您所在的位置: &
使用cfengine来实现服务器的自动化配置
使用cfengine来实现服务器的自动化配置
我最近使用的一个软件cfengine,如果说nagios主要是监控的监(监视)的话,那么cfengine则着重于控。很遗憾国内相关的文章很少,我就自己尝试写了这篇,希望得到大家的建议。
【独家特稿】之前我写了一篇nagios监控软件的文章,得到大家的关注,能够将自己的知识分享给大家确实十分高兴。这篇文章是我最近使用的一个软件cfengine,如果说nagios主要是监控的监(监视)的话,那么cfengine则着重于控。很遗憾国内相关的文章很少,我就自己尝试写了这篇,希望得到大家的建议。
一、概述二、工作环境
三、理论知识(一)cfengine的程序结构及配置文件(二)cfengine的工作方式
四、配置过程
(一)下载***(二) 准备工作 (三)工作方式二
1.对服务器端进行配置2.对客户端进行配置3.设为开机启动4.排错:5.新加入一台客户机
(四)工作方式一
1.配置客户机上的cfservd.conf2.编辑服务器上的cfrun.hosts客户端列表3.在服务器上运行cfrun4.注意:
正文内容:
cfengine是一个功能强大的自动化系统管理工具.引用其官网的说法"cfengine是一种 UNIX 管理工具,其目的是使简单的管理的任务自动化,使困难的任务变得较容易。它的目标是使系统从任何状态收敛到一种理想状态。依照它的作者 Mark Burgess 所说,cfengine 总是使您的系统更接近于您所定义的配置; 它决不会使系统变得更糟。
“确实十分的拗口,也难以理解.简单的跟大家说说我的理解,很简单,就是你想你的系统应该是十分样子,你就可以使用cfengine来实现,它可以保证你的系统总是维持你所希望的那个状态。也就是说有黑客进来了修改了某个重要的配置文件的内容或者权限,也会被cfengine自动修复!
还有一种经常遇到的情况,有少则几台多则成千上万台机器,现在需要临时的改变其一个配置,例如删掉某个帐号,停掉某个服务,一般我们只能不厌其烦的登到每一台机器上重复的完成这些动作,但是有了cfengine,一个命令就可以搞定了.是不是很诱人?
cfengine大概的功能有:
·检查和配置网络接口 ·编辑系统和用户的文本文件 ·维护符号链接 ·检查和设置文件的权限 ·删除垃圾文件 ·检查重要文件和文件系统的存在 ·控制用户脚本和shell命令的执行 ·基于类的判定结构 ·进程管理
为了节省篇幅,我这里就不一一介绍了,大家可以访问它的官方网站,里面的文档十分丰富
而且它还十分的人性化,给出了中文主页
二、工作环境
192.168.0.114
192.168.0.115
192.168.0.116
:centos5 redhat enterprise 5..
的程序结构及配置文件
·cfagent ,cfupdate.conf cfagent.conf
·cfservd ,cfservd.conf
·cfrun cfagent,cfrun.hosts
·cfshow ()
·cfenvgraph& cfenvd()
·cfkey ()。
在下一节cfengine
的工作方式
1cfrun,cfruncfrun.hostscfservd
2cfservdcfagent
3cfagentupdate.conf,cfservdcafagent.conf
:update.conf:,,,.,,.cfsaved
:,cfagent (,cron)。,cfservd3,4。
cfengine,,rpm。
cfengine openssl Berkely DB ,cfengine,db4, db4-devel,.cfengine,
,rpm –ivh cfengine-2.2.2-1.el5.rf.i386.rpm,
cfengine,:
[root@centos1 inputs]# chkconfig cfservd off
[root@centos1 inputs]# chkconfig cfenvd off
[root@centos1 inputs]# chkconfig cfexecd off
[root@centos1 inputs]# chkconfig --list|grep cf
cfenginebin
mv /var/cfengine/bin/cfagent /var/cfengine/bin/cfagent.link//////
cp &/usr/sbin/cfagent& /var/cfengine/bin
cp& /usr/sbin/cfenvd& /var/cfengine/bin
cp& /usr/sbin/cfexecd& /var/cfengine/bin
cp& /usr/sbin/cfservd& /var/cfengine/bin
,cfengine:
cfservd (cfservd.conf)。cfagent.conf
cfagentupdate.conf,cfservd,cfagent.conf。:
:cfservd.conf& cfagent.conf
:update.conf
centos1(192.168.0.114,,114),centos2,115
1cfservd.conf
/var/cfengine/inputscfservd.conf
# cfservd.conf
&&& domain = ( yahoon.org )
&&& AllowConnectionsFrom = ( 192.168.0.0/24 )
&&& TrustKeysFrom = ( 192.168.0.0/24 )
&&& AllowUsers = ( root )
&&& MaxConnections = ( 150 )
&&& MultipleConnections = ( true )
&&& #AllowMultipleConnectionsFrom = ( 192.168.0 )
############################################
#/var/cfengine/rpc_out *.$(domain) 128.39.73
#/file *.$(domain) 128.39.73
&&& /masterfile/inputs&&& 192.168.0.
