Automate Linux Configuration with cfengine
Configuration For Everybody
As your Linux/Unix network grows, you're probably going to get tired of running around to individual machines to do updates and fixes, unless it's part of your fitness program. My ideal sysadmin scenario is rather like Dr. Evil's submarine lair: lounge about with a cat on my lap, occasionally pushing a button. Only I have no grand ambitions to conquer the world; I just don't like doing my modest chores the hard way. Cfengine (Configuration engine) is just the tool for streamlining hardworking system and network administrator's lives.
Cfengine is great for all Linux/Unix systems--no more do you have to choose between scripting for portability or writing mounds of specialized scripts, because cfengine automates administration chores across a mixed *nix environment. The larger your network grows, the more you'll like cfengine. Cfengine has two primary uses:
- Pushing out changes to all hosts on a network, regardless of operating system or hardware configuration.
- Automatically keeping all systems in a correct, stable state.
Those of you who are daring and bold can even use cfengine to edit the Windows Registry, and maintain Windows hosts just like your *nix hosts. I am not quite so bold, and will talk about *nix systems only.
Some of the things that cfengine does are keep junk files cleaned off systems, maintain correct file ownership and permissions, create and maintain symbolic links (quite handy for creating uniform file locations across diverse systems), and keep network interfaces configured correctly. It uses a class structure, which means you're not faced with creating individual configurations for every host on your network, but for clumps of machines, categorized in whatever way makes sense for you--operating system, server type, any kind of characteristic that cfengine can be configured to recognize. (This will be covered in more detail in Part 2.)
The cfengine documentation is voluminous and detailed; it installs locally under
/usr/share/doc/cfengine/. We'll walk through a simple setup and configuration step-by-step on just the server; next week we'll add clients. Be sure to install cfengine 2.x, as it is greatly improved over 1.x. You'll find it in RPM packages, Debian repositories, and the usual source tarballs. On Debian the documentation is in a separate
cfengine2-doc package. Eventually cfengine needs to be installed on all hosts, but for now we'll just play with the server.
Make sure none of the cfengine daemons are running; for now we'll stick to manual testing. We'll create the necessary cfengine server configuration files, then test our configurations locally.