· KLDP.org · KLDP.net · KLDP Wiki · KLDP BBS ·
Cfengine

cfengine


1. Cfengine °³·«

CfengineÀº À¯´Ð½º ÄÄÇ»ÅÍ ½Ã½ºÅÛ ¼³Á¤ ¹× À¯Áöº¸¼ö¸¦ ȯ»óÀûÀ¸·Î ÇØÁÖ´Â À¯¿ëÇÑ ÅøÀÌ´Ù. CfengineÀº µ¶¸³Çü(stand-alone) µµ±¸¸ðÀ½À¸·Î ¼³Á¤ ÆÄÀÏ¿¡ ÀÖ´Â ¸í·É¿¡ µû¶ó ÄÄÇ»Å͸¦ ¼³Á¤ÇÏ°í °ü¸®ÇÑ´Ù. ¼³Á¤ ÆÄÀÏÀº ½ÀµæÇؼ­ »ç¿ëÇϱ⠽¬¿î °í±Þ ¾ð¾î·Î ´Ù¾çÇÑ ½Ã½ºÅÛ ÄÄÆ÷³ÍÆ®¿¡ ÀûÇÕÇÑ ¼Ó¼ºÀ» Á¤ÀÇÇÏ°í ÀÖ´Ù(ÇÁ·Î±×·¡¹ÖÀº ÇÏÁö ¾Ê¾Æµµ µÊ). ÀÌ·± ¹æ½ÄÀ¸·Î CfengineÀº °¢°¢ÀÇ ½Ã½ºÅÛÀ» Á¤ÀÇµÈ ¼³Á¤ ½ºÆå¿¡ ¸Â°Ô ÀÚµ¿À¸·Î ¿©·¯ ½Ã½ºÅÛÀ» ¼³Á¤ÇØ ÁÙ ¼ö ÀÖ´Ù. ¶ÇÇÑ, °è¼ÓÇؼ­ ½Ã½ºÅÛÀ» °¨½ÃÇϸ鼭 ÇÊ¿ä¿¡ µû¶ó ¼³Á¤À» Á¶ÀýÇØÁÖµµ·Ï ÇÒ ¼öµµ ÀÖ´Ù.

2. CfengineÀ¸·Î ÇÒ ¼ö ÀÖ´Â ÀÛ¾÷

  • ³×Æ®¿öÅ© ÀÎÅÍÆäÀ̽º ¼³Á¤
  • ½Ã½ºÅÛ ¼³Á¤ ÆÄÀÏ ¹× ±âŸ ÅؽºÆ® ÆÄÀÏ ÆíÁý
  • »ó¡Àû ¸µÅ© »ý¼º
  • ÆÄÀÏ ±ÇÇÑ°ú ¼ÒÀ¯ÀÚ Á¡°Ë ¹× ¼öÁ¤
  • ºÒÇÊ¿äÇÑ ÆÄÀÏ »èÁ¦
  • ¼±ÅÃµÈ ÆÄÀÏ ¾ÐÃà
  • Á¤È®ÇÏ°í ¾ÈÀüÇÑ ¹æ½ÄÀ¸·Î ³×Æ®¿öÅ©¿¡¼­ ÆÄÀÏ ¹èÆ÷
  • ÀÚµ¿À¸·Î NFS ÆÄÀÏ ½Ã½ºÅÛ ¸¶¿îÆ®
  • ÁÖ¿ä ÆÄÀÏ ¹× ÆÄÀÏ ½Ã½ºÅÛ Á¸Àç ¿©ºÎ¿Í ¹«°á¼º È®ÀÎ
  • ¸í·É¾î ¹× ½ºÅ©¸³Æ® ½ÇÇà
  • ÇÁ·Î¼¼½º °ü¸®
  • º¸¾È°ü·Ã ÆÐÄ¡ ¹× À¯»çÇÑ ¼öÁ¤»çÇ× Àû¿ë

À§¿Í °°Àº ´Ù¾çÇÑ ÀÛ¾÷À» ¸ðµÎ Áß¾ÓÀÇ ¼­¹ö¿¡¼­ Áß¾ÓÁýÁßÀûÀÎ ¹æ½ÄÀ¸·Î °ü¸®¸¦ ÇÒ ¼ö ÀÖ´Ù. Ŭ·¡½º¸¦ ÀÌ¿ëÇÏ¿© ƯÁ¤ È£½ºÆ®º°·Î ±×·ìÀ» ¹­À» ¼öµµ ÀÖ°í ¿î¿µÃ¼Á¦¸¦ ¹­¾î ¸í·ÉÀ» ´Ù¸£°Ô Àû¿ëÇÒ ¼öµµ ÀÖ´Ù.

3. ÇÁ·Î±×·¥ ±¸¼º

cfagent ·ÎÄà ½Ã½ºÅÛ¿¡ ¼³Á¤ ÆÄÀÏÀ» Àû¿ëÇÏ´Â ÁÖ¿ä À¯Æ¿¸®Æ¼ cfrun ¸®¸ðÆ® ½Ã½ºÅÛ¿¡ ¼³Á¤ ÆÄÀÏÀ» Àû¿ëÇÏ´Â À¯Æ¿¸®Æ¼ cfservd cfrunÀ» Áö¿øÇÏ´Â ¼­¹ö ÇÁ·Î¼¼½º. ¸®¸ðÆ® ½Ã½ºÅÛÀ¸·ÎºÎÅÍ Cfengine ¿¡ÀÌÀüÆ® ±â´ÉÀ» »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇØÁÜ. cfexecd ÀÛ¾÷ ½ºÄÉÁ층 ¹× º¸°í µîÀ» ÀÚµ¿È­ ÇØÁÖ´Â µ¥¸ó cfenvd ¹®Á¦ °¨Áö µ¥¸ó cfkey º¸¾È Å° »ý¼º À¯Æ¿¸®Æ¼

°¢ È£½ºÆ®º°·Î cfagent ¸¦ ÀÌ¿ëÇÏ¿© ÀÛ¾÷ÇÒ ³»¿ëÀ» ¹Ì¸® Á¤ÀÇÇسõ´Â´Ù. À̸¦ ÀÌ¿ëÇÏ¿© ¼­¹ö 1´ëº°·Î ½Ã½ºÅÛ°ü¸® ÀÛ¾÷À» ÀÚµ¿È­ÇÒ ¼ö ÀÖ´Ù. ±×·¯³ª ¿ì¸®°¡ ¿øÇÏ´Â °ÍÀº ÀÌ°ÍÀÌ ¾Æ´Ò °ÍÀÌ´Ù. Áß¾ÓÀÇ °ü¸®¼­¹ö¿¡ ÇÊ¿äÇÑ ÆÄÀÏ µîÀ» ¿Ã·Á³õ°í °¢ ¼­¹ö¿¡¼­ Áß¾ÓÀÇ °ü¸®¼­¹ö¿¡¼­ ÆÄÀÏÀ» °¡Á®¿À°Ô ÇÒ ¼öµµ ÀÖ°í Áß¾ÓÀÇ °ü¸®¼­¹ö¿¡¼­ ¿ø°ÝÀ¸·Î °¢ ½Ã½ºÅÛÀÇ cfagent ¸¦ ½ÇÇàÇÒ ¼öµµ ÀÖ´Ù. Áß¾ÓÀÇ °ü¸®¼­¹ö¿¡¼­ cfrun À» ÀÌ¿ëÇÏ¿© °¢ È£½ºÆ®¿¡ Á¢¼ÓÇÒ ¼ö°¡ Àִµ¥ À̶§ °¢ È£½ºÆ®¿¡´Â cfservd °¡ µ¹¾Æ°¡°í ÀÖÀ¸¸é µÈ´Ù.

cfexecd ´Â °¢ È£½ºÆ®¿¡¼­ cron ó·³ »ç¿ëÇÏ´Â °ÍÀÌ´Ù. cfkey ´Â º¸¾È Å° »ý¼º À¯Æ¿¸®Æ¼·Î °¢ °ü¸®ÇÒ È£½ºÆ®¿¡¼­ ½ÇÇàÇÏ¸é µÈ´Ù. ÀÌ Å°¸¦ ÀÌ¿ëÇÏ¿©(°³ÀÎÅ°/°ø°³Å° ¹æ½Ä) Áß¾Ó°ü¸®¼­¹ö¿Í °¢ È£½ºÆ®°£¿¡ Åë½ÅÀ» ÇÑ´Ù.

