Setup policy cfengine policy hub
CFEngine – configuration management system written in c ++ language and it is running on * BSD, Linux, Windows and others OS. This article describes how to install FreeBSD policies server on your server. Installing on Linux OS will be similar, but with the use of one or another package manager. All actions within cfengine similar like in FreeBSD, and on Linux too, with the exception of the location of files and classes os_name ::
Installing policy hub
СPolicy Server or in another policy hub – cfengine service, which is responsible for the distribution of rules, policies and changes. Simply put – the “main server” in this case.
So let’s install cfengine package from the FreeBSD ports:
# cd /usr/ports/sysutils/cfengine # make install clean
Make rehash:
# rehash
Once installed, go to the directory cfengine. His working directory – always /var/cfengine. Use the command, for that would go into a folder, create a directory bin/ and copy the binaries:
# cd /var/cfengine && mkdir bin && cp /usr/local/sbin/cf-* bin/
cfengine server authenticates and authorizes itself by RSA keys, similar to the ssh, and works as usual, in a pair. To generate them, use a special command:
# cf-key
No need to do anything, the keys are generated and are in their home directory – / var / cfengine / ppkeys, files localhost.priv – the private key, and localhost.pub – is a public one.
After installing cfengine as a port and as a package, to work it is not ready yet. master files should be downloaded that contain “file promises” – the master file, which describes the links on the policy. Files can be taken with git-hub project, but due to frequent changes and updates FreeBSD Ports policy, these files may not work with the build of of cfengine, located in the ports. We take them from a special archive. Download the master files:
# fetch http://cfengine.package-repos.s3.amazonaws.com/tarballs/masterfiles-3.6.5.tar.gz
Unpack:
# tar xzvf masterfiles-3.6.5.tar.gz
Remove archive:
# rm masterfiles-3.6.5.tar.gz
Now the server is ready to work, and all postinstall conditions was completed. To the server started to work as a policy hub, we have to run a command, for start synchronisation between masterfiles and input folder of the hub. The IP must be the same ip as your policy hub’ server. So we do it for server itself (important).
# cf-agent -B -s 192.168.1.10
In case of successful bootstrap, you will receive a log, where you can see what everything is ok. 192.168.1.10 is in our case is IP of the server where we do it. The message will be something like this:
# notice: Bootstrap to '192.168.101.45' completed successfully!
Just in case check how works cf-serverd:
# sockstat
You will see something like that:
root cf-serverd 14731 3 stream -> ?? root cf-serverd 14731 5 stream -> ?? root cf-serverd 14731 6 tcp4 6 *:5308 *:* root cf-serverd 14731 7 dgram -> /var/run/logpriv
And on the other server (on client) check the port availability and nothing not blocking the daemon:
# nc -v 192.168.101.45 5308 Connection to 192.168.101.45 5308 port [tcp/cfengine] succeeded!
This means that everything is is ok. Congratulations – you are beautiful. Make sure that all components are present cfengine to /etc/rc.conf:
# echo 'cf-serverd_enable="YES"' >> /etc/rc.conf # echo 'cf_monitord_enable="YES"' >> /etc/rc.conf # echo 'cf_execd_enable="YES"' >> /etc/rc.conf
The other components, such as cf-execd and cf-monitord run themselves, after the cf-serverd will started. Good luck. In the future, I will write about CFEngine more.
Recent Comments