用Cfengine自动化基础架构进行系统管理(1)(2)
准备一个 RPM
RPM 以一个 spec 文件开始,内含有关此包的信息。清单 1 显示了 Red Hat RPM Spec 文件的一个例子。
清单 1. Cfengine V3 Red Hat RPM spec 文件
%define debug_package %{nil} %define bin_path \ "/bin:/usr/bin:/usr/sbin:/usr/bin/X11:/sbin:\ /opt/cfengine/bin:/ opt/cfengine/bin:/opt/freeware/bin/:/usr/gnu/bin" Name : cfengine Summary : A tool to maintain complicated networks Version : 3.1.4 Release : 1 URL : http://www.cfengine.org Vendor : %{__spec_vendor} License : GPL Group : System Environment/Client Management Packager : Distribution : %{__spec_distribution} Source : %{name}-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) %ifos linux Requires : db4 openssl coreutils pcre #libacl zlib libattr e2fsprogs-libs keyutils-libs BuildRequires : db4 db4-devel openssl openssl-devel pcre-devel #libacl libacl-devel openssl openssl-devel pcre-devel zlib zlib-devel libattr libattr-devel e2fsprogs-libs keyutils-libs libselinux libsepol ExclusiveArch : i386 x86_64 ppc ppc64 %endif %descriptionCfengine is the standalone, open-source datacenter management platform run by leading enterprises since 1993. Customize your IT systems, align to network, business and regulatory needs, monitor problems, automatically repair and maintain systems more effectively than with proprietary software. Cope with new and legacy systems and adopt on a phased basis. Cfengine yields reduced costs, improved efficiency and higher return on investment for the lowest cost of adoption in the industry! Authors: -------- Mark Burgess %prep [ -d %{buildroot} -a "%{buildroot}" != "" ] && rm -rf %{buildroot} mkdir -p %{buildroot} %setup -q %build export CFLAGS="-g -O2 -D_FORTIFY_SOURCE=0" %configure \ --prefix=/var/cfengine \ --sbindir=/var/cfengine/bin \ --localstatedir=/var/cfengine \ --with-workdir=/var/cfengine \ --libdir=%{_libdir} \ --with-berkeleydb=%{_libdir} \ --with-openssl=/usr \ --with-pcre make make DESTDIR=${RPM_BUILD_ROOT} install %files %defattr(-,root,root) %{_mandir}/man?/* /var/cfengine/* %{_libdir}/libpromises.la %{_libdir}/libpromises.so* %pre export PATH=$PATH:%bin_path %post export PATH=$PATH:%bin_path
RPM 构建过程
Cfengine 的第一步
初始化后,cf-agent 可自动识别主机上的很多属性。从这些属性,定义了 “硬类”。随着过程的运行,其他要定义的类就是所谓的 “软类”。最初的执行开始于从 cron 或命令行调用 cf-execd –F。cf-execd 读取 cf-promise 文件,由它进行语法检查。如果发现错误, cf-agent 就会中止当前的配置,并转而运行 /var/cfengine/inputs/failsafe.cf 配置。
图 1 以图解的方式解释了 Cfengine 过程。
图 1. Cfengine 过程
示例配置
为了方便您熟悉 Cfengine,清单 2-6 显示了将要放置于 /var/cfengine/inputs 内的示例配置文件。要验证语法是否正确,运行 cf-promises –f ./test.cf。若要使用此配置执行,运行 cf-agent –Kiv -f ./test .cf。
清单 2. 示例 failsafe.cf
######################################################## # failsafe.cf ######################################################## body common control { bundlesequence => { "update" }; inputs => { "update.cf" }; version => "1.2.3"; } bundle agent failsafe { classes: "failsafe" not => "bootstrap_mode"; }
清单 3. 示例 promises.cf
####################################################### # Copyright (C) Cfengine AS # This file is part of Cfengine 3 - written and maintained by Cfengine AS. ####################################################### # promises.cf ####################################################### body common control { bundlesequence => { "update", "garbage_collection", "main" }; inputs => { "update.cf", "site.cf" }; } ####################################################### body agent control { ifelapsed => "15"; } ####################################################### body executor control { splaytime => "1"; mailto => "username@localhost.localdomain"; smtpserver => "localhost"; mailmaxlines => "30"; # Instead of a separate update script, now do this exec_command => "$(sys.workdir)/bin/cf-agent -f failsafe.cf && $(sys.workdir)/bin/cf-agent"; } ####################################################### body reporter control { reports => { "performance", "last_seen", "monitor_history" }; build_directory => "$(sys.workdir)/reports"; report_output => "html } ####################################################### body server control { allowconnects => { "192.", "10.", "127.0.0.1" , "::1" }; allowallconnects => { "192.", "10.", "127.0.0.1" , "::1" }; trustkeysfrom => { "192.", "10.", "127.0.0.1" , "::1" }; # Makes updates and runs happen in one cfruncommand => "$(sys.workdir)/bin/cf-agent -f failsafe.cf && $(sys.workdir)/bin/cf-agent"; allowusers => { "root" }; } ####################################################### # Server configuration ####################################################### bundle server access_rules() { access: "/var/cfmasterfiles" admit => { "192.", "10.", "127.0.0.1" , "::1" }; roles: ".*" authorize => { "root" }; } body action local_immediate { ifelapsed => "0"; action_policy => "fix"; } ####################################################### ## To avoid namespace conflict and reduce file footprint ####################################################### body depth_search local_recurse(d) { depth => "$(d)"; xdev => "true"; } body delete local_tidy { dirlinks => "delete"; rmdirs => "true"; } body file_select local_days_old(days) { mtime => irange(0,ago(0,0,"$(days)",0,0,0)); file_result => "mtime"; } body classes local_define(class,alert) { promise_repaired => { "$(class)" }; repair_failed => { "$(alert)" }; }
评论暂时关闭