Cfengine-Tutorial. AUTOMATED SYSTEM ADMINISTRATION. Kirk: “I’m curious, Doctor, why is it called the M5?” Daystrom: “Well you see, M1 to M4 were not. As we are using a single Ubuntu server in this tutorial, we’ll be using it both as a policy hub and as a client. To start CFEngine’s policy hub, you. Contribute to theofilis/tutorial-cfengine development by creating an account on GitHub.
|Published (Last):||2 October 2006|
|PDF File Size:||5.31 Mb|
|ePub File Size:||7.86 Mb|
|Price:||Free* [*Free Regsitration Required]|
Cfenbine is ready to take control of your ship. One machine can do all those things that Men do now. Men can go on to do greater things The ultimate computer Overview: Using cfengine as cfengone front-end for cron: Getting startedPrevious: Top Overview In this manual the word “host” is used to refer to a single computer system – i.
Site configurationPrevious: Overview What is cfengine and who tuyorial use it? You can cfenginf of cfengine as a very high level language–much higher level than Perl or shell: Cfengine is good at performing a lot of common system administration tasks, and allows you to build on its strengths with your own scripts.
You can also use it as a netwide front-end for cron. Once you have set up cfengine, you’ll be free to use your time being like a human being, instead of playing R2-D2 with the system. The main purpose of cfengine is to allow you to create a single, central system configuration which will define how every host on your network should be configured in an intuitive way.
An interpreter runs on every host on your network and parses the master file or file-set ; the configuration of each host is checked against this file cfengiine then, if you request it, any deviations from the defined configuration are fixed automatically.
You do not have to mention every host specifically by name in order to configure cffngine Cfengine uses a flexible system of “classes” which helps you to single out a specific group of hosts with a single statement. Originally cfengine was conceived of as a tool only for the superuser, but during the course of its development it has become clear that it can also be used as a scripting language by ordinary users.
As a bonus it contains a text editing language which can be used to perform controlled edits of line-based text files. Cfengine grew out of the need to control the accumulation of complex shell scripts used in the automation of key system maintenance at Oslo.
There were very many scripts, written in shell and in perl, performing tasks such as file tidying, find-database updates, process checking and several other tasks.
Examples and Tutorials
In a heterogeneous environment, shell-scripts work very poorly: In fact, the non-uniformity of unix was a major headache. Scripts were filled with tests to determine what kind of operating system they were being run on, to the point where they became so complicated an unreadable that no-one was quite sure what they did anymore.
Other scripts were placed only on the systems where they were relevant, out of sight and out of mind. It quickly became clear that our dream solution would be to replace this proliferation of scripts by a single file containing everything to be checked on every host on the network. The gradual refinement of this idea resulted in the present day cfengine. If you are experienced in system administration, you might like to skip the earlier chapters and turn straight to the example in the section Example configuration file of the Reference manual.
This is the probably quickest way to learn cfengine for the initiated. If you are not so familiar with system administration and would like a more gentle introduction, then we begin here Site configurationNext: Key conceptsPrevious: Overview Site configuration To the system administrator of a small network, with just a few workstations or perhaps even a single mainframe system, it might seem superfluous to create a big fuss about the administration of the system.
But networks have a tendency to expand and–before you know it–you have five different types of operating system and each type of system has to be configured in a special way, you have to make patches to each system and you can’t remember whether you fixed that host on the other side of the building Also, you discover fairly quickly that what you thought of as BSD or System 5 is not as standard as you thought and that none of your simple scripts that worked on one system work on the others without a considerable amount of hacking and testing.
You try writing a script to help you automate the task, but end up with an enormous number of if.
Automating System Administration with Cfengine 3: An Introduction
To manage a network with many different flavours of operating system, in a systematic way, what is needed is a more disciplined way of making changes which is robust against re-installation. After all, it would be tragic to cfemgine many hours setting up a system by hand only to lose everything in an unfortunate disk-crash a week or even a year later when you have forgotten what you had to do.
Upgrades of the operating system software might delete your carefully worked out configuration. What is needed is a separate record of all of the patches required on all of the systems on the network; a record which can be compared to the cfengne of each host at any time and which a suitable engine can use to fix any deviations from that reference standard. The idea behind tutorila is to focus upon a few key areas of basic system administration and provide a language in which the transparency of a configuration program is optimal.
