Re: [help-cfengine] init spawning multiple cf-execd processes at once
cf-execd is the scheduler that is responsible for executing the agent (cf-agent) at the scheduled intervals (by default 5 every minutes). By default cf-agent will start cf-execd, cf-serverd and cf-monitord if they aren't running. Instead of putting cf-execd in inittab you could add a cron job that runs cf-agent at less frequent intervals. To be honest though, I haven't had any problems with cf-execd crashing in quite some time. It's been extremely stable for me for at least the past three years. -- Brian Bennett Looking for CFEngine training? http://www.verticalsysadmin.com/ On Jul 22, 2014, at 7:33 AM, Lorenzo Beretta lory.fu...@infinito.it wrote: On 07/21/2014 02:39 PM, Jimmy Thrasibule wrote: Hi, I've added a new line to the /etc/inittab file to monitor the CFEngine daemon and restart it in case this one dies. cfe:2345:respawn:/var/cfengine/bin/cf-execd The cf-execd is re-spawned as expected, except the fact that multiple processes are created at once. I therefore have about 20+ cf-execd processes running where I only need 1. Any idea what's causing this and how to solve it? Regards, Jimmy If you start things from /etc/inittab, you must make sure they do not fork; I have no idea what cf-execd does, but its manpage mentions the --no-fork option :) (If a process in inittab is spawned more than N times, init will stop respawining it for a while) -- You received this message because you are subscribed to the Google Groups help-cfengine group. To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengine+unsubscr...@googlegroups.com. To post to this group, send email to help-cfeng...@googlegroups.com. Visit this group at http://groups.google.com/group/help-cfengine. For more options, visit https://groups.google.com/d/optout. smime.p7s Description: S/MIME cryptographic signature
Are Cfengine keys affected by the recent OpenSSL vulnerability?
Does anyone know whether the Cfengine keys (/var/cfengine/ppkeys/*pub) are affected by the latest Debian OpenSSL vulnerability? Do they need to be regenerated? http://lists.debian.org/debian-security-announce/2008/msg00152.html The provided dowkd.pl does not parse Cfengine keys. Thanks, -- Arcady Genkin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Experiencias con FAI y cfengine
HolaActualmente mantengo tres servidores y varios equipos (unos 20) todos ellos con debian, y me gustaría hacer el mantenimiento de forma más automática a como lo hago ahora. De la misma manera, me gustaría que al comprar un nuevo equipo, la instalación se realizase también de forma automática, ya que ahora lo que hago es seguir el mismo proceso una y otra vez. Para conseguir todo esto, he estado buscando información y he encontrado que FAI me puede valer para las instalaciones automáticas y cfengine para mantener una uniformidad en la configuración de los equipos. Si son tan amables de contarme un poco las experiencias que hayan tenido con FAI y cfengine, recomendarme algún tutorial o howto, se lo agradecería enormemente.También se aceptan sugerencias sobre otros sistemas para realizar lo mismo :) Un saludo y gracias por adelantado,Juanra
Re: Experiencias con FAI y cfengine
Hola [mar, 03 oct 2006 13:28:20 +0200] - Juan Ramon Martin Blanco: Hola Actualmente mantengo tres servidores y varios equipos (unos 20) todos ellos con debian, y me gustaría hacer el mantenimiento de forma más automática a como lo hago ahora. De la misma manera, me gustaría que al comprar un nuevo equipo, la instalación se realizase también de forma automática, ya que ahora lo que hago es seguir el mismo proceso una y otra vez. Para conseguir todo esto, he estado buscando información y he encontrado que FAI me puede valer para las instalaciones automáticas y cfengine para mantener una uniformidad en la configuración de los equipos. Si son tan amables de contarme un poco las experiencias que hayan tenido con FAI y cfengine, recomendarme algún tutorial o howto, se lo agradecería enormemente. Pues la experiencia que yo tengo es fantástica. No usamos cfengine, pero sí FAI. Nosotros nos hemos creado unos repositorios locales con una serie de paquetes y metapaquetes que al instalarse arrastran