Home » System Configuration with Cfengine

System Configuration with Cfengine

Submitted by vassilios on Mon, 03/17/2008 - 6:19pm.
Tags:
cfengine

Cfengine is an open source tool that allows system administrators to maintain 1 to thousands of unix based systems. It automates almost every aspect of system administration. Cfengine is a direct competitor to commercial software from Blade Logic and OPsware. Both of these commercial packages come with fancy GUIs and nice features, but they also come with hefty licensing fees (can get close to $1K per server managed + maintenance fees).

Cfengine can replace many of the core functions of these packages. The disadvantages of Cfengine include setup and the inherit complexity of the system. It comes with its own syntax and nuances, but once it is setup it is just as powerful as any system configuration tools out there today. There are plenty of online forums and resources available with installation/configuration help. It is a must have tool for any system administrator that has to manage more than 2 *nix systems.

Cfengine is a rule-based system that uses a language to describe how hosts on a network must behave. Some sample use cases for Cfengine include:

* Use it to maintain symbolic links across your various platforms.
* Setup and manage multiple type of Unix groups (e.g. solaris, linux, hp-ux).
* Use it to standardize files like /etc/hosts, /etc/passwd, /etc/shadow, /etc/resolv.conf, etc.
* Use it to verify the permissions and owners of important files for security or management purposes. If a discrepancy is found the system will automatically correct errors.
* Use it easily control batch jobs and custom script execution around a network from a simple integrated interface.
* Use it to check that versioned software packages are installed, if it is found that they are not installed the system will automatically install it for them.
* Use it to ensure that files altered by package managers are correctly adjusted to work in your environment.
* Use it to verify that key processes are (or are not) running and restart them if necessary.
* Use it to monitor disk usage and warn about full file-systems before a problem gets serious.
* Use it to look for file changes using cryptographic hash checking (a necessity for regulated environments).
* Use it to warn about resource and capacity anomalies. It helps you integrate monitoring with change management.

Unlike some other configuration tools, cfengine does not rely on the permanent availability of network communication between nodes. If some of the hosts are unavailable at the time of a policy decision, or when an error occurs, cfengine attempts to rectify the problem when those hosts are again up. The image below taken from ieeetsc.org shows the basic components of cfengine. It basically consists of four files:

* cfagent: The agent that interprets policy and implements the convergence process.
* cfservd: An optional file server and remote executor. The server can be asked to start its agent immediately, for important updates, or it can be asked to serve files to a remote system. Authentication is based on RSA public-private key techniques, and communication can be encrypted if desired.

* cfenvd: The environment daemon. It is a monitoring process that tracks system resource usage in order to detect anomalies in behavior. Current development in this area is moving towards incorporating intrusion detection and automatic recovery from resource exhaustion. cfenv is plug-and-play, and requires no special setup. It consumes about 2 megabytes of disk space in operation, used for a database.

* cfexecd: A scheduling service that allows different scheduling methods and strategies for starting the agent. It also forms a part of continuing research, examining game-theoretic methods in support of optimal execution and protection.

Estimates of who is using Cfengine vary. Some survey's put the number in the thousands. Some companies that currently use it include: NASA, ESA, Alcatel, IBM, Hewlett-Packard, Silicon Graphics, Cray Research, Inc., Sun Microsystems, Inc., Motorola, Netcom, AOL, and NEC. In addition, many universities and government institutions are among its users.

Cfengine was developed by Mark Burgess at Oslo University College and is currently available for download here.
_____________________

Vassilios
Co-Founder
OuterVillage.com
http://outervillage.com

If you enjoyed this posting please subscribe to our RSS feed or submit it to your favorite social networks.

None
A comma-separated list of terms describing this content. Example: funny, bungee jumping, "Company, Inc.".

Reply

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • Youtube and google video links are automatically converted into embedded videos.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
3 + 9 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
website statistics