Automate Linux with cfengine - Page 2

 By Carla Schroder
Page 2 of 2   |  Back to Page 1
Print Article

Automating cfengine
It's fun to push the button and watch things happen. It's also fun to set up cfengine to run unattended, and just take care of business. cfengine will check processes that need to be running, and start them if they're not:

    "cfservd" restart "/var/cfengine/bin/cfservd"
    "cfexecd" restart "/var/cfengine/bin/cfexecd"

cfengine can be scheduled with either cfexecd or cron. Add these lines to cfagent.conf to have cfexecd wake up cfagent five minutes past every hour:

    schedule = ( Min00_05 )

You can also run it from /etc/crontab. This entry checks all /etc/crontab files to make sure this entry exists, and if it doesn't, it adds it. It runs cfexecd hourly, on the hour:

    { /etc/crontab
    "0 * * * * root /usr/local/sbin/cfexecd -F"

The -F switch tells cfexecd to run in non-daemon mode. cfengine will mail reports to admins, this goes under the control: section:

smtpserver = ( mail.carla.com )
sysadm = ( carla@carla.com )

Classes are what makes cfengine work across mixed environments. You can configure actions for groups of hosts based on the operating system. Note the double colons indicating the class name:

    # Copy OS specific files
    /var/patchdir dest=$(workdir)/inputs/ server=solaris.carla.com
    /var/patchdir dest=$(workdir)/inputs/ server=hpux.carla.com

See the cfengine Reference for a complete listing of built-in classes. The reserved operating system classes are ultrix, sun4, sun3, hpux, hpux10, aix, solaris, osf, irix4, irix, irix64, sco, freebsd, netbsd, openbsd, bsd4_3, newsos, solarisx86, aos, nextstep, bsdos, linux, debian, cray, unix_sv, GnU, and NT.

You may also define your own classes. A common method is to test for the presence of a certain file, then assume that the host belongs to a certain class based on that:

    # Assume systems with httpd.conf are web servers
    web_server = (
        '/usr/bin/test -f /etc/httpd/httpd.conf'

Then you can have cfengine monitor only the web_server class for correct file permissions in the /etc/httpd/ directory:

        /etc/httpd/ owner=httpadmin group=httpadmins mode=0644 action=fixall recurse=4

You don't want to hassle with a DNS server? Hosts files were good enough for my granny, and by dang they're good enough for me. Use cfengine to keep all hosts files on your network synchronized. This example completely rewrites /etc/hosts every time it is changed, which suits us nervous types just fine:

    { /etc/hosts
    Append " localhost.localdomain localhost"
    Append " windbag.carla.com windbag"
    Append " stinkpad.carla.com stinkpad"

That's just a snippet of the power of cfengine. Getting up and running is the hard part; now you can study the Tutorial and Reference manual and learn all kinds of creative ways to automate your network chores.


This article was originally published on Sep 14, 2005
Get the Latest Scoop with Networking Update Newsletter