Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Cfengine 2 Basics<br />Understanding the components of a cfengine implementation.<br />
What isn’t cfengine?<br />An OS deployment system (Jumpstart, Kickstart, ignite, NIM)<br />A software repository (yum,apt,...
What is cfengine….exactly?<br />Cfengine can be a component of a “virtual immune system” but it most often referred to as ...
Where can one use Cfengine?<br />Any Linux<br />AIX<br />HPUX<br />Solaris<br />Cygwin<br />Just about anything unix-like ...
3 major components of a cfengine implementation<br />Version Control <br />Internals<br />Commands<br />
versioning and change control<br />
Cfengine Internals<br />Binaries<br />cfservd<br />cfagent<br />cfexecd<br />cfenvd<br />Config files<br />cfagent.conf<br...
Cfengine Internals<br />cfservd<br />Master daemon<br />Listen Port 5803<br />cfservd.conf<br />Center of host security de...
Cfengine Internals<br />cfagent<br />Client program<br />Run manually or from cron<br />
Cfengine Internals<br />cfexecd<br />Can be daemon for controlling cfengine execution.<br />Most often used as a cron wrap...
Cfengine Internals<br />cfenvd<br />client-side environment daemon<br />gathers information about the host and adds the ho...
Cfengine Internals<br />cfagent.conf<br />Master config file<br />Usually just reserved for importing other custom config ...
Cfengine Internals<br />update.conf<br />Unmanaged file that will recover vital cfengine information if a corrupted versio...
Everything is a class…except groups.	<br />Hard Classes<br />Soft Classes<br />Classes and groups are synonymous in cfengi...
Cfengine Has a lot of Commands<br />Groups<br />Homeservers<br />Ignore<br />Import<br />Interfaces<br />Links<br />Mailse...
Binservers
Broadcast
Control
Classes
Copy
Defaultroute
Disks
Directories
Upcoming SlideShare
Loading in …5
×

