· KLDP.org · KLDP.net · KLDP Wiki · KLDP BBS ·
Cfengine

cfengine


1. Cfengine °³·«

CfengineÀº À¯´Ð½º ÄÄÇ»ÅÍ ½Ã½ºÅÛ ¼³Á¤ ¹× À¯Áöº¸¼ö¸¦ ȯ»óÀûÀ¸·Î ÇØÁÖ´Â À¯¿ëÇÑ ÅøÀÌ´Ù. CfengineÀº µ¶¸³Çü(stand-alone) µµ±¸¸ðÀ½À¸·Î ¼³Á¤ ÆÄÀÏ¿¡ ÀÖ´Â ¸í·É¿¡ µû¶ó ÄÄÇ»Å͸¦ ¼³Á¤ÇÏ°í °ü¸®ÇÑ´Ù. ¼³Á¤ ÆÄÀÏÀº ½ÀµæÇؼ­ »ç¿ëÇϱ⠽¬¿î °í±Þ ¾ð¾î·Î ´Ù¾çÇÑ ½Ã½ºÅÛ ÄÄÆ÷³ÍÆ®¿¡ ÀûÇÕÇÑ ¼Ó¼ºÀ» Á¤ÀÇÇÏ°í ÀÖ´Ù(ÇÁ·Î±×·¡¹ÖÀº ÇÏÁö ¾Ê¾Æµµ µÊ). ÀÌ·± ¹æ½ÄÀ¸·Î CfengineÀº °¢°¢ÀÇ ½Ã½ºÅÛÀ» Á¤ÀÇµÈ ¼³Á¤ ½ºÆå¿¡ ¸Â°Ô ÀÚµ¿À¸·Î ¿©·¯ ½Ã½ºÅÛÀ» ¼³Á¤ÇØ ÁÙ ¼ö ÀÖ´Ù. ¶ÇÇÑ, °è¼ÓÇؼ­ ½Ã½ºÅÛÀ» °¨½ÃÇϸ鼭 ÇÊ¿ä¿¡ µû¶ó ¼³Á¤À» Á¶ÀýÇØÁÖµµ·Ï ÇÒ ¼öµµ ÀÖ´Ù.

2. CfengineÀ¸·Î ÇÒ ¼ö ÀÖ´Â ÀÛ¾÷

  • ³×Æ®¿öÅ© ÀÎÅÍÆäÀ̽º ¼³Á¤
  • ½Ã½ºÅÛ ¼³Á¤ ÆÄÀÏ ¹× ±âŸ ÅؽºÆ® ÆÄÀÏ ÆíÁý
  • »ó¡Àû ¸µÅ© »ý¼º
  • ÆÄÀÏ ±ÇÇÑ°ú ¼ÒÀ¯ÀÚ Á¡°Ë ¹× ¼öÁ¤
  • ºÒÇÊ¿äÇÑ ÆÄÀÏ »èÁ¦
  • ¼±ÅÃµÈ ÆÄÀÏ ¾ÐÃà
  • Á¤È®ÇÏ°í ¾ÈÀüÇÑ ¹æ½ÄÀ¸·Î ³×Æ®¿öÅ©¿¡¼­ ÆÄÀÏ ¹èÆ÷
  • ÀÚµ¿À¸·Î NFS ÆÄÀÏ ½Ã½ºÅÛ ¸¶¿îÆ®
  • ÁÖ¿ä ÆÄÀÏ ¹× ÆÄÀÏ ½Ã½ºÅÛ Á¸Àç ¿©ºÎ¿Í ¹«°á¼º È®ÀÎ
  • ¸í·É¾î ¹× ½ºÅ©¸³Æ® ½ÇÇà
  • ÇÁ·Î¼¼½º °ü¸®
  • º¸¾È°ü·Ã ÆÐÄ¡ ¹× À¯»çÇÑ ¼öÁ¤»çÇ× Àû¿ë

À§¿Í °°Àº ´Ù¾çÇÑ ÀÛ¾÷À» ¸ðµÎ Áß¾ÓÀÇ ¼­¹ö¿¡¼­ Áß¾ÓÁýÁßÀûÀÎ ¹æ½ÄÀ¸·Î °ü¸®¸¦ ÇÒ ¼ö ÀÖ´Ù. Ŭ·¡½º¸¦ ÀÌ¿ëÇÏ¿© ƯÁ¤ È£½ºÆ®º°·Î ±×·ìÀ» ¹­À» ¼öµµ ÀÖ°í ¿î¿µÃ¼Á¦¸¦ ¹­¾î ¸í·ÉÀ» ´Ù¸£°Ô Àû¿ëÇÒ ¼öµµ ÀÖ´Ù.

3. ÇÁ·Î±×·¥ ±¸¼º

cfagent ·ÎÄà ½Ã½ºÅÛ¿¡ ¼³Á¤ ÆÄÀÏÀ» Àû¿ëÇÏ´Â ÁÖ¿ä À¯Æ¿¸®Æ¼ cfrun ¸®¸ðÆ® ½Ã½ºÅÛ¿¡ ¼³Á¤ ÆÄÀÏÀ» Àû¿ëÇÏ´Â À¯Æ¿¸®Æ¼ cfservd cfrunÀ» Áö¿øÇÏ´Â ¼­¹ö ÇÁ·Î¼¼½º. ¸®¸ðÆ® ½Ã½ºÅÛÀ¸·ÎºÎÅÍ Cfengine ¿¡ÀÌÀüÆ® ±â´ÉÀ» »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇØÁÜ. cfexecd ÀÛ¾÷ ½ºÄÉÁ층 ¹× º¸°í µîÀ» ÀÚµ¿È­ ÇØÁÖ´Â µ¥¸ó cfenvd ¹®Á¦ °¨Áö µ¥¸ó cfkey º¸¾È Å° »ý¼º À¯Æ¿¸®Æ¼

