Talk:Singlecopy Nirvana

From Cfwiki

Jump to: navigation, search

I have solved a very similar problem with a script framework tied with cfengine config as follows:

  • Group the machines into logical and network topology based profiles etc.
  • Assign some variables: e.g. host_profile and net_profile to the name of the logical group and network topology based group accordingly.
  • Echo the profile values into files in a shellcommand line.
  • Call a customization script that can either concatenate or symlink a suitable config file for a particular host.

For example, it makes sense that your resolv.conf differs depending on the location of the host in network. You might use a symlink to the right resolv.conf for that host, using a network topology based profile.

Furthermore, you may want a particular user appear in /etc/passwd on certain hosts (for development) but not all production servers. Then you might want to use logical grouping instead of network grouping and use concatenation instead of symlink.

In most cases, either of these methods will be sufficient to generate a suitable configuration file on a host:

  • there are bunch of different versions of a given file, and one of them is most suitable: use cflink (canonical example: resolv.conf)
  • there is a BASE file and some extra lines might be added on certain hosts: use cfcat (canonical examples: /etc/passwd and /etc/sudoers)

Here is a sample of our cfagent.conf: 


groups:
  # Logical groups
  KLO		= ( koukku nasta naula niitti pultti ruuvi )
  LuukkuWWW	= ( katto lippu suksi taka tuhka )
  LuukkuSMTP	= ( mato pato posti roska tarjoilu )
  Luukku	= ( LuukkuWWW LuukkuSMTP )
  StdPostfix    = ( ! LuukkuSMTP )
  OracleServ	= ( purkka liima teippi )
  Cromet        = ( diili holkki moukari )

  RHEL3AS	= ( liima purkka teippi )
  RHEL3WS	= ( mopo rapa )
  RHEL3ASWS	= ( RHEL3AS RHEL3WS )
  RHEL3ES	= ( !RHEL3ASWS )

  # Hardware-based groups
  hw_SE7501WV2	= ( KLO LuukkuSMTP lippu suksi tuhka vanne )
  hw_SCB2	= ( katto taka )
  hw_X345	= ( cacti )

  # Network topology based groups
  Bordelli	= ( kuula )
  MTV3Harmaa	= ( nippa )
  Harmaa2only	= ( aarpora liima pajavasara purkka teippi )
...

control:
...
  # User variables
  KLO::		host_profile = ( "KLO" )
  LuukkuWWW::	host_profile = ( "LuukkuWWW" )
  LuukkuSMTP::	host_profile = ( "LuukkuSMTP" )
  Bordelli::	host_profile = ( "Bordelli" )
  MTV3Harmaa::	host_profile = ( "MTV3Harmaa" )
  OracleServ::  host_profile = ( "OracleServ" )
  Cromet::      host_profile = ( "Cromet" )
  !MTV3Harmaa.!Bordelli.!KLO.!Luukku.!OracleServ.!Cromet::
			host_profile = ( "Generic" )

  Bordelli::	net_profile = ( "Bordelli" )
  MTV3Harmaa::	net_profile = ( "MTV3Harmaa" )
  Harmaa2only:: net_profile = ( "Harmaa2" )
  !Bordelli.!MTV3Harmaa.!Harmaa2only::
		net_profile = ( "Julkinen" )

  RHEL3AS::	flavor_profile = ( "rhel3as" )
  RHEL3ES::	flavor_profile = ( "rhel3es" )
  RHEL3WS::	flavor_profile = ( "rhel3ws" )
  !RHEL3AS.!RHEL3ES.!RHEL3WS:: flavor_profile = ( "unknown" )
...

copy:
  any::
    $(master_files)/etc/NWS
	dest=/etc/NWS
	r=inf
	forcedirs=true
	timestamps=preserve
	verify=true
	type=binary
	o=root
	g=root
	ignore=CVS
	server=$(policyhost)
	encrypt=true
	purge=true
...

shellcommands:
  any::
    "/bin/sh -c 'echo $(host_profile) > /etc/NWS/host_profile'" timeout=2
    "/bin/sh -c 'echo $(net_profile) > /etc/NWS/net_profile'" timeout=2
    "/bin/sh -c 'echo $(flavor_profile) > /etc/NWS/flavor_profile'" timeout=2
    "/bin/sh -c 'rpm -q --quiet compat-db || (apt-get update; apt-get -y install compat-db)'" timeout=60
    "/bin/sh -c 'rpm -q --quiet lynx || (apt-get update; apt-get -y install lynx)'" timeout=60
    "/etc/NWS/cf-customize-me-harder-baby.sh" timeout=10
...

