Cfengine: Getting started

From GridPP Wiki
Revision as of 10:49, 22 November 2006 by Graeme stewart (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Building RPMS

cfengine is easy to build, either directly from source or from source RPMS. The src.rpm provided in the DAG repository builds, without patching, on SL3 i386 and SL4 x86_64.

Building an RPM will probably make deployment across your cluster easier.

Installing cfengine

Well, you know what to do with an RPM, don't you?

Toe in the Water

It's a good idea to take an isolated node and run cfengine here to play with what it can do before embarking on a cluster wide installation.

Create the file /var/cfengine/inputs/cfagent.conf:

control:
        any::
                actionsequence = (
                        files
                        links
                        copy
                )

files:
        any::
                # Check the ownership and mode of this file
                # touch action will create it if it does not exist
                /tmp/cfengine_is_good mode=0644 owner=root group=root action=touch

links:
        any::
                # Create a soft link
                /tmp/how_is_cfengine -> /tmp/cfengine_is_good

copy:
        any::
                # Copy a file
                /etc/group dest=/tmp/group

Now run cfengine:

node140:/var/cfengine/inputs# cfagent -qv
Setting cfengine new port to 48148
Setting cfengine old port to 5308
Reference time set to Fri Nov 17 12:26:39 2006

GNU Configuration Engine - 
2.1.20
Free Software Foundation 1994-
Donated by Mark Burgess, Faculty of Engineering,
Oslo University College, Norway

------------------------------------------------------------------------

Host name is: node140.beowulf.cluster
Operating System Type is linux
Operating System Release is 2.4.21-47.ELhugemem
Architecture = i686


Using internal soft-class linux for host linux

The time is now Fri Nov 17 12:26:39 2006


------------------------------------------------------------------------

Additional hard class defined as: 32_bit
Additional hard class defined as: linux_2_4_21_47_ELhugemem
Additional hard class defined as: linux_i686
Additional hard class defined as: linux_i686_2_4_21_47_ELhugemem
Additional hard class defined as: linux_i686_2_4_21_47_ELhugemem__1_SMP_Thu_Jul_20_09_37_25_CDT_2006

GNU autoconf class from compile time: compiled_on_linux_gnu

Address given by nameserver: 10.141.0.140
Interface 1: lo
Interface 2: eth1
Trying to locate my IPv6 address
Looking for environment from cfenvd...
Loading environment...
Environment data loaded

cfengine:node140: No preconfiguration file

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
 * (Changing context state to: update) *
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Looking for an input file /var/cfengine/inputs/update.conf
(No file /var/cfengine/inputs/update.conf)
Finished with /var/cfengine/inputs/update.conf
Skipping update.conf (-F=0)

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
 * (Changing context state to: main) *
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

---------------------------------------------------------------------
Loading persistent classes
---------------------------------------------------------------------

---------------------------------------------------------------------
Loaded persistent memory
---------------------------------------------------------------------

Looking for environment from cfenvd...
Loading environment...
Environment data loaded

Looking for an input file /var/cfengine/inputs/cfagent.conf
Finished with cfagent.conf


Defined Classes = ( 10_141_0 10_141_0_140 32_bit Day17 Friday Hr12 Hr12_Q2 Min25_30 Min26 November Q2 Yr2006 any beowulf_cluster cfengine_2 cfengine_2_1 cfengine_2_1_20
cluster compiled_on_linux_gnu entropy_cfengine_in_low entropy_dns_in_low entropy_dns_out_low entropy_ftp_in_low entropy_ftp_out_low entropy_icmp_in_low entropy_icmp_out_low
entropy_irc_in_low entropy_irc_out_low entropy_misc_in_low entropy_misc_out_low entropy_netbiosdgm_in_low entropy_netbiosdgm_out_low entropy_netbiosns_in_low 
entropy_netbiosns_out_low entropy_netbiosssn_in_low entropy_netbiosssn_out_low entropy_nfsd_in_low entropy_nfsd_out_low entropy_smtp_in_low entropy_smtp_out_low 
entropy_ssh_out_low entropy_tcpack_in_low entropy_tcpack_out_low entropy_tcpfin_in_low entropy_tcpfin_out_low entropy_tcpsyn_in_low entropy_tcpsyn_out_low entropy_udp_in_low 
entropy_udp_out_low entropy_www_in_low entropy_www_out_low entropy_wwws_in_low entropy_wwws_out_low i686 ipv4_10 ipv4_10_141 ipv4_10_141_0 ipv4_10_141_0_140 linux 
linux_2_4_21_47_ELhugemem linux_i686 linux_i686_2_4_21_47_ELhugemem linux_i686_2_4_21_47_ELhugemem__1_SMP_Thu_Jul_20_09_37_25_CDT_2006 net_iface_eth1 net_iface_lo 
node140 node140_beowulf_cluster redhat scientific scientific_sl scientific_sl_3 scientific_sl_3_0 )

