cluster:Cfengine/229
Contents |
cfengine v.2.2.9 server
Prepare
Strictly speaking, the cfengine software do not use a client-server model. It can be named as an agent-server model, where server is an agent, installed into the master host. The reference installation configuration are stored into the subversion (svn) repository of Karlsruhe Institute of Technology. Thus, some preparation steps include:
- download the dgiref.repo from
http://svn.rz.uni-karlsruhe.de/svn/dgiref/PROD/repl/root/etc/yum.repos/dgiref.repointo/etc/yum.repos.d/ - install
subversionto communicate with svn server - to install the current CAs certificates manually, please use this link
- Firewall configuration
Port 5308 should be open (how to open port in firewall).
administrator's script: prepare.sh
#!/bin/bash# prepare cfengine masterhost#-> start routineREPO_URL="http://svn.rz.uni-karlsruhe.de/svn/dgiref/PROD/cf3/repl/repos/external/"
wget -O /etc/yum.repos.d/sl-dgiref.repo ${REPO_URL}/sl-dgiref.repo
yum -y install subversion
#<- end routine
Install
The following step is needed to install a cfengine server (execute as root user):
 use yum or rpm to install cfengine masterhost from http://mirror.scc.kit.edu/downloads/
|
administrator's script: install.sh
#!/bin/bash# install cfengine masterhost# load parameters from prepare sectioncd `dirname $0`
source prepare.sh#-> start routine# Choose the OS architecture:OS_arch="x86_64" # x86_64 for 64 bit
# OS_arch="i386" # i386 for 32 bitOS="el4" # el5 for SL5
yum -y install cfengine-2.2.9-1.$OS.rf.${OS_arch}
#<- end routine
Configure
Step-by-step instruction to configure the cfengine agent onto the master host:
- download the
cf.preconffromhttp://svn.rz.uni-karlsruhe.de/svn/dgiref/PRODinto cfengine directory/var/cfengine/ - download the
update-cfgconfiguration file fromhttp://svn.rz.uni-karlsruhe.de/svn/dgiref/PRODinto cfengine directory/var/cfengine/ - change mode for
cf.preconfandupdate-cfgto executable - run
cfagent -qv --update-onlyto constrain cfengine master host configuration - update your site configuration with
update-cfgscript, by changing the cfengine classes values to the current site configuration.
administrator's script: configure.sh
#!/bin/bash# configure# To adapt the reference configurations to the needs of others sites# there is the script update-cfg to change the value in the configuration# recursively. To check the current site configuration see# masterfiles/PROD/inputs/classes/classes_site.cf## to setup configuration for other then dgiref certification site, execute:# sh update-cfg /var/cfengine/ 10.0.171.205 <your cfengine masterhost ip># sh update-cfg /var/cfengine/ fzk.de <your site domain># so on for every necessary class declaration in the# masterfiles/PROD/inputs/classes/classes_site.cf## Declare the variables section ------------# Please insert your actual configuration# DOMAIN=domain name# MASTERHOST=cfengine masterhost address# from here ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~DOMAIN=fzk.deMASTERHOST=10.0.171.205# till here ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#-> start routinewget -O /var/cfengine/cf.preconf http://svn.rz.uni-karlsruhe.de/svn/dgiref/PROD/cf.preconf
wget -O /var/cfengine/update-cfg http://svn.rz.uni-karlsruhe.de/svn/dgiref/PROD/update-cfg
chmod +x /var/cfengine/cf.preconf
chmod +x /var/cfengine/update-cfg
echo `sh /var/cfengine/update-cfg /var/cfengine/cf.preconf 10.0.171.205 $MASTERHOST`
echo `sh /var/cfengine/update-cfg /var/cfengine/cf.preconf fzk.de $DOMAIN`
cfagent -qv --update-only
# sh update-cfg /var/cfengine/ dgiref-isn01 <your cfengine masterhost>#<- end routine
Proceed
To run cfengine agent, type
-
cfagentor -
cfagent -qvfor verbose mode or -
cfagent -qvKimmediately execute without scheduling.
administrator's script: proceed.sh
#!/bin/bash# proceed cfengine masterhost#-> start routinecfagent -qv#<- end routine
Initial test
Try examining the output:
administrator's script: test.sh
#!/bin/bash# testcfagent -qvK
Update
To update/remove cfengine packages, use:
administrator's script: update.sh
#!/bin/bash# update
cfengine v.2.2.9 client
Prepare
Download the dgiref.repo from http://svn.rz.uni-karlsruhe.de/svn/dgiref/PROD/repl/root/etc/yum.repos/sl-dgiref.repo into /etc/yum.repos.d/ to prepare cfengine client installation.
