cfexecd and changes to cfengine 2

Relevant classes: any Version 2.0.0 of cfengine does away with the old perl scripts cfwrap and cfmail and replaces them with a more reliable program written in C. The cfexecd daemon can be used in two ways: as a wrapper (for cron) or as a standalone daemon. There are several reasons for making this change: A daemon can be used to explore new scheduling methods, which colleagues and I have been working on at Oslo University College. Cfengine can be simplified and made more "plug'n'play" by this change. NT systems do not always have appropriate mail software or perl If you want maximal redundancy, you could use both cron-based cfengine and a separate daemon. As long as you set the IfElapsed and ExpireAfter lock parameters, there is no harm in this. Some things you will need to do when upgrading The default location of files has changed. Cfengine 2 attempts to make certain that it has what it needs cached locally. It uses the concept of a WORKDIR directory, which defaults to /var/cfengine. This is a trusted directory where all of its essentials are kept. /var/cfengine/bin/cfagent /var/cfengine/bin/cfservd /var/cfengine/bin/cfexecd /var/cfengine/inputs/cfagent.conf /var/cfengine/inputs/cfservd.conf /var/cfengine/inputs/update.conf Cfengine 2's components expect to find each other in these locations. This simplifies many issues for the user. You are advised to leave this alone. The location of the WORKDIR can be changed, but it should be a directory which is private to each and every host. The emphasis here is on simplicity and reliability. Remote execution of cfengine is still handled by cfservd (the new name for cfd), but the old auto-exec interval has been deprecated and replaced by the cfexecd daemon. Your remote-execution commands need to reflect the changes in cfengine's directory ideals. Remember that, you will need to grant access to the binaries: admit: /var/cfengine/bin myhosts.... to make cfrun work. Also, for secure channel access move keys to /var/cfengine/keys. Checklist Some Unices are probably going to insist on changing /var/cfengine to /var/lib/cfengine (Unix is a mess, isn't it?) so let's call the base directory WORKDIR. This is a configurable parameter, which can be set in configure ./configure --with-workdir=WORKDIR . To upgrade, you will want to do the following. Note that cfd and cfservd are not compatible, so you should do any distributing of binaries and configurations before switching over. Compile and install the binaries. Copy cfengine.conf to cfagent.conf. You will throw away the old file, once cfengine 2 is deployed. Remove any separate rules and tricks which you have used earlier for updating the configuration files. Create a short cfengine file update.conf for updating instead. This should have its own actionsequence. Move your secure copy keys to WORKDIR/keys. When you are ready to switch, use editfiles to alter your cron settings so that any old configuration lines are removed and new ones are entered in their place, e.g. editfiles: { /var/spool/cron/tabs/root AutoCreate DeleteLinesContaining "cfwrap" AppendIfNoSuchLine "0,30 * * * * /usr/local/sbin/cfexecd -F" } Eventually, you will want to keep cfexecd in the WORKDIR/bin cache also, in case /usr/local/sbin is not a local filesystem. Back to documentation