I will be filling out this document as I have time. Please be patient.



Cfengine is a configuration management engine, designed to manage and syncrhonize the configuration of multiple systems. The intent of this document is intended to demonstrate how to use cfengine to manage a network of Gentoo systems.

What cfengine is

The tool to manage scalable system.

What cfengine is not

Cfengine is not a package management system. Though it does have decent package management support, it is really geared towards configuration management instead.

Cfengine is not for the faint of heart. It is extremely powerful, complex, very flexible, and quiet by default, as such it is easy to make mistakes. It is also very easy to repair those mistakes, once you realize you have made them.

Getting Started

Emerging cfengine

Cfengine is dependent on Sleepycat's DB, v3.2 or higher and OpenSSL, v0.97 or higher. Of course as portage is famous for, they will be emerged automagically when you emerge cfengine. To emerge cfengine, simply;

 emerge cfengine

In addition to the two dependencies, this will emerge cfengine the bulk of the package into /var/cfengine.

This howto assumes a default cfengine emerge.

Configuring cfengine

The Server Config File

The Update Config File

The Agent Config File

Maintaining cfengine

Advanced Topics

Managing portage (emerge) with cfengine

You can do this with two easy steps:
1) detect if a binary is installed
2) use the shellcommands sections to install it if it is not.

an example:

    missing_sudo = ( !'/usr/bin/test -x /usr/bin/sudo' )
    missing_visudo = ( !'/usr/bin/test -x /usr/sbin/visudo' )
    missing_svn = ( !'/usr/bin/test -x /usr/bin/svn' )
       "/usr/bin/emerge app-admin/sudo"
       "/usr/bin/emerge app-vim/sudo"
       "/usr/bin/emerge subversion"

I would reccomend that you define these changes in their own file, rather than cfagent.conf. Doing so will allow you finer grained control, and not clutter up your logic. If you do that, remember that the file will need it's own control section, complete with actionsequence.

submitted 20060801 by jwhitlark