las dependencias necesarias, y modifican los ficheros de configuración pertinentes para que al final, quede un SO perfectamente funconal. Al final, con FAI instalamos el sistema base, particionamos, y luego instalamos UN metapaquete distinto en funcion del producto final. Como te digo, la experiencia es fantástica. Con FAI tenemos funcionando unos 80 servidores, y el tiempo de instalación de cualquiera de ellos es de unos 15 minutos, pero independientemente del hardware que éstos tengan :-). También se aceptan sugerencias sobre otros sistemas para realizar lo mismo :) No conozco ninguno, pero siempre estaría bien conocer mas ;-) Un saludo y gracias por adelantado, Juanra -- ___ Iván Forcada Atienza: correo: [EMAIL PROTECTED] --- Software is like sex: it's better when it's free (Linus Torvalds) pgpZdUsKLTZO0.pgp Description: PGP signature
Re: Experiencias con FAI y cfengine
El mar, 03-10-2006 a las 13:28 +0200, Juan Ramon Martin Blanco escribió: Hola Actualmente mantengo tres servidores y varios equipos (unos 20) todos ellos con debian, y me gustaría hacer el mantenimiento de forma más automática a como lo hago ahora. De la misma manera, me gustaría que al comprar un nuevo equipo, la instalación se realizase también de forma automática, ya que ahora lo que hago es seguir el mismo proceso una y otra vez. Para conseguir todo esto, he estado buscando información y he encontrado que FAI me puede valer para las instalaciones automáticas y cfengine para mantener una uniformidad en la configuración de los equipos. Si son tan amables de contarme un poco las experiencias que hayan tenido con FAI y cfengine, recomendarme algún tutorial o howto, se lo agradecería enormemente. También se aceptan sugerencias sobre otros sistemas para realizar lo mismo :) Utiliza systemimager http://www.systemimager.org/ Un saludo y gracias por adelantado, Juanra -- Angel Claudio Alvarez Usuario Linux Registrado 143466 GPG Public Key en http://pgp.mit.edu key fingerprint = 3AED D95B 7E2D E954 61C8 F505 1884 473C FC8C 8AC4 signature.asc Description: Esta parte del mensaje está firmada digitalmente
Re: Experiencias con FAI y cfengine
El mar, 03-10-2006 a las 13:28 +0200, Juan Ramon Martin Blanco escribió: Hola Actualmente mantengo tres servidores y varios equipos (unos 20) todos ellos con debian, y me gustaría hacer el mantenimiento de forma más automática a como lo hago ahora. De la misma manera, me gustaría que al comprar un nuevo equipo, la instalación se realizase también de forma automática, ya que ahora lo que hago es seguir el mismo proceso una y otra vez. Para conseguir todo esto, he estado buscando información y he encontrado que FAI me puede valer para las instalaciones automáticas y cfengine para mantener una uniformidad en la configuración de los equipos. Si son tan amables de contarme un poco las experiencias que hayan tenido con FAI y cfengine, recomendarme algún tutorial o howto, se lo agradecería enormemente. También se aceptan sugerencias sobre otros sistemas para realizar lo mismo :) Bueno, en este caso, Read The Gold Manual :) http://d-i.alioth.debian.org/manual/es.i386/apb.html No se si puede serte útil y desconozco si es mejor o peor que FAI o cfengine ... sin más es otro método documentado (y traducido) Un saludo y gracias por adelantado, A los que escriben las sagradas escrituras :) -- ,-, | Iñigo Tejedor Arrondohttp://navarrux.org inigo(a)navarrux.org | |-| | | | Debian - The universal operative system.| | | | You can choose, get the freedom, get the power, apt-get in to it. | | | ·-· -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
cfengine users?
are there cfengine users out there who use cfengine with debian? i'd be interested in how you went about it. cfengine is totally comprehensive, capable of everything. but i want to keep a fully functional debian system underneath. who'd be willing to share his configuration with me so that i can check it out before i embark on the configuration here? -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system Keyserver problems? http://keyserver.kjsl.com/~jharris/keyserver.html Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc pgp0.pgp Description: PGP signature
Maintain X11 config with CFengine?
