1999 The Central Ohio Linux User Group. // All rights reserved. // Released under the GPL, v. 2. See: LICENSE.TXT // This file: template/header.php // // // echo "\n"; print ""; echo "\n"; echo ""; echo ""; echo "Rossberry.com - The Home of the Mobile Linux Lab"; if ($title != "") { echo " -- $title"; } echo "\n"; // The next line lets us link the header page below // the top ditrectory, and have the buttons work // RPH -- 011124 echo ""; // // scheme://user:pass@host:port/path?query#fragment // //$REQUEST_URI = $_SERVER[REQUEST_URI]; $url=parse_url("$REQUEST_URI"); $svr=$url[host]; //$svr="www.rossberry.net"; $svr="www.rossberry.com"; $server = $server_name ; print ""; ?>


Home of the Mobile Linux Lab

Home Overview Philosophy Infrastructure
Version Control Blogs Files cfengine


Whenever I think of cfengine, I think of the line from Neal Stephenson's "Unix - Hole Hawg"

"Unix has always lurked provocatively in the background of the operating system wars, like the Russian Army. Most people know it only by reputation, and its reputation, as the Dilbert cartoon suggests, is mixed. But everyone seems to agree that if it could only get its act together and stop surrendering vast tracts of rich agricultural land and hundreds of thousands of prisoners of war to the onrushing invaders, it could stomp them (and all other opposition) flat. "

It is impossible to have a discussion about configuration management among Unix admins without someone mentioning that "so and so uses it" or "I've seen it". People who have set it up from scratch are extremely rare. There's a reason for that...it aint easy.

Cfengine's goal is the convergence of systems to a standard. Essentially this means that the practice of individual admins editing config files on servers is NEVER DONE. Think about that. No, really, think about it. Do you understand your infrastructure well enough to describe it, classifying every machine and function accurately? Accurately enough to let a program control them? Yeah, thought so.


So here we go with a simple cfengine setup. Our goal is to

  1. setup a cfengine master
  2. setup a cfengine client and have it register with the master
  3. distribute a trivial file from the master to the client

After that, the rest is gravy. Amazingly enough, I can not find a tutorial that tells you how to do that. They usually fall apart at the "distribute a trivial file" step and diverge into the wonders and glories of cfengine's promise language, or syntax, or something.

Things I've learned in the 6 months

I wrote everything above this header on Oct 25. It is now April. So what have I been doing (besides Thanksgiving, etc)....trying to get my head around how it works in 20 minute segments. Some things I think I know now

  1. cf-agent runs against the local server by default
  2. You don't define the "master server" as a setting in a file somewhere.
  3. There are 2 types of updates. Updating the local masterfiles from the remote "master" masterfiles. Updating the local inputs from the local masterfiles
  4. Updating from the "master" masterfiles is done by running cf-agent with a specific config file from cron
  5. Updating the local inputs from the local masterfiles can be done via cf-execd, or as part of the pull from remote, or manually
  6. It is really hard to figure out how not to edit files by hand.

Common pieces

There are 3 commands that are used on both the master and the clients

Overview of the server

The 'master' server is both a master and a client (of itself and probably of whatever you are storing the real configs in). It has 3 cfengine daemons running on it

Overview of the clients

The clients use cf-agent to maintain a copy of /var/cfengine/masterfiles/inputs in their own /var/cfengine/inputs directory. Periodically, cf-execd runs cf-agent which parses the promises and makes sure they are still 'kept' for this host. The only daemon running on the client is cf-execd to initiate the cf-agent runs.

I've created rpms that will install the mentioned files and run an initial update. They are described here 1999 The Central Ohio Linux User Group. // All rights reserved. // Released under the GPL, v. 2. See: LICENSE.TXT // This file: template/footer.php // print "

"; // print " \n \n \n "; // $url=parse_url("$REQUEST_URI"); $scheme = $url[scheme]; $host = $url[host]; $whereami = $url[path]; $basename = exec("basename $whereami"); $REFERRER=exec("basename $whereami .php"); $SMURF = exec(" ls | grep $REFERRER | grep txt "); if ($SMURF != "") { ## echo ""; ## This next line of code opens the displayed code in a new window when uncommented echo ""; echo "\"View of "; echo ""; echo "$basename"; } else { print "\n"; print "\n"; } // print " Contact mll@rossberry.com Copyright\n © 2010, 2011 Jim Wildman.\n "; print "
All rights reserved.
"; ?>