°¢ È£½ºÆ®º°·Î cfagent ¸¦ ÀÌ¿ëÇÏ¿© ÀÛ¾÷ÇÒ ³»¿ëÀ» ¹Ì¸® Á¤ÀÇÇسõ´Â´Ù. À̸¦ ÀÌ¿ëÇÏ¿© ¼­¹ö 1´ëº°·Î ½Ã½ºÅÛ°ü¸® ÀÛ¾÷À» ÀÚµ¿È­ÇÒ ¼ö ÀÖ´Ù. ±×·¯³ª ¿ì¸®°¡ ¿øÇÏ´Â °ÍÀº ÀÌ°ÍÀÌ ¾Æ´Ò °ÍÀÌ´Ù. Áß¾ÓÀÇ °ü¸®¼­¹ö¿¡ ÇÊ¿äÇÑ ÆÄÀÏ µîÀ» ¿Ã·Á³õ°í °¢ ¼­¹ö¿¡¼­ Áß¾ÓÀÇ °ü¸®¼­¹ö¿¡¼­ ÆÄÀÏÀ» °¡Á®¿À°Ô ÇÒ ¼öµµ ÀÖ°í Áß¾ÓÀÇ °ü¸®¼­¹ö¿¡¼­ ¿ø°ÝÀ¸·Î °¢ ½Ã½ºÅÛÀÇ cfagent ¸¦ ½ÇÇàÇÒ ¼öµµ ÀÖ´Ù. Áß¾ÓÀÇ °ü¸®¼­¹ö¿¡¼­ cfrun À» ÀÌ¿ëÇÏ¿© °¢ È£½ºÆ®¿¡ Á¢¼ÓÇÒ ¼ö°¡ Àִµ¥ À̶§ °¢ È£½ºÆ®¿¡´Â cfservd °¡ µ¹¾Æ°¡°í ÀÖÀ¸¸é µÈ´Ù.

cfexecd ´Â °¢ È£½ºÆ®¿¡¼­ cron ó·³ »ç¿ëÇÏ´Â °ÍÀÌ´Ù. cfkey ´Â º¸¾È Å° »ý¼º À¯Æ¿¸®Æ¼·Î °¢ °ü¸®ÇÒ È£½ºÆ®¿¡¼­ ½ÇÇàÇÏ¸é µÈ´Ù. ÀÌ Å°¸¦ ÀÌ¿ëÇÏ¿©(°³ÀÎÅ°/°ø°³Å° ¹æ½Ä) Áß¾Ó°ü¸®¼­¹ö¿Í °¢ È£½ºÆ®°£¿¡ Åë½ÅÀ» ÇÑ´Ù.

¼­¹ö¿¡¼­´Â cfservd°¡ ¶° ÀÖ¾î¾ß ´Ù¸¥ ´ë»ó ÄÄÇ»ÅÍ¿¡¼­ ¸¶½ºÅͼ­¹öÀÇ ÆÄÀÏÀ» °¡Á®¿Ã ¼ö ÀÖ´Ù. ´Ù¸¥ ´ë»ó ÄÄÇ»ÅÍ¿¡¼­´Â ¼öµ¿À¸·Î ¶Ç´Â ÀÚµ¿À¸·Î(cfexecd ¶Ç´Â cron ÀÌ¿ë) cfagent¸¦ ½ÇÇàÇÏ¸é µÈ´Ù.

4. »ç¿ëÀü ÁÖÀÇ»çÇ×

°¢ È£½ºÆ®´Â hostnameÀÌ ÀÖ¾î¾ßÇÏ°í DNS lookupÀ» Çϸé ip¸¦ ¹ÝȯÇϸç ip·Î ÁúÀǸ¦ ÇÏ¸é µ¿ÀÏÇÑ hostnameÀÌ ³ª¿Í¾ßÇÑ´Ù. º¸Åë hostname-> ip´Â ³×ÀÓ¼­¹ö¿¡ ¼¼ÆÃÀ» ÇÏÁö¸¸ ip-> hostnameÀ» dns¿¡ ¼¼ÆÃÇÏÁö ¾Ê´Â °æ¿ì°¡ ¸¹Àºµ¥ ÀÌ·² °æ¿ì¿¡´Â /etc/hosts¿¡ ¸ðµç È£½ºÆ®¸íÀ» ³Ö¾îµÎ¾î¾ßÇÑ´Ù.


5. ¼³Ä¡

5.1. ¼Ò½º ¼³Ä¡

http://www.cfengine.org/pages/download ¿¡¼­ ´Ù¿î·Îµå

¸ÕÀú md5sumÀ» ÀÌ¿ëÇØ ¼Ò½ºÇÁ·Î±×·¥ÀÇ ¹«°á¼º È®ÀÎÇÑ´Ù. ¼Ò½º¸¦ Ǭ´Ù.
# ./configure --prefix=/usr/local/cfengine (±âº»Àº /usr/local ¿¡ ¼³Ä¡) 
# make 
# make check (¼¿ÇÁ Å×½ºÆ®) 
# make install
¿©±â¼­ ¼³Ä¡½Ã µÎ°¡Áö °³¹ß°ü·Ã ÇÁ·Î±×·¥ÀÌ ÇÊ¿äÇÏ´Ù. Berkeley Database obtainable from http://www.sleepycat.com OpenSSL obtainable from http://www.openssl.org

RHEL, CentOS¿¡¼­´Â db4-devel, openssl-devel ÀÌ ÇÊ¿äÇÏ´Ù.
# yum -y install db4-devel openssl-devel

¼³Ä¡ÆÐÅ°Áö´Â ¾Æ·¡¿Í °°´Ù. /usr/local/cfengine ¿¡ ¼³Ä¡ÇÑ´Ù.