Now, we have a magic shadow directory structure in /etc/NWS/ and the magic profile settings in /etc/NWS/host_profile and /etc/NWS/net/profile etc. It is easy to create more profile categories in the future, if needed. The directory /etc/NWS/ contains the following: 

-rw-r--r-- root/root       315 2004-10-21 12:39:44 ./etc/hosts.allow.d/hosts.allow.DEFAULT
-rw-r--r-- root/root       241 2004-09-14 15:33:41 ./etc/hosts.allow.d/hosts.allow.kuula
-rw-r--r-- root/root       264 2004-11-24 15:41:04 ./etc/hosts.allow.d/hosts.allow.nippa
-rw-r--r-- root/root         0 2004-09-15 18:23:42 ./etc/hosts.allow.d/cflink.host
-rw-r--r-- root/root       354 2004-11-17 16:18:07 ./etc/hosts.allow.d/hosts.allow.holkki
-rw-r--r-- root/root       128 2004-09-14 15:33:41 ./etc/ntp.conf.d/ntp.conf.MTV3harmaa
-rw-r--r-- root/root       104 2004-09-14 15:33:41 ./etc/ntp.conf.d/ntp.conf.Bordelli
-rw-r--r-- root/root       131 2004-09-14 15:33:41 ./etc/ntp.conf.d/ntp.conf.DEFAULT
-rw-r--r-- root/root         0 2004-09-15 18:23:42 ./etc/ntp.conf.d/cflink.net
-rw-r--r-- root/root       200 2004-09-14 15:33:41 ./etc/resolv.conf.d/resolv.conf.Bordelli
-rw-r--r-- root/root       199 2004-09-14 15:33:41 ./etc/resolv.conf.d/resolv.conf.DEFAULT
-rw-r--r-- root/root       202 2004-09-14 15:33:41 ./etc/resolv.conf.d/resolv.conf.MTV3harmaa
-rw-r--r-- root/root         0 2004-09-15 18:23:43 ./etc/resolv.conf.d/cflink.net
-rw-r--r-- root/root       135 2004-09-15 16:11:44 ./etc/sudoers.d/sudoers.LuukkuSMTP
-rw-r--r-- root/root       570 2004-09-14 15:33:42 ./etc/sudoers.d/sudoers.BASE
-rw-r--r-- root/root       140 2004-09-14 15:33:42 ./etc/sudoers.d/sudoers.KLO
-rw-r--r-- root/root       234 2004-09-15 16:11:44 ./etc/sudoers.d/sudoers.LuukkuWWW
-rw-r--r-- root/root         0 2004-09-15 18:23:43 ./etc/sudoers.d/cfcat.host
-rw-r--r-- root/root       177 2004-11-18 14:24:09 ./etc/sudoers.d/sudoers.Cromet
-rw-r--r-- root/root       129 2004-11-24 16:01:43 ./etc/sudoers.d/sudoers.nippa
-rw-r--r-- root/root       229 2004-09-14 15:33:42 ./etc/sysctl.conf.d/sysctl.conf.LuukkuSMTP
-rw-r--r-- root/root       168 2004-09-14 15:33:42 ./etc/sysctl.conf.d/sysctl.conf.BASE
-rw-r--r-- root/root       228 2004-09-14 15:33:42 ./etc/sysctl.conf.d/sysctl.conf.LuukkuWWW
-rw-r--r-- root/root         0 2004-09-15 18:23:43 ./etc/sysctl.conf.d/cfcat.host
-rw-r--r-- root/root       100 2004-09-22 02:19:53 ./etc/sysctl.conf.d/sysctl.conf.OracleServ
-rw-r--r-- root/root       791 2004-09-14 15:33:42 ./etc/syslog.conf.d/syslog.conf.DEFAULT
-rw-r--r-- root/root       990 2004-09-14 15:33:42 ./etc/syslog.conf.d/syslog.conf.LuukkuSMTP
-rw-r--r-- root/root         0 2004-09-15 18:23:43 ./etc/syslog.conf.d/cflink.host
-rw-r--r-- root/root       770 2004-09-27 13:20:17 ./etc/postfix/main.cf.d/main.cf.DEFAULT