We use CFengine to maintain the configuration of our machines. It's great stuff. Now, one possibility for CFengine to manage the XF86Config would be to just copy or edit the file. But it occurred to me that it might be better to just maintain the answers asked by debconf. Do you think that might be feasible? Is it the right approach? If so, I imagine the procedure is as follows: First, CFengine edits some file where debconf stores the answers to its questions. (Where is that file and what's the format?) Then CFengine runs dpkg-reconfigure or something like this to tell Debian to reconfigure the package based on the previously configured answers. I've been quite happy with the X11 configuration that came out after debconf was done asking me. Another thing is that I'd like to change the sequence of directories in FontPath, and maybe add my own. So is there a file where debconf gets the corresponding XF86Config-4 snippet from? Can I have CFengine just edit that file? kai -- ~/.signature is: umop ap!sdn(Frank Nobis) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
cron daemon -- suidmanager and cfengine errors
Hi all: I've been getting the following messages from cron daemon: /etc/cron.daily/cfengine: cf:main:/etc/cfengine/cfengine.conf:26: parse error cfengine:main::26: Warning: actionsequence is empty cfengine:main::26: Warning: perhaps cfengine.conf has not yet been set up? cfengine:main::Execution terminated after parsing due to errors in program /etc/cron.daily/suidmanager: File /usr/lib/emacs/20.3/i386-debian-linux-gnu/movemail registered but not installed File /usr/lib/emacs/19.34/i386-debian-linux/movemail registered but not installed I don't have emacs nor xemacs packages installed on my system (in fact I do, but I compiled it, and it's an Xemacs 21.1.2). 1. So, what's cfengine and how do I know if I need it? The doc in the /usr/doc directory is huge and obscure -- could anyone be so kind as to describe in a couple of words what it does? 2. Do I simply suidunregister movemail or should I do smth else? TIA! -- Arcady Genkin
Re: cron daemon -- suidmanager and cfengine errors
On Wednesday, May 19, 1999 at 20:41:57 -0400, Arcady Genkin wrote: Message-ID: [EMAIL PROTECTED] User-Agent: Gnus/5.070084 (Pterodactyl Gnus v0.84) XEmacs/21.1 (20 Minutes to Nikko) X-UIDL: 24e3c1b866b50d40dbdaae05d5921bd5 /etc/cron.daily/cfengine: cfengine:main::26: Warning: perhaps cfengine.conf has not yet been set up? Sounds like this is exactly the case. 1. So, what's cfengine and how do I know if I need it? The doc in the /usr/doc directory is huge and obscure -- could anyone be so kind as to describe in a couple of words what it does? Reads a config file and does as directed, synchronizing user lists, passwords, or whatever you tell it. === From the package description (inside dselect select === cfengine - Tool for configuring and maintaining network machines The main purpose of cfengine is to allow the system administrator to create a single central file which will define how every host on a network should be configured. cfengine is also useful as an interpreter for a general scripting language for ordinary users. It is handy for tidying up junk files and for maintaining `watchdog' scripts to manage access rights and permissions on files when collaborating with other users. It takes a while to set up cfengine for a network (especially an already existing network), but once that is done you will wonder how you ever lived without it! === End package description === If you don't know what it is, and don't run a LAN, you probably don't *need* it (although it's possible you could find some use for it.) Purging it will most likely cause no problems. (Do you have any idea how it got installed?) -- PGP Public Key available on request: Type Bits/KeyIDDate User ID pub 1024/CFED2D11 1998/03/05 Lazarus Long [EMAIL PROTECTED] Key fingerprint = 98 2A 56 34 16 76 D5 21 39 93 99 EA 89 D4 B5 A2
Re: cfengine cron job
However, the best thing to do would be for cfengine to run without error straight from the package. Even if cfengine doesn't do anything, it shouldn't look ugly. -- Kevin Dalley [EMAIL PROTECTED] Ben == Ben Collins [EMAIL PROTECTED] writes: On Mon, Dec 14, 1998 at 12:20:51PM +, Graham Ashton wrote: What would be the most debian friendly way of disabling it? I thought of removing the cfengine package, but then thought that there might be a less heavy handed approach, other than deleting/moving the files from /etc/cron.daily and /etc/cron.weekly. Execute this command: /usr/sbin/dpkg-divert --local --add --rename --divert /etc/cron.daily/cfengine /etc/cron.daily/cfengine.norun
Re: cfengine cron job