> ./sbin/cfagent
> ./sbin/cfservd
> ./sbin/cfrun
> ./sbin/cfkey
> ./sbin/cfenvd
> ./sbin/cfenvgraph
> ./sbin/cfexecd
> ./sbin/cfshow
> ./sbin/cfetool
> ./sbin/cfetoolgraph
> ./sbin/cfdoc
21a33,57
> ./share/cfengine
> ./share/cfengine/cfengine.el
> ./share/cfengine/cf.chflags.example
> ./share/cfengine/cf.freebsd.example
> ./share/cfengine/cf.ftp.example
> ./share/cfengine/cf.groups.example
> ./share/cfengine/cf.linux.example
> ./share/cfengine/cf.main.example
> ./share/cfengine/cf.motd.example
> ./share/cfengine/cf.preconf.example
> ./share/cfengine/cf.services.example
> ./share/cfengine/cf.site.example
> ./share/cfengine/cf.solaris.example
> ./share/cfengine/cf.sun4.example
> ./share/cfengine/cf.users.example
> ./share/cfengine/cfservd.conf.example
> ./share/cfengine/cfagent.conf.example
> ./share/cfengine/cfagent.conf-advanced.example
> ./share/cfengine/update.conf.example
> ./share/cfengine/cfrc.example
> ./share/cfengine/cfrun.hosts.example
> ./share/cfengine/README
> ./share/cfengine/ChangeLog
> ./share/cfengine/INSTALL
> ./share/cfengine/NEWS

5.2. RPM ÀÌ¿ëÇϱâ

  • Á» ´õ Æí¸®ÇÏ°Ô »ç¿ëÇÏ·Á¸é Ãʱâ kickstart ÀÌ¿ëÇÏ¿© ¼³Ä¡½Ã ÀÚµ¿À¸·Î cfengineÀ» ¼³Ä¡ÇÏ°í update.conf¸¦ À¥¼­¹ö µî¿¡¼­ °¡Á®¿Àµµ·Ï Çϴ°ÍÀÌ ÁÁ´Ù.
  • rpmfind ¿¡¼­ ã¾Æº¸¸é cfengineÀ» [ftp]rpmÀ¸·Î ¸¸µé¾î³õÀº °ÍÀÌ ÀÖ´Ù. fedora ÂÊÀÇ SRPMÀ» °¡Á®´Ù°¡ RPMÀ» ¸¸µé¾î¼­ »ç¿ëÇÏ´Ï ¹®Á¦°¡ ¾øÀÌ Àß ½ÇÇàÀÌ µÇ¾ú´Ù.
 
# cd /usr/src/redhat/SPEC
# rpmbuild -ba --target i686 cfengine.spec
  • ¹ÙÀ̳ʸ®, man page, ¹®¼­ µîÀº CentOS(Redhat) Ç¥ÁØ µð·ºÅ丮 ±¸¼ºÀ» µû¶ó°¨. Ŭ¶óÀ̾ðÆ® ¼³Á¤µð·ºÅ丮´Â À§¿Í µ¿ÀÏÇÏ°Ô /var/cfengine ÀÌ¸ç ¼³Ä¡Çϸ鼭 ÀÚµ¿À¸·Î cfkey¸¦ ÀÌ¿ëÇÏ¿© Á¢¼Ó¿¡ ÀÌ¿ëÇÒ Å°¸¦ »ý¼ºÇÑ´Ù.
  • ¼öµ¿À¸·Î update.conf ÆÄÀÏ °¡Á®¿Í /var/cfengine/inputs ¿¡ µÎ°í cfkey ¿¡¼­ »ý¼ºÇÑ Å°(/var/cfengine/ppkeys/localhost.pub) ¸¸ ¸¶½ºÅͼ­¹ö·Î ¿Å°ÜµÎ¸é ½ÇÇàÀÌ Àß µÈ´Ù. ¿©±â¼­ Å°¸¦ º¹»çÇÒ¶§´Â root-ip.pub ÇüÅ·Πº¹»çÇؾßÇÑ´Ù.
  • Æäµµ¶óÀÇ RPMÀ» ÀÌ¿ëÇÒ °æ¿ì ¹ÙÀ̳ʸ® ÇÁ·Î±×·¥Àº /usr/sbin/¿¡ ÀÖÀ¸¸ç /var/cfengine/bin/¿¡´Â /usr/sbin/cfagent¸¸ ½Éº¼¸¯ ¸µÅ©°¡ µÇ¾îÀÖ´Ù. RPMÀ» ÀÌ¿ëÇÑ´Ù¸é ±»ÀÌ ¹Ù²ÙÁö ¾Ê¾Æµµ µÇ´Â ºÎºÐÀÌÁö¸¸ ÁÖÀÇÇØ¾ß ÇÒ ºÎºÐÀ̱⿡ ¼³¸íÀ» Àû´Â´Ù.
  • À§ÀÇ rpmµµ yum ÀÚü ·¹ÆÄÁöÅ丮¿¡ Ãß°¡ÇسõÀ¸¸é ¼³Ä¡ ¹× °ü¸®°¡ Æí¸®ÇÒ °ÍÀÌ´Ù. 2006-11-07 18:01:13 ÇöÀç cfengine.tunelinux.pe.kr ÀÇ ÀÚü ·¹ÆÄÁöÅ丮¿¡ Ãß°¡°¡ µÇ¾îÀÖ´Ù. ¾Æ·¡¿Í °°ÀÌ ¼³Ä¡¸¦ ÇÏ¸é µÈ´Ù.
 
# rpm -ivh http://cfengine.tunelinux.pe.kr/tune/4.4/i386/RPMS/cfengine-2.1.21-2.i686.rpm

6. ¼¼ÆÃ

6.1. Ãʱⱸ¼º ¹× Å×½ºÆ®

  • ¸ÕÀú ÇÁ·Î±×·¥À» ÄÄÆÄÀÏÇÏ¿© /usr/local/cfengine µð·ºÅ丮¿¡ »ý¼ºÇÏ¿´´Ù°í °¡Á¤ÇÑ´Ù. ¶Ç´Â rpm À̶ó°í ÇÏ´õ¶óµµ ÀÛ¾÷Àº °ÅÀÇ µ¿ÀÏÇÏ´Ù.
  • rpmÀ¸·Î ¼³Ä¡ÇÏÁö ¾ÊÀº °æ¿ì¶ó¸é ¸ÕÀú /var/cfengine µð·ºÅ丮¿Í ÇÏÀ§¿¡ inputs µð·ºÅ丮¸¦ ¸¸µç´Ù.
  • /var/cfengine/inputs ¿¡ cfagent.conf ÆÄÀÏÀ» ÀûÀýÈ÷ »ý¼ºÇÑ´Ù. ÀÌ ÆÄÀϸ¸ ÀÖÀ¸¸é ÀÛ¾÷Àº °¡´ÉÇÏ´Ù. ¿©±â¼­ ¿øÇÏ´Â ÀÛ¾÷À» Å×½ºÆÃÇÏ¸é µÈ´Ù. ´Ü, ¿©±â¼­´Â ·ÎÄà Çϳª¸¸ Å×½ºÆÃÀ» ÇÏ´Â °ÍÀÌ´Ù.
    • Å×½ºÆÃÀÌ µÇ¾úÀ¸¸é ÀÌÁ¦ ¸¶½ºÅÍ ¼­¹ö¿Í Ŭ¶óÀ̾ðÆ®¸¦ ±¸¼ºÇÏÀÚ. ¿©±â¼­ ¸¶½ºÅÍ ¼­¹ö´Â À§ÀÇ ¼³Á¤ÆÄÀÏÀ» ³Ö¾îµÎ´Â ¼­¹ö¸¦ ¸»ÇÑ´Ù.