-rw-r--r-- root/root       886 2004-11-17 16:22:49 ./etc/postfix/main.cf.d/main.cf.LuukkuSMTP
-rw-r--r-- root/root         0 2004-09-15 18:23:42 ./etc/postfix/main.cf.d/cflink.host
-rw-r--r-- root/root      1014 2004-09-14 15:58:47 ./etc/postfix/master.cf.d/master.cf.DEFAULT
-rw-r--r-- root/root         0 2004-09-15 18:23:42 ./etc/postfix/master.cf.d/cflink.host
-rwxr-xr-x root/root        27 2004-10-01 10:35:41 ./etc/profile.d/oracle_sid.csh.d/oracle_sid.csh.liima
-rw-r--r-- root/root         0 2004-09-22 16:00:59 ./etc/profile.d/oracle_sid.csh.d/cflink.host
-rw-r--r-- root/root         0 2004-09-22 16:00:59 ./etc/profile.d/oracle_sid.csh.d/oracle_sid.csh.DEFAULT
-rwxr-xr-x root/root        27 2004-09-22 16:00:59 ./etc/profile.d/oracle_sid.csh.d/oracle_sid.csh.teippi
-rwxr-xr-x root/root        27 2004-10-01 10:35:41 ./etc/profile.d/oracle_sid.csh.d/oracle_sid.csh.purkka
-rwxr-xr-x root/root        39 2004-09-22 16:00:59 ./etc/profile.d/oracle_sid.sh.d/oracle_sid.sh.teippi
-rw-r--r-- root/root         0 2004-09-22 16:00:59 ./etc/profile.d/oracle_sid.sh.d/cflink.host
-rwxr-xr-x root/root        39 2004-10-01 10:35:41 ./etc/profile.d/oracle_sid.sh.d/oracle_sid.sh.purkka
-rwxr-xr-x root/root       354 2004-09-22 22:42:47 ./etc/profile.d/oracle.csh.d/oracle.csh.OracleServ
-rwxr-xr-x root/root       259 2004-10-07 10:22:47 ./etc/profile.d/oracle.csh.d/oracle.csh.DEFAULT
-rw-r--r-- root/root         0 2004-09-22 22:42:47 ./etc/profile.d/oracle.csh.d/cflink.host
-rwxr-xr-x root/root       527 2004-09-22 22:42:48 ./etc/profile.d/oracle.sh.d/oracle.sh.OracleServ
-rwxr-xr-x root/root       329 2004-10-07 10:22:47 ./etc/profile.d/oracle.sh.d/oracle.sh.DEFAULT
-rw-r--r-- root/root         0 2004-09-22 22:42:48 ./etc/profile.d/oracle.sh.d/cflink.host
-rw-r--r-- root/root         0 2004-09-22 21:47:22 ./etc/sysconfig/network-scripts/route-eth0.d/route-eth0.BASE
-rw-r--r-- root/root         0 2004-09-22 21:47:22 ./etc/sysconfig/network-scripts/route-eth0.d/cfcat.net
-rw-r--r-- root/root        35 2004-09-22 23:20:38 ./etc/sysconfig/network-scripts/route-eth0.d/route-eth0.Harmaa2
-rw-r--r-- root/root       288 2004-12-15 11:24:09 ./etc/sysconfig/network-scripts/route-eth1.d/route-eth1.Julkinen
-rw-r--r-- root/root         0 2004-09-22 23:26:12 ./etc/sysconfig/network-scripts/route-eth1.d/route-eth1.BASE
-rw-r--r-- root/root         0 2004-09-22 21:47:22 ./etc/sysconfig/network-scripts/route-eth1.d/cfcat.net
-rw-r--r-- root/root         0 2004-09-22 21:47:23 ./etc/sysconfig/network-scripts/route-eth2.d/cfcat.net
-rw-r--r-- root/root        35 2004-09-22 22:42:07 ./etc/sysconfig/network-scripts/route-eth2.d/route-eth2.niitti
-rw-r--r-- root/root        35 2004-09-22 22:42:07 ./etc/sysconfig/network-scripts/route-eth2.d/route-eth2.naula