¼­¹ö¿¡¼­´Â cfservd°¡ ¶° ÀÖ¾î¾ß ´Ù¸¥ ´ë»ó ÄÄÇ»ÅÍ¿¡¼­ ¸¶½ºÅͼ­¹öÀÇ ÆÄÀÏÀ» °¡Á®¿Ã ¼ö ÀÖ´Ù. ´Ù¸¥ ´ë»ó ÄÄÇ»ÅÍ¿¡¼­´Â ¼öµ¿À¸·Î ¶Ç´Â ÀÚµ¿À¸·Î(cfexecd ¶Ç´Â cron ÀÌ¿ë) cfagent¸¦ ½ÇÇàÇÏ¸é µÈ´Ù.

4. »ç¿ëÀü ÁÖÀÇ»çÇ×

°¢ È£½ºÆ®´Â hostnameÀÌ ÀÖ¾î¾ßÇÏ°í DNS lookupÀ» Çϸé ip¸¦ ¹ÝȯÇϸç ip·Î ÁúÀǸ¦ ÇÏ¸é µ¿ÀÏÇÑ hostnameÀÌ ³ª¿Í¾ßÇÑ´Ù. º¸Åë hostname-> ip´Â ³×ÀÓ¼­¹ö¿¡ ¼¼ÆÃÀ» ÇÏÁö¸¸ ip-> hostnameÀ» dns¿¡ ¼¼ÆÃÇÏÁö ¾Ê´Â °æ¿ì°¡ ¸¹Àºµ¥ ÀÌ·² °æ¿ì¿¡´Â /etc/hosts¿¡ ¸ðµç È£½ºÆ®¸íÀ» ³Ö¾îµÎ¾î¾ßÇÑ´Ù.


5. ¼³Ä¡

5.1. ¼Ò½º ¼³Ä¡

http://www.cfengine.org/pages/download ¿¡¼­ ´Ù¿î·Îµå

¸ÕÀú md5sumÀ» ÀÌ¿ëÇØ ¼Ò½ºÇÁ·Î±×·¥ÀÇ ¹«°á¼º È®ÀÎÇÑ´Ù. ¼Ò½º¸¦ Ǭ´Ù.
# ./configure --prefix=/usr/local/cfengine (±âº»Àº /usr/local ¿¡ ¼³Ä¡) 
# make 
# make check (¼¿ÇÁ Å×½ºÆ®) 
# make install
¿©±â¼­ ¼³Ä¡½Ã µÎ°¡Áö °³¹ß°ü·Ã ÇÁ·Î±×·¥ÀÌ ÇÊ¿äÇÏ´Ù. Berkeley Database obtainable from http://www.sleepycat.com OpenSSL obtainable from http://www.openssl.org

RHEL, CentOS¿¡¼­´Â db4-devel, openssl-devel ÀÌ ÇÊ¿äÇÏ´Ù.
# yum -y install db4-devel openssl-devel

¼³Ä¡ÆÐÅ°Áö´Â ¾Æ·¡¿Í °°´Ù. /usr/local/cfengine ¿¡ ¼³Ä¡ÇÑ´Ù.

> ./sbin/cfagent
> ./sbin/cfservd
> ./sbin/cfrun
> ./sbin/cfkey
> ./sbin/cfenvd
> ./sbin/cfenvgraph
> ./sbin/cfexecd
> ./sbin/cfshow
> ./sbin/cfetool
> ./sbin/cfetoolgraph
> ./sbin/cfdoc
21a33,57
> ./share/cfengine
> ./share/cfengine/cfengine.el
> ./share/cfengine/cf.chflags.example
> ./share/cfengine/cf.freebsd.example
> ./share/cfengine/cf.ftp.example
> ./share/cfengine/cf.groups.example
> ./share/cfengine/cf.linux.example
> ./share/cfengine/cf.main.example
> ./share/cfengine/cf.motd.example
> ./share/cfengine/cf.preconf.example
> ./share/cfengine/cf.services.example
> ./share/cfengine/cf.site.example
> ./share/cfengine/cf.solaris.example
> ./share/cfengine/cf.sun4.example
> ./share/cfengine/cf.users.example
> ./share/cfengine/cfservd.conf.example
> ./share/cfengine/cfagent.conf.example
> ./share/cfengine/cfagent.conf-advanced.example
> ./share/cfengine/update.conf.example
> ./share/cfengine/cfrc.example
> ./share/cfengine/cfrun.hosts.example
> ./share/cfengine/README
> ./share/cfengine/ChangeLog
> ./share/cfengine/INSTALL
> ./share/cfengine/NEWS

5.2. RPM ÀÌ¿ëÇϱâ

  • Á» ´õ Æí¸®ÇÏ°Ô »ç¿ëÇÏ·Á¸é Ãʱâ kickstart ÀÌ¿ëÇÏ¿© ¼³Ä¡½Ã ÀÚµ¿À¸·Î cfengineÀ» ¼³Ä¡ÇÏ°í update.conf¸¦ À¥¼­¹ö µî¿¡¼­ °¡Á®¿Àµµ·Ï Çϴ°ÍÀÌ ÁÁ´Ù.
  • rpmfind ¿¡¼­ ã¾Æº¸¸é cfengineÀ» [ftp]rpmÀ¸·Î ¸¸µé¾î³õÀº °ÍÀÌ ÀÖ´Ù. fedora ÂÊÀÇ SRPMÀ» °¡Á®´Ù°¡ RPMÀ» ¸¸µé¾î¼­ »ç¿ëÇÏ´Ï ¹®Á¦°¡ ¾øÀÌ Àß ½ÇÇàÀÌ µÇ¾ú´Ù.
 
# cd /usr/src/redhat/SPEC
# rpmbuild -ba --target i686 cfengine.spec
  • ¹ÙÀ̳ʸ®, man page, ¹®¼­ µîÀº CentOS(Redhat) Ç¥ÁØ µð·ºÅ丮 ±¸¼ºÀ» µû¶ó°¨. Ŭ¶óÀ̾ðÆ® ¼³Á¤µð·ºÅ丮´Â À§¿Í µ¿ÀÏÇÏ°Ô /var/cfengine ÀÌ¸ç ¼³Ä¡Çϸ鼭 ÀÚµ¿À¸·Î cfkey¸¦ ÀÌ¿ëÇÏ¿© Á¢¼Ó¿¡ ÀÌ¿ëÇÒ Å°¸¦ »ý¼ºÇÑ´Ù.
  • ¼öµ¿À¸·Î update.conf ÆÄÀÏ °¡Á®¿Í /var/cfengine/inputs ¿¡ µÎ°í cfkey ¿¡¼­ »ý¼ºÇÑ Å°(/var/cfengine/ppkeys/localhost.pub) ¸¸ ¸¶½ºÅͼ­¹ö·Î ¿Å°ÜµÎ¸é ½ÇÇàÀÌ Àß µÈ´Ù. ¿©±â¼­ Å°¸¦ º¹»çÇÒ¶§´Â root-ip.pub ÇüÅ·Πº¹»çÇؾßÇÑ´Ù.
  • Æäµµ¶óÀÇ RPMÀ» ÀÌ¿ëÇÒ °æ¿ì ¹ÙÀ̳ʸ® ÇÁ·Î±×·¥Àº /usr/sbin/¿¡ ÀÖÀ¸¸ç /var/cfengine/bin/¿¡´Â /usr/sbin/cfagent¸¸ ½Éº¼¸¯ ¸µÅ©°¡ µÇ¾îÀÖ´Ù. RPMÀ» ÀÌ¿ëÇÑ´Ù¸é ±»ÀÌ ¹Ù²ÙÁö ¾Ê¾Æµµ µÇ´Â ºÎºÐÀÌÁö¸¸ ÁÖÀÇÇØ¾ß ÇÒ ºÎºÐÀ̱⿡ ¼³¸íÀ» Àû´Â´Ù.
  • À§ÀÇ rpmµµ yum ÀÚü ·¹ÆÄÁöÅ丮¿¡ Ãß°¡ÇسõÀ¸¸é ¼³Ä¡ ¹× °ü¸®°¡ Æí¸®ÇÒ °ÍÀÌ´Ù. 2006-11-07 18:01:13 ÇöÀç cfengine.tunelinux.pe.kr ÀÇ ÀÚü ·¹ÆÄÁöÅ丮¿¡ Ãß°¡°¡ µÇ¾îÀÖ´Ù. ¾Æ·¡¿Í °°ÀÌ ¼³Ä¡¸¦ ÇÏ¸é µÈ´Ù.
 