6.2. ¸¶½ºÅͼ­¹ö±¸¼º

  • /usr/local/var/cfengine/inputs µð·ºÅ丮´Â °¢ Ŭ¶óÀ̾ðÆ®¿¡¼­ ¸¶½ºÅÍ ¼­¹öÀÇ ¼³Á¤ÆÄÀÏÀ» °¡Á®¿Ã µð·ºÅ丮ÀÌ´Ù. ¹°·Ð ´Ù¸¥ µð·ºÅ丮·Î º¯°æÇÏ¿©µµ µÈ´Ù. ÀÌ À§Ä¡´Â cfservd.conf ¿¡ µé¾î°£´Ù. ¿©±â¿¡ µé¾î°¥ ÆÄÀÏÀº cfagent.conf, cfrun.hosts, cfservd.conf, update.conf ÀÏ °ÍÀÌ´Ù. cfagent.conf, update.conf ´Â ÃÖ¼ÒÇÑÀ¸·Î ÇÊ¿äÇÏ´Ù. cfservd ¸¦ ¶ç¿ì·Á¸é cfservd.conf ¼³Á¤ÀÌ ÇÊ¿äÇÏ´Ù. ¸¶½ºÅͼ­¹ö´Â ¹Ýµå½Ã cfservd °¡ µ¹¾Æ°¡¾ß ÇÑ´Ù. cfservd ¸¦ ¶ç¿ö¾ß Ŭ¶óÀ̾ðÆ®¿¡¼­ ¼­¹ö¿¡ Á¢¼ÓÇÒ ¼ö ÀÖ´Ù.
  • À§ÀÇ ¸¶½ºÅ͵ð·ºÅ丮´Â ¹öÀü°ü¸®¸¦ À§ÇÏ¿© CVS¸¦ ÀÌ¿ëÇÏ´Â °ÍÀÌ ÁÁ´Ù.

6.2.1. cfagent.conf

##################################################
# 
#  cfagent.conf
#
#  This is a simple file for getting started with
#  cfengine. It is harmless. If you get cfengine
#  running with this file, you can build on it.
#
##################################################

###
#
# BEGIN cfagent.conf (Only hard classes in this file )
#
###

classes:
# cfengine master server
master_server = ( cfengine.tunelinux.pe.kr )

# server group
testingservers = ( cent.tunelinux.pe.kr cent2.tunelinux.pe.kr )
#testingservers = ( cent2.tunelinux.pe.kr )
webhosting = ( cent.tunelinux.pe.kr )
mailhosting = ( '/usr/bin/test -d /var/qmail' )
dnshosting = ( '/usr/bin/test -f /etc/named.conf' )
dnsservers = ( '/usr/bin/test -f /etc/named.conf' )
intraservers = ( cfengine.tunelinux.pe.kr intranet.tunelinux.pe.kr project.tunelinux.pe.kr )

#intra_ip_range = ( IPRange(111.112.137.1-100) )
intra_ip_range = ( IPRange(111.112.137.0/24) )

# tune servers
tuneservers = ( testingservers webhosting mailhosting dnshosting intraservers intra_ip_range )

# specific server
centosservers = ( '/usr/bin/test -d /usr/share/doc/centos-release-4' )
cfengineservers = ( '/usr/bin/test -f /usr/sbin/cfagent' )
yumservers = ( '/usr/bin/test -f /etc/yum.repos.d/CentOS-Base.repo' )
techlabservers = ( 111.112.137.141 techlab.tunelinux.pe.kr )

##################################################
control:

   domain         = ( tunelinux.pe.kr )
   timezone       = ( MET )

   smtpserver     = ( localhost )  # used by cfexecd
   sysadm         = ( joon@tunelinux.pe.kr )     # where to mail output

#   IfElapsed = ( 0 )

   schedule = ( Hr00 )

   ChecksumUpdates = ( on )

# cfengine tune repogitory
   master_files = ( /usr/local/var/cfengine/tune )
   master_server = ( cfengine.tunelinux.pe.kr )
# html repogitory
   html_files = ( /var/www/html/tune )

# security check
   SpoolDirectories = ( /var/spool/mail /var/spool/cron )
   WarnNonOwnerMail = ( true )
   WarnNonUserMail = ( true )
#!techlabservers::
#   NonAlphaNumFiles = ( on )

   actionsequence = ( disable copy editfiles files shellcommands directories tidy processes )

##################################################
 
resolve:
   # Add these name servers to the /etc/resolv.conf file
     210.220.163.82      # local nameserver
     210.94.6.67     # backup nameserver

##################################################
# 111.112.137 tune intra
# 222.239.157 IDC monitor
# 66.600.5 IDC intra

editfiles:
{ 
	/etc/crontab 
	AppendIfNoSuchLine "* 0 * * * root /usr/bin/rdate -s time.bora.net && /sbin/hwclock -w"
}

tuneservers::
{
	/etc/security/access.conf
	AppendIfNoSuchLine "-:root:All EXCEPT LOCAL localhost.localdomain 111.112.137. 222.239.157. 66.600.5."
}