It eliminates the need for lots of tests by allowing you to organize your network according to “classes”. From a single configuration file or set of files you can tutoriaal how your network should be configured — and cfengine will cfenginne parse your file and carry out the instructions, warning or fixing errors as it goes.
Key conceptsNext: Site configurationUp: Overview Key Concepts Some cgengine the important issues in system administration which cfengine can help with. Control filesNext: Network interfacePrevious: Key conceptsUp: Key concepts Control files One of the endearing characteristics of BSD and system 5 systems is that they are configured through human-readable text files.
Many applications are also configured with the help of text files. When installing a new system for the first time, or when changing updating the setup of an old system you are faced with having to edit lots of files.
In some cases you will have to add precisely the same line to the same file on every system in your turorial as a change is made, so it is handy to have a way of automating this procedure so that you don’t have to load every file into cfenfine editor by hand and make the changes yourself.
This is one of the tasks which cfengine will automate for you. Network interfaceNext: Control filesUp: This network interface must be configured before it will work. Normally one does this with the help of the ifconfig command.
This can also be checked and configured automatically by cfengine. Finally you must tell it which dummy address is to be used for messages which are broadcast to all hosts on your network simultaneously see the reference manual.
Name servers DNSPrevious: Network interfaceUp: Probably the first thing you are interested in doing with a network after you’ve had your fill of the world wide web is to make your files available to some or all hosts on the network, no matter where in your corporate empire or university dungeon you might be sitting. In other words, if you have a disk which is physically connected to host A, you would like to make the contents of that disk available to hosts B, C, D NFS the network filesystem does this for you.
To make a filesystem available to other hosts you have to do three things. This tells NFS who is allowed to access the disk and who isn’t. On the host which is to access the filesystem you must create a mount point. This is a name in the directory tree at which you want to add the files to your local filesystem.
On the host which is to access the files you must mount the filesystem onto the mount point. The mount operation is the jargon for telling the system to access the device on which the data are stored. Mounting is analogous to opening a file: Only after all three of these have been done will a filesystem become available across the network. Cfengine will help you with the last two in a very transparent way.
You could also use the text-editing facility in cfengine to edit the exports file, but there are other ways update the exports file using netgroups which we shall not go into here. If you are in doubt, look up the manual page on exports.
Some sites prefer to minimize the use of NFS filesystems, to avoid one machine being dependent on another. They prefer to make a local copy of the files on a remote machine instead. Traditionally programs like rdist have been used cfenigne this purpose. You may also use cfengine to copy files in this way, See Emulating rdist.
cfengine-Tutorial – Informatique
Name servers DNSNext: Monitoring important filesPrevious: One is to use the textual address like ftp. Alas, there is no one-to-one correspondence between the numerical addresses and the textual ones, thus a service is required to map one to the other.
The service is performed by one or more special hosts on the network called nameservers. Each host must know how to contact a nameserver or it will probably hang the first time you give it an IP address.
This file must contain the domain name for your domain and a list of possible nameservers which can be contacted, in order of priority. Because this is a special file which every host must have, you don’t cfengins to use the editing facilities in cfengine explicitly.
You can just define the nameservers for each host in the cfengine file and cfengine will do the editing automatically. If you want to change the priority of nameservers later, or cfengin change cdengine list then a simple change of one or two lines in the configuration file will enable you to reconfigure every host on your network automatically tutorlal having to do any editing yourself!
How to Install and Use CFEngine Community Edition on Ubuntu | DigitalOcean
Monitoring important filesNext: Making linksPrevious: Name servers DNSUp: Key concepts Monitoring important files Security is an important issue on any system. In the busy life of a system administrator it is not always easy to remember to set the correct access rights on every file and this can result in either a security breach or problems in accessing files.
A common scenario is that you, as administrator, fetch a new package using ftp, compile it and install it without thinking too carefully. Since the owner and permissions of the files in an ftp archive remains those of the program author, it often happens that the software is left lying around with the owner and permissions as set by the author of the program rather than any user-name on your system.
The user-id of the author might be anybody on your system — or perhaps nobody at all! The files should clearly be owned by root and made readable and unwritable to normal users.