# rpm -ivh http://cfengine.tunelinux.pe.kr/tune/4.4/i386/RPMS/cfengine-2.1.21-2.i686.rpm

6. ¼¼ÆÃ

6.1. Ãʱⱸ¼º ¹× Å×½ºÆ®

  • ¸ÕÀú ÇÁ·Î±×·¥À» ÄÄÆÄÀÏÇÏ¿© /usr/local/cfengine µð·ºÅ丮¿¡ »ý¼ºÇÏ¿´´Ù°í °¡Á¤ÇÑ´Ù. ¶Ç´Â rpm À̶ó°í ÇÏ´õ¶óµµ ÀÛ¾÷Àº °ÅÀÇ µ¿ÀÏÇÏ´Ù.
  • rpmÀ¸·Î ¼³Ä¡ÇÏÁö ¾ÊÀº °æ¿ì¶ó¸é ¸ÕÀú /var/cfengine µð·ºÅ丮¿Í ÇÏÀ§¿¡ inputs µð·ºÅ丮¸¦ ¸¸µç´Ù.
  • /var/cfengine/inputs ¿¡ cfagent.conf ÆÄÀÏÀ» ÀûÀýÈ÷ »ý¼ºÇÑ´Ù. ÀÌ ÆÄÀϸ¸ ÀÖÀ¸¸é ÀÛ¾÷Àº °¡´ÉÇÏ´Ù. ¿©±â¼­ ¿øÇÏ´Â ÀÛ¾÷À» Å×½ºÆÃÇÏ¸é µÈ´Ù. ´Ü, ¿©±â¼­´Â ·ÎÄà Çϳª¸¸ Å×½ºÆÃÀ» ÇÏ´Â °ÍÀÌ´Ù.
    • Å×½ºÆÃÀÌ µÇ¾úÀ¸¸é ÀÌÁ¦ ¸¶½ºÅÍ ¼­¹ö¿Í Ŭ¶óÀ̾ðÆ®¸¦ ±¸¼ºÇÏÀÚ. ¿©±â¼­ ¸¶½ºÅÍ ¼­¹ö´Â À§ÀÇ ¼³Á¤ÆÄÀÏÀ» ³Ö¾îµÎ´Â ¼­¹ö¸¦ ¸»ÇÑ´Ù.

6.2. ¸¶½ºÅͼ­¹ö±¸¼º

  • /usr/local/var/cfengine/inputs µð·ºÅ丮´Â °¢ Ŭ¶óÀ̾ðÆ®¿¡¼­ ¸¶½ºÅÍ ¼­¹öÀÇ ¼³Á¤ÆÄÀÏÀ» °¡Á®¿Ã µð·ºÅ丮ÀÌ´Ù. ¹°·Ð ´Ù¸¥ µð·ºÅ丮·Î º¯°æÇÏ¿©µµ µÈ´Ù. ÀÌ À§Ä¡´Â cfservd.conf ¿¡ µé¾î°£´Ù. ¿©±â¿¡ µé¾î°¥ ÆÄÀÏÀº cfagent.conf, cfrun.hosts, cfservd.conf, update.conf ÀÏ °ÍÀÌ´Ù. cfagent.conf, update.conf ´Â ÃÖ¼ÒÇÑÀ¸·Î ÇÊ¿äÇÏ´Ù. cfservd ¸¦ ¶ç¿ì·Á¸é cfservd.conf ¼³Á¤ÀÌ ÇÊ¿äÇÏ´Ù. ¸¶½ºÅͼ­¹ö´Â ¹Ýµå½Ã cfservd °¡ µ¹¾Æ°¡¾ß ÇÑ´Ù. cfservd ¸¦ ¶ç¿ö¾ß Ŭ¶óÀ̾ðÆ®¿¡¼­ ¼­¹ö¿¡ Á¢¼ÓÇÒ ¼ö ÀÖ´Ù.
  • À§ÀÇ ¸¶½ºÅ͵ð·ºÅ丮´Â ¹öÀü°ü¸®¸¦ À§ÇÏ¿© CVS¸¦ ÀÌ¿ëÇÏ´Â °ÍÀÌ ÁÁ´Ù.

6.2.1. cfagent.conf

##################################################
# 
#  cfagent.conf
#
#  This is a simple file for getting started with
#  cfengine. It is harmless. If you get cfengine
#  running with this file, you can build on it.
#
##################################################

###
#
# BEGIN cfagent.conf (Only hard classes in this file )
#
###

classes:
# cfengine master server
master_server = ( cfengine.tunelinux.pe.kr )

# server group
testingservers = ( cent.tunelinux.pe.kr cent2.tunelinux.pe.kr )
#testingservers = ( cent2.tunelinux.pe.kr )
webhosting = ( cent.tunelinux.pe.kr )
mailhosting = ( '/usr/bin/test -d /var/qmail' )
dnshosting = ( '/usr/bin/test -f /etc/named.conf' )
dnsservers = ( '/usr/bin/test -f /etc/named.conf' )
intraservers = ( cfengine.tunelinux.pe.kr intranet.tunelinux.pe.kr project.tunelinux.pe.kr )

#intra_ip_range = ( IPRange(111.112.137.1-100) )
intra_ip_range = ( IPRange(111.112.137.0/24) )

# tune servers
tuneservers = ( testingservers webhosting mailhosting dnshosting intraservers intra_ip_range )

# specific server
centosservers = ( '/usr/bin/test -d /usr/share/doc/centos-release-4' )
cfengineservers = ( '/usr/bin/test -f /usr/sbin/cfagent' )
yumservers = ( '/usr/bin/test -f /etc/yum.repos.d/CentOS-Base.repo' )
techlabservers = ( 111.112.137.141 techlab.tunelinux.pe.kr )

##################################################
control:

   domain         = ( tunelinux.pe.kr )
   timezone       = ( MET )

   smtpserver     = ( localhost )  # used by cfexecd
   sysadm         = ( joon@tunelinux.pe.kr )     # where to mail output

#   IfElapsed = ( 0 )

   schedule = ( Hr00 )

   ChecksumUpdates = ( on )

# cfengine tune repogitory
   master_files = ( /usr/local/var/cfengine/tune )
   master_server = ( cfengine.tunelinux.pe.kr )
# html repogitory
   html_files = ( /var/www/html/tune )

# security check
   SpoolDirectories = ( /var/spool/mail /var/spool/cron )
   WarnNonOwnerMail = ( true )
   WarnNonUserMail = ( true )
#!techlabservers::
#   NonAlphaNumFiles = ( on )

   actionsequence = ( disable copy editfiles files shellcommands directories tidy processes )

##################################################
 
resolve:
   # Add these name servers to the /etc/resolv.conf file
     210.220.163.82      # local nameserver
     210.94.6.67     # backup nameserver

##################################################
# 111.112.137 tune intra
# 222.239.157 IDC monitor
# 66.600.5 IDC intra

editfiles:
{ 
	/etc/crontab 
	AppendIfNoSuchLine "* 0 * * * root /usr/bin/rdate -s time.bora.net && /sbin/hwclock -w"
}

tuneservers::
{
	/etc/security/access.conf
	AppendIfNoSuchLine "-:root:All EXCEPT LOCAL localhost.localdomain 111.112.137. 222.239.157. 66.600.5."
}

