Cfengine configuration directory

Distributing cfengine.conf to all hosts

Relevant classes: any

A good way to distribute your cfengine.conf files is to use cfengine itself to distribute them. You should use two separate cfengine scripts for this:
  1. A script which does nothing but update the configuration files from the central repository.
  2. The actual script which is collected by [1]
The reason for splitting this into two parts is this: if you make a mistake in the configuration file, cfengine will not be able to parse the file. If this erroneous configuration is distributed to all hosts, they will not be able to run cfengine and will therefore not be able to reload a corrected configuration. By creating a very simple script (which never changes) to download the configuration, you are insured against this happening. A corrected configiration will always be downloaded. Here's how it works: in crontab 
0,30 * * * * /iu/nexus/local/iu/cfengine/bin/cfwrap /iu/nexus/local/iu/cfengine/bin/cfhourly
15 * * * * /iu/nexus/local/iu/cfengine/bin/cfwrap /iu/nexus/local/iu/cfengine/bin/cfupdate
The first of these runs your actual cfengine configuration every half hour. 
#!/bin/csh -f
###########################################
#
# Half hourly  configuration check
#
###########################################
 
setenv CFINPUTS /etc/cfengine/inputs

set path = ( /bin /usr/bin /sbin /usr/sbin /local/gnu/bin )

/etc/cfengine/bin/cfengine
The second is a script which loads a simpler file. 
#!/bin/csh -f
###########################################
#
# Hourly  configuration check
#
###########################################
 
setenv CFINPUTS /etc/cfengine/inputs

/etc/cfengine/bin/cfengine -f cf.update
The contents of the simpler file are something like this: 
#######
#
# BEGIN cf.update
#
# This script only distributes the configuration, a simple file so that,
# if there are syntax errors in the main config, we can still
# distribute a correct configuration to the machines afterwards, even
# though the main config won't parse.
#
#######

control:

 actionsequence = ( copy )

 domain = ( iu.hio.no )


copy:

     /iu/nexus/local/iu/cfengine      dest=/etc/cfengine
                                      r=inf
                                      mode=a+rx
                                      type=binary
                                      exclude=*.lst

     /local/gnu/bin/cfengine          dest=/etc/cfengine/bin/cfengine mode=755  type=checksum

#######
#
# END cf.update
#
#######
Notice how the cfengine input files and binaries are copied onto every local host. This means that, in the event of network failure, you will still have a local copy of the configuration and cfengine to protect each host. The system will not hang waiting for the network connection to be reestablished.
Back to documentation