Intro to Automating System Administration with Cfengine 3

Take some of the headaches out of managing sever farms with Cfengine 3. Use this automation introduction to save time, money and spare yourself crippling manual mistakes.

As an organization adds more and more hosts, both physical and virtual, its system administrators must spend more and more time ensuring that all hosts comply with policy. This results in an explosive demand in staff resources. Organizations can often find themselves constantly falling behind, never able to finish projects on time or neglecting less visible infrastructure in order to deliver other highly visible projects.

If you’re completely new to Cfengine, you might want to check out a bit of background articles before you dive into complex configuration scripts.

Otherwise, let’s get started.

Cfengine allows system administrators to control servers from a central location. Administrators are able to make a single manual change and have that change automatically deployed to all desired hosts across the network. Cfengine continuously ensures that these changes are applied. This can save an organization time and money.

Cfengine has been around since 1993. It now on version 3. Cfengine is open source but also has a professional services company. Cfengine also has a commercial version which offers additional features.

In practice, Cfengine runs at periodic intervals. After each run, we can expect the system to be at the desired configured state or to move closer to it. A single run does not guarantee 100% implementation of policy as there might be dependencies. For example, let’s say you have policies that SNMP package needs to be installed and SNMP daemon needs to be up and accepting connections. One the first pass, Cfengine may install the SNMP package, on the next pass, it will start the daemon. Cfengine can report the percentage of its promises that it was able to keep.

Cfengine is a powerful and sophisticated tool compromising of 7 programs. However, you don’t need to know all 7 to start using Cfengine. You only need two: cf-agent and cf-execd.

Special Agent cf-agent is your field operative. This is what actually makes changes on a system.

Continuing our secret agent analogy, cf-execd is the handler. It fires off cf-agent and collects and collates its output, emailing it or sending to syslog.

Another component worth immediate mention is cf-serverd. Cf-serverd is able to share files, including Cfengine policies. It allows you to make a policy change in one place and have all your nodes automatically pick up the new policy from cf-serverd.

Alternatively, all your nodes can run cf-serverd to receive requests to execute their own local copy of the policy. If you want to tell all your nodes to do something, put it in the shared policy file, have the nodes download it (if they are configured to do so), and then “poke” them with cf-runagent which connects to cf-serverd and requests it execute cf-agent with its current policy. This is an implementation of a policy “push” in an environment of voluntary cooperation.

Cfengine’s work space directory is /var/cfengine when running as root, or ~/.cfagent when running as a mortal user.

At the time of this writing very few Linux or UNIX distributions have pre-made Cfengine version 3 package ready for installation. As such you must be prepared to do it yourself.

The source tar ball is available at the Cfengine website.

cd ~/src
wget http://www.cfengine.org/tarballs/cfengine-3.0.4.tar.gz

Naturally you’ll need the standard tools for building a C program including a C compiler and a make program, such as GNU Make. You’ll also need:

  • OpenSSL
  • BerkeleyDB
  • flex
  • bison
  • Perl Compatible Regular Expressions or PCRE library.

If your distribution uses RPM’s you may need to install the ‘devel’ RPM’s such as ‘openssl-devel’.

Cfengine will run on virtually any UNIX platform. The commercial version even offers native Windows binaries. In this example we’ll be using a Linux host. First configure the make file.

neil@ettin:~/src/cfengine-3.0.4$ ./configure
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking target system type... x86_64-unknown-linux-gnu
DONE: Configuration done. Run make/gmake to build cfengine.