&&& /var/cfengine&&&&&&&& 192.168.0.
/var/cfengine/bin/cfservd& –v
Listening for connections ...
cfservd: cfservd starting Fri Nov& 2 18:54:49 2007
,fservdtcp 5308
[root@centos1 inputs]# netstat -an|grep 5308
tcp&&&&&&& 0&& &&&0 :::5308&&&&&&&&&&&&&&&&&&&& :::*&&&&&&&&&&&&&&&&&&&&&&& LISTEN
2cfagent.conf
,/var/cfengine/inputs,
actionsequence = ( shellcommands )
shellcommands:
"/bin/echo Danger, Will Robison!"
cfagent –v (,-n)
cfengine:centos1:
Executing script /bin/echo Danger, Will Robison!...(timeout=0,uid=-1,gid=-1)
(Setting umask to 77)
cfengine:centos1:/bin/echo Dange: Danger, Will Robison!
cfengine:centos1: Finished script /bin/echo Danger, Will Robison!
Performance(Exec(/bin/echo Danger, Will Robison!)): time=0.0529 secs, av=0.0536 +/- 0.0231
---------------------------------------------------------------------
---------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++
Summary of objects involved
++++++++++++++++++++++++++++++++++++++++
&&& global
&&& update
cfengine:centos1: Outcome of version (not specified): Promises still kept 0%, Promises repaired 100%, Promises not kept 0%
,/masterfile/inputs
cfservdDNS,,dns,/etc/hosts,.yahoon.org,/etc/hosts
[root@centos1 inputs]# vi /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1&&&&&&&&&&&&&& centos1 localhost.localdomain localhost
::1&&&&&&&&&&&& localhost6.localdomain6 localhost6
192.168.0.115&& centos2.yahoon.org
115,centos2.yahoon.org,ping..
[root@centos1 inputs]# ping centos2.yahoon.org
PING centos2.yahoon.org (192.168.0.115) 56(84) bytes of data.
64 bytes from centos2.yahoon.org (192.168.0.115): icmp_seq=1 ttl=64 time=3.74 ms
64 bytes from centos2.yahoon.org (192.168.0.115): icmp_seq=2 ttl=64 time=1.61 ms
1update.conf
/var/cfengine/inputs update.conf
# update.conf
&&& actionsequence = ( copy processes tidy )
&&& domain = ( yahoon.org )
&&& #policyhost = ( my_policy_host )
&&& policyhost = ( 192.168.0.114 )
&&& master_cfinput = ( /masterfile/inputs )
&&& workdir = ( /var/cfengine )
&&& $(master_cfinput) dest=$(workdir)/inputs
&&&&&&&&&&&&&&&&&&&&& r=inf
&&&&&&&&&&&&&&&&&&&&& mode=700
&&&&&&&&&&&&&&&&&& &&&type=binary
&&&&&&&&&&&&&&&&&&&&& server=$(policyhost)
&&&&&&&&&&&&&&&&&&&&& trustkey=true
processes:
#&&& "cfservd" restart /var/cfengine/bin/cfservd
#&&& "cfenvd" restart "/var/cfengine/bin/cfenvd"
&&& "cfservd" signal=term restart /var/cfengine/bin/cfservd
&&& "cfenvd" signal=kill restart "/var/cfengine/bin/cfenvd -H"
&&& $(workdir)/outputs pattern=* age=7
cfagent -v –n ,-n,.
