Cfengine2

An example configuration rollout for Cfengine2

Introduction

Cfengine is a Configuration Managment System for several platforms.

At this page we describe how to set up a basic configuration, and provide initial configuration files.

Our configuration rollout is adapted to the way Cfengine2 is installed on the Gnu/Debian operating system.

Overview

We decide to use one (1) server as "policyhost". The configuration of all other servers is managed from and stored at this computer. Our network concept always includes a Network Monitor and Supervise - Server, which is no involved in the functionality of the services offered by the network. Since Cfengine runs standalone on each computer the policyhost approach combines well with the network managment concept. All other computers fetch the Cfengine specific configuration from the policyhost via the update.conf mechanism. In cfagent.conf (which is updated by the first step) other configuration files can be listed to be fetched from the policyhost.

Filesystem Layout

/var/lib/cfengine2/files
This is the repository where all configuration files are stored. The repository es devided into several subdirectories.

You can think of the repository like a spares copy of the /etc directory on Unix systems. If you need to configure a service at /etc/foo you rather configure it at repository/foo, and cfengine takes care to copy it where it belongs.

cfengine
This directory is used by update.conf to fetch the Cfengine configuration files for all computers. The policyhost is an exception: she fetches only cfagent.conf and update.conf from this directory. Reason: the other files determine copy permissions and are different on the policyhost and the "policyclients".

Contributed Files

By now, just create the repository on the policyhost and copy the directory cfengine into it.

Copy all files in the directory policyhost into /etc/cfengine, also on the policyhost.

The rest is configuration and startup.

Configuration and Startup

You must prime each policyclient with the startup configurations: copy the files update.conf and cfservd.conf (the clientside one) into the directory /etc/cfengine. After this, run one time cfagent -vq on the client and accept the keys for file interchange on the client and the policyhost. After this, everything else depends on the configuration in the cfagent.conf file Do this first with the policyhost.