{
	/etc/pam.d/sshd
	AppendIfNoSuchLine "account    required     pam_access.so"
}

{
	/etc/vsftpd/vsftpd.conf	
	ReplaceAll "anonymous_enable=YES" With "anonymous_enable=NO"
	DefineClasses "modified_ftp"
}

intraservers|intra_ip_range::
{
	/etc/aliases	
	AppendIfNoSuchLine "root:		joon@tunelinux.pe.kr"
	DefineClasses "modified_aliases"
}

centosservers::
{ 
	/etc/updatedb.conf
	ReplaceAll "DAILY_UPDATE=no" With "DAILY_UPDATE=yes"
}

tuneservers.cfengineservers::
{ 
	/etc/crontab 
	AppendIfNoSuchLine "* 0 * * * root /usr/sbin/cfexecd -F"
}

intra_ip_range|testingservers::
{
	/etc/bashrc
	AppendIfNoSuchLine "alias ll='ls -alF'"
}

##################################################

copy:

 #  Get a file from some trusted server, e.g. password sync
 #  To do this, you need to use cfkey to install keys

# tune yum repository
tuneservers::
$(master_files)/tune.repo dest=/etc/yum.repos.d/tune.repo mode=644 server=$(master_server)

# master file copy
master_server::
	/etc/hosts dest=$(master_files)/hosts backup=true
	/usr/local/var/cfengine/inputs/update.conf dest=$(html_files)/update.conf mode=644 
	$(master_files)/tune.repo dest=$(html_files)/tune.repo mode=644 server=$(master_server)

# iptables
intra_ip_range|intraservers::
	$(master_files)/intra-iptables dest=/etc/sysconfig/iptables mode=600 server=$(master_server) backup=true define=modified_iptables

testingservers.!master_server::
	$(master_files)/hosts dest=/etc/hosts mode=644 server=$(master_server) backup=true

##################################################

files:

tuneservers::
# file check
   /tmp mode=ugo-x recurse=inf action=fixall syslog=true inform=true
   /var/tmp mode=ugo-x recurse=inf action=fixall syslog=true inform=true
   /proc mode=700 owner=root action=fixall
# password 
   /etc/passwd mode=644 owner=root action=fixall checksum=md5 syslog=true inform=true
   /etc/shadow mode=600 owner=root action=fixall checksum=md5 syslog=true inform=true
   /etc/group  mode=644 owner=root action=fixall checksum=md5 syslog=true inform=true

#cfengine program file
cfengineservers::
   /usr/sbin   mode=700 owner=root action=fixall include=cf* recurse=inf 

##################################################

shellcommands:

# security check
# "/usr/bin/find /tmp/ '(' -nouser -o -nogroup ')' "
tuneservers.yumservers::
      "/bin/rm -f /etc/yum.repos.d/CentOS-*" 

tuneservers.yumservers.Sunday.Hr00::
      "/usr/bin/yum clean all"

modified_ftp::
	"/etc/init.d/vsftpd restart" 

modified_iptables::
	"/etc/init.d/iptables restart" 

modified_aliases::
	"/usr/bin/newaliases && /etc/init.d/sendmail restart && /sbin/chkconfig --level 345 sendmail on" 

any.Hr07::
	"/usr/bin/rdate -s time.bora.net && /sbin/hwclock -w" timeout=30

##################################################

directories:
#	/tmp mode=1777 owner=root group=root syslog=true inform=true

tidy:
#tuneservers.intra_ip_range::
tuneservers::
	/tmp recurse=inf pattern=* age=7 rmdirs=sub syslog=true inform=true
	/var/tmp recurse=inf pattern=* age=7 rmdirs=sub syslog=true inform=true
	/home  	recurse=inf 
		pat=core 
		pat=a.out
		pat=*.o
		age=1 
		rmdirs=sub 
		syslog=true 
		inform=true
#		pat=*%
#		pat=#*

disable:
tuneservers::
	/root/.rhosts syslog=true inform=true
	/etc/hosts.equiv syslog=true inform=true

##################################################

processes:
#   "xinetd"  signal=hup
#   "httpd"    signal=kill
#	"cfservd" signal=hup
#   	"cexecd"  signal=hup
tuneservers.cfengineservers::
   "cfexecd" restart "/usr/sbin/cfexecd"
   "cfservd" restart "/usr/sbin/cfservd"

###
#
# END cfagent.conf
#
###

control ¿¡´Â Àüü ¼³Á¤°ú °ü·ÃµÈ ³»¿ëÀÌ µé¾î°£´Ù.

smtpserver, sysadm ´Â cfexecd µîÀ¸·Î ½ÇÇàÇÒ °æ¿ìÀÇ ½ÇÇà³»¿ëÀ» ¸ÞÀÏ·Î º¸³»ÁÖµµ·Ï ÇÏ´Â ¼³Á¤ÀÌ´Ù. smtp ¼­¹ö¿Í ¹ÞÀ» »ç¿ëÀÚ¸¦ ÁöÁ¤ÇÏ¸é µÈ´Ù.

IfElapsed ´Â cfagent ÀÇ ½ÇÇà°ú °ü°è°¡ ÀÖÀ¸¸ç ¾Æ·¡¿¡¼­ µð¹ö±ë ºÎºÐÀ» ÂüÁ¶ÇÑ´Ù.

schedule : cfexecd¸¦ ¶ç¿üÀ» °æ¿ì (cfagent¸¦ ÁÖ±âÀûÀ¸·Î ½ÇÇàÇÏ´Â ¿ªÇÒÀ» ÇÏ´Â ÇÁ·Î±×·¥ÀÓ) schedule ¿¡ ¼³Á¤µÈ ³»¿ë¿¡ µû¶ó ÁÖ±âÀûÀ¸·Î cfexecd ¸¦ ½ÇÇàÇÑ´Ù. cfexecd´Â º°µµÀÇ ¼³Á¤ÆÄÀÏÀÌ ¾øÀ¸¸ç cfagent.confÀÇ schedule ¼³Á¤À» º¸°í ½ÇÇàÀ» ÇÑ´Ù. cfexecd¸¦ ¶ç¿ö¼­ »ç¿ëÇÒ ¼öµµ ÀÖ°í cronÀ» ÀÌ¿ëÇÏ¿© ½ÇÇàÇϵµ·Ï ÇÒ¼öµµ ÀÖ´Ù.

