09 Apr 2013

Configuring CFEngine

4:24 PM MongoDB 0 Comment

Installing and Configuring CFEngine

Description: CFEngine is a distributed solution that is completely independent of host operating systems, network topology or system processes. You describe the ideal state of a given system by creating promises and the CFEngine agent ensures that the necessary steps are taken to achieve this state. Automation in CFEngine is executed through a series of components that run locally on all managed nodes.

CFEngine Components – What Are they and How Do They Work?

The power behind CFEngine lies in its components and the scripting language used to interact with them. Once you know the scripting language, you can clearly and specifically express your desired end state, allowing CFEngine to achieve your goals with precision. There are a number of components in CFEngine, with each component performing a unique function.

  • cf-agent – Active agent
  • cf-execd – Cfengine Executor / Scheduler
  • cf-know – Knowledge modeling agent
  • cf-monitord – Passive monitoring agent
  • cf-promises – Promise validator
  • cf-runagent – Remote run agent
  • cf-serverd – Cfengine Server
  • cf-report – Self-knowledge extractor
  • cf-key – Key generation tool
  • cf-hub – Data aggregator

cf-agent (Active agent):

Active agent – responsible for maintaining promises about the state of your system . You can run cf-agent manually, but if you want to have it run on a regular basis, you should use cf-execd (instead of using cron). cf-agent keeps the promises made in common and agent bundles, and is affected by common and agent control bodies.

cf-execd (Cfengine Executor / Scheduler):

Scheduler – responsible for running cf-agent on a regular (and user-configurable) basis (in CFEngine 2 the scheduler was called cfexecd). EXECUTOR cf-execd keeps the promises made in common bundles, and is affected by common and executor control bodies.

cf-know (Knowledge modeling agent):

Knowledge modelling agent – responsible for building and analysing a semantic knowledge network. cf-know keeps the promises made in common and knowledge bundles, and is affected by common and knowledge control bodies.

cf-monitord (Passive monitoring agent):

Passive monitoring agent – responsible for collecting information about the status of your system (which can be reported upon or used to enforce promises or influence when promises are enforced). In CFEngine 2 the passive monitoring agent was known as cfenvd. cf-monitord keeps the promises made in common and monitor bundles, and is affected by common and monitor control bodies.

cf-promises (Promise validator):

Promise validator – used to verify that the promises used by the other components of CFEngine are syntactically valid. cf-promises does not execute any promises, but can syntax-check all of them.

cf-runagent (Remote run agent):

Remote run agent – used to execute cf-agent on a remote machine (in CFEngine 2 the remote run agent was called cfrun). cf-runagent does not keep any promises, but instead is used to ask another machine to do so

cf-serverd (Cfengine Server):

Server – used to distribute policy and/or data files to clients requesting them and used to respond to requests from cf-runagent (in CFEngine 2 the remote run agent was called cfservd). cf-serverd keeps the promises made in common and server bundles, and is affected by common and server control bodies.

cf-report (Self-knowledge extractor):

Self-knowledge extractor – takes data stored in CFEngine’s embedded databases and converts them to human readable form cf-report keeps the promises made in common bundles, and is affected by common and reporter control bodies.

cf-key (Key generation tool):

Key generation tool – run once on every host to create public/private key pairs for secure communication (in CFEngine 2 the key generation tool was called cfkey). cf-key does not keep any promises.

cf-hub (Data aggregator):

A data aggregator used as part of the commercial product. This stub is not used in the community edition of CFEngine.
Checkpoint:

  • CFEngine uses agents and language to perform automation and configuration tasks
  • Instructions written in CFEngine syntax are known as promises
  • One or more related promises can be written into a text file known as a policy
  • The promise.cf file references policy files that each system will run in order to perform local automation, configuration and security tasks
  • CFEngine maintains a desired system state on networked systems by utilizing client initiated pull technology; changes are never pushed or forced
  • Networked CFEngine clients will check its policy server/hub in order pull new policy changes when they are updated
  • The cf-agent process verifies the promises.cf file, then applies the policies to ensure that all promises are being kept
  • The cf-execd daemon starts cf-agent process on a regular intervals
  • The cf-serverd runs on a hub or server and allows client systems to retrieve policy changes and files

CFEngine File Structure:

  • /var/cfengine/bin – Cfengine 3 binaries
  • /var/cfengine/inputs – Main configuration files of Cfengine 3
  • /var/cfengine/lastseen – Contains records of last-seen agents
  • /var/cfengine/masterfiles – Master files on the server, that agents will request from the server
  • /var/cfengine/modules – Contains additional variables and classes definition based on user-defined code
  • /var/cfengine/outputs – Contains reports of previous runs of cf-agent(8)
  • /var/cfengine/ppkeys – Stores the authentication keys
  • /var/cfengine/reports – The output directory used by cf-report(8)
  • /var/cfengine/state – Directory containing the various states of promises

Installation:

1. Install the required packages

2. Configure the CFEngine locations

3. Server Configuration file — Example

4. Configuring CFAgent

5. Configuring Hosts information in the server

6. Installing the clients

7. Configuring clients

8.Configuring cfservd.conf for clients

9. Restart the CFEngine in both server and client

Leave a Reply