On 15 Jan 2010, at 5:21 pm, John G. Heim wrote:
I am currently trying to set up a cfengine system on my network. The
first thing I want to do is try to make sure all of the client
machines have the same config files for things like NTP, cron, etc.
It occured to me that the canonical copies of those files are within
my FAI config directory. So it should be possible for me to make a
change to a file with my FAI config directory and have cfengine
automatically ship it out to all the machines that have already been
set up. But how to do that?
I'm thinking of moving the FAI files to a "normal" heirarchy within
the cfengine space. So my canonical nntp config file would be in /
var/lib/cfengine2/clientfiles/etc/ntp.conf. And within the FAI
space, there'd be a symlink from /srv/fai/config/files/etc/ntp.conf/
MYCLASS to the "real" file.
Has anybody ever managed a configuration like this? Any other
(better) ways to do what I want to do?
I don't know about 'better', but I can tell you what we do. :-)
1) cfengine makes sure that the FAI config space has a copy of the
current cfengine inputs and files
2) We don't generally use FAI's config/files directory at all, except
for things which are required to configure hardware early in the FAI
process; as I said in another post today, we separate hardware/
networking config (done by FAI) from application configuration (done
by cfengine)
3) At the end of the FAI install, we run cfagent, but without an
update.conf file, so it doesn't try to update the policy from the
cfengine server (this is done so that the server doesn't perform its
key exchange with the client until the client has booted its full OS,
is running with its proper IP address, and is no longer in the FAI NFS
root - we have a system where the IP address the machine has while it
is FAI installing is not necessarily the same as its final IP address;
I realise this is somewhat unusual)
4) We have a module within cfengine which defines cfengine classes
based on FAI's classes, by parsing the FAI log's FAI_CLASSES file.
So, for example, an HP ProLiant server will be in the FAI class
PROLIANT, which appears as a class fai_proliant in our cfengine setup.
You may think this is all rather complex (and it is), but at the time
it was all set up, we had a more heterogeneous world than we do now,
and cfengine was the only thing that could configure everything, so we
went with that. Basic operating system installs were done in fairly
platform specific ways (Tru64 had its way, our IBM Red Hat cluster had
its own thing, we were using FAI for newer things, and so on). FAI is
much more widespread here now, but the old division of roles of the
two pieces of software continues, and I actually like the separation
of basic OS installation from role-specific configuration.
Tim
--
The Wellcome Trust Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.