class¸¦ ÀÌ¿ëÇÏ¿© Á¤Ã¥À» ±×·ìº°·Î Àû¿ëÇÒ ¼ö ÀÖ´Ù. ¿©±â¼­ ( ) ¾ÈÀÇ È£½ºÆ®´Â /etc/hosts ÆÄÀÏÀ» ÂüÁ¶ÇÑ´Ù. ƯÁ¤ ¸í·ÉÀ» ½ÇÇàÇÑ °á°ú¸¦ °¡Áö°í ±×·ì(Ŭ·¡½º)¸¦ ³ª´­ ¼öµµ ÀÖ´Ù. /etc/hosts ÆÄÀÏ·Î ºÐ·ùÇϱâ Èûµç °æ¿ì »ç¿ëÇϸé ÁÁÀ» °ÍÀÌ´Ù. Ŭ·¡½º¾È¿¡ ´Ù¸¥ Ŭ·¡½º¸¦ ³ÖÀ» ¼öµµ ÀÖ´Ù.


ChecksumUpdates ´Â files ¿¡ ÁöÁ¤ÇÑ ÆÄÀÏÀÇ Ã¼Å©¼¶À» üũÇÏ¿© ´Ù¸¦ °æ¿ì °æ°í¸¦ º¸¿©ÁØ´Ù.

NonAlphaNumFiles ´Â ".. ." µî ÀÏ¹Ý ¹®ÀÚ¿¡¼­ ¹þ¾î³­ µð·ºÅ丮¸¦ üũÇÑ´Ù. (?)

¿©±â¼­ master_server ´Â ÀÓÀÇÀÇ º¯¼ö¸¦ ÁöÁ¤ÇÑ °ÍÀ¸·Î ÀÌ·¯ÇÑ ÇüÅ·Π°¢ÀÚ º¯¼ö¸¦ ¸¸µé¾î »ç¿ëÇÒ ¼ö ÀÖ´Ù.

files µî¿¡¼­ syslog ´Â syslog¿¡ ÇØ´ç º¯È­³»¿ëÀ» ±â·ÏÇÏ´Â °ÍÀÌ°í inform Àº ½ºÅ©¸°À̶ó À̸ÞÀÏ·Î Á¤º¸¸¦ ¾Ë·ÁÁØ´Ù. true¿Í onÀÇ Â÷ÀÌÁ¡Àº ¸Å´º¾óÀ» ºÁµµ Àß ¸ð¸£°Ú´Ù.

6.2.2. cfservd.conf

#########################################################
#
# This is a cfd config file
#
# The access control here follows after any tcpd
# control in /etc/hosts.allow and /etc/hosts.deny
#
#########################################################

 #
 # Could import cf.groups here and use a structure like
 # in cfengine.conf, cf.main, cf.groups
 #

control:

  domain = ( tunelinux.pe.kr )

  AllowUsers = ( root )

  linux::

     cfrunCommand  = ( "/var/cfengine/bin/cfagent" )

  any::

#  ChecksumDatabase = ( /tmp/testDATABASEcache )

  IfElapsed = ( 1 )

  MaxConnections = ( 30 )

# access control
          Split = ( " " )
          hostlist = ( "111.112.137 222.239.157 66.600.5" )
#         hostlist = ( "111.112.137.162" )
          dirs = ( "inputs tune" )
          base = ( /usr/local/var/cfengine )

#########################################################

admit:   # or grant:

   $(base)/$(dirs)  $(hostlist)
#   /usr/local/var/cfengine/inputs *
#   /usr/local/var/cfengine/tune *

cfservd.conf´Â cfservd¿¡ ÇÊ¿äÇϸç Á¢±ÙÇÒ ¼ö ÀÖ´Â ±ÇÇÑÀ» ¼³Á¤ÇÑ´Ù. AllowUsers ºÎºÐÀÌ ¾÷À¸¸é cfrun ÀÌ ½ÇÇàÀÌ µÇÁö ¾Ê¾Ò´Ù. admit Àº Á¢±Ù±ÇÇѼ³Á¤À» ÇÏ´Â ºÎºÐÀÌ´Ù.

6.2.3. update.conf

#######################################################
#
# cf.update - for iu.hio.no
#
#######################################################

###
#
# BEGIN cf.update
#
###

#######################################################################
#
# This script distributes the configuration, a simple file so that,
# if there are syntax errors in the main config, we can still
# distribute a correct configuration to the machines afterwards, even
# though the main config won't parse. It is read and run just before the
# main configuration is parsed.
#
#######################################################################

control:

   actionsequence  = ( copy processes tidy )  # Keep this simple and constant

   domain          = ( tunelinux.pe.kr )  # Needed for remote copy

   #
   # Which host/dir is the master for configuration roll-outs?
   #

   policyhost      = ( cfengine.tunelinux.pe.kr )
   master_cfinput  = ( /usr/local/var/cfengine/inputs ) 

   AddInstallable = ( new_cfenvd new_cfservd )

   #
   # Some convenient variables
   #

   workdir         = ( /var/cfengine )

  linux::

   cf_install_dir  = ( /usr/local/cfengine/sbin )

   ###################################################################
   #
   # Spread the load, make sure the servers get done first though
   #
   ###################################################################

  !AllBinaryServers::

     SplayTime = ( 1 )

############################################################################

 #
 # Make sure there is a local copy of the configuration and
 # the most important binaries in case we have no connectivity
 # e.g. for mobile stations or during DOS attacks
 #

copy:

     $(master_cfinput)            dest=$(workdir)/inputs
                                  r=inf
                                  mode=700
                                  type=binary
                                  exclude=*.lst
                                  exclude=*~
                                  exclude=#*
                                  server=$(policyhost)
                                  trustkey=true

#####################################################################

tidy:

     #
     # Cfexecd stores output in this directory.
     # Make sure we don't build up files and choke on our own words!
     #

     $(workdir)/outputs pattern=* age=7

#####################################################################

processes:

  new_cfservd::

    "cfservd" signal=term restart /usr/sbin/cfservd

  new_cfenvd::

    "cfenvd" signal=kill restart "/usr/sbin/cfenvd -H"


###
#
# END cf.update
#
###

update.conf´Â cfagent ¿¡¼­ ¸¶½ºÅͼ­¹ö¿¡ Á¢±ÙÇϱâ À§Çؼ­ ÇÊ¿äÇÑ ¼³Á¤ÀÌ´Ù. ¿©±â¼­ ÁöÁ¤ÇÑ ¼­¹ö¿Í µð·ºÅ丮¿¡¼­ ÇÊ¿äÇÑ ÆÄÀÏÀ» °¡Á®¿Â´Ù.