On Tue, Dec 15, 1998 at 01:33:04AM -0800, Kevin Dalley wrote: However, the best thing to do would be for cfengine to run without error straight from the package. Even if cfengine doesn't do anything, it shouldn't look ugly. Good point, since I'm a new maintainer for it, and actually never installed it with out configuring it, I never noticed. I'll fix it, maybe it will get into slink. -- --- - - --- - - - --- Ben Collins [EMAIL PROTECTED] Debian GNU/Linux UnixGroup Admin - Jordan Systems Inc. [EMAIL PROTECTED] -- -- - - - --- --- -- The Choice of the GNU Generation
cfengine cron job
I've just installed a new hamm system, and am getting mail messages about cfengine's cron job; -- Subject: Cron [EMAIL PROTECTED] run-parts --report /etc/cron.daily X-Cron-Env: SHELL=/bin/sh X-Cron-Env: PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin X-Cron-Env: HOME=/root X-Cron-Env: LOGNAME=root Date: Mon, 14 Dec 1998 06:44:51 + /etc/cron.daily/cfengine: cf:alice:/etc/cfengine/cfengine.conf:26: parse error cfengine:alice::26: Warning: actionsequence is empty cfengine:alice::26: Warning: perhaps cfengine.conf has not yet been set up? cfengine:alice::Execution terminated after parsing due to errors in program /etc/cron.daily/cracklib: 45375 45375 -- I understand that this is because I've not configured cfengine, and don't intend to in the near future (it looks like the sort of thing I'd like to play with before too long though). What would be the most debian friendly way of disabling it? I thought of removing the cfengine package, but then thought that there might be a less heavy handed approach, other than deleting/moving the files from /etc/cron.daily and /etc/cron.weekly. Is there a nice way to do it? -- Graham
Re: cfengine cron job
On Mon, Dec 14, 1998 at 12:20:51PM +, Graham Ashton wrote: What would be the most debian friendly way of disabling it? I thought of removing the cfengine package, but then thought that there might be a less heavy handed approach, other than deleting/moving the files from /etc/cron.daily and /etc/cron.weekly. Execute this command: /usr/sbin/dpkg-divert --local --add --rename --divert /etc/cron.daily/cfengine /etc/cron.daily/cfengine.norun This will move the cron file so that dpkg knows you did it. Also the '.' in the new name will make run-parts not run it (norun :). To mave it back: /usr/sbin/dpkg-divert --remove /etc/cron.daily/cfengine.norun good luck, Ben -- --- - - --- - - - --- Ben Collins [EMAIL PROTECTED] Debian GNU/Linux UnixGroup Admin - Jordan Systems Inc. [EMAIL PROTECTED] -- -- - - - --- --- -- The Choice of the GNU Generation
Re: cfengine cron job
On 14 Dec, Ben Collins wrote: Execute this command: /usr/sbin/dpkg-divert --local --add --rename --divert /etc/cron.daily/cfengine /etc/cron.daily/cfengine.norun wow. how cool is debian? thanks a lot. [scuttles off to see what else dpkg-divert can do...] -- Graham
Re: cfengine question?
Would some please show me what is wrong with the following cfengine that is sent to my 'root' every day: Check the log file under /var/log to see if there is more information there. If not, try running cfengine by hand to see if it provides more information that way. Brian ( [EMAIL PROTECTED] ) --- In theory, theory and practice are the same. In practice, they're not. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
cfengine question?
Hi, Would some please show me what is wrong with the following cfengine that is sent to my 'root' every day: --8 --- cfengine:/etc/cfengine/cfengine.conf:53: parse error cfengine::Execution terminated after parsing due to errors in program --8 --- Here is my /etc/cfengine.cf: --8 --- #! /usr/bin/cfengine -f control: access = ( root ) domain = ( mycompany.com ) netmask = ( 255.255.255.0 ) timezone= ( CDT ) mountpattern= ( / ) homepattern = ( home* ) sysadm = ( root ) editfilesize= ( 4192 ) adminfiles = ( /etc/cfengine ) repository = ( /var/backups/cfengine ) actionsequence = ( checktimezone # editfiles # copy # tidy # shellcommands # links ) broadcast: ones links: linux:: /dev/core - /proc/kcore tidy: Monday:: / pattern=*..cfsaved recurse=inf age=7 / pattern=*~ recurse=inf age=7 / pattern=#* recurse=inf age=7 / pattern=corerecurse=inf age=1 shellcommands: disable: /etc/hosts.equiv /etc/nologin editfiles: { /etc/init.d/boot SetCommentStart # SetCommentEnd WarnIfNoLineMatching'[#]*echo -n Cleaning up /tmp... ' LocateLineMatching '^echo -n Cleaning up /tmp... ' CommentToLineMatching 'echo done.' } # local variables: # tab-width: 4 # end: --8 --- Thanks! -- Timothy C. Phan ([EMAIL PROTECTED]) NEC America, Inc. ASL 1525 Walnut Hill Ln. Irving, TX 75038 tel: (214)-518-3437 fax: (214)-518-3499 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
where are cfengine docs?