Negated Classes = ( )

Installable classes = ( no_default_route )

Global expiry time for locks: 120 minutes

Global anti-spam elapse time: 1 minutes

Extensions which should not be directories = ( )
Suspicious filenames to be warned about = ( )
Accepted domain name: beowulf.cluster

LogDirectory = /var/cfengine
Loaded /var/cfengine/ppkeys/localhost.priv
Loaded /var/cfengine/ppkeys/localhost.pub
Checksum database is /var/cfengine/checksum.db
Default binary server seems to be node140
Reference time set to Fri Nov 17 12:26:39 2006


*********************************************************************
 Main Tree Sched: files pass 1 @ Fri Nov 17 12:26:39 2006
*********************************************************************

Checking file(s) in /tmp/cfengine_is_good
cfengine:node140: Cannot access file/directory /tmp/cfengine_is_good
cfengine:node140: Creating file /tmp/cfengine_is_good, mode = 644
Saving the setuid log in /var/cfengine/cfagent.node140.beowulf.cluster.log

*********************************************************************
 Main Tree Sched: links pass 1 @ Fri Nov 17 12:26:39 2006
*********************************************************************

cfengine:node140: Linking files /tmp/how_is_cfengine -> /tmp/cfengine_is_good

*********************************************************************
 Main Tree Sched: copy pass 1 @ Fri Nov 17 12:26:39 2006
*********************************************************************

Checking copy from localhost:/etc/group to /tmp/group
cfengine:node140: Object /tmp/group had permission 600, changed it to 644
Saving the setuid log in /var/cfengine/cfagent.node140.beowulf.cluster.log
---------------------------------------------------------------------
Alerts
---------------------------------------------------------------------



++++++++++++++++++++++++++++++++++++++++
Summary of objects involved
++++++++++++++++++++++++++++++++++++++++

    global
    update
    main

We ran cfengine with the flags -v, which made it verbose, and -q which made it 'quick' (not quiet!), meaning we told cfagent to run right away. When you have many, many nodes controlled by cfengine you'll use a Splaytime to make cfengine sleep for a random interval before running, so as not to overload the server, so it's worth knowing that the -q flag switches this off and gets cfengine to run right away.

The important thing to notice is the actions which cfengine took in the files, links and copy sections - here it carried out the instructions we had given it in cfagent.conf.

Note that the configuration file is divided into sections, the innermost stanzas with single colons (like files:), then there are class specifiers, the things which end in double colons, which restrict the following statements to that class of machines (of course, every client is always in the any: class). Following the class specfiers come statements that make cfengine do something.

Playing Around

Using the other cfengine documentation sources, you can play around with other things that cfengine can do:

Linking to the current Java SDK

control: 
        any::
                actionsequence = ( 
                        links 
                        ) 

        scientific_sl_3::
                java = ( j2sdk1.4.2_12 )


links:
        scientific_sl_3::
                /usr/java/current -> /usr/java/$(java)

Define a variable pointing to the java sdk on SL3 and make a link to /usr/java/current. Note here the use of a class meaning that SL4 machines would not do this. You can see the extensive list of classes defined "for free" by cfengine by looking at the Defined Classes = section of the cfagent output above.

Editing Files

control: 
        any::
                actionsequence = ( 
                        editfiles 
                        ) 
        torque::
                torquesvr = ( 10.141.255.16 )


editfiles:
        torque::
                { /var/spool/pbs/mom_priv/config
                AutoCreate
                AppendIfNoSuchLine "$pbsserver $(torquesvr)"
                }
                

In this case, for machines in the class torque, we ensure that the correct MOM configuration line exists, giving the IP of the torque server.

Defining Classes

In the above example torque is not a pre-defined class, so we'd want to add a group: section, which is where we tell cfengine which machines are in this class;

group:
        worker = ( HostRange(node,1-100) )
        ce = ( svr016 )
        torque = ( worker ce )

Here all hosts node001, node002, node003, node004, ... node100 are defined to be in the worker class, host svr016 is in the ce class and torque is the aggregation of these two classes.

Note that machines can be, and are, in many classes. In addition to the "for free" cfengine classes above, host001 will be in the worker class and in the torque class.