Back to article
Automate Linux Configuration with cfengine
Configuration For Everybody
September 7, 2005
As your Linux/Unix network grows, you're probably going to get tired of running around to individual machines to do updates and fixes, unless it's part of your fitness program. My ideal sysadmin scenario is rather like Dr. Evil's submarine lair: lounge about with a cat on my lap, occasionally pushing a button. Only I have no grand ambitions to conquer the world; I just don't like doing my modest chores the hard way. Cfengine (Configuration engine) is just the tool for streamlining hardworking system and network administrator's lives.
Cfengine is great for all Linux/Unix systems--no more do you have to choose between scripting for portability or writing mounds of specialized scripts, because cfengine automates administration chores across a mixed *nix environment. The larger your network grows, the more you'll like cfengine. Cfengine has two primary uses:
Those of you who are daring and bold can even use cfengine to edit the Windows Registry, and maintain Windows hosts just like your *nix hosts. I am not quite so bold, and will talk about *nix systems only.
Some of the things that cfengine does are keep junk files cleaned off systems, maintain correct file ownership and permissions, create and maintain symbolic links (quite handy for creating uniform file locations across diverse systems), and keep network interfaces configured correctly. It uses a class structure, which means you're not faced with creating individual configurations for every host on your network, but for clumps of machines, categorized in whatever way makes sense for you--operating system, server type, any kind of characteristic that cfengine can be configured to recognize. (This will be covered in more detail in Part 2.)
The cfengine documentation is voluminous and detailed; it installs locally under
Make sure none of the cfengine daemons are running; for now we'll stick to manual testing. We'll create the necessary cfengine server configuration files, then test our configurations locally.