CFengine
CFengine is a program that helps distribute configuration files to many different machines. Its homepage is http://www.cfengine.org/ and its reference documentation can be found at http://www.cfengine.org/docs/cfengine-Reference.html We run cfengine version 2.
Details
CFengine is run by a series of configuration files in /etc/cfengine on each machine. Quite cleverly, cfengine is used to push these files out too. All files are pulled over NFS from demeter:/srv/cfengine, which is mounted as /ug/nfs/cfengine on every machine. These files are technically a part of a CVS repository, but this hasn't been used for a long time. /srv/cfengine is broken down into serveral different hierarchies. Some of them are self-explanatory, but here are the important ones:
- global: Files that all machines need
- global/inputs: Actual cfengine configuration files. They are named by the service that they configure.
- hosts: Files that are specific to a host or a service are put here.
Once the configuration files are in place, you can run "cfengine" to have it process its directives. However, since running that on every machine would be tedious, there is a program called "cfrun" that lets you do it remotely. It uses public-key authentication to handle access control.
