The purpose of cfengine-masterconf is to provide a starting configuration on a cfengine master server. It's a reasonably complex setup that should deal with many of the things people commonly want to deal with.
Masterconf comes in two parts. The first is a basic setup of cfengine files. The second is a set of Perl templates and programs that allow you to regenerate some of the cfengine configuration files based on your system setup.
| .conf | These are the configuration files which are read directly by cfengine (cfagent, cfservd...) |
|---|---|
| .cfa | These are the files referenced from the man cfagent.conf |
| .cfm | These are cfengine modules, stored in the modules directory |
| .pt | When appended to the end of any file, it means that it's a Perl template, to be processed by the masterconf templating system before being distributed by cfengine. |
While all normal cfengine files are stored in /var/cfengine, the masterconf files are stored in /usr/etc/cfengine. There are a number of folders in here. They are:
| Name | pt? | Purpose |
|---|---|---|
| modules | These modules are basically copied straight to the /var/cfengine/modules directory on individual hosts. | |
| conf | These configuration files are copied straight to the /var/cfengine/inputs directory on individual hosts. | |
| conf-pt | * | These files are perl templates of the cfengine configuration. When processed, they overwrite the files in the conf directory. When rebuilt, they also rebuild fileinc.cfa and update.conf |
| classes | * | While not strictly requiring the Perl template stuff, it's much easier to use them together. See the "classes" section below |
| doco | * | You only need to look in here if you want to customise the headers or footers on the documentation that the Perl templates generate |
| Program | Description |
|---|---|
| cf-pt-conv | Does the .pt template conversions |
| cfedit | Edits a file with $EDITOR, runs cf-pt-conv on it, and runs CVS commit (unless you set the $usecvs variable at the start of the script to 0). |
| cfclasscat | This script has an extensive man page. It is one of Chip Seraphine's, and is not as tightly integrated into the rest of the package. |
Most of the above programs also rely on the MasterConf.pm library
There are three special folders in the aforementioned <classes> folder. Inside each of these folders are other folders representing classes. Inside the class folders are files and folders that get treated specially if the classes are true. They are as follows:
| Folder | Description |
|---|---|
| /usr/etc/cfengine/classes/conf.d | Files inside this are copied to /var/cfengine/inputs if the
class is true, and are also included in the import section of
fileinclude.cfa (but only after the template conversion on the
.pt file has been run). So for example,
/usr/etc/cfengine/classes/conf.d/ServiceType_Web/web.cfa
would be copied to /var/cfengine/inputs on all web servers
(ie. servers with ServiceType_Web defined). |
| /usr/etc/cfengine/classes/skel | Files inside this would be copied to the root of the
machine if the class is true. So for example,
/usr/etc/cfengine/classes/skel/ServiceType_Web/etc/httpd/conf/httpd.conf
would overwrite the httpd.conf on web servers (but presumably
not on mail servers, which might also have Apache installed
for webmail. |
| /usr/etc/cfengine/classes/patches | This patching section will hopefully someday patch machines
properly, but I don't need or understand patching, so until
I get a little more help with it, it will languish. The
idea, though, is that
/usr/etc/cfengine/classes/patches/solaris/patch.patch
would be installed on all Solaris machines. |
The above setup means a number of things. For a start, programs that want to install cfengine config need only drop it in conf.d/any or wherever they like, and rebuild update.conf and fileinc.cfa, and it'll all happen.
Another is that, rather than setting up configuration to roll out new files, you simply need to dump them in skel/any (or wherever).
On the downside, after you do any of the above, you have to rebuild fileinc.cfa and update.conf from their templates. The easy way to do this is to get cfedit to do it for you (eg. "cfedit any.cfa.pt", and then exit).
The module "deploy" is deployed with masterconf. It should be called as follows:
method:
all::
deploy(/etc/ssh/sshd_config,/local/admin/bin/m4wrap,m4)
action=deploy.cfm
returnvars=null
returnclasses=null
server=localhost
This section hasn't been written yet, but my recommendation would be to edit the following files:
/usr/etc/cfengine/conf-pt/update.conf.pt /usr/etc/cfengine/conf-pt/classes.cfa.pt /usr/etc/cfengine/conf-pt/any.cfa.pt