Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
Distributed Systems Administration Utilities User's Guide > Chapter 2 Configuration Synchronization

cfengine Overview


Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

The administrator starts by defining a central system or Serviceguard cluster to act as the master configuration server or policy server. The Configuration Synchronization Wizard (csync_wizard) is a user-friendly front-end to the initial configuration process. This central system will house the master policy files (for example, cfagent.conf) which define the desired configuration policies, and also reference copies or master copies of files that should be distributed to the managed clients.

Each managed client copies down the master copies of the policy files from the central configuration server and evaluates its current state versus the desired state defined by the policy file. Any differences cause configurations rules to run in order to resynchronize the client. The administrator can initiate synchronization operations on the managed clients in two ways, using either a push or a pull operation.

  • Using the cfrun command (see the cfrun(1) manpage for more information) from the master configuration server, the administrator can push changes. cfrun reads the file cfrun.hosts to determine the list of managed clients. It then invokes the cfagent command on each managed client to perform a synchronization run. Thus, push operations are really requests to the managed clients to perform an immediate pull.

  • Pull operations are performed using cron or cfengine’s own cron-like cfexecd daemon. Either technique invokes the cfagent command at fixed intervals in order to perform client-initiated configuration synchronization. The administrator defines what interval is appropriate for each group of managed clients. For example, every five minutes, once an hour, or once a day. The administrator can also invoke cfagent directly for on-demand synchronization runs.

cfengine Daemons and Commands

cfengine employs several daemons and commands to perform configuration synchronization operations. The following list describes the primary cfengine components.

  • cfagent -- the cfagent command is cfengine’s workhorse. It runs on each managed client, and bootstraps itself using the file update.conf, which describes the set of files to transfer from the master server to the local managed client. The files transferred include the main policy file, cfagent.conf, and any related policy files. In the DSAU implementation, cfagent.conf imports the file cf.main which has examples of many cfengine features.

    After the configuration files are transferred, cfagent evaluates the configuration instructions in these files. If the client system’s current configuration deviates from the desired configuration, cfagent executes the defined actions to return the client to the proper state.

  • cfservd -- cfservd daemon has two roles:

    • cfservd runs on the master configuration server and is the clearinghouse for file transfer requests from the managed clients. cfagent on the managed clients contacts the master server’s cfservd and requests copies of the master policy files and copies of any reference files that are needed as part of the defined configuration synchronization operations. The master cfservd is responsible for authenticating remote clients using a public/private key exchange mechanism and optionally encrypting the files that are transferred to the managed clients.

    • cfservd can optionally run on each managed client in order to process cfrun requests. cfrun allows the administrator to push changes to the managed clients instead of waiting for the clients to synchronize using some client-defined time interval. The cfrun command must be initiated from the master configuration server. It contacts each managed client listed in the cfrun.hostsfiles and connects to the managed client’s cfservd asking it to invoke cfagent to perform the synchronization work.

      cfservd is configured using cfservd.conf and started using /sbin/init.d/cfservd.

  • cfexecd -- cfexecd is a scheduling and reporting tool. If the administrator uses cron to perform synchronization runs at fixed intervals, cfexecd is the command placed in the crontab file to wrap the invocation of cfagent. It stores the output of the cfagent run in the outputs directory (see cfagent.conf for details) and optionally sends email.

    cfexecd has it’s own cron-like features based on cfengine’s time classes. The administrator can choose to run cfexecd in daemon mode and use it to invoke cfagent at defined intervals instead of cron. The default is to invoke cfagent every hour. HP recommends adding an entry for cfexecd in the crontab file for the initial configuration.

  • cfrun -- the cfrun command contacts the managed clients asking each to perform an immediate synchronization run. Specifically, it connects to the optional cfservd on each managed client which in turn launches cfagent.

Figure 2-1: “cfengine Overview” illustrates the relationship of the cfengine commands and daemons, and shows an example of the administrator using cfrun. The dashed lines in the diagram indicate calling sequences (for example, A calls B). Solid lines indicate that data is being read from configuration files.

Figure 2-1 cfengine Overview

cfengine Overview

  1. The administrator is logged into the master configuration synchronization server and makes a change to be propagated out to the managed clients, using the cfrun command. cfrun checks the file cfrun.hosts for the list of managed clients. Note that the master server can be a client of itself. In this diagram, there are two clients, the master server and a remote client.

  2. cfrun contacts cfservd on each managed client, which in turn invokes cfagent.

  3. cfagent first checks the master server for an updated copy of theupdate.conf file and transfers it to the client if needed.

  4. If a standalone system is the master server, by default the master copy of update.conf is located in /var/opt/dsau/cfengine_master/inputs/. The master copies of other configuration files such as cfagent.conf, cfservd.conf, cf.main, and cfrun.hosts are also located here. If the master server is a Serviceguard cluster, the master configuration files are located in the mount point associated with the package. For example, if this mount point is named csync, the path would be /csync/dsau/cfengine_master/inputs.

  5. When copying the configuration files to the local system, cfagent places them in /var/opt/dsau/cfengine/inputs for both standalone systems and clusters. cfagent first evaluates the contents of update.conf in order to update any changed cfengine binaries (if any) and gets the latest version of the policy files (cfagent.conf and related files).

    cfagent then evaluates cfagent.conf to determine if the client is in the desired state. If there are deltas, cfagent performs the defined actions to correct the client’s configuration.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© Hewlett-Packard Development Company, L.P.