Cfengine 2 Overview

2,665 views

Published on

Presented to Seattle Sysadmins Group, SAGE and LOPSA in 2009

Cfengine 2 Overview

  1. 1. Cfengine 2 Basics<br />Understanding the components of a cfengine implementation.<br />
  2. 2. What isn’t cfengine?<br />An OS deployment system (Jumpstart, Kickstart, ignite, NIM)<br />A software repository (yum,apt,depot,yast)<br />A one-shot script executor (although it can be used as such)<br />
  3. 3. What is cfengine….exactly?<br />Cfengine can be a component of a “virtual immune system” but it most often referred to as configuration management.<br />Cfengine’s methodology could best be described as “make it so and keep it so”.<br />Cfengine can act as a universal tripwire.<br />Cfengine is a framework that operates based on what is defined as a healthy state.<br />
  4. 4. Where can one use Cfengine?<br />Any Linux<br />AIX<br />HPUX<br />Solaris<br />Cygwin<br />Just about anything unix-like with a compiler and berkeleyDBand openssl.<br />
  5. 5. 3 major components of a cfengine implementation<br />Version Control <br />Internals<br />Commands<br />
  6. 6. versioning and change control<br />
  7. 7. Cfengine Internals<br />Binaries<br />cfservd<br />cfagent<br />cfexecd<br />cfenvd<br />Config files<br />cfagent.conf<br />update.conf<br />
  8. 8. Cfengine Internals<br />cfservd<br />Master daemon<br />Listen Port 5803<br />cfservd.conf<br />Center of host security determining daemon and directory access<br />
  9. 9. Cfengine Internals<br />cfagent<br />Client program<br />Run manually or from cron<br />
  10. 10. Cfengine Internals<br />cfexecd<br />Can be daemon for controlling cfengine execution.<br />Most often used as a cron wrapper with the –F option.<br />*/5 * * * * /var/cfengine/sbin/cfexecd –F<br />
  11. 11. Cfengine Internals<br />cfenvd<br />client-side environment daemon<br />gathers information about the host and adds the host to certain classes e.g. linux or compiled_on_cygwin<br />these classes determine which sets of work get executed on the host.<br />
  12. 12. Cfengine Internals<br />cfagent.conf<br />Master config file<br />Usually just reserved for importing other custom config files.<br />
  13. 13. Cfengine Internals<br />update.conf<br />Unmanaged file that will recover vital cfengine information if a corrupted version is distributed.<br />
  14. 14. Everything is a class…except groups. <br />Hard Classes<br />Soft Classes<br />Classes and groups are synonymous in cfengine’s syntax. <br />
  15. 15. Cfengine Has a lot of Commands<br />Groups<br />Homeservers<br />Ignore<br />Import<br />Interfaces<br />Links<br />Mailserver<br />Miscmounts<br />Mountables<br />Processes<br />Required<br />Resolve<br />Shellcommands<br />Tidy<br />Unmount<br /><ul><li>Acl
  16. 16. Binservers
  17. 17. Broadcast
  18. 18. Control
  19. 19. Classes
  20. 20. Copy
  21. 21. Defaultroute
  22. 22. Disks
  23. 23. Directories
  24. 24. Disable
  25. 25. Editfiles
  26. 26. Files
  27. 27. Filters</li></li></ul><li>Cfengine Commands<br />Most frequently used:<br />copy<br />files<br />shellcommands<br />processes<br />editfiles<br />tidy<br />
  28. 28. Cfengine Commands/Syntaxes<br />Sample cfagent.conf<br />control: <br />actionsequence = (files ) <br /> domain = ( example.net ) <br />timezone = ( PST ) <br />files: <br /> /etc/passwd mode=644 <br /> owner=root action=fixall<br /> /etc/shadow mode=600 <br /> owner=root action=fixall<br />import:<br /> any::<br /> groups.cf<br /> copy.cf<br />
  29. 29. Cfengine Commands/Syntaxes<br />This matches all production hosts that are linux and solaris but not hpux.<br />This extends the cfagent.conf to other files.<br />control: <br />actionsequence = (files ) <br /> domain = ( example.net ) <br />timezone = ( PST ) <br />files: <br />prod!hpux::<br /> /etc/passwd mode=644 <br /> owner=root action=fixall<br /> /etc/shadow mode=600 <br /> owner=root action=fixall<br />import:<br /> any::<br /> groups.cf<br /> copy.cf<br />
  30. 30. Managing configs<br />Filesets can be managed many different ways:<br />Groups<br />Scripts<br />“SingleCopy Nirvana”<br />
  31. 31. Single Copy Nirvana<br />Manage complexity<br />Move complexity away from the repository and into groups and filenames.<br />Cfenginetemplating<br />
  32. 32. Single Copy Nirvana<br />cfagent.conf:<br /> control: singlecopy = ( on ) <br />DefaultCopyType = ( checksum )<br />groups.cf:<br />groups: <br />specialApp = ( swordfish marlin guppy )<br />control:<br />AllowRedefinitionOf = ( role ) #redefine “role” for cfengine<br /> any:: role = ( nevermatch ) #initialize the variable<br />specialApp:: role = ( specialApp ) #for machines in specialApp, define role<br />copy.cf:<br />control: <br />dr = ( /path/to/repository ) <br />fs = ( cfmaster ) <br /> copy: <br /> ${dr}/etc/ldap.conf.${host} server=${fs} dest=/etc/ldap.conf ${dr}/etc/ldap.conf.${role} server=${fs} dest=/etc/ldap.conf<br /> ${dr}/etc/ldap.conf server=${fs} dest=/etc/ldap.conf<br />
  33. 33. Single Copy Nirvana <br />[scott@cfengine /path/to/repository/etc]$ lsldap.conf* <br />ldap.confldap.conf.guppyldap.conf.specialApp<br />
  34. 34. Questions/Answers<br />

×