{
	/etc/pam.d/sshd
	AppendIfNoSuchLine "account    required     pam_access.so"
}

{
	/etc/vsftpd/vsftpd.conf	
	ReplaceAll "anonymous_enable=YES" With "anonymous_enable=NO"
	DefineClasses "modified_ftp"
}

intraservers|intra_ip_range::
{
	/etc/aliases	
	AppendIfNoSuchLine "root:		joon@tunelinux.pe.kr"
	DefineClasses "modified_aliases"
}

centosservers::
{ 
	/etc/updatedb.conf
	ReplaceAll "DAILY_UPDATE=no" With "DAILY_UPDATE=yes"
}

tuneservers.cfengineservers::
{ 
	/etc/crontab 
	AppendIfNoSuchLine "* 0 * * * root /usr/sbin/cfexecd -F"
}

intra_ip_range|testingservers::
{
	/etc/bashrc
	AppendIfNoSuchLine "alias ll='ls -alF'"
}

##################################################

copy:

 #  Get a file from some trusted server, e.g. password sync
 #  To do this, you need to use cfkey to install keys

# tune yum repository
tuneservers::
$(master_files)/tune.repo dest=/etc/yum.repos.d/tune.repo mode=644 server=$(master_server)

# master file copy
master_server::
	/etc/hosts dest=$(master_files)/hosts backup=true
	/usr/local/var/cfengine/inputs/update.conf dest=$(html_files)/update.conf mode=644 
	$(master_files)/tune.repo dest=$(html_files)/tune.repo mode=644 server=$(master_server)

# iptables
intra_ip_range|intraservers::
	$(master_files)/intra-iptables dest=/etc/sysconfig/iptables mode=600 server=$(master_server) backup=true define=modified_iptables

testingservers.!master_server::
	$(master_files)/hosts dest=/etc/hosts mode=644 server=$(master_server) backup=true

##################################################

files:

tuneservers::
# file check
   /tmp mode=ugo-x recurse=inf action=fixall syslog=true inform=true
   /var/tmp mode=ugo-x recurse=inf action=fixall syslog=true inform=true
   /proc mode=700 owner=root action=fixall
# password 
   /etc/passwd mode=644 owner=root action=fixall checksum=md5 syslog=true inform=true
   /etc/shadow mode=600 owner=root action=fixall checksum=md5 syslog=true inform=true
   /etc/group  mode=644 owner=root action=fixall checksum=md5 syslog=true inform=true

#cfengine program file
cfengineservers::
   /usr/sbin   mode=700 owner=root action=fixall include=cf* recurse=inf 

##################################################

shellcommands:

# security check
# "/usr/bin/find /tmp/ '(' -nouser -o -nogroup ')' "
tuneservers.yumservers::
      "/bin/rm -f /etc/yum.repos.d/CentOS-*" 

tuneservers.yumservers.Sunday.Hr00::
      "/usr/bin/yum clean all"

modified_ftp::
	"/etc/init.d/vsftpd restart" 

modified_iptables::
	"/etc/init.d/iptables restart" 

modified_aliases::
	"/usr/bin/newaliases && /etc/init.d/sendmail restart && /sbin/chkconfig --level 345 sendmail on" 

any.Hr07::
	"/usr/bin/rdate -s time.bora.net && /sbin/hwclock -w" timeout=30

##################################################

directories:
#	/tmp mode=1777 owner=root group=root syslog=true inform=true

tidy:
#tuneservers.intra_ip_range::
tuneservers::
	/tmp recurse=inf pattern=* age=7 rmdirs=sub syslog=true inform=true
	/var/tmp recurse=inf pattern=* age=7 rmdirs=sub syslog=true inform=true
	/home  	recurse=inf 
		pat=core 
		pat=a.out
		pat=*.o
		age=1 
		rmdirs=sub 
		syslog=true 
		inform=true
#		pat=*%
#		pat=#*

disable:
tuneservers::
	/root/.rhosts syslog=true inform=true
	/etc/hosts.equiv syslog=true inform=true

##################################################

processes:
#   "xinetd"  signal=hup
#   "httpd"    signal=kill
#	"cfservd" signal=hup
#   	"cexecd"  signal=hup
tuneservers.cfengineservers::
   "cfexecd" restart "/usr/sbin/cfexecd"
   "cfservd" restart "/usr/sbin/cfservd"

###
#
# END cfagent.conf
#
###

control ¿¡´Â Àüü ¼³Á¤°ú °ü·ÃµÈ ³»¿ëÀÌ µé¾î°£´Ù.

smtpserver, sysadm ´Â cfexecd µîÀ¸·Î ½ÇÇàÇÒ °æ¿ìÀÇ ½ÇÇà³»¿ëÀ» ¸ÞÀÏ·Î º¸³»ÁÖµµ·Ï ÇÏ´Â ¼³Á¤ÀÌ´Ù. smtp ¼­¹ö¿Í ¹ÞÀ» »ç¿ëÀÚ¸¦ ÁöÁ¤ÇÏ¸é µÈ´Ù.

IfElapsed ´Â cfagent ÀÇ ½ÇÇà°ú °ü°è°¡ ÀÖÀ¸¸ç ¾Æ·¡¿¡¼­ µð¹ö±ë ºÎºÐÀ» ÂüÁ¶ÇÑ´Ù.

schedule : cfexecd¸¦ ¶ç¿üÀ» °æ¿ì (cfagent¸¦ ÁÖ±âÀûÀ¸·Î ½ÇÇàÇÏ´Â ¿ªÇÒÀ» ÇÏ´Â ÇÁ·Î±×·¥ÀÓ) schedule ¿¡ ¼³Á¤µÈ ³»¿ë¿¡ µû¶ó ÁÖ±âÀûÀ¸·Î cfexecd ¸¦ ½ÇÇàÇÑ´Ù. cfexecd´Â º°µµÀÇ ¼³Á¤ÆÄÀÏÀÌ ¾øÀ¸¸ç cfagent.confÀÇ schedule ¼³Á¤À» º¸°í ½ÇÇàÀ» ÇÑ´Ù. cfexecd¸¦ ¶ç¿ö¼­ »ç¿ëÇÒ ¼öµµ ÀÖ°í cronÀ» ÀÌ¿ëÇÏ¿© ½ÇÇàÇϵµ·Ï ÇÒ¼öµµ ÀÖ´Ù.

class¸¦ ÀÌ¿ëÇÏ¿© Á¤Ã¥À» ±×·ìº°·Î Àû¿ëÇÒ ¼ö ÀÖ´Ù. ¿©±â¼­ ( ) ¾ÈÀÇ È£½ºÆ®´Â /etc/hosts ÆÄÀÏÀ» ÂüÁ¶ÇÑ´Ù. ƯÁ¤ ¸í·ÉÀ» ½ÇÇàÇÑ °á°ú¸¦ °¡Áö°í ±×·ì(Ŭ·¡½º)¸¦ ³ª´­ ¼öµµ ÀÖ´Ù. /etc/hosts ÆÄÀÏ·Î ºÐ·ùÇϱâ Èûµç °æ¿ì »ç¿ëÇϸé ÁÁÀ» °ÍÀÌ´Ù. Ŭ·¡½º¾È¿¡ ´Ù¸¥ Ŭ·¡½º¸¦ ³ÖÀ» ¼öµµ ÀÖ´Ù.


ChecksumUpdates ´Â files ¿¡ ÁöÁ¤ÇÑ ÆÄÀÏÀÇ Ã¼Å©¼¶À» üũÇÏ¿© ´Ù¸¦ °æ¿ì °æ°í¸¦ º¸¿©ÁØ´Ù.

NonAlphaNumFiles ´Â ".. ." µî ÀÏ¹Ý ¹®ÀÚ¿¡¼­ ¹þ¾î³­ µð·ºÅ丮¸¦ üũÇÑ´Ù. (?)

