[[cfengine3]]
Trace:
Show pageOld revisions
AdminRecent ChangesSitemap

* ancien site

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
docpublic:systemes:linux:cfengine3 [2013/07/19 13:03]
PROCACCIA [bundlesequence] 		docpublic:systemes:linux:cfengine3 [2013/12/24 15:14] (current)
procacci@tem-tsp.eu [references]
Line 18: Line 18:
   * http://pix-mania.dyndns.org/mediawiki/index.php/Cfengine_-_tutoriels   * http://pix-mania.dyndns.org/mediawiki/index.php/Cfengine_-_tutoriels
   * http://www.k-tux.com/cfengine-cet-outil-qui-facilite-la-vie-des-asr/2   * http://www.k-tux.com/cfengine-cet-outil-qui-facilite-la-vie-des-asr/2
 +  * https://cfengine.com/blog/ten-reasons-for-5-minute-configuration-repair
 ===== install server ===== ===== install server =====
  
Line 93: Line 94:
 ===== install client ===== ===== install client =====
  
-here we install manually cfengine package on the client (next we'll do it automatically via cobbler)+here we install manually cfengine package on the client (next we'll do it  [[.:cfengine3&#bootstrap_cfengine_from_cobbler|automatically via cobbler)]]
  
 <code> <code>
Line 318: Line 319:
  
 ==== bundlesequence ==== ==== bundlesequence ====
-finally we need to tell cfengine server bundlesequance to use our promises above through promises.cf file+finally we need to tell cfengine server bundlesequence to use our promises above through promises.cf file
  
 <code> <code>
Line 385: Line 386:
  
 <code> <code>
-copy_from => secure_cp("/var/cfengine/master_disi_files/fedora19/sssd.conf","cfengine3.int-evry.fr"),+copy_from => secure_cp("/var/cfengine/master_disi_files/fedora19/sssd.conf","cfengine.int-evry.fr"),
 </code> </code>
  /var/cfengine/master_disi_files/ beeing create by ourself, cfengine needs to allow acces to that directory tree from its def.cf global vars:  /var/cfengine/master_disi_files/ beeing create by ourself, cfengine needs to allow acces to that directory tree from its def.cf global vars:
Line 396: Line 397:
 </code> </code>
  
 +Now that "$(sys.workdir)/master_disi_files" is a defined variable, we can use it in the acces rules of cf_served :
 +<code>
 +[root@cfengine3 masterfiles]# vim controls/cf_serverd.cf 
 +bundle server access_rules()
 +{
 + access:
 +  any::
 +  # disi
 +   "$(def.dir_master_disi_files)"
 +       handle => "server_access_rule_grant_access_disi_policy",
 +      comment => "Grant access to the policy disi updates",
 +        admit => { ".*\.$(def.domain)", @(def.acl) };
 +</code>
  
 otherwise you get an error on the client telling you  otherwise you get an error on the client telling you 
Line 404: Line 418:
 </code> </code>
  
 +==== secure_cp ====
  
 +I first used remote_cp instaed of secure_cp to ciopy files, howerver when the file changed on the server it wasn't replaced on the client because it was more recent !
 +
 +indeed from libraries/cfengine_stdlib.cf we can read the definitions :
 +
 +<code>
 +body copy_from secure_cp(from,server)
 +{
 +source      => "$(from)";
 +servers     => { "$(server)" };
 +compare     => "digest";
 +encrypt     => "true";
 +verify      => "true";
 +}
 +
 +##
 +
 +body copy_from remote_cp(from,server)
 +{
 +servers     => { "$(server)" };
 +source      => "$(from)";
 +compare     => "mtime";
 +}
 +</code>
 +
 +and from https://cfengine.com/docs/3.5/reference-promise-types-files.html reference we learn that what we needed was a compare based on digest and not mtime in our case !
 +
 +
 +===== bootstrap cfengine from cobbler =====
 +
 +we use cobbler to install +100 stations (fedora) via PXEboot + kickstart.
 +in order to fully automate the install + configuration of those stations we need to tell cobbler in its post install process to install cfengine and bootstrap the client station on the cfengine server
 +
 +reference
 +
 +  * https://lists.fedorahosted.org/pipermail/cobbler/2011-July/006553.html
 +  * https://groups.google.com/forum/?fromgroups&hl=en#!topic/help-cfengine/bQRv0vHpWLs
 +
 +in our kickstart template we call 2 snippets to do the job
 +<code>
 +[root@cobbler2 cobbler]# grep disi kickstarts/basef19.ks
 +$SNIPPET('disi_post_install_packages')
 +$SNIPPET('disi_cfengine_bootstrap')
 +</code>
 +
 +those snippet repectlively install cfengine and then bootstrap the client the easy way since the version 3.2.0, if you are willing to automatically accept keys from the clients , cf http://blog.normation.com/en/2012/01/03/interactive-key-exchange-with-cfengine/
 +
 +<code>
 +[root@cobbler2 snippets]# cat disi_post_install_packages
 +yum -y install cfengine-community
 +yum -y install autofs
 +
 +[root@cobbler2 snippets]# cat disi_cfengine_bootstrap
 +# start cfengine3 registration 
 +/var/cfengine/bin/cf-agent -B --policy-server 157.157.211.144 > /root/disi_cfengine3_bootstraped.txt
 +# end cfengine3 registration
 +</code>
docpublic/systemes/linux/cfengine3.1374239003.txt.gz ยท Last modified: 2013/07/19 13:03 by PROCACCIA
Show pageOld revisions
[unknown link type]Back to top
CC Attribution-Noncommercial-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0