Variables in Cfengine can be confusing at times. Here are some examples of variable references. References are not strictly required, but they are good practice like using the strict module in Perl.
You want to use Cfengine for scheduling backups instead of crond.
You want to have your bundlesequence change based on class.
This question comes up regularly on the Cfengine mailing list. The secret is to build a string list based on class. The alternative is to use methods.
You want to monitor free disk space.
Cfengine has storage promises that can mount file systems and monitor disk space.
You want to ensure that a process is running.
This promise searches the process table for the regular expression “snmpd”. If this is not found the class “start_snmpd” is set. This class being set causes the command “/etc/init.d/snmpd start” command to be run.
You want to prevent certain processes from running.
In formal Cfengine parlance this promise ensures that there are zero instances of processes running that match the regular expression “snmpd”. If such processes are found a term signal is sent. If that signal is ignored a kill signal is sent.
Sometimes a file’s contents depends upon the class of host that the file resides on. This makes file copy promises impractical. Who wants to copy a different file for so many hosts? Sysadmins are a lazy lot.
Template files consist of two promises. One promise copies a base file whilst the second promise edits the base file. The key is the contents of the base file. It contains the names of Cfengine variables. These variables are expanded during the edit.
You want Cfengine to manage crontables.
The recipe we used edit authorized_keys can also be used for crontables.
You want to distribute public SSH keys.
There are two possible methods for distributing SSH public keys. The first involves a simple copy.
You Cfengine binaries are in /var/cfengine/bin but you want them in the PATH.
Symbolic linking the binaries is a good approach. The most simple method follows. Please note that you should look at the introduction entry to this series to better understand the setup.
In 2008 I wrote the original Cfengine cookbook. That edition covered Cfengine version 2. With the release of Cfengine 3 and its growing popularity it is time for a rewrite. This new edition takes the same approach as the first but it will be published one recipe at a time on this site. You’ll find practical examples of how Cfengine is used. You’ll be able to expand on these examples to create your own Cfengine policies.
This entry offers solutions to system administration problems using the configuration management tool Cfengine 2. Cookbook now available for Cfengine 3.