6.3. Ŭ¶óÀ̾ðÆ® ±¸¼º

  • ÀÌÁ¦ Ŭ¶óÀ̾ðÆ®¿¡ ÇÁ·Î±×·¥À» ¼³Ä¡ÇؾßÇϴµ¥ µ¿ÀÏÇÑ OS¿¡ µ¿ÀÏÇÑ ¹öÀüÀÌ¸é ¾Õ¿¡¼­ ÄÄÆÄÀÏÇÑ ÇÁ·Î±×·¥À» »ç¿ëÇÏ¿©µµ µÈ´Ù. /usr/local/cfengine/sbin µð·ºÅ丮ÀÇ ÆÄÀÏÀ» /var/cfengine/bin À¸·Î º¹»çÇÏ¸é µÈ´Ù.
  • /var/cfengine µð·ºÅ丮¿¡ ¸ðµç ¼³Á¤ÆÄÀÏ°ú ¹ÙÀ̳ʸ® ÆÄÀÏÀ» ³õ´Â´Ù. ¼³Á¤ÆÄÀÏÀº inputs, ¹ÙÀ̳ʸ®ÆÄÀÏÀº bin µð·ºÅ丮¿¡ ³ÖÀ¸¸é µÉ °ÍÀÌ´Ù. ´Ù¸¥ ¼³Á¤ÆÄÀÏÀº ÀÚµ¿À¸·Î °¡Á®¿À¸é µÇ¹Ç·Î /var/cfengine/inputs/update.conf ÆÄÀϸ¸ ¸ÕÀú º¹»ç¸¦ ÇÏ°í cfkey¸¦ ÀÌ¿ëÇÏ¿© Å° »ý¼ºÈÄ °ø°³Å°¸¦ ¸¶½ºÅͼ­¹ö¿¡ º¹»çÇÏ¿©³õ´Â´Ù.
  • rpmÀ¸·Î ¼³Ä¡ÇÏ´Â °æ¿ì¿¡´Â ÇÁ·Î±×·¥À» ¼³Ä¡ÇÏ°í ÀÚµ¿À¸·Î cfkey¸¦ ÀÌ¿ëÇÏ¿© Å°±îÁö »ý¼ºÇÑ´Ù. Å°º¹»ç ¹× update.conf ¸¦ ¸¶½ºÅͼ­¹ö¿¡ º¹»ç¸¸ ÇÏ¸é µÈ´Ù.

[root@localhost cfengine]# mkdir -p /var/cfgneine/inputs
[root@localhost cfengine]# mkdir -p /var/cfengine/bin
[root@localhost cfengine]# cd /var/cfengine/bin
[root@localhost cfengine]# scp cent.tunelinux.pe.kr:/usr/local/cfengine/sbin/* .
[root@localhost cfengine]# scp cent.tunelinux.pe.kr:/usr/local/var/cfengine/inputs/update.conf /var/cfgneine/inputs
  • cfkey ÇÁ·Î±×·¥À» ÀÌ¿ëÇÏ¿© Å°¸¦ »ý¼ºÇÑ´Ù.
[root@localhost cfengine]# cfkey
Making a key pair for cfengine, please wait, this could take a minute...
Writing private key to /var/cfengine/ppkeys/localhost.priv
Writing public key to /var/cfengine/ppkeys/localhost.pub
  • Ŭ¶óÀ̾ðÆ®ÀÇ Å°¸¦ ¼­¹öÀÇ /var/cfengine/ppkeys/root-ip.pub ÀÇ ÇüÅ·Πº¹»çÇسִ´Ù. cfservd ÀÇ ¼³Á¤ÆÄÀÏ¿¡¼­ AllowUsers = ( root ) ¶ó´Â Ç׸ñÀÌ ÀÖ¾î¾ß ³ªÁß¿¡ cfrunÀÌ ½ÇÇà°¡´ÉÇÏ´Ù. À̶§¹®¿¡ ¾à°£ÀÇ ½Ã°£À» ¼Ò¸ðÇÏ¿´´Ù. ¶ÇÇÑ cfservd ¼³Á¤¿¡¼­ admin ¼³Á¤µîÀÌ Á¦´ë·Î µÇ¾î ÀÖ¾î¾ß ÇÑ´Ù.
[root@localhost cfengine]# scp /var/cfengine/ppkeys/localhost.pub cent.tunelinux.pe.kr:/var/cfengine/ppkeys/root-111.112.137.140.pub

