Top Five Open Source Packages for System Administratorsby Æleen Frisch, author of Essential System Administration, 3rd Edition
Author's note: This is the final installment of a five-part series in which I introduce my current list of the most useful and widely applicable open source administrative tools. In general, these tools can make your job easier no matter what Unix operating system your computers run.
Other articles in this series:
The top honor in my top five tools list goes to Cfengine, written by Mark Burgess. Cfengine is a wonderful tool for configuring and maintaining Unix computer systems. Cfengine is a stand-alone tool (set of tools), which administers and configures computers according to the instructions in its configuration files. The configuration files describe the desired characteristics of various system components using a high-level language that is easy to learn and use (and involves no programming). In this way, Cfengine can automatically bring one or a large number of systems into line with each one's individually defined configuration specifications. It can also make sure they stay that way by monitoring them and correcting them as needed on an ongoing basis.
What Cfengine Can Do
In more practical terms, the following list will give you some idea of the breadth of administration and configuration tasks that Cfengine can automate:
- Configure the network interface.
- Edit system configuration files and other text files.
- Create symbolic links.
- Check and correct the permissions and ownership of files.
- Delete unwanted files.
- Compress selected files.
- Distribute files within a network in a correct and secure manner.
- Automatically mount NFS file systems.
- Verify the presence and integrity of important files and file systems.
- Execute commands and scripts.
- Manage processes.
- Apply security-related patches and similar corrections.
Cfengine's home page is www.cfengine.org.
Cfengine includes the following components:
||The main utility that applies a configuration file to the local system.|
||A utility which applies a configuration file to remote systems.|
||A server process which supports
||Another daemon which automates job scheduling and reporting.|
||An anomaly detection daemon.|
||A security key generation utility.|
Cfengine uses several configuration files (generally stored in /var/cfengine/inputs). The central configuration file is cfagent.conf, which specifies the characteristics of the system that Cfengine is to establish and maintain. Note that in general, cfagent.conf defines the final desired state of the system; it does not explicitly define the steps to take to achieve it.
The best way to introduce this file is with a simple example:
control: domain = ( ahania.com ) Specify local domain. access = ( chavez root ) Who can run cfagent. actionsequence = ( links tidy ) Actions to carry out, in this order. maxage = ( 7 ) Define a variable for later use. groups: Define a list of hosts. HaveNoBin = ( blake yeats bogan toi robin )
tidy: Action: remove unwanted files. /tmp pattern=* age=$(maxage) recurse=inf /home pattern=*~ recurse=inf
links: Action: maintain symbolic links. /logs -> /var/log Create this link if needed. HaveNoBin:: Next link applies only to these hosts. /bin -> /usr/bin
This file contains four sections, each headed by a keyword followed by a colon. The first section, control, is used to specify general settings for the file, to define variables, and for other similar purposes. In this case, it specifies a list of users who are allowed to run cfagent using this file as input, specifies the sequence of actions that should be carried out when the file is invoked and defines a variable named maxage, setting its value to 7.
Assignment statements use the syntax illustrated in the example, using parentheses as delimiters:
name = ( value )
Actions are operations that Cfengine knows how to perform, and they are referred to by keywords. Here, we specify that the tidy action be performed first, followed by the links action. Each referenced action must have a section defining it somewhere in the configuration file.
The next section, groups, defines a list of groups which we've named HaveNoBin. This list will be used in the links section.
The next section in the file is the tidy section, which specifies unwanted files which Cfengine is to remove. These entries have the following general syntax:
start-dir [pattern=regexp] [recurse=n] options
where start-dir is the directory in which to start searching, regexp is a regular expression against which to match filenames, n indicates how many levels of recursion are wanted (inf means infinite), and options are additional options further specifying the files to be selected for removal.
In this case, files under /home ending with a tilde (and not starting
with a period) are chosen (
files), as are files under /tmp last modified more than 7 days ago. Note
that the parameter to the age option is
specified using the
The final section in the file is the links section, which specifies symbolic links that Cfengine is to maintain. In this case, two such links are listed, using the format:
link -> target
Here, we specify that the /var/log directory should be linked to /logs
and also that /bin should be a link to /usr/bin. When run, Cfengine
will check whether these links exist, creating them if necessary. However, the
latter link will only apply to hosts in the list
This is specified by preceding the link specification with a class designation
(indicated by the double colons). In this case, the class is defined by the
host group name, but much more complex classes are possible
More About Actions
The following table lists the most important Cfengine actions:
|links||Create/maintain symbolic and hard links.|
|tidy||Remove unwanted files.|
|files||Set file ownership, protection, and/or check for modification.|
|directories||Set directory ownership, protection.|
|disks||Verify that file systems are available and contain sufficient free space.|
|disable||Rename undesirable files to name.cfengine.|
|copy||Copy local or remote files to the local system.|
|editfiles||Edit ASCII text files.|
|Specify servers for automatic NFS file system mounting by Cfengine.|
|mountables||Specify local file systems available for NFS mounting by Cfengine.|
|Specify file systems to mount or unmount by Cfengine.
|processes||Verify the existence of and control processes.|
|interfaces||Specify characteristics of network interfaces.|
|defaultroute||Specify the static default gateway.|
|shellcommands||Execute arbitrary shell commands from within Cfengine.|
|module:name||Use an add-on module.|
Pages: 1, 2