¿©±â¼­ master_server ´Â ÀÓÀÇÀÇ º¯¼ö¸¦ ÁöÁ¤ÇÑ °ÍÀ¸·Î ÀÌ·¯ÇÑ ÇüÅ·Π°¢ÀÚ º¯¼ö¸¦ ¸¸µé¾î »ç¿ëÇÒ ¼ö ÀÖ´Ù.

files µî¿¡¼­ syslog ´Â syslog¿¡ ÇØ´ç º¯È­³»¿ëÀ» ±â·ÏÇÏ´Â °ÍÀÌ°í inform Àº ½ºÅ©¸°À̶ó À̸ÞÀÏ·Î Á¤º¸¸¦ ¾Ë·ÁÁØ´Ù. true¿Í onÀÇ Â÷ÀÌÁ¡Àº ¸Å´º¾óÀ» ºÁµµ Àß ¸ð¸£°Ú´Ù.

6.2.2. cfservd.conf

#########################################################
#
# This is a cfd config file
#
# The access control here follows after any tcpd
# control in /etc/hosts.allow and /etc/hosts.deny
#
#########################################################

 #
 # Could import cf.groups here and use a structure like
 # in cfengine.conf, cf.main, cf.groups
 #

control:

  domain = ( tunelinux.pe.kr )

  AllowUsers = ( root )

  linux::

     cfrunCommand  = ( "/var/cfengine/bin/cfagent" )

  any::

#  ChecksumDatabase = ( /tmp/testDATABASEcache )

  IfElapsed = ( 1 )

  MaxConnections = ( 30 )

# access control
          Split = ( " " )
          hostlist = ( "111.112.137 222.239.157 66.600.5" )
#         hostlist = ( "111.112.137.162" )
          dirs = ( "inputs tune" )
          base = ( /usr/local/var/cfengine )

#########################################################

admit:   # or grant:

   $(base)/$(dirs)  $(hostlist)
#   /usr/local/var/cfengine/inputs *
#   /usr/local/var/cfengine/tune *

cfservd.conf´Â cfservd¿¡ ÇÊ¿äÇϸç Á¢±ÙÇÒ ¼ö ÀÖ´Â ±ÇÇÑÀ» ¼³Á¤ÇÑ´Ù. AllowUsers ºÎºÐÀÌ ¾÷À¸¸é cfrun ÀÌ ½ÇÇàÀÌ µÇÁö ¾Ê¾Ò´Ù. admit Àº Á¢±Ù±ÇÇѼ³Á¤À» ÇÏ´Â ºÎºÐÀÌ´Ù.

6.2.3. update.conf

#######################################################
#
# cf.update - for iu.hio.no
#
#######################################################

###
#
# BEGIN cf.update
#
###

#######################################################################
#
# This script distributes the configuration, a simple file so that,
# if there are syntax errors in the main config, we can still
# distribute a correct configuration to the machines afterwards, even
# though the main config won't parse. It is read and run just before the
# main configuration is parsed.
#
#######################################################################

control:

   actionsequence  = ( copy processes tidy )  # Keep this simple and constant

   domain          = ( tunelinux.pe.kr )  # Needed for remote copy

   #
   # Which host/dir is the master for configuration roll-outs?
   #

   policyhost      = ( cfengine.tunelinux.pe.kr )
   master_cfinput  = ( /usr/local/var/cfengine/inputs ) 

   AddInstallable = ( new_cfenvd new_cfservd )

   #
   # Some convenient variables
   #

   workdir         = ( /var/cfengine )

  linux::

   cf_install_dir  = ( /usr/local/cfengine/sbin )

   ###################################################################
   #
   # Spread the load, make sure the servers get done first though
   #
   ###################################################################

  !AllBinaryServers::

     SplayTime = ( 1 )

############################################################################

 #
 # Make sure there is a local copy of the configuration and
 # the most important binaries in case we have no connectivity
 # e.g. for mobile stations or during DOS attacks
 #

copy:

     $(master_cfinput)            dest=$(workdir)/inputs
                                  r=inf
                                  mode=700
                                  type=binary
                                  exclude=*.lst
                                  exclude=*~
                                  exclude=#*
                                  server=$(policyhost)
                                  trustkey=true

#####################################################################

tidy:

     #
     # Cfexecd stores output in this directory.
     # Make sure we don't build up files and choke on our own words!
     #

     $(workdir)/outputs pattern=* age=7

#####################################################################

processes:

  new_cfservd::

    "cfservd" signal=term restart /usr/sbin/cfservd

  new_cfenvd::

    "cfenvd" signal=kill restart "/usr/sbin/cfenvd -H"


###
#
# END cf.update
#
###

update.conf´Â cfagent ¿¡¼­ ¸¶½ºÅͼ­¹ö¿¡ Á¢±ÙÇϱâ À§Çؼ­ ÇÊ¿äÇÑ ¼³Á¤ÀÌ´Ù. ¿©±â¼­ ÁöÁ¤ÇÑ ¼­¹ö¿Í µð·ºÅ丮¿¡¼­ ÇÊ¿äÇÑ ÆÄÀÏÀ» °¡Á®¿Â´Ù.

6.3. Ŭ¶óÀ̾ðÆ® ±¸¼º

  • ÀÌÁ¦ Ŭ¶óÀ̾ðÆ®¿¡ ÇÁ·Î±×·¥À» ¼³Ä¡ÇؾßÇϴµ¥ µ¿ÀÏÇÑ OS¿¡ µ¿ÀÏÇÑ ¹öÀüÀÌ¸é ¾Õ¿¡¼­ ÄÄÆÄÀÏÇÑ ÇÁ·Î±×·¥À» »ç¿ëÇÏ¿©µµ µÈ´Ù. /usr/local/cfengine/sbin µð·ºÅ丮ÀÇ ÆÄÀÏÀ» /var/cfengine/bin À¸·Î º¹»çÇÏ¸é µÈ´Ù.
  • /var/cfengine µð·ºÅ丮¿¡ ¸ðµç ¼³Á¤ÆÄÀÏ°ú ¹ÙÀ̳ʸ® ÆÄÀÏÀ» ³õ´Â´Ù. ¼³Á¤ÆÄÀÏÀº inputs, ¹ÙÀ̳ʸ®ÆÄÀÏÀº bin µð·ºÅ丮¿¡ ³ÖÀ¸¸é µÉ °ÍÀÌ´Ù. ´Ù¸¥ ¼³Á¤ÆÄÀÏÀº ÀÚµ¿À¸·Î °¡Á®¿À¸é µÇ¹Ç·Î /var/cfengine/inputs/update.conf ÆÄÀϸ¸ ¸ÕÀú º¹»ç¸¦ ÇÏ°í cfkey¸¦ ÀÌ¿ëÇÏ¿© Å° »ý¼ºÈÄ °ø°³Å°¸¦ ¸¶½ºÅͼ­¹ö¿¡ º¹»çÇÏ¿©³õ´Â´Ù.
  • rpmÀ¸·Î ¼³Ä¡ÇÏ´Â °æ¿ì¿¡´Â ÇÁ·Î±×·¥À» ¼³Ä¡ÇÏ°í ÀÚµ¿À¸·Î cfkey¸¦ ÀÌ¿ëÇÏ¿© Å°±îÁö »ý¼ºÇÑ´Ù. Å°º¹»ç ¹× update.conf ¸¦ ¸¶½ºÅͼ­¹ö¿¡ º¹»ç¸¸ ÇÏ¸é µÈ´Ù.

