Administrating network of multiple machines running the same type of tasks, sooner or later beginning to think about automatism it's configuration and management. Programs like dssh and rsync in this case will help only partially, forcing to perform the big amount of work by hand. However, there is a tool that can automate most of the administrative functions and make a network of servers to self-adjust to the intellectual infrastructure.

CFEngine (ConFiguration Engine) - one of the oldest and most powerful administration tools that allows you to manage computer network automatically with minimal amount of manual work. Through rules CFEngine administrator can describe the condition in which system should be on one or griup of computers in the network, at a certain time or under certain conditions. Deviation from this condition will result in corrective action.

CFEngine allows to control many aspects of the system, including the editing of files, starting/stopping services, installation/un-installation of applications, network settings and much, much more.

Installation

CFEngine of version 3 is available in almost all UNIX-like operating systems and Linux-based distributions, so get and install it will not be difficult. For example, to install it on Ubuntu is enough to execute a single command:

# Sudo apt-get install cfengine3

CFEngine package consists of three key components:

Server (cfservd)
Client (cfagent)
Scheduler (cfexecd)

Server (cfservd) - the central part of the software complex, that takes customer requests and sends them instructions for changing the configuration of machines.

Client (cfagent) - installed on all managed machines. It's task - to connect to a server and receive configuration files containing execution code of the instructions (modifying system files, installing software, running servers, etc.).

Scheduler (cfexecd) - responsible for running the agent on the client machine. It's task - to run an agent at regular intervals with sending diagnostic messages to the administrator.

Promises CFEngine agent management is performed by the rules(promises) described in the configuration files. Modifying it, the administrator can change many aspects of the system, including:

Check and change the permissions and ownership of files.
Editing files.
Compression, deletion, and other file manipulations.
Remote execution of commands.
Restarting the crashed daemons.
Installation of the software, including security and system updates.
Configuring network interfaces and routing tables.
Configuration files(promises) are a kind of scripts with high level descriptive language, on that agent receives information about what action he should take to the configuration of the target machine. A key feature of this script is that it is focused on getting the same results on all configured machines without the need to draw up a separate script for each of them.

Actually the rules in Cfengine can consist of four components - the type, class, object (promiser) and attributes:

> > type: > class:: > "promiser" -> { "promisee1", "promisee2", ... } > attribute_1 => value_1, > … > attribute_2 => value_n. > >

Not all elements are employed in the rules, some implicit elements comprise instructions that may be omitted. Type field indicates the type of operation, that is usually what needs to be done. Depending on the type of system can be used one of the following classes:

any rule - var (variables), class (class, showing the state of the system), reports;
only agents - commands, databases, files (the creation and filling of the file, set attributes), interfaces (configuration of network interfaces), packages (package installation), storage (check the mapped drive), methods (treatment of other regulations);
other components - access (access to objects in the cf-serverd), measurements (data selection for the report or monitoring in Cfengine Nova), roles (authorization activation of individual classes run remotely via cf-agent cf-serverd), topics (Association named when running cf-know) and occurrences (reference to a resource on the cf-know).

CFEngine make possible of full control of computer system, spreading the changes, setting updates, producing and receiving monitoring reports. At first look Cfengine seems to be complex and confusing system, but in fact it is not. After experimenting for several days everything can be sorted out with its features and capabilities.

Reference

Learning CFEngine 3 - O'Reilly Media - https://docs.google.com/file/d/0B52Wm9eu8cCGdDlpXzA2QkRkOTA/edit?usp=sharing

Comments