Subject says it all. -- Ken Gaugler N6OSK Santa Clara, California email: [EMAIL PROTECTED] URL: http://www.wco.com/~keng The life of a Repo Man is always INTENSE...
Re: cfengine errors from cron output
Hello all. I'm getting those beloved errors from cfengine on a cron job. What's the fix to get rid of the errors? error message: cfengine:/etc/cfengine/cfengine.conf:23: parse error cfengine::23: Warning: actionsequence is empty cfengine::Execution terminated after parsing due to errors in program dpkg -r cfengine But, you are right that cfengine should say something about that in the docs (I know it becaues I just installed cfengine, and it does print it to stdout. But maintainers cannot expect users to read everything that's printed at install-time). -- joost witteveen [EMAIL PROTECTED] [EMAIL PROTECTED] -- Use Debian/GNU Linux! -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
cfengine errors from cron output
Hello all. I'm getting those beloved errors from cfengine on a cron job. What's the fix to get rid of the errors? error message: cfengine:/etc/cfengine/cfengine.conf:23: parse error cfengine::23: Warning: actionsequence is empty cfengine::Execution terminated after parsing due to errors in program --Pete ___ Peter J. Templin, Jr. Client Services Analyst Computer Communication Services tel: (717) 524-1590 Bucknell University [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: cfengine?
This is a reply from Mark Burgess (esteemed author of cfengine) regarding your question on cfengine... Brian White wrote: This message was posted to the debian-user list. I thought you would be interested. I must admit, I've been a little lax in keeping the version of cfengine that is available under Debian up to date with your releases. He'll be running version 1.3.8. - In cfengine all machines belong to several classes, e.g mail_server = ( tango ) mail_client = ( samba rumba ) home_server = ( samba ) .. In a cfengine-file one can use these classes to perfom any action. But when I want to perform the e.g. the following action copy: mail_server:: do something mail_client:: do something home_server:: do something the script doesn't perform the last entry for home_server on samba, because the host samba already belongs to the class mail_client and a action for this host is already performed. Isn't there a possibility to test for all classes if the hosts belongs to it or not? Dirk -- Mark Burgess (author of cfengine) replies: Hei. I think you have misunderstood. Cfengine will perform all the actions for defined classes. If it is not doing so, I would guess that there is some kind of misunderstanding going on. You could try to follow the voluminous output from the -d2 flag which gives debugging info, or -v for verbose to see whether all the classes you think are defined really are. Otherwise, I would definitely upgrade to 1.3.16 (Brian!) It has some nice new features and a few bug fixes, which might just help... good luck! BTW: there are now two cfengine newsgroups whcih have finally started working: gnu.cfengine.help gnu.cfengine.bug best regards, Mark -- Since Debian is going through a code freeze for its next release, I decided to leave the last version I had used without problem. I will release the latest version of cfengine in the next week or two. Brian ( [EMAIL PROTECTED] ) --- In theory, theory and practice are the same. In practice, they're not. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
cfengine?
in cfengine all machines belong to several classes, e.g mail_server = ( tango ) mail_client = ( samba rumba ) home_server = ( samba ) ... In a cfengine-file one can use these classes to perfom any action. But when I want to perform the e.g. the following action copy: mail_server:: do something mail_client:: do something home_server:: do something the script doesn't perform the last entry for home_server on samba, because the host samba already belongs to the class mail_client and a action for this host is already performed. Isn't there a possibility to test for all classes if the hosts belongs to it or not? Dirk -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
cfengine-1.2.26-2.deb bad /etc/cfengine.conf
The default /etc/cfengine.conf does not work out of the box because the actionsequence is empty (parse error line 23). Also, wouldn't it be nice to have the postinst script get the timezone from the installed system? YA.