oreilly.comSafari Books Online.Conferences.



Top Five Open Source Packages for System Administrators

by Æleen Frisch, author of Essential System Administration, 3rd Edition

Author's note: This is the final installment of a five-part series in which I introduce my current list of the most useful and widely applicable open source administrative tools. In general, these tools can make your job easier no matter what Unix operating system your computers run.

Other articles in this series:

#1: Cfengine


Related Reading

Essential System Administration
Tools and Techniques for Linux and Unix Administration
By Æleen Frisch

The top honor in my top five tools list goes to Cfengine, written by Mark Burgess. Cfengine is a wonderful tool for configuring and maintaining Unix computer systems. Cfengine is a stand-alone tool (set of tools), which administers and configures computers according to the instructions in its configuration files. The configuration files describe the desired characteristics of various system components using a high-level language that is easy to learn and use (and involves no programming). In this way, Cfengine can automatically bring one or a large number of systems into line with each one's individually defined configuration specifications. It can also make sure they stay that way by monitoring them and correcting them as needed on an ongoing basis.

What Cfengine Can Do

In more practical terms, the following list will give you some idea of the breadth of administration and configuration tasks that Cfengine can automate:

  • Configure the network interface.
  • Edit system configuration files and other text files.
  • Create symbolic links.
  • Check and correct the permissions and ownership of files.
  • Delete unwanted files.
  • Compress selected files.
  • Distribute files within a network in a correct and secure manner.
  • Automatically mount NFS file systems.
  • Verify the presence and integrity of important files and file systems.
  • Execute commands and scripts.
  • Manage processes.
  • Apply security-related patches and similar corrections.

Cfengine's home page is

Cfengine includes the following components:

Program Purpose
cfagent The main utility that applies a configuration file to the local system.
cfrun A utility which applies a configuration file to remote systems.
cfservd A server process which supports cfrun; It enables the Cfengine agent functionality to be invoked from a remote system.
cfexecd Another daemon which automates job scheduling and reporting.
cfenvd An anomaly detection daemon.
cfkey A security key generation utility.

Cfengine uses several configuration files (generally stored in /var/cfengine/inputs). The central configuration file is cfagent.conf, which specifies the characteristics of the system that Cfengine is to establish and maintain. Note that in general, cfagent.conf defines the final desired state of the system; it does not explicitly define the steps to take to achieve it.

Configuring Cfengine

The best way to introduce this file is with a simple example:

   domain = ( )            Specify local domain.
   access = ( chavez root )           Who can run cfagent.
   actionsequence = ( links tidy )    Actions to carry out, in this order.
   maxage = ( 7 )                     Define a variable for later use.
   groups:                            Define a list of hosts.
   HaveNoBin = ( blake yeats bogan toi robin )
tidy:                                 Action: remove unwanted files.
   /tmp pattern=* age=$(maxage) recurse=inf
   /home pattern=*~ recurse=inf
links:                                Action: maintain symbolic links.
   /logs -> /var/log                  Create this link if needed.
   HaveNoBin::                        Next link applies only to these hosts.
   /bin -> /usr/bin

This file contains four sections, each headed by a keyword followed by a colon. The first section, control, is used to specify general settings for the file, to define variables, and for other similar purposes. In this case, it specifies a list of users who are allowed to run cfagent using this file as input, specifies the sequence of actions that should be carried out when the file is invoked and defines a variable named maxage, setting its value to 7.

Assignment statements use the syntax illustrated in the example, using parentheses as delimiters:

name = ( value )

Actions are operations that Cfengine knows how to perform, and they are referred to by keywords. Here, we specify that the tidy action be performed first, followed by the links action. Each referenced action must have a section defining it somewhere in the configuration file.

The next section, groups, defines a list of groups which we've named HaveNoBin. This list will be used in the links section.

The next section in the file is the tidy section, which specifies unwanted files which Cfengine is to remove. These entries have the following general syntax:

start-dir [pattern=regexp] [recurse=n] options

where start-dir is the directory in which to start searching, regexp is a regular expression against which to match filenames, n indicates how many levels of recursion are wanted (inf means infinite), and options are additional options further specifying the files to be selected for removal.

In this case, files under /home ending with a tilde (and not starting with a period) are chosen (emacs backup files), as are files under /tmp last modified more than 7 days ago. Note that the parameter to the age option is specified using the maxage variable.

The final section in the file is the links section, which specifies symbolic links that Cfengine is to maintain. In this case, two such links are listed, using the format:

link -> target

Here, we specify that the /var/log directory should be linked to /logs and also that /bin should be a link to /usr/bin. When run, Cfengine will check whether these links exist, creating them if necessary. However, the latter link will only apply to hosts in the list HaveNoBin. This is specified by preceding the link specification with a class designation (indicated by the double colons). In this case, the class is defined by the host group name, but much more complex classes are possible

More About Actions

The following table lists the most important Cfengine actions:

Action Purpose
links Create/maintain symbolic and hard links.
tidy Remove unwanted files.
files Set file ownership, protection, and/or check for modification.
directories Set directory ownership, protection.
disks Verify that file systems are available and contain sufficient free space.
disable Rename undesirable files to name.cfengine.
copy Copy local or remote files to the local system.
editfiles Edit ASCII text files.
Specify servers for automatic NFS file system mounting by Cfengine.
mountables Specify local file systems available for NFS mounting by Cfengine.
Specify file systems to mount or unmount by Cfengine.
processes Verify the existence of and control processes.
interfaces Specify characteristics of network interfaces.
resolve Maintain /etc/resolv.conf.
defaultroute Specify the static default gateway.
shellcommands Execute arbitrary shell commands from within Cfengine.
module:name Use an add-on module.

Pages: 1, 2

Next Pagearrow

Sponsored by: