tutor:Cfengine
From Dgiref
usefull commands
- establish a public-private key pair
cfkey - all of the classes defined on a particular host
cfagent -p -v - debugging with signals
cfagent -d2
cfagent <options>
The command line options are
- -a (--sysadm)
- Print only the name of the system administrator then quit.
- -A (--auto)
- Can be used to signify an automatic run of cfengine, as opposed to a manual run. The distinction is not predetermined. Use of this option currently causes cfengine to ignore locks. This option is reserved for future development.
- -b (--force-net-copy)
- Normally cfengine detects attempts to copy from a server via the network that will loop back to the localhost. It then avoids using the network to make the copy. This option forces cfengine to copy using the network. Yes, someone thinks this is useful!
- -c (--no-check-files)
- Do not check file systems for ownership / permissions etc.
- -C (--no-check-mounts)
- Check mount points for consistency. If this option is specified then directories which lie in the “mount point” area are checked to see whether there is anything mounted on them. Normally this is off since not all machines use mounted file systems in the same way. e.g. HPUX does not generally operate with partitions, but nevertheless one might wish to mimick a partition-like environment there, but it would be irritating to be informed that nothing was mounted on the mount point.
- -d (--debug)
- Enable debugging output. Normally you will want to send this to a file using the shell script command or a pipe. -d1 shows only parsing output. -d2 shows only runtime action output. -d0 shows both levels. Debugging ouput is intended mainly for the author's convenience and is not a supported feature. The details of this output may change at any time.
- -D (--define)
- Define a compound class symbol of the form alpha.beta.gamma.
- -e (--no-edits)
- Suppress file editing.
- -E (--enforce-links)
- Globally force links to be created where plain files or links already exist. Since this option is a big hammer, you have to use it in interactive mode and answer a yes/no query before cfengine will run like this.
- -f (--file)
- Parse filename after this switch. By default cfengine looks for a file called cfengine.conf in the current directory.
- -h (--help)
- Help information. Display version banner and options summary.
- -H (--no-hard-classes)
- Prevents cfengine from generating any built-in class name information. Can be used for emulation purposes.
- -i (--no-ifconfig)
- Do not attempt to configure the local area network interface.
- -I (--inform)
- Switches on the inform output level, whereby cfengine reports everything it changes..
- -k (--no-copy)
- Do not copy/image any files.
- -K (--no-lock)
- Ignore locks when running.
- -l (--traverse-links)
- Normally cfengine does not follow symbolic links when recursively parsing directories. This option will force it to do so.
- -L (--delete-stale-links)
- Delete links which do not point to existing files (except in user home directories, which are not touched).
- -m (--no-mount)
- Do not attempt to mount file systems or edit the filesystem table.
- -M (--no-modules)
- Ignore modules in actionsequence.
- -n (--recon,--dry-run,--just-print)
- No action. Only print what has to be done without actually doing it.
- -N (--negate,--undefine)
- Cancel a set of classes, or undefine (set value to false) a compound class of the form alpha.beta.gamma.
- -p (--parse-only)
- Parse file and then stop. Used for checking the syntax of a program. You do not have to be superuser to use this option.
- -P (--no-processes)
- Do not execute the processes action.
- -q (--no-splay)
- Switch off host splaying (sleeping).
- -Q (--quert)
- Query the values of the comma separated list of variable names.
- -s (--no-commands)
- Do not execute scripts or shell commands.
- -S (--silent)
- Silence run time warnings.
- -t (--no-tidy)
- Do not tidy file systems.
- -u (--use-env)
- Causes cfengine to generate an environment variable `CFALLCLASSES' which can be read by child processes (scripts). This variable contains a summary of all the currently defined classes at any given time. This option causes some System V systems to generate a Bus Error or segmentation fault. The same information is available from the cfengine built-in variable $(allclasses) and can be passed as a parameter to scripts. When this variable grows too large for embedding one can also access a complete list of current classes in /var/cfengine/state/allclasses.
- -U (--underscore-classes)
- When this option is set, cfengine adds an underscore to the beginning of the hard system classes (like _sun4, _linux etc. The longer compound classes are not underscored, since these are already complex and would unlikely result in collisions.) This can be used to avoid naming conflicts if you are so unjudicious as to name a host by the name of a hard class. Other classes are not affected.
- -v (--verbose)
- Verbose mode. Prints detailed information about actions and state.
- -V (--version)
- Print only the version string and then quit.
- -x (--no-preconf)
- Do not execute the cf.preconf net configuration file.
- -X (--no-links)
- Do not execute the links section of a program.
- -w (--no-warn,--quiet)
- Do not print warning messages.
- -z (--schedule)
- Print the exec schedule for the LAN (used by cfexecd).
cfshow <options>
The command line options are
- -a --active
- prints a list of any currently active locks, i.e. tasks that cfengine believes it is currently enagaged in.
- -A --audit
- prints a history of cfengine's behaviour collected if the Auditing variable is true, See Auditing. The audit data are best viewed in html or parsed with xml, using the --html and --xml options.
- -c --checksum
- lists all of the files and their current checksum values in the current checksum database.
- -C --classes
- lists all of the classes that have been used on the system over the past year, with frequency probabilities to show their relative occurrance rates and last observed times.
- -H --html
- generate output in web browser-friendly html.
- -l --locks
- prints a list of the locks and the last times an active lock was secured for each cfengine acivity. This list is potentially very long.
- -s --last-seen
- lists the IP addresses of all known peers and the times they were last engaged in communication with the current host. The expected interval between communications is also printed. See FriendStatus. The output format is in a form that can easily be parsed by user scripts. e.g.
IP + 192.168.1.101 192.168.1.101 [Tue Jan 23 16:13] not seen for (6.42) hrs, Av 0.02 +/- 0.01 hrs
IP - 192.168.1.101 192.168.1.101 [Tue Jan 23 16:13] not seen for (6.42) hrs, Av 0.02 +/- 0.01 hrs
Lines marked with a + represent successful attempts made by cfagent on the current host to connect to another host.
Lines with a - are connections attempted (but not necessarily succeeded) into cfservd from another host's cfagent or cfrun.
- -r --regex regex
- search the cfengine policy file (e.g. cfagent.conf) for rules that belong to classes matching the named regular expression. Note that the class "any" is not automatically matched and the search is based on the class text from the file. The output is not related to which classes are currently defined.
- -s --performance
- shows the time in seconds required to complete copies and shell executions.
(0.00 mins Tue Feb 13 19:05) Av 0.00 +/- 0.00 for Copy(localhost:/usr/local/sbin/cfagent > /var/cfengine/bin/cfagent)
(0.00 mins Tue Feb 13 19:05) Av 0.00 +/- 0.00 for Copy(localhost:/usr/local/sbin/cfenvd > /var/cfengine/bin/cfenvd)
(0.02 mins Tue Feb 13 19:05) Av 0.02 +/- 0.00 for Copy(localhost:/usr/local/sbin/cfexecd > /var/cfengine/bin/cfexecd)
(0.00 mins Tue Feb 13 19:05) Av 0.00 +/- 0.00 for Copy(localhost:/usr/local/sbin/cfservd > /var/cfengine/bin/cfservd)
(6.41 mins Tue Feb 13 18:50) Av 0.00 +/- 0.00 for Exec(/usr/bin/updatedb --prunepaths=/media)
(0.00 mins Tue Feb 13 19:05) Av 0.00 +/- 0.00 for Exec(/usr/sbin/ntpdate 128.39.74.16 > /dev/null)
- -X --xml
- generate output in xml for parsing by scripts etc.
