用Cfengine自动化基础架构进行系统管理(1)(2)

准备一个 RPM

RPM 以一个 spec 文件开始，内含有关此包的信息。清单 1 显示了 Red Hat RPM Spec 文件的一个例子。

清单 1. Cfengine V3 Red Hat RPM spec 文件

%define debug_package %{nil}
%define bin_path \
"/bin:/usr/bin:/usr/sbin:/usr/bin/X11:/sbin:\
/opt/cfengine/bin:/
opt/cfengine/bin:/opt/freeware/bin/:/usr/gnu/bin"
Name : cfengine
Summary : A tool to maintain complicated networks
Version : 3.1.4
Release : 1
URL : http://www.cfengine.org
Vendor : %{__spec_vendor}
License : GPL
Group : System Environment/Client Management
Packager :
Distribution : %{__spec_distribution}
Source : %{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%ifos linux
Requires : db4 openssl coreutils pcre
#libacl zlib libattr e2fsprogs-libs keyutils-libs
BuildRequires : db4 db4-devel openssl openssl-devel pcre-devel
#libacl libacl-devel openssl openssl-devel pcre-devel zlib zlib-devel
libattr libattr-devel e2fsprogs-libs keyutils-libs libselinux libsepol
ExclusiveArch : i386 x86_64 ppc ppc64
%endif
%descriptionCfengine is the standalone, open-source datacenter
management platform run by leading enterprises since 1993.
Customize your IT systems, align to network, business and
regulatory needs, monitor problems, automatically repair
and maintain systems more effectively than with proprietary
software. Cope with new and legacy systems and adopt on a
phased basis. Cfengine yields reduced costs, improved
efficiency and higher return on investment for the lowest
cost of adoption in the industry!
Authors:
--------
Mark Burgess
%prep
[ -d %{buildroot} -a "%{buildroot}" != "" ] && rm -rf %{buildroot}
mkdir -p %{buildroot}
%setup -q
%build
export CFLAGS="-g -O2 -D_FORTIFY_SOURCE=0"
%configure \
--prefix=/var/cfengine \
--sbindir=/var/cfengine/bin \
--localstatedir=/var/cfengine \
--with-workdir=/var/cfengine \
--libdir=%{_libdir} \
--with-berkeleydb=%{_libdir} \
--with-openssl=/usr \
--with-pcre
make
make DESTDIR=${RPM_BUILD_ROOT} install
%files
%defattr(-,root,root)
%{_mandir}/man?/*
/var/cfengine/*
%{_libdir}/libpromises.la
%{_libdir}/libpromises.so*
%pre
export PATH=$PATH:%bin_path
%post
export PATH=$PATH:%bin_path

RPM 构建过程

Cfengine 的第一步

初始化后，cf-agent 可自动识别主机上的很多属性。从这些属性，定义了 “硬类”。随着过程的运行，其他要定义的类就是所谓的 “软类”。最初的执行开始于从 cron 或命令行调用 cf-execd –F。cf-execd 读取 cf-promise 文件，由它进行语法检查。如果发现错误， cf-agent 就会中止当前的配置，并转而运行 /var/cfengine/inputs/failsafe.cf 配置。

图 1 以图解的方式解释了 Cfengine 过程。

图 1. Cfengine 过程

示例配置

为了方便您熟悉 Cfengine，清单 2-6 显示了将要放置于 /var/cfengine/inputs 内的示例配置文件。要验证语法是否正确，运行 cf-promises –f ./test.cf。若要使用此配置执行，运行 cf-agent –Kiv -f ./test .cf。

清单 2. 示例 failsafe.cf

########################################################
# failsafe.cf
########################################################
body common control
{
bundlesequence => { "update" };
inputs => { "update.cf" };
version => "1.2.3";
}
bundle agent failsafe
{
classes:
"failsafe" not => "bootstrap_mode";
}

清单 3. 示例 promises.cf

#######################################################
# Copyright (C) Cfengine AS
# This file is part of Cfengine 3 - written and maintained by Cfengine AS.
#######################################################
# promises.cf
#######################################################
body common control
{
bundlesequence => {
"update",
"garbage_collection",
"main"
};
inputs => {
"update.cf",
"site.cf"
};
}
#######################################################
body agent control
{
ifelapsed => "15";
}
#######################################################
body executor control
{
splaytime => "1";
mailto => "username@localhost.localdomain";
smtpserver => "localhost";
mailmaxlines => "30";
# Instead of a separate update script, now do this
exec_command => "$(sys.workdir)/bin/cf-agent -f failsafe.cf &&
$(sys.workdir)/bin/cf-agent";
}
#######################################################
body reporter control
{
reports => { "performance", "last_seen", "monitor_history" };
build_directory => "$(sys.workdir)/reports";
report_output => "html
}
#######################################################
body server control
{
allowconnects => { "192.", "10.", "127.0.0.1" , "::1" };
allowallconnects => { "192.", "10.", "127.0.0.1" , "::1" };
trustkeysfrom => { "192.", "10.", "127.0.0.1" , "::1" };
# Makes updates and runs happen in one
cfruncommand => "$(sys.workdir)/bin/cf-agent -f failsafe.cf &&
$(sys.workdir)/bin/cf-agent";
allowusers => { "root" };
}
#######################################################
# Server configuration
#######################################################
bundle server access_rules()
{
access:
"/var/cfmasterfiles"
admit => { "192.", "10.", "127.0.0.1" , "::1" };
roles:
".*" authorize => { "root" };
}
body action local_immediate
{
ifelapsed => "0";
action_policy => "fix";
}
#######################################################
## To avoid namespace conflict and reduce file footprint
#######################################################
body depth_search local_recurse(d)
{
depth => "$(d)";
xdev => "true";
}
body delete local_tidy
{
dirlinks => "delete";
rmdirs => "true";
}
body file_select local_days_old(days)
{
mtime => irange(0,ago(0,0,"$(days)",0,0,0));
file_result => "mtime";
}
body classes local_define(class,alert)
{
promise_repaired => { "$(class)" };
repair_failed => { "$(alert)" };
}