Looking for an input file /var/cfengine/inputs/update.conf
Cfengine input file had no explicit version string
Finished with update.conf
---------------------------------------------------------------------
Looking for remote method collaborations
---------------------------------------------------------------------
Finished with RPC
Accepted domain name: yahoon.org
cfagent -n: Running in ``All talk and no action'' mode
LogDirectory = /var/cfengine
Loaded /var/cfengine/ppkeys/localhost.priv
Loaded /var/cfengine/ppkeys/localhost.pub
Checksum database is /var/cfengine/checksum_digests.db
Default binary server seems to be centos2
*********************************************************************
&Update Sched: copy pass 1 @ Fri Nov& 2 00:58:17 2007
*********************************************************************
Checking copy from 192.168.0.114:/masterfile/inputs to /var/cfengine/inputs
Connect to 192.168.0.114 = 192.168.0.114 on port 5308
Loaded /var/cfengine/ppkeys/root-192.168.0.114.pub
...............................................................
cfengine:centos2: Strong authentication of server=192.168.0.114 connection confirmed
Need this: /var/cfengine/inputs/cfagent.conf wasn't at destination (copying)
Performance(Copy(192.168.0.114:/masterfile/inputs & /var/cfengine/inputs)): time=0.2393 secs, av=0.2927 +/- 0.1537
*********************************************************************
&Update Sched: processes pass 1 @ Fri Nov& 2 00:58:17 2007
*********************************************************************
cfengine:centos2: Running process command /bin/ps auxw
Defining classes
DoSignals(cfservd)
Existing restart sequence found (/var/cfengine/bin/cfservd)
cfengine:centos2: Executing shell command: /var/cfengine/bin/cfservd
Defining classes
DoSignals(cfenvd)
Existing restart sequence found (/var/cfengine/bin/cfenvd -H)
cfengine:centos2: Executing shell command: /var/cfengine/bin/cfenvd -H
*********************************************************************
&Update Sched: tidy pass 1 @ Fri Nov& 2 00:58:17 2007
*********************************************************************
-ncfagent –v
Accepted domain name: yahoon.org
LogDirectory = /var/cfengine
Loaded /var/cfengine/ppkeys/localhost.priv
Loaded /var/cfengine/ppkeys/localhost.pub
Checksum database is /var/cfengine/checksum_digests.db
Default binary server seems to be centos2
*********************************************************************
&Update Sched: copy pass 1 @ Fri Nov& 2 01:03:31 2007
*********************************************************************
Checking copy from 192.168.0.114:/masterfile/inputs to /var/cfengine/inputs
Connect to 192.168.0.114 = 192.168.0.114 on port 5308
Loaded /var/cfengine/ppkeys/root-192.168.0.114.pub
...............................................................
cfengine:centos2: Strong authentication of server=192.168.0.114 connection confirmed
Performance(Copy(192.168.0.114:/masterfile/inputs & /var/cfengine/inputs)): time=0.2774 secs, av=0.2847 +/- 0.1080
Saving the setuid log in /var/cfengine/cfagent.centos2.log
*********************************************************************
&Main Tree Sched: shellcommands pass 1 @ Fri Nov& 2 01:03:33 2007
*********************************************************************
cfengine:centos2:
Executing script /bin/echo Danger,Will Robison!...(timeout=0,uid=-1,gid=-1)
(Setting umask to 77)
cfengine:centos2:/bin/echo Dange: Danger,Will Robison!
cfengine:centos2: Finished script /bin/echo Danger, Will Robison!
