Managing the network with Cfengine
Now that your Cfengine framework is configured, here are a few ideas for continued improvements:
- Centralize periodically executed jobs
- Integrate the monitoring and deployment systems by having cf-agent automatically configure monitors
- Integrate your backup system with your deployment system
- Make sure all of your nodes are configured to log centrally
The more functionality you bring within Cfengine's realm, the easier it will be to bring new services online and to recover from problems such as hardware failures or security compromises. Because you can code all the rules on how to create a node of type X in a machine-executable language, all you need to do is prepare a fresh base OS install, then install Cfengine and let it rebuild your replacement node for you.
Read full article as PDF:Cfengine.pdf (463.98 kB)
reply to pghpeteThere is no package named flex-devel in RHEL/CentOS 5.4, although there should be. Instead, libfl.a is part of the flex package, so you cannot crosscompile. I found this attempting to compile the latest setkey (ipsec-tools) for i386 on an x86_64 host.
Can't believe the trouble...I can't believe the trouble I was having getting ver 3.0.3 of cfengine installed on either RHEL 5.4 or CentOS 5.4... as it turns out, it's still a personal problem. Argh. What an inept bum I am today... forgot cardinal rule number 1, read the INSTALL file and install all dependencies it asks for. Which, were surprisingly extensive...
'yum install openssl openssl-devel db4 db4-deve flex flex-devel bison bison-devel pcre pcre-devel'
Then your './configure && make && make install' should run without issues on either distro.
Many issues while trying to follow your articleI read your article and enjoyed it. Thank you. I ran into a few problems so I figured I would comment for the benefit of others who may encounter the same issues. ** Long story short: compile and install from source if you want to follow this articles instructions... for details keep reading **
I decided to use a package utility instead of compiling the source.
'yum install cfengine' worked without incident
'yum install cfengine' reports package not found, nothing to do.
I thought this was quite strange since CentOS, from my knowledge, is near identical to RHEL 5.4 ( including their repository content)
Apparently, you have to install rpmforge just to get the package for CentOS 5.4. Here is what I did to accomplish that...
'rpm -Uvh rpmforge-release-0.5.1-1.e15.rf.i386.rpm'
(as rpmrepo.net/RPMforge instructs)
After that a 'yum install cfengine' worked without incident. At this point I figured my troubles where over,... nope!
While trying to follow your "Hello, World" instructions, I couldn't figure out why there was no command cf-key, or cf-agent on my systems... a quick 'man cfengine' showed me why... ah... it's cfkey and cfagent. I figured it was just the authors typo(s). Then, the files and directories that I was directed to create/alter were not on my systems either. Hum... strange. I was about to give up but then I ran 'rpm -q cfengine' on both systems and had my "Ah ha" moment... both of my test distros are Enterprise OS systems and therefore, their package versions are way behind the most recent versions of anything. I totally missed the first sentence of paragraph two in which Mr. Strejcek states clearly, "To show what is possible with Cfengine 3,..."
I can't believe I missed that! I had ton of problems, but they were all self-inflicted wounds. Had I just caught that line... aw well.
Version 16 of the popular Linux desktop reveals new tools, edge-snapping, and performance improvements.
Symantec says Linux-Darlioz burrows in through PHP.
Dell renews its quest for the ultimate developer machine.
Innovative back door looks like normal SSH traffic.
One of CeBITs most successful forums opens the new year with a new name. The popular Open Source Forum continues in 2014 under the name Special Conference: Open Source. This year, the forum will be bigger and offer a wider range of possibilities for sponsors.
New release offers better graphics drivers and expands filesystem support.
New mail protocol will shut out the NSA and prevent snooping on metadata.
A new web application helps users visualize distributed denial-of-service attacks.
Ubuntu 13.10 takes a step toward convergence, with lots of mobility, but Mir only partly here.
Galileo board is targeted to embedded developers and educational institutions.