beautypg.com

1 cfengine daemons and commands – HP Linux Server Management Software User Manual

Page 18

background image

appropriate for each group of managed clients. For example, every five minutes, once an
hour, or once a day. The administrator can also invoke cfagent directly for on-demand
synchronization runs.

2.1.1 cfengine Daemons and Commands

cfengine employs several daemons and commands to perform configuration synchronization
operations. The following list describes the primary cfengine components.

cfagent

-- the cfagent command is cfengine’s workhorse. It runs on each managed client,

and bootstraps itself using the file update.conf, which describes the set of files to transfer
from the master server to the local managed client. The files transferred include the main
policy file, cfagent.conf, and any related policy files. In the DSAU implementation,
cfagent.conf

imports the file cf.main which has examples of many cfengine features.

After the configuration files are transferred, cfagent evaluates the configuration instructions
in these files. If the client system’s current configuration deviates from the desired
configuration, cfagent executes the defined actions to return the client to the proper state.

cfservd

-- cfservd daemon has two roles:

— cfservd runs on the master configuration server and is the clearinghouse for file

transfer requests from the managed clients. cfagent on the managed clients contacts
the master server’s cfservd and requests copies of the master policy files and copies
of any reference files that are needed as part of the defined configuration synchronization
operations. The master cfservd is responsible for authenticating remote clients using
a public/private key exchange mechanism and optionally encrypting the files that are
transferred to the managed clients.

— cfservd can optionally run on each managed client in order to process cfrun requests.

cfrun allows the administrator to push changes to the managed clients instead of waiting
for the clients to synchronize using some client-defined time interval. The cfrun
command must be initiated from the master configuration server. It contacts each
managed client listed in the cfrun.hostsfiles and connects to the managed client’s
cfservd asking it to invoke cfagent to perform the synchronization work.

cfservd

is configured using cfservd.conf and started using /etc/init.d/

cfservd

.

cfexecd

-- cfexecd is a scheduling and reporting tool. If the administrator uses cron to

perform synchronization runs at fixed intervals, cfexecd is the command placed in the
crontab

file to wrap the invocation of cfagent. It stores the output of the cfagent run

in the outputs directory (see cfagent.conf for details) and optionally sends email.

cfexecd

has it’s own cron-like features based on cfengine’s time classes. The administrator

can choose to run cfexecd in daemon mode and use it to invoke cfagent at defined
intervals instead of cron. The default is to invoke cfagent every hour. HP recommends
adding an entry for cfexecd in the crontab file for the initial configuration.

cfrun

-- the cfrun command contacts the managed clients asking each to perform an

immediate synchronization run. Specifically, it connects to the optional cfservd on each
managed client which in turn launches cfagent.

Figure 2-1: “cfengine Overview”

illustrates the relationship of the cfengine commands and

daemons, and shows an example of the administrator using cfrun. The dashed lines in the
diagram indicate calling sequences (for example, A calls B). Solid lines indicate that data is being
read from configuration files.

18

Configuration Synchronization