Performance(Exec(/bin/echo Danger,Will Robison!)): time=0.0434 secs, av=0.0472 +/- 0.0217
---------------------------------------------------------------------
cfagent.conf,
ls /var/cfengine/inputs cfagent.conf
cfagent –v ,
cfengine:centos2: Nothing promised for [shellcommand./bin/echo Danger, Will Robison!] (0/1 minutes elapsed)
1,,cfengine。
shellcommands:
"/bin/echo Danger, ======Will Robison!" .
cfagent –v===,inputs
cfagent.conf.cfsaved
vi& /etc/rc.d/rc.local&&& //
/var/cfengine/bin/cfservd
/var/cfengine/bin/cfenvd –H
0,15,30,45 * * * * /var/cfengine/bin/cfexecd -F
1.,ip,domain,cfagent –v
*********************************************************************
&Update Sched: copy pass 1 @ Thu Nov& 1 21:52:20 2007
*********************************************************************
Checking copy from 192.168.0.114:/masterfiles/inputs to /var/cfengine/inputs
Connect to 192.168.0.114 = 192.168.0.114 on port 5308
cfengine:centos2: Undefined domain name
cfengine:centos2: Id-authentication for centos2.undefined.domain failed
cfengine:centos2: Unable to establish connection with 192.168.0.114 (failover)
Saving the setuid log in /var/cfengine/cfagent.centos2.log
.cfservdDNS.
2domain,/etc/hosts(,dns)
*********************************************************************
&Update Sched: copy pass 1 @ Thu Nov& 1 22:49:42 2007
*********************************************************************
Checking copy from 192.168.0.114:/masterfiles/inputs to /var/cfengine/inputs
Connect to 192.168.0.114 = 192.168.0.114 on port 5308
Loaded /var/cfengine/ppkeys/root-192.168.0.114.pub
...............................................................
cfengine:centos2: Strong authentication of server=192.168.0.114 connection confirmed
cfengine:centos2: Server returned error:& Host authentication failed. Did you forget the domain name or IP/DNS address registration (for ipv4 or ipv6)?
cfengine:centos2: Can't stat /masterfiles/inputs in copy
Saving the setuid log in /var/cfengine/cfagent.centos2.log
cfservd.confupdate.conf,,masterfiles/inputs。
centos3 &ip
192.168.0.116;
cfengine,:,
cfservd,dns
#Vi&/etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1&&&&&&&&&&&&&& centos1 localhost.localdomain localhost
::1&&&&&&&&&&&& localhost6.localdomain6 localhost6
192.168.0.115&& centos2.yahoon.org
192.168.0.116&& centos3.yahoon.org .
centos2update.conf,sftp
cd /var/cfengine/inputs
sftp 192.168.0.115
Connecting to 192.168.0.115...
The authenticity of host '192.168.0.115 (192.168.0.115)' can't be established.
RSA key fingerprint is 62:ef:31:0b:ee:89:74:f8:94:4d:ec:11:ee:fa:18:79.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.115' (RSA) to the list of known hosts.
root@192.168.0.115's password: 115
sftp& cd /var/cfengine/inputs
cfagent.conf&&&&&&&&&&&& cfagent.conf.cfsaved&&&& cfservd.conf&&&&&&&&&&&& update.conf&&&&&&&&&&&&&
sftp& get update.conf
Fetching /var/cfengine/inputs/update.conf to update.conf
/var/cfengine/inputs/update.conf&&&&&&&&&&&&&&&&&&&&& 100%& 774&&&& 0.8KB/s&& 00:00&&&
[root@centos3 inputs]# cfagent -v -n
Checking copy from 192.168.0.114:/masterfile/inputs to /var/cfengine/inputs
Connect to 192.168.0.114 = 192.168.0.114 on port 5308
cfengine:centos3: BAD: keys did not match
cfengine:centos3: Authentication dialogue with 192.168.0.114 failed
cfengine:centos3: Unable to establish connection with 192.168.0.114 (failover)
key, (/var/cfengine/ppkeys)
root-192.168.0.116.pub
root-192.168.0.114.pub
cfagent –v –n
Checking copy from 192.168.0.114:/masterfile/inputs to /var/cfengine/inputs
Connect to 192.168.0.114 = 192.168.0.114 on port 5308
cfengine:centos3: Trusting server identity and willing to accept key from 192.168.0.114=192.168.0.114
Saving public key /var/cfengine/ppkeys/root-192.168.0.114.pub
cfengine:centos3: /var/cfengine/inputs/cfagent.conf wasn't at destination (copying)
cfengine:centos3: Copying from 192.168.0.114:/masterfile/inputs/cfagent.conf
cfengine:centos3: Object /var/cfengine/inputs/cfagent.conf had permission 600, changed it to 700
cfengine:centos3: Object /var/cfengine/inputs had permission 755, changed it to 700
Performance(Copy(192.168.0.114:/masterfile/inputs & /var/cfengine/inputs)): time=0.4462 secs, av=0.4462 +/- 0.0316
Saving the setuid log in /var/cfengine/cfagent.centos3.log
,,crontab.