[root@localhost cfengine]# mkdir -p /var/cfgneine/inputs
[root@localhost cfengine]# mkdir -p /var/cfengine/bin
[root@localhost cfengine]# cd /var/cfengine/bin
[root@localhost cfengine]# scp cent.tunelinux.pe.kr:/usr/local/cfengine/sbin/* .
[root@localhost cfengine]# scp cent.tunelinux.pe.kr:/usr/local/var/cfengine/inputs/update.conf /var/cfgneine/inputs
  • cfkey ÇÁ·Î±×·¥À» ÀÌ¿ëÇÏ¿© Å°¸¦ »ý¼ºÇÑ´Ù.
[root@localhost cfengine]# cfkey
Making a key pair for cfengine, please wait, this could take a minute...
Writing private key to /var/cfengine/ppkeys/localhost.priv
Writing public key to /var/cfengine/ppkeys/localhost.pub
  • Ŭ¶óÀ̾ðÆ®ÀÇ Å°¸¦ ¼­¹öÀÇ /var/cfengine/ppkeys/root-ip.pub ÀÇ ÇüÅ·Πº¹»çÇسִ´Ù. cfservd ÀÇ ¼³Á¤ÆÄÀÏ¿¡¼­ AllowUsers = ( root ) ¶ó´Â Ç׸ñÀÌ ÀÖ¾î¾ß ³ªÁß¿¡ cfrunÀÌ ½ÇÇà°¡´ÉÇÏ´Ù. À̶§¹®¿¡ ¾à°£ÀÇ ½Ã°£À» ¼Ò¸ðÇÏ¿´´Ù. ¶ÇÇÑ cfservd ¼³Á¤¿¡¼­ admin ¼³Á¤µîÀÌ Á¦´ë·Î µÇ¾î ÀÖ¾î¾ß ÇÑ´Ù.
[root@localhost cfengine]# scp /var/cfengine/ppkeys/localhost.pub cent.tunelinux.pe.kr:/var/cfengine/ppkeys/root-111.112.137.140.pub

[root@mytest inputs]# ll /var/cfengine/ppkeys/
ÇÕ°è 24
drwx------  2 root root 4096 10¿ù 10 16:05 ./
drwxr-xr-x  9 root root 4096 10¿ù 19 13:58 ../
-rw-------  1 root root 1743 10¿ù 10 15:15 localhost.priv
-rw-------  1 root root  426 10¿ù 10 15:15 localhost.pub
-rw-------  1 root root  426 10¿ù 19 14:39 root-111.112.137.140.pub
-rw-------  1 root root  426 10¿ù 10 15:28 root-111.112.137.162.pub
  • ÀÌÁ¦ client ¿¡¼­ cfagent ¸¦ ½ÇÇàÇÏ¸é ¸¶½ºÅÍ ¼­¹ö¿¡¼­ cfagent.conf cfrun.hosts cfservd.conf ÆÄÀÏÀ» ÀÚµ¿À¸·Î °¡Á®¿Í ÇÊ¿äÇÑ ÀÛ¾÷À» ¼öÇàÇÑ´Ù.
[root@mytest inputs]# cfagent -q -v (-q ¿É¼ÇÀº µô·¹À̾øÀÌ ¹Ù·Î ½ÇÇà¿É¼Ç)
  • cfservd ´Â À§¿¡¼­´Â ¸¶½ºÅÍ¿¡¸¸ ¶ç¿üÁö¸¸ ¸¶½ºÅÍ ¼­¹ö¿¡¼­ °¢ Ŭ¶óÀ̾ðÆ®¿¡ Á¢¼ÓÇÏ¿© cfagent ¸¦ ½ÇÇàÇÏ·Á¸é °¢ Ŭ¶óÀ̾ðÆ®¿¡µµ ¶ç¿öÁ® ÀÖ¾î¾ß ÇÑ´Ù. cfservd´Â µÎ°¡Áö ±â´ÉÀ» ÇÏ´Â °ÍÀÌ´Ù. ¸¶½ºÅͼ­¹ö¿¡¼­ ÆÄÀϼ­¹ö±â´É, Ŭ¶óÀ̾ðÆ®¿¡¼­ ¿ø°ÝÁ¢¼Ó ½ÇÇà±â´É.
  • Æí¸®ÇÏ°Ô »ç¿ëÀ» ÇÏ·Á¸é óÀ½ °¢ Ŭ¶óÀ̾ðÆ®¿¡ ¼³Ä¡½Ã ÀÚµ¿À¸·Î /var/cfengine µð·ºÅ丮¸¦ ¸¸µé°í ¸¶½ºÅͼ­¹ö¿¡¼­ update.conf ÆÄÀÏÀ» °¡Á®¿Àµµ·Ï ÇÏ°í Ŭ¶óÀ̾ðÆ®¿¡¼­ cfkey¸¦ »ý¼ºÇÏ¿© ¸¶½ºÅͼ­¹ö·Î º¹»çÇØÁÖ´Â ½ºÅ©¸³Æ®¸¦ Â¥³õÀ¸¸é ÀÚµ¿È­°¡ °¡´ÉÇÏ´Ù.

6.4. µð¹ö±ëÇϱâ

  • cfservd ¿¡ -d2 ¿É¼ÇÀ» ÁÖ¸é µð¹ö±ë ¸ðµå·Î ¿î¿µÀÌ µÈ´Ù. ¿©±â¼­ ³ª¿À´Â »ó¼¼ÇÑ ¸Þ½ÃÁö¸¦ Âü°íÇÑ´Ù.
  • cfagent ¸¦ ½ÇÇàÇÒ ¶§ --dry-run (¶Ç´Â -n) ¿É¼ÇÀ» ÁÖ¸é ½ÇÁ¦ ½ÇÇàÀÌ µÇÁö ¾Ê°í ¾î¶°ÇÑ ÀÛµ¿À» ÇÏ´ÂÁö º¸¿©ÁØ´Ù. -v ¿É¼ÇÀ» ÁÖ¸é »ó¼¼ÇÑ ³»¿ëÀ» º¸¿©ÁØ´Ù. cfengineÀº ±âº»ÀûÀ¸·Î´Â 1ºÐ¿¡ Çѹø ÀÌ»ó ½ÇÇàÇÏÁö ¾Êµµ·Ï µÇ¾îÀÖÀ¸¸ç Ãʱâ Å×½ºÆÃÀ» ÇÒ¶§´Â ºÒÆíÇÑ ±â´ÉÀÌ´Ù. ÀÌ°æ¿ì cfagent.conf ¿¡¼­ IfElapsed ¸¦ 0À¸·Î ÇØÁØ´Ù. -q ¿É¼ÇÀº ½ÇÇàÇϱâ Àü¿¡ ¾à°£ÀÇ ½Ã°£À» ±â´Ù¸®´Â °ÍÀ» ÇÏÁö¸»¶ó´Â °ÍÀÌ´Ù. Ãß°¡¿É¼ÇÀ¸·Î´Â -K ¶ôÆÄÀÏÀ» ¹«½Ã, -DInit ´Â ³×Æ®¿öÅ© ÀÎÅÍÆäÀ̽º¸¦ Àá½Ã off, on Çϸç ÆÄÀ̾î¿ùÀ» ¼¼ÆÃÇÏ°í Áö³­ ¼³Á¤Á¤º¸¸¦ Áö¿ì´Â ¿É¼ÇÀÌ´Ù.

6.5. µð·ºÅ丮 ±¸Á¶

  • ¸¶½ºÅͼ­¹ö /usr/local/var/cfengine/inputs : °¢ Ŭ¶óÀ̾ðÆ®¿¡¼­ °øÀ¯ÇÒ ¼³Á¤ÆÄÀÏ. cfservd.conf ¿¡¼­ ÁöÁ¤ÇÏ¸ç ´Ù¸¥ µð·ºÅ丮·Î ¹Ù²Ù¾îµµ »ó°ü¾ø´Ù. /usr/local/cfengine : Ãʱ⠼³Ä¡½Ã ¹ÙÀ̳ʸ® ÆÄÀÏ. ¼Ò½º·Î ¼³Ä¡ÇÒ °æ¿ì¿¡´Â °¢ÀÚ ´Ù¸¦ °ÍÀ̸ç rpmÀ¸·Î ¼³Ä¡ÇÏ´Â °æ¿ì¿¡´Â rpm À§Ä¡¿¡ µû¶ó ´Ù¸¦ °ÍÀÌ´Ù.
  • Ŭ¶óÀ̾ðÆ® /var/cfengine/bin : ¹ÙÀ̳ʸ® ÆÄÀÏ /var/cfengine/inputs : °¢ ¼³Á¤ÆÄÀÏ ¹× ¹ÙÀ̳ʸ® ÇÁ·Î±×·¥ /var/cfengine/ppkeys : Å°ÆÄÀÏ µð·ºÅ丮 ³ª¸ÓÁö µð·ºÅ丮´Â ÀÚµ¿À¸·Î »ý±â´Â °ÍÀÓ
[root@localhost cfengine]# tree -d /var/cfengine/
/var/cfengine/
|-- bin
|-- inputs
|-- modules
|-- ppkeys
|-- ppkeys1
|-- rpc_in
|-- rpc_out
`-- state

