2 Configuration Synchronization

Managing the configuration and configuration drift of a set of distributed systems is a constant challenge for system administrators. There are a variety of tools available to help manage various aspects of multi-system configuration management. For example, for account management, standard solutions include the Network Information System (NIS) and Lightweight Directory Access Protocol (LDAP). For file level synchronization, tools like rdist (see the rdist(1) manpage) and rsync are available. HP Systems Insight Manager helps to discover, monitor and manage groups of systems.

A new tool in this toolkit is Configuration Engine (cfengine). cfengine is a popular open source tool for configuration synchronization. It allows policy-based or goal-based configuration management that allows the administrator to define the management actions to be applied to groups of systems so those systems reach a desired state.

cfengine is a client/server based tool. A central configuration master system or policy server hosts a configuration policy file which defines the management actions to be performed on each managed client. The configuration master also hosts the “golden image” files, or reference copies of files that should be distributed to the clients. The administrator can use cfengine to perform tasks such as:

Ensure that client systems are using a correct set of configuration files by copying over reference files or directories.

Disable inappropriately configured files on the client.

Check file permissions, ownership, and track checksum changes.

Edit files.

Execute specified shell commands on each client.

Check for processes or signal processes.

Check for specific filesystem mounts.

A Configuration Synchronization Wizard (csync_wizard) is available to help the administrator quickly configure cfengine for managing a set of distributed systems or configuring it as a highly available service in a Serviceguard cluster.

2.1 cfengine Overview

The administrator starts by defining a central system or Serviceguard cluster to act as the master configuration server or policy server. The Configuration Synchronization Wizard (csync_wizard) is a user-friendly front-end to the initial configuration process. This central system will house the master policy files (for example, cfagent.conf) which define the desired configuration policies, and also reference copies or master copies of files that should be distributed to the managed clients.

Each managed client copies down the master copies of the policy files from the central configuration server and evaluates its current state versus the desired state defined by the policy file. Any differences cause configurations rules to run in order to resynchronize the client. The administrator can initiate synchronization operations on the managed clients in two ways, using either a push or a pull operation.

Using the cfrun command (see the cfrun(1) manpage for more information) from the master configuration server, the administrator can push changes. cfrun reads the file cfrun.hosts to determine the list of managed clients. It then invokes the cfagent command on each managed client to perform a synchronization run. Thus, push operations are really requests to the managed clients to perform an immediate pull.

Pull operations are performed using cron or cfengine’s own cron-like cfexecd daemon. Either technique invokes the cfagent command at fixed intervals in order to perform client-initiated configuration synchronization. The administrator defines what interval is

2.1 cfengine Overview

13