2 configuration synchronization, 1 cfengine overview, Chapter 2 – HP Linux Server Management Software User Manual
Page 17
2 Configuration Synchronization
Managing the configuration and configuration drift of a set of distributed systems is a constant
challenge for system administrators. There are a variety of tools available to help manage various
aspects of multi-system configuration management. For example, for account management,
standard solutions include the Network Information System (NIS) and Lightweight Directory
Access Protocol (LDAP). For file level synchronization, tools like rdist (see the rdist(1) manpage)
and rsync are available. HP Systems Insight Manager helps to discover, monitor and manage
groups of systems.
A new tool in this toolkit is Configuration Engine (cfengine). cfengine is a popular open source
tool for configuration synchronization. It allows policy-based or goal-based configuration
management that allows the administrator to define the management actions to be applied to
groups of systems so those systems reach a desired state.
cfengine is a client/server based tool. A central configuration master system or policy server hosts
a configuration policy file which defines the management actions to be performed on each
managed client. The configuration master also hosts the “golden image” files, or reference copies
of files that should be distributed to the clients. The administrator can use cfengine to perform
tasks such as:
•
Ensure that client systems are using a correct set of configuration files by copying over
reference files or directories.
•
Disable inappropriately configured files on the client.
•
Check file permissions, ownership, and track checksum changes.
•
Edit files.
•
Execute specified shell commands on each client.
•
Check for processes or signal processes.
•
Check for specific filesystem mounts.
A Configuration Synchronization Wizard (csync_wizard) is available to help the administrator
quickly configure cfengine for managing a set of distributed systems or configuring it as a highly
available service in a Serviceguard cluster.
2.1 cfengine Overview
The administrator starts by defining a central system or Serviceguard cluster to act as the master
configuration server or policy server. The Configuration Synchronization Wizard (csync_wizard)
is a user-friendly front-end to the initial configuration process. This central system will house
the master policy files (for example, cfagent.conf) which define the desired configuration
policies, and also reference copies or master copies of files that should be distributed to the
managed clients.
Each managed client copies down the master copies of the policy files from the central
configuration server and evaluates its current state versus the desired state defined by the policy
file. Any differences cause configurations rules to run in order to resynchronize the client. The
administrator can initiate synchronization operations on the managed clients in two ways, using
either a push or a pull operation.
•
Using the cfrun command (see the cfrun(1) manpage for more information) from the master
configuration server, the administrator can push changes. cfrun reads the file cfrun.hosts
to determine the list of managed clients. It then invokes the cfagent command on each
managed client to perform a synchronization run. Thus, push operations are really requests
to the managed clients to perform an immediate pull.
•
Pull operations are performed using cron or cfengine’s own cron-like cfexecd daemon.
Either technique invokes the cfagent command at fixed intervals in order to perform
client-initiated configuration synchronization. The administrator defines what interval is
2.1 cfengine Overview
17