6.6. cfrun

¸¶½ºÅͼ­¹ö¿¡¼­ ¿ø°ÝÀ¸·Î ¿©·¯°¡Áö ¸í·ÉÀ» ½ÇÇàÇÏ´Â °ÍÀÌ´Ù. ¸¶½ºÅÍ¿¡¼­ °¢ ¼­¹ö·Î ½ÇÇàÀ» ÇÏ´Â push ¹æ½ÄÀÌ´Ù. ÀÌ ÇÁ·Î±×·¥À» ½ÇÇàÇÏ·Á¸é cfrun.hosts ÆÄÀÏÀÌ ÇÊ¿äÇϸç /var/cfengine/inputs ¿¡ ³Ö¾îµÎ¸é µÈ´Ù. ¶ÇÇÑ °¢ È£½ºÆ®¿¡´Â cfservd°¡ ¶° ÀÖ¾î¾ßÇÑ´Ù. cfservd°¡ ¸¶½ºÅÍ¿¡ ¶° ÀÖÀ»¶§´Â °¢ Ŭ¶óÀ̾ðÆ®¿¡¼­ Á¢¼ÓÀ» ÇÒ ¼ö ÀÖµµ·Ï ÇÏ´Â ¿ªÇÒÀÌÁö¸¸ cfrunÀ» ÀÌ¿ëÇÒ °æ¿ì¿¡´Â °¢ ´ë»ó ÄÄÇ»ÅÍ¿¡ ´ë¸óÀÌ ¶° ÀÖ¾î¾ß ÇÑ´Ù.

# cat cfrun.hosts
domain=tunelinux.pe.kr
cent.tunelinux.pe.kr
cent2.tunelinux.pe.kr

¾Æ¹« ÀÎÀÚ¾øÀÌ cfrun À» ½ÇÇàÇϸé ÀÚµ¿À¸·Î cfrun.hosts ÆÄÀÏÀ» Àоîµé¿© °¢ ½Ã½ºÅÛ¸¶´Ù cfagent¸¦ ½ÇÇàÇÑ´Ù. È­¸é¿¡¼­´Â ½ÇÁ¦ Àû¿ëµÈ ºÎºÐ¸¸ °£´ÜÇÏ°Ô º¸¿©ÁØ´Ù. ¾Æ·¡´Â ÀϺη¯ cent2 ÀÇ /etc/crontab, /etc/security/access.conf ÆÄÀÏÀ» ¼öÁ¤ÇÑ °ÍÀÌ´Ù.
# cfrun
cfrun(0):         .......... [ Hailing cent.tunelinux.pe.kr ] ..........
cfrun(0):         .......... [ Hailing cent2.tunelinux.pe.kr ] ..........

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

cfengine:cent2: Saving edit changes to file /etc/crontab
cfengine:cent2: Saving edit changes to file /etc/security/access.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


7. Âü°í»çÇ×

7.1. Ŭ·¡½º

  • Ŭ·¡½º¸¦ Àß È°¿ëÇÏ¿© ±×·ìº°·Î Á¤Ã¥À» Àû¿ëÇÒ ¼ö ÀÖ´Ù.
  • ±âÁ¸ ³»ÀåµÈ Ŭ·¡½º°¡ ÀÖÀ¸¸ç architecture, hostname, ip, os, date, time µîÀÌ ÀÖÀ½.
  • Ŭ·¡½ºÈ®ÀÎÇϱâ : cfagent -p -v | grep -i define ¸í·ÉÀ» ÀÌ¿ëÇÑ´Ù.
  • ÀÌ¹Ì ¼³Á¤µÈ Ŭ·¡½º´Â ¸î°¡Áö Ä«Å×°í¸®·Î ³ª´©¾îÁø´Ù. Operating System, Kernel, Architecture, Hostname, IP Address, Date/Time
  • ¸ðµç ½Ã½ºÅÛÀº any Ŭ·¡½ºÀÇ È¸¿øÀÌ´Ù.
# cfagent -p -v | grep -i define
Additional hard class defined as: 32_bit
Additional hard class defined as: linux_2_6_9_42_0_3_EL
Additional hard class defined as: linux_i686
Additional hard class defined as: linux_i686_2_6_9_42_0_3_EL
Additional hard class defined as: linux_i686_2_6_9_42_0_3_EL__1_Fri_Oct_6_05_59_54_CDT_2006
Defined Classes = ( 222_112_137 222_112_137_162 32_bit DNSservers Day3 Friday Hr18 Hr18_Q2 
INTRAservers MAILservers Min25_30 Min27 November Q2 WWWservers Yr2006 addr_ allservers any c1 
call cent cent_tunelinux_pe_kr centos centos_4 centos_4_4 cfengine_2 cfengine_2_1 cfengine_2_1_21 
cfengineservers compiled_on_linux_gnu dnsservers fe80__20c_29ff_fe14_2f08 i686 ipv4_222 ipv4_222_112 ipv4_222_112_137
 ipv4_222_112_137_162 kr linux linux_2_6_9_42_0_3_EL linux_i686 linux_i686_2_6_9_42_0_3_EL 
linux_i686_2_6_9_42_0_3_EL__1_Fri_Oct_6_05_59_54_CDT_2006 net_iface_eth0 net_iface_lo pe_kr redhat tunelinux_pe_kr )
  • »ç¿ëÀÚ°¡ ÁöÁ¤Çϴ Ŭ·¡½ºÀÇ ¸î°¡Áö ¿¹Á¦
c1 = ( cent.tunelinux.pe.kr )
mailservers = ( '/usr/bin/test -d /var/qmail' )
dnsservers = ( '/usr/bin/test -f /etc/named.conf' )
cfengineservers = ( '/usr/bin/test -f /usr/sbin/cfagent' )
yumservers = ( '/usr/bin/test -f /etc/yum.repos.d/CentOS-Base.repo' )
allservers = ( c1 c2 mailservers dnsservers cfengineservers yumservers )