,,cfservd,key
/var/ppkeylocalhost.privlocalhost.pub
115localhost.pub114,
114root-192.168.0.115.pub;
:114localhost.pub115,
115root-192.168.0.114.pub
115localhost.pub114root-192.168.0.115.pub,
cfservd:(,),DNS()
,cfruncfservd,cfagent。,.,,cfagent,,。cfruncfagent。
cfservd.conf
update.conf,cfservd.,,cfservd.conf,
# cfservd.conf
&& &cfrunCommand = ( "/var/cfengine/bin/cfagent" )
&&& domain = ( yahoon.org )
&&& AllowConnectionsFrom = ( 192.168.0.0/24 )
&&& TrustKeysFrom = ( 192.168.0.0/24 )
&&& AllowUsers = ( root )
&&& MaxConnections = ( 150 )
&&& MultipleConnections = ( true )
&&& #AllowMultipleConnectionsFrom = ( 192.168.0 )
############################################
#/var/cfengine/rpc_out *.$(domain) 128.39.73
#/file *.$(domain) 128.39.73
&&& /masterfile/inputs&&& 192.168.0.
&&& /var/cfengine&&&&&&&& 192.168.0.
cfrun.hosts
cfrun.host,ip,115
# This is the host list for cfrun
192.168.0.115
Loaded /var/cfengine/ppkeys/localhost.priv
Loaded /var/cfengine/ppkeys/localhost.pub
Looking for a source of entropy in /var/cfengine/randseed
cfrun(0):&&&&&&&& .......... [ Hailing 192.168.0.115 ] ..........
Connecting to server 192.168.0.115 to port 0 with options&
Loaded /var/cfengine/ppkeys/root-192.168.0.115.pub
Connect to 192.168.0.115 = 192.168.0.115 on port 5308
Loaded /var/cfengine/ppkeys/root-192.168.0.115.pub
...............................................................
cfrun:yahoon.org: Strong authentication of server=192.168.0.115 connection confirmed
192.168.0.115 replies..
Connection with 192.168.0.115 completed
115cfagentcfengine.centos2.runlog
Sat Nov& 3 07:06:37 2007:Lock removed normally :pid=24784:lock.cfagent_conf.centos2.copy._masterfile_inputs__var_cfengine_inp
uts_192_168_0_114_4831:
Sat Nov& 3 07:06:39 2007:Lock removed normally :pid=24784:lock.cfagent_conf.centos2.processes.proc_cfservd__var_cfengine_bin_
cfservd_1704:
Sat Nov& 3 07:06:39 2007:Lock removed normally :pid=24784:lock.cfagent_conf.centos2.processes.proc_cfenvd__var_cfengine_bin_c
fenvd__H_4223:
Sat Nov& 3 07:06:39 2007:Lock removed normally :pid=24784:lock.cfagent_conf.centos2.tidy._var_cfengine_outputs_3686:
Sat Nov& 3 07:06:39 2007:Lock removed normally :pid=24784:lock.cfagent_conf.centos2.shellcommand._bin_echo_Danger__Will_hello
_____Robison______2889:
Sat Nov& 3 07:06:39 2007:Lock removed normally :pid=24784:no_active_lock:
115116,cfrun.hosts,cfrun –v.
