Automate Linux with cfengine - Page 2

By Carla Schroder | Posted Sep 13, 2005
Page 2 of 2   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Automating cfengine
It's fun to push the button and watch things happen. It's also fun to set up cfengine to run unattended, and just take care of business. cfengine will check processes that need to be running, and start them if they're not:

processes:
    "cfservd" restart "/var/cfengine/bin/cfservd"
    "cfexecd" restart "/var/cfengine/bin/cfexecd"

cfengine can be scheduled with either cfexecd or cron. Add these lines to cfagent.conf to have cfexecd wake up cfagent five minutes past every hour:

control:
    schedule = ( Min00_05 )

You can also run it from /etc/crontab. This entry checks all /etc/crontab files to make sure this entry exists, and if it doesn't, it adds it. It runs cfexecd hourly, on the hour:

editfiles:
    { /etc/crontab
    AppendIfNoSuchLine
    "0 * * * * root /usr/local/sbin/cfexecd -F"
}

The -F switch tells cfexecd to run in non-daemon mode. cfengine will mail reports to admins, this goes under the control: section:

smtpserver = ( mail.carla.com )
sysadm = ( carla@carla.com )

Classes
Classes are what makes cfengine work across mixed environments. You can configure actions for groups of hosts based on the operating system. Note the double colons indicating the class name:

copy:
    # Copy OS specific files
solaris::
    /var/patchdir dest=$(workdir)/inputs/ server=solaris.carla.com
hp-ux::
    /var/patchdir dest=$(workdir)/inputs/ server=hpux.carla.com

See the cfengine Reference for a complete listing of built-in classes. The reserved operating system classes are ultrix, sun4, sun3, hpux, hpux10, aix, solaris, osf, irix4, irix, irix64, sco, freebsd, netbsd, openbsd, bsd4_3, newsos, solarisx86, aos, nextstep, bsdos, linux, debian, cray, unix_sv, GnU, and NT.

You may also define your own classes. A common method is to test for the presence of a certain file, then assume that the host belongs to a certain class based on that:

classes:
    # Assume systems with httpd.conf are web servers
    web_server = (
        '/usr/bin/test -f /etc/httpd/httpd.conf'

Then you can have cfengine monitor only the web_server class for correct file permissions in the /etc/httpd/ directory:

files:
   web_server::
        /etc/httpd/ owner=httpadmin group=httpadmins mode=0644 action=fixall recurse=4

You don't want to hassle with a DNS server? Hosts files were good enough for my granny, and by dang they're good enough for me. Use cfengine to keep all hosts files on your network synchronized. This example completely rewrites /etc/hosts every time it is changed, which suits us nervous types just fine:

editfiles:
  any::
    { /etc/hosts
     EmptyEntireFilePlease
    Append "127.0.0.1 localhost.localdomain localhost"
    Append "192.168.1.1 windbag.carla.com windbag"
    Append "192.168.1.1 stinkpad.carla.com stinkpad"
}

That's just a snippet of the power of cfengine. Getting up and running is the hard part; now you can study the Tutorial and Reference manual and learn all kinds of creative ways to automate your network chores.

Resources

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter