From owner-freebsd-arch Wed Mar 28 18:42:59 2001 Delivered-To: freebsd-arch@freebsd.org Received: from booyaa.hq.netapp.com (nat-198-95-226-227.netapp.com [198.95.226.227]) by hub.freebsd.org (Postfix) with ESMTP id 3EB7237B71F for ; Wed, 28 Mar 2001 18:42:55 -0800 (PST) (envelope-from dtm@foobox.net) Received: (from dtm@localhost) by booyaa.hq.netapp.com (8.11.3/8.11.3) id f2T2ge728326; Wed, 28 Mar 2001 18:42:40 -0800 (PST) (envelope-from dtm@foobox.net) X-Authentication-Warning: booyaa.hq.netapp.com: dtm set sender to dtm@foobox.net using -f To: Jordan Hubbard Cc: DougB@DougBarton.net, freebsd-arch@FreeBSD.ORG Subject: Re: configuration files References: <20010327081943.EE95A37B718@hub.freebsd.org> <20010327004317J.jkh@osd.bsdi.com> <3AC06153.EEBF632E@DougBarton.net> <20010327112049F.jkh@osd.bsdi.com> From: Duane T Mun Date: 28 Mar 2001 18:42:40 -0800 In-Reply-To: <20010327112049F.jkh@osd.bsdi.com> Message-ID: Lines: 83 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >>>>> "JH" == Jordan Hubbard writes: JH> We have a whole bunch of system and application configuration JH> data living in /etc and a few other places. Almost every JH> configuration file has its own unique format and set of rules JH> about how you're supposed to edit it or what utility JH> (foo_mkdb) you're supposed to run after editing it so that its JH> backing database, if it has one, is updated. Ever taken a look at cfengine (http://www.iu.hioslo.no/cfengine/)? Its a system configuration tool that uses classes to define what gets done. So, lets say I don't like my root account to use csh(1), and prefer sh(1). -------------------------------------------------------------------------- editfiles: freebsd:: { ${CFTESTDIR}/etc/master.passwd ReplaceAll '/root:/bin/.sh$' With '/root:/bin/sh' DefineClasses 'rebuild_passwd' } shellcommands: freebsd.rebuild_passwd.postprocess:: "/usr/sbin/pwd_mkdb -p -d ${CFTESTDIR}/etc ${CFTESTDIR}/etc/master.passw d" -------------------------------------------------------------------------- I would use _editfiles_ to modify /etc/master.passwd. _ReplaceAll_ is similar to `sed '1,$s/.../.../g'`. Then a new class is defined _rebuild_passwd_. When _shellcommands_ is executed, it tests to see if all three classes (freebsd, rebuild_passwd, and postprocess) are defined. If so, then /usr/sbin/pwd_mkdb is run. The next time cfengine is run, the _Replace_All_ would not execute because there's no match, and the class _rebuild_passwd_ would not be defined, so the _shellcommands_ stuff shown will also not run. BTW, the ${CFTESTDIR} is an environment variable that is passed to cfengine when I'm doing testing. Here's a quote from the docs: Cfengine is a tool for setting up and maintaining BSD and System-V-like operating system optionally attached to a TCP/IP network. You can think of cfengine as a very high level language--much higher level than Perl or shell: a single statement can result in many hundreds of operations being performed on multiple hosts. Cfengine is good at performing a lot of common system administration tasks, and allows you to build on its strengths with your own scripts. You can also use it as a netwide front-end for `cron'. Once you have set up cfengine, you'll be free to use your time being like a human being, instead of playing R2-D2 with the system. The main purpose of cfengine is to allow you to create a single, central system configuration which will define how every host on your network should be configured in an intuitive way. An interpreter runs on every host on your network and parses the master file (or file-set); the configuration of each host is checked against this file and then, if you request it, any deviations from the defined configuration are fixed automatically. You do not have to mention every host specifically by name in order to configure them: instead you can refer to the properties which distinguish hosts from one another. Cfengine uses a flexible system of "classes" which helps you to single out a specific group of hosts with a single statement. Its a decent system configuration tool, and doesn't require any changes to the way UNIX-like systems work. -- dtm To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message