1cfruncfrun.hosts,
2,cfagent,115,sshcfagent –v,cfrun,cfrun 192.168.0.115 –v,Skipping host 192.168.0.116,,116。
3cfservd.confcfrunCommand = ( "/var/cfengine/bin/cfagent" ),cfrun –v,115,cfrun –v:
Loaded /var/cfengine/ppkeys/root-192.168.0.115.pub
...............................................................
cfrun:yahoon.org: Strong authentication of server=192.168.0.115 connection confirmed
192.168.0.115 replies..
&Host authentication failed. Did you forget the domain name or IP/DNS address registration (for ipv4 or ipv6)?cfrun:yahoon.org: Couldn't recv
cfrun:yahoon.org: recv
Connection with 192.168.0.115 completed
1、cfexecd
cfruncfagent?,cfengine.,cfexecdcfagentcfrun,:
:,cfagent,。
2、cfengine,,.windows,,.cfengine.,,,centos1,。
3、cfengine:cfengine ,centos1,/var/cfenginecfengine.centos1.runlog,cfagent, cfengine.localhost.runlogcfenvd.outputs,,cfexecd,,cfagent.outputscfexecd。
4、 inputs outputs ,,outputs ,inputs,cfengine .*.conf 。
5、cfengine -v,,.cfagent,-n.,-n,cfagent,.
cfagent –n –v
6、cfengine
关于&&&&&&的更多文章
年关将至,互联网行业的盛会也接踵而来,11月19日,红帽2013高峰
本专题盘点了开源世界中那些最臭名昭著的“坏小子”,
Linux内存管理是Linux操作系统非常重要的一个部分,如
轻松快乐的“十一”长假在不知不觉结束了,本周是国庆
主要内容:
● 如何设计像自动售货机那样有效的用户界面。
● 深入理解窗口和对话框的管理机制。
● 为什么性能优化与我们在
51CTO旗下网站在Unix下工作,你可能需要处理一些&特殊&文件或文件夹,例如/usr,/bin, etcf,或一些"dot files"(如.bash_profile)。但是Linux/Unix系统处于安全、帐户权限等原因的考虑,普通帐户在正常情况下是看不到这些文件或文件夹的。本文将简单的介绍如何在Finder中看到这些文件/文件夹。
对于一般的查看文件夹,可以在Finder中直接使用"Go | Go to folder"命令,快捷键 Shift+Command+G 可能会更加方便。笔者经常使用它。
如果你还没有使用过这个命令,不妨现在试试打开&/usr/local&。
方法1的缺陷正如它的名字&Go to folder"──它只能打开文件夹,不能查看操作隐藏文件。
你可能需要"Windows Explorer&式的方法来处理所有的隐藏文件夹和文件,即让所有文件(夹)显示出来,方便在程序中&打开&、拖拽等更直观的操作,那么请打开Terminal。
Terminal类似Windows下的cmd,powershell等,如果你在Windows下不是一个"Commander",在Linux/Unix/Mac下你或许得慢慢适应使用命令行式的生活,因为它会让你的工作更快,浪费的时间更少,你会喜欢上它的!Terminal在Dock上是一个左上角写着"&_"的&黑框&,位于Application/Utilities下。好了,运行它!
(ps.下一篇博文我将告诉Mac新手如果更快的打开程序或文件)
在Terminal中复制或输入以下命令(区分大小写):
defaults write com.apple.Finder AppleShowAllFiles YES然后敲回车然后重启Finder,方法是按住Option键,单击Dock上的Finder图标不放,大概2秒后将在Finder图标上出现一个菜单,如下图:单击Relaunch,Finder即重启。下来你就可以在Finder中看到所有文件(夹)了。
如果想还原成默认的隐藏,重复上面的步骤,把命令中的YES改为NO即可,即运行
defaults write com.apple.Finder AppleShowAllFiles NO回车,重启Finder.方法3:如果你不想记忆这行命令,又经常需要显示/隐藏 隐藏文件(夹),还不想每次用到时都要打开我的找这篇文章。那就下载下面这款软件吧。软件名:ShowAllFiles主页:下载链接:功能:显示/隐藏Mac系统隐藏文件夹截图:使用方法:只需单击SHOW或者HIDE即可。
阅读(...) 评论()