7.2. ÁÖÀÇ»çÇ×, »ç¿ëÇϸ鼭 À̽´°¡ µÇ¾ú´ø »çÇ×

  • reverse dns ÁúÀÇ : ƯÁ¤¼­¹ö¿¡ DNS¿¡ µî·ÏµÇ¾îÀÖÁö ¾ÊÀº °æ¿ì class¿¡ ip¸¦ ³ÖÀ¸¸é Àû¿ëÀÌ µÇÁö ¾Ê¾ÒÀ½. ÇØ´ç ¼­¹ö¿¡ µµ¸ÞÀθíÀ» ¼³Á¤ÇØÁÖ°í Ŭ·¡½º¿¡¼­µµ È£½ºÆ®¸íÀ» ³Ö¾îÁØ ´ÙÀ½ cfengine Áß¾Ó ¸¶½ºÅͼ­¹ö¿¡¼­ /etc/hosts¿¡ ÇØ´ç µµ¸ÞÀÎÀ» Ãß°¡ÇØÁÖ´Ï Å¬·¡½º ±¸ºÐÀÌ ÀÛµ¿À» ÇÏ¿´À½. °¡±ÞÀû DNSµî·ÏÇÏ´Â°Ô °¡Àå Æí¸®ÇÏ°ÚÁö¸¸ DNSµî·ÏÀ» ÇÏÁö ¾Ê´Â °æ¿ì ÀÓÀÇÀÇ È£½ºÆ®¸íÀ» ¼³Á¤ÇØÁÖ°í cfengine ¼­¹ö¿¡¼­ /etc/hosts ÆÄÀÏ¿¡ ³Ö¾îÁÖ´Â°Ô ÁÁÀ»°ÍÀÓ. ¾Æ·¡´Â DNS¿¡ µî·ÏµÇÁö ¾ÊÀº È£½ºÆ®³×ÀÓÀ¸·Î cfengine ¼­¹ö¿¡ Á¢¼ÓÇÑ °æ¿ìÀÓ.
Nov 10 11:33:15 mirrot cfservd[9610]:  Unable to lookup hostname (techlab.tunelinux.pe.kr) or cfengine service: Name or service not known
{*} ÀÌ·² °æ¿ì IPRange ¸¦ ÀÌ¿ëÇϸé Æí¸®ÇÔ. ip´ë¿ªÀ» ÁöÁ¤ÇÏ¸é µÊ. ÀÌ°æ¿ì¿¡´Â dns µî·ÏÀ» ÇÏÁö ¾Ê¾Æµµ ±¦Âú¾ÒÀ½.
  • Á¢±Ù±ÇÇÑ°ü¸® : cfservd.conf ¿¡¼­ admit À¸·Î Á¢±ÙÇÒ ¼ö ÀÖ´Â ip¸¦ Á¦ÇÑÇÔ. SkipVerify, /etc/hosts ÆÄÀÏ µî·Ï°ú´Â »ó°üÀÌ ¾øÀ½.
  • cfservd ¿¡¼­ split ¸¦ ÀÌ¿ëÇÏ¿© Á¢±Ù±ÇÇÑÀ» ½±°Ô ¼³Á¤ÇÒ ¼ö ÀÖÀ½
  • ÆÄÀϺ¹»ç : ¼­¹öÀÇ ÆÄÀÏ°ú ŸÀÓ½ºÅÆÇÁ ºñ±³ÇÏ¿© º¹»ç¸¦ ÇÔ. Ŭ¶óÀ̾ðÆ®¿¡¼­ ¼öÁ¤Çß´Ù°í ÇÏ´õ¶óµµ ¼­¹ö¿¡¼­ ¼öÁ¤ÇÏÁö ¾Ê¾ÒÀ¸¸é º¹»ç°¡ µÇÁö ¾ÊÀ½
  • cfservd, cfexecd ´Â cfagent.conf ¿¡¼­ ÁöÁ¤ÇÏ¿© °è¼Ó ¶°ÀÖµµ·Ï ÇÔ
  • cfagent ¸¦ cron¿¡ µî·ÏÇÏ¿© ÀÏÁ¤½Ã°£ °£°ÝÀ¸·Î(¿¹: 1ȸ/1½Ã°£) ½ÇÇàÇϵµ·Ï ÇÏ¿© cfservd/cfexecd ÇÁ·Î¼¼½º¸¦ üũÇÔ
  • rpm À¸·Î ¼³Ä¡ÇÑ °æ¿ì¿¡´Â ¹ÙÀ̳ʸ® ÆÄÀÏÀÌ /usr/bin Àΰ¡ À§Ä¡Çؼ­ /var/cfengine/bin µð·ºÅ丮·Î ½Éº¼¸¯ ¸µÅ©(¹Ýµå½Ã ÇÊ¿äÇÑ °ÍÀº ¾Æ´Ô)
  • cfagent.conf ¿¡¼­ smtp ¼­¹ö¸¦ ÀÌ¿ëÇÏ¿© cfexecd ¿¡¼­ ½ÇÇàÇÑ °æ¿ì ¸ÞÀÏ·Î º¸³»µµ·Ï ÇÒ ¼ö ÀÖÀ½. º¸°í±â´É
  • cfagent.conf ÀÇ control ¿¡¼­ ChecksumUpdates ¸¦ ÁöÁ¤Çسõ°í files ¿¡¼­ checksum ¸¦ ÁöÁ¤ÇسõÀ¸¸é üũ¼¶ °Ë»çÇÔ.
  • /tmp µð·ºÅ丮¿¡¼­´Â /etc/fstab ¿¡ noexec¸¦ »ç¿ëÇÏ´Â ´ë½Å »ç¿ëÀÚ, ±×·ì, others ¿¡°Ô ½ÇÇà±ÇÇÑÀÌ ÀÖ´Â ÆÄÀÏÀ» ÀÚµ¿À¸·Î ½ÇÇà±ÇÇÑÀ» ¾ø¾Öµµ·Ï ÇÏ¿´À½. /tmp ¿¡¼­ ½ÇÇà±ÇÇÑÀÌ ÀÖ´Â ÇÁ·Î±×·¥Àº Å©·¡Å·ÀÇ °¡´É¼ºÀÌ ³ôÀ½
  • files, tidy, copy µî¿¡¼­ ÁöÁ¤ÇÑ µð·ºÅ丮´Â ÀϹÝÆÄÀϸíÀÌ ¾Æ´Ñ .. µîÀ¸·Î ½ÃÀÛÇÏ´Â ÆÄÀÏÀ» °Ë»çÇÔ. control ¿¡¼­ NonAlphaNumFiles ¸¦ ÇسõÁö ¾Ê¾Æµµ µÇ¸ç NonAlphaNumFiles ¸¦ Çϸé ÀÚµ¿À¸·Î ¾ËÆĺªÀÌ ¾Æ´Ñ ÆÄÀÏÀ» º¯°æÇعö¸®±â ¶§¹®¿¡ {*} Çѱۿ¡¼­ ¹®Á¦°¡ »ý±è.
  • files ¿¡¼­´Â ÇÏÀ§µð·ºÅ丮¸¦ ÁöÁ¤Çصµ ÆÄÀÏ¿¡¸¸ ¿µÇâÀ» ÁÜ. directories ¿ÍÀÇ Â÷ÀÌÁ¡Àº directories ´Â µð·ºÅ丮 »ý¼º¿¡ »ç¿ëÇÔ.

8. Âü°íÀÚ·á

  • http://www.cfengine.org/ cfengine »çÀÌÆ®
  • °ü·Ã¸Å´º¾ó : À§ÀÇ »çÀÌÆ®¿¡¼­ Æ©Å͸®¾óÀº ¼¼ÆÃÇÏ´Â ¹æ¹ý ¹× »ç¿ë¹ý¿¡ ´ëÇÏ¿© ·¹ÆÛ·±½º´Â °³º° ÇÁ·Î±×·¥ÀÇ »ó¼¼ÇÑ »ç¿ë¹ý¿¡ ´ëÇؼ­ ³ª¿ÍÀÖ´Ù. ·¹ÆÛ·±½º ¸Å´º¾ó¿¡¼­ ¼³Á¤ÆÄÀÏ ¿¹Á¦°¡ ÀÖÀ¸¸ç À̸¦ Âü°íÇÏÀÚ. ¿©±âÀÇ ¼³Á¤ÆÄÀÏ ¿¹Á¦´Â Ãʱâ ÇÁ·Î±×·¥ ¼³Ä¡½Ã share/ µð·ºÅ丮¿¡µµ »ý¼ºÀÌ µÈ´Ù.
  • Automating UNIX and Linux Administration ¼­Àû http://tunelinux.pe.kr/gboard/bbs/board.php?bo_table=link_book&wr_id=59
  • ½Ã½ºÅÛ°ü¸®ÀÇ ÇÙ½É °³Á¤ 3ÆÇ 14Àå °ü¸® ÀÛ¾÷ ÀÚµ¿È­ (ÇѺû³×Æ®¿öÅ©¿¡ °£´ÜÇÑ ³»¿ëÀÌ ÀÖÀ¸³ª Ã¥¿¡ ÀÖ´Â ³»¿ëÀÓ)
  • http://network.hanbitbook.co.kr/view.php?bi_id=644 ÇѺû³×Æ®¿öÅ© °­Á ½Ã½ºÅÛ °ü¸®¿ë ¿ÀÇ ¼Ò½º ÆÐÅ°Áö Åé 5: Á¦5Æí Cfengine
  • À©µµ¿ìÁî¿¡¼­µµ È°¿ëÀÌ °¡´ÉÇϸç http://www.cfengine.org/confdir/nt-howto.html ³»¿ëÀ» Âü°í·Î ÇÏ¿© ¼³Ä¡ÇÑ´Ù. ¸ÕÀú cygwin À» ¼³Ä¡ÇؾßÇÑ´Ù.




sponsored by andamiro
sponsored by cdnetworks
sponsored by HP

Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2009-11-12 10:37:00
Processing time 0.0128 sec