Now run make. The default install prefix is /usr/local. You can change it if you like, ./configure –help will give you information how to change the prefix. Before you decide see the installation section below.

neil@ettin:~/src/cfengine-3.0.4$ make -j5
Making all in pub
make[1]: Entering directory `/home/neil/src/cfengine-3.0.4/pub'
make[1]: Entering directory `/home/neil/src/cfengine-3.0.4'
make[1]: Nothing to be done for `all-am'.
make[1]: Leaving directory `/home/neil/src/cfengine-3.0.4'

Now check the build by running ‘make check’. You could also use the ‘-j’ option here.

neil@ettin:~/src/cfengine-3.0.4$ make check
Making check in pub
make[1]: Entering directory `/home/neil/src/cfengine-3.0.4/pub'
make[1]: Leaving directory `/home/neil/src/cfengine-3.0.4'

If there are no errors (exit status 0) you should be ready for one more test. Next, test to see that PCRE regular expression support is compiled into the binary. This is a good check as it is hard to tell from configure whether or not this was successful.

neil@ettin:~/src/cfengine-3.0.4$ src/cf-promises -x
Cfengine 3 - Performing level 2 self-diagnostic (dialogue)

1. Test variable scanning
2. Testing promise duplication and expansion
3. Testing variable expansion
4. Testing regular expression engine
 -> Regex engine is the Perl Compatible Regular Expression library
 -> Regular expression compilation - ok
 -> Regular expression extraction - ok 15 - 31
 -> Regular expression extraction - ok
 -> FullTextMatch - ok 2
 -> BlockTextMatch - ok
 -> BlockTextMatch - ok
5. Testing promise attribute completeness
 !! files promise makes no intention about system state
I: Promise is made internally by cfengine
 -> All non-listed items are accounted for

Comments on "Intro to Automating System Administration with Cfengine 3"

Penidrol Max to preparat, jaki niesie w sobie wiele zio?a a faktorów energicznych, które licuj? za odwijanie si? natomiast podwy?szanie pade? jamistych w fallusie.Przek?ada si? to bezrefleksyjnie na przyrost d?ugo?ci zaœ grubo?ci fallusa.Proces odbywa si? w sposób zwyk?y, zatem potrzeba kilku tygodniach, ?eby w zape?nia rozkr?ci? swoje sprawianie. Cia?a porowate ujmuj? si? owym, ?e jeœliby raz zostan? zwi?kszone, owe tak przedtem pozostaje, nawet wtedy, kiedy zako?czysz bra? Penidrol Max.Review my site :: powi?kszenie penisa,

Just beneath, are many entirely not connected websites to ours, having said that, they may be certainly worth going over.

Although sites we backlink to below are considerably not associated to ours, we really feel they are truly worth a go by, so possess a look.

Wonderful story, reckoned we could combine a handful of unrelated data, nevertheless really worth taking a appear, whoa did one learn about Mid East has got a lot more problerms too.

Check beneath, are some completely unrelated web-sites to ours, even so, they may be most trustworthy sources that we use.

Here are some of the web-sites we advocate for our visitors.

Always a significant fan of linking to bloggers that I love but do not get lots of link really like from.

Here are a number of the web sites we suggest for our visitors.

I just want to tell you that I am new to blogs and definitely loved this blog. More than likely I’m want to bookmark your website . You certainly have incredible articles and reviews. Kudos for sharing your blog site.

Can I just say what a relief to find someone who actually knows what they’re discussing online. You actually understand how to bring an issue to light and make it important.More people have to check this out and understand this side of the story. It’s surprising you aren’t more popular given that you most certainly possess the gift.Feel free to visit my homepage :: http://choroby-weneryczne.co.pl/hexatiab-na-infekcje-intymne/

Although sites we backlink to beneath are considerably not connected to ours, we feel they’re essentially worth a go by, so possess a look.

Every the moment inside a though we select blogs that we read. Listed below are the newest sites that we decide on.

Just beneath, are quite a few totally not related web sites to ours, on the other hand, they may be certainly really worth going over.

Wonderful story, reckoned we could combine a couple of unrelated data, nonetheless really worth taking a look, whoa did 1 understand about Mid East has got far more problerms also.

Snippets are created by the particular searched term and pulling that, in addition to the surrounding text, from your text data on your page universal studios discount coupons a lady who can think on her behalf feet store coupons Not really breaking outside the box a great actress joann discount coupons When we touch the person (or they touch us) within a particular way Discount coupon for zenni optical

Leave a Reply