- Firewall configuration
Port 5308 should be open (how to open port in firewall).
administrator's script: prepare.sh
#!/bin/bash# prepare cfengine clienthost#-> start routineREPO_URL="http://svn.rz.uni-karlsruhe.de/svn/dgiref/PROD/cf3/repl/repos/external/"
wget -O /etc/yum.repos.d/sl-dgiref.repo ${REPO_URL}/sl-dgiref.repo
#<- end routine
Install
The following step is needed to install a cfengine client (execute as root user):
| use yum or rpm to install cfengine masterhost from http://mirror.scc.kit.edu/downloads/
|
administrator's script: install.sh
#!/bin/bash# install cfengine clienthost# load parameters from prepare sectioncd `dirname $0`
source prepare.sh#-> start routine# Choose the OS architecture:OS_arch="x86_64" # x86_64 for 64 bit
# OS_arch="i386" # i386 for 32 bitOS="el4" # el5 for SL5
yum -y install cfengine-2.2.9-1.$OS.rf.${OS_arch}
#<- end routine
Configure
Step-by-step instruction to configure the cfengine agent onto the host:
- download the
cf.preconfconfiguration file fromhttp://svn.rz.uni-karlsruhe.de/svn/dgiref/PROD/inputs/cf.preconfor your cfengine server (master host)/etc/cfengine/inputsdirectory into cfengine directory/etc/cfengine/ - change mode for
cf.preconfto executable - run
cfagent -qv --update-onlyto create cfengine clienthost configuration - run
cfagent -qvto execute cfengine clienthost configuration
WARNING: if you have problems with keys, make the key exchange
- copy server public key to client:
scp root@$MASTERHOST:/var/cfengine/ppkeys/localhost.pub root@$CLIENT:/var/cfengine/ppkeys/root-$MASTERHOST.pub
- copy client public key to server:
scp root@$CLIENT:/var/cfengine/ppkeys/localhost.pub root@$MASTERHOST:/var/cfengine/ppkeys/root-$CLIENT.pub
administrator's script: configure.sh
#!/bin/bash# configure cfengine clienthost# Declare the variables section ------------# Please insert your actual configuration# DOMAIN=domain name# MASTERHOST=cfengine masterhost address# from here ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~DOMAIN=fzk.deMASTERHOST=10.0.171.205CLIENT=$(hostname -a)
# till here ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#-> start routine# copy the preconfiguration file from repo to client with update-cfg script:wget -O /var/cfengine/cf.preconf http://svn.rz.uni-karlsruhe.de/svn/dgiref/PROD/inputs/cf.preconf
wget -O /var/cfengine/update-cfg http://svn.rz.uni-karlsruhe.de/svn/dgiref/PROD/update-cfg
chmod +x /var/cfengine/cf.preconf
chmod +x /var/cfengine/update-cfg
echo `sh /var/cfengine/update-cfg /var/cfengine/cf.preconf dgiref-isn01 $MASTERHOST`
echo `sh /var/cfengine/update-cfg /var/cfengine/cf.preconf fzk.de $DOMAIN`
cfagent -qv --update-only
#<- end routine
Proceed
To run cfengine agent, type
-
cfagentor -
cfagent -qvfor verbose mode or -
cfagent -qvKimmediately execute without scheduling.
administrator's script: proceed.sh
#!/bin/bash# proceed cfengine clienthost#-> start routinecfagent -qv#<- end routine
Initial test
Try examining the output:
administrator's script: test.sh
#!/bin/bash# testcfagent -qvK
Update
To update/remove cfengine packages, use:
administrator's script: update.sh
#!/bin/bash# update
