to certain classes e.g. linux or compiled_on_cygwin
      these classes determine which sets of work get executed on the host.
    • Cfengine Internals
      cfagent.conf
      Master config file
      Usually just reserved for importing other custom config files.
    • Cfengine Internals
      update.conf
      Unmanaged file that will recover vital cfengine information if a corrupted version is distributed.
    • Everything is a class…except groups.
      Hard Classes
      Soft Classes
      Classes and groups are synonymous in cfengine’s syntax.
    • Cfengine Has a lot of Commands
      Groups
      Homeservers
      Ignore
      Import
      Interfaces
      Links
      Mailserver
      Miscmounts
      Mountables
      Processes
      Required
      Resolve
      Shellcommands
      Tidy
      Unmount
      • Acl
      • Binservers
      • Broadcast
      • Control
      • Classes
      • Copy
      • Defaultroute
      • Disks
      • Directories
      • Disable
      • Editfiles
      • Files
      • Filters
    • Cfengine Commands
      Most frequently used:
      copy
      files
      shellcommands
      processes
      editfiles
      tidy
    • Cfengine Commands/Syntaxes
      Sample cfagent.conf
      control:
      actionsequence = (files )
      domain = ( example.net )
      timezone = ( PST )
      files:
      /etc/passwd mode=644
      owner=root action=fixall
      /etc/shadow mode=600
      owner=root action=fixall
      import:
      any::
      groups.cf
      copy.cf
    • Cfengine Commands/Syntaxes
      This matches all production hosts that are linux and solaris but not hpux.
      This extends the cfagent.conf to other files.
      control:
      actionsequence = (files )
      domain = ( example.net )
      timezone = ( PST )
      files:
      prod!hpux::
      /etc/passwd mode=644
      owner=root action=fixall
      /etc/shadow mode=600
      owner=root action=fixall
      import:
      any::
      groups.cf
      copy.cf
    • Managing configs
      Filesets can be managed many different ways:
      Groups
      Scripts
      “SingleCopy Nirvana”
    • Single Copy Nirvana
      Manage complexity
      Move complexity away from the repository and into groups and filenames.
      Cfenginetemplating
    • Single Copy Nirvana
      cfagent.conf:
      control: singlecopy = ( on )
      DefaultCopyType = ( checksum )
      groups.cf:
      groups:
      specialApp = ( swordfish marlin guppy )
      control:
      AllowRedefinitionOf = ( role ) #redefine “role” for cfengine
      any:: role = ( nevermatch ) #initialize the variable
      specialApp:: role = ( specialApp ) #for machines in specialApp, define role
      copy.cf:
      control:
      dr = ( /path/to/repository )
      fs = ( cfmaster )
      copy:
      ${dr}/etc/ldap.conf.${host} server=${fs} dest=/etc/ldap.conf ${dr}/etc/ldap.conf.${role} server=${fs} dest=/etc/ldap.conf
      ${dr}/etc/ldap.conf server=${fs} dest=/etc/ldap.conf
    • Single Copy Nirvana
      [scott@cfengine /path/to/repository/etc]$ lsldap.conf*
      ldap.confldap.conf.guppyldap.conf.specialApp
    • Questions/Answers