-rw-r--r-- root/root        35 2004-09-22 22:42:07 ./etc/sysconfig/network-scripts/route-eth2.d/route-eth2.pultti
-rw-r--r-- root/root        35 2004-09-22 22:42:07 ./etc/sysconfig/network-scripts/route-eth2.d/route-eth2.ruuvi
-rw-r--r-- root/root        35 2004-10-07 15:19:34 ./etc/sysconfig/network-scripts/route-eth2.d/route-eth2.koukku
-rw-r--r-- root/root        35 2004-10-07 15:19:34 ./etc/sysconfig/network-scripts/route-eth2.d/route-eth2.nasta
-rw-r--r-- root/root         0 2004-09-22 23:52:26 ./etc/apt/sources.list.d/nws.list.d/nws.list.DEFAULT
-rw-r--r-- root/root         0 2004-09-22 23:52:26 ./etc/apt/sources.list.d/nws.list.d/cflink.flavor
-rw-r--r-- root/root       123 2004-09-22 23:52:26 ./etc/apt/sources.list.d/nws.list.d/nws.list.rhel3as
-rw-r--r-- root/root       123 2004-09-22 23:52:26 ./etc/apt/sources.list.d/nws.list.d/nws.list.rhel3es
-rw-r--r-- root/root       123 2004-09-22 23:52:26 ./etc/apt/sources.list.d/nws.list.d/nws.list.rhel3ws
-rw-r--r-- root/root      2896 2004-09-23 09:30:58 ./etc/passwd.d/passwd.BASE
-rw-r--r-- root/root         0 2004-09-23 09:30:58 ./etc/passwd.d/cfcat.host
-rw-r--r-- root/root       106 2004-11-18 14:24:09 ./etc/passwd.d/passwd.Cromet
-rw-r--r-- root/root      1793 2004-11-24 16:02:44 ./etc/shadow.d/shadow.BASE
-rw-r--r-- root/root         0 2004-09-23 09:30:58 ./etc/shadow.d/cfcat.host
-rw-r--r-- root/root       122 2004-11-18 14:24:09 ./etc/shadow.d/shadow.Cromet
-rw-r--r-- root/root        67 2004-10-13 19:39:24 ./etc/tnsnames.ora.d/tnsnames.ora.OracleServ
-rw-r--r-- root/root        34 2004-10-13 19:39:24 ./etc/tnsnames.ora.d/tnsnames.ora.DEFAULT
-rw-r--r-- root/root         0 2004-10-13 19:39:24 ./etc/tnsnames.ora.d/cflink.host
-rwxr-xr-x root/root      1114 2004-09-15 19:15:19 ./cflink
-rwxr-xr-x root/root      1121 2004-09-15 19:15:19 ./cfcat
-rw------- root/root         8 2004-12-15 13:20:52 ./host_profile
-rw------- root/root         9 2004-12-15 13:20:52 ./net_profile
-rw------- root/root         8 2004-12-15 13:20:52 ./flavor_profile
-rwxr-xr-x root/root      1207 2004-09-22 15:40:05 ./cf-customize-me-harder-baby.sh

The magic flag files are called (cfcat|cflink).(host|net|flavor) and the flag file name tells which script to use (cfcat or cflink) and which profile to use in customization: host, net or flavor.

The scripts cf-customize-me-harder-baby.sh, cfcat and cflink are available in http://almamedia.fi/~sjm/cfengine/contrib/.

TODO: it would be nice to have more generic template system to make even more complicated, yet customized files for particular purposes. An example of this might be httpd.conf for Apache.

Regards,

Sami J. Mäkinen - sjm@almamedia.fi 2004-12-15

Retrieved from "http://cfwiki.org/cfwiki/index.php/Talk:Singlecopy_Nirvana"
Personal tools