[root@mytest inputs]# ll /var/cfengine/ppkeys/
ÇÕ°è 24
drwx------  2 root root 4096 10¿ù 10 16:05 ./
drwxr-xr-x  9 root root 4096 10¿ù 19 13:58 ../
-rw-------  1 root root 1743 10¿ù 10 15:15 localhost.priv
-rw-------  1 root root  426 10¿ù 10 15:15 localhost.pub
-rw-------  1 root root  426 10¿ù 19 14:39 root-111.112.137.140.pub
-rw-------  1 root root  426 10¿ù 10 15:28 root-111.112.137.162.pub
  • ÀÌÁ¦ client ¿¡¼­ cfagent ¸¦ ½ÇÇàÇÏ¸é ¸¶½ºÅÍ ¼­¹ö¿¡¼­ cfagent.conf cfrun.hosts cfservd.conf ÆÄÀÏÀ» ÀÚµ¿À¸·Î °¡Á®¿Í ÇÊ¿äÇÑ ÀÛ¾÷À» ¼öÇàÇÑ´Ù.
[root@mytest inputs]# cfagent -q -v (-q ¿É¼ÇÀº µô·¹À̾øÀÌ ¹Ù·Î ½ÇÇà¿É¼Ç)
  • cfservd ´Â À§¿¡¼­´Â ¸¶½ºÅÍ¿¡¸¸ ¶ç¿üÁö¸¸ ¸¶½ºÅÍ ¼­¹ö¿¡¼­ °¢ Ŭ¶óÀ̾ðÆ®¿¡ Á¢¼ÓÇÏ¿© cfagent ¸¦ ½ÇÇàÇÏ·Á¸é °¢ Ŭ¶óÀ̾ðÆ®¿¡µµ ¶ç¿öÁ® ÀÖ¾î¾ß ÇÑ´Ù. cfservd´Â µÎ°¡Áö ±â´ÉÀ» ÇÏ´Â °ÍÀÌ´Ù. ¸¶½ºÅͼ­¹ö¿¡¼­ ÆÄÀϼ­¹ö±â´É, Ŭ¶óÀ̾ðÆ®¿¡¼­ ¿ø°ÝÁ¢¼Ó ½ÇÇà±â´É.
  • Æí¸®ÇÏ°Ô »ç¿ëÀ» ÇÏ·Á¸é óÀ½ °¢ Ŭ¶óÀ̾ðÆ®¿¡ ¼³Ä¡½Ã ÀÚµ¿À¸·Î /var/cfengine µð·ºÅ丮¸¦ ¸¸µé°í ¸¶½ºÅͼ­¹ö¿¡¼­ update.conf ÆÄÀÏÀ» °¡Á®¿Àµµ·Ï ÇÏ°í Ŭ¶óÀ̾ðÆ®¿¡¼­ cfkey¸¦ »ý¼ºÇÏ¿© ¸¶½ºÅͼ­¹ö·Î º¹»çÇØÁÖ´Â ½ºÅ©¸³Æ®¸¦ Â¥³õÀ¸¸é ÀÚµ¿È­°¡ °¡´ÉÇÏ´Ù.

6.4. µð¹ö±ëÇϱâ

  • cfservd ¿¡ -d2 ¿É¼ÇÀ» ÁÖ¸é µð¹ö±ë ¸ðµå·Î ¿î¿µÀÌ µÈ´Ù. ¿©±â¼­ ³ª¿À´Â »ó¼¼ÇÑ ¸Þ½ÃÁö¸¦ Âü°íÇÑ´Ù.
  • cfagent ¸¦ ½ÇÇàÇÒ ¶§ --dry-run (¶Ç´Â -n) ¿É¼ÇÀ» ÁÖ¸é ½ÇÁ¦ ½ÇÇàÀÌ µÇÁö ¾Ê°í ¾î¶°ÇÑ ÀÛµ¿À» ÇÏ´ÂÁö º¸¿©ÁØ´Ù. -v ¿É¼ÇÀ» ÁÖ¸é »ó¼¼ÇÑ ³»¿ëÀ» º¸¿©ÁØ´Ù. cfengineÀº ±âº»ÀûÀ¸·Î´Â 1ºÐ¿¡ Çѹø ÀÌ»ó ½ÇÇàÇÏÁö ¾Êµµ·Ï µÇ¾îÀÖÀ¸¸ç Ãʱâ Å×½ºÆÃÀ» ÇÒ¶§´Â ºÒÆíÇÑ ±â´ÉÀÌ´Ù. ÀÌ°æ¿ì cfagent.conf ¿¡¼­ IfElapsed ¸¦ 0À¸·Î ÇØÁØ´Ù. -q ¿É¼ÇÀº ½ÇÇàÇϱâ Àü¿¡ ¾à°£ÀÇ ½Ã°£À» ±â´Ù¸®´Â °ÍÀ» ÇÏÁö¸»¶ó´Â °ÍÀÌ´Ù. Ãß°¡¿É¼ÇÀ¸·Î´Â -K ¶ôÆÄÀÏÀ» ¹«½Ã, -DInit ´Â ³×Æ®¿öÅ© ÀÎÅÍÆäÀ̽º¸¦ Àá½Ã off, on Çϸç ÆÄÀ̾î¿ùÀ» ¼¼ÆÃÇÏ°í Áö³­ ¼³Á¤Á¤º¸¸¦ Áö¿ì´Â ¿É¼ÇÀÌ´Ù.

6.5. µð·ºÅ丮 ±¸Á¶

  • ¸¶½ºÅͼ­¹ö /usr/local/var/cfengine/inputs : °¢ Ŭ¶óÀ̾ðÆ®¿¡¼­ °øÀ¯ÇÒ ¼³Á¤ÆÄÀÏ. cfservd.conf ¿¡¼­ ÁöÁ¤ÇÏ¸ç ´Ù¸¥ µð·ºÅ丮·Î ¹Ù²Ù¾îµµ »ó°ü¾ø´Ù. /usr/local/cfengine : Ãʱ⠼³Ä¡½Ã ¹ÙÀ̳ʸ® ÆÄÀÏ. ¼Ò½º·Î ¼³Ä¡ÇÒ °æ¿ì¿¡´Â °¢ÀÚ ´Ù¸¦ °ÍÀ̸ç rpmÀ¸·Î ¼³Ä¡ÇÏ´Â °æ¿ì¿¡´Â rpm À§Ä¡¿¡ µû¶ó ´Ù¸¦ °ÍÀÌ´Ù.
  • Ŭ¶óÀ̾ðÆ® /var/cfengine/bin : ¹ÙÀ̳ʸ® ÆÄÀÏ /var/cfengine/inputs : °¢ ¼³Á¤ÆÄÀÏ ¹× ¹ÙÀ̳ʸ® ÇÁ·Î±×·¥ /var/cfengine/ppkeys : Å°ÆÄÀÏ µð·ºÅ丮 ³ª¸ÓÁö µð·ºÅ丮´Â ÀÚµ¿À¸·Î »ý±â´Â °ÍÀÓ
[root@localhost cfengine]# tree -d /var/cfengine/
/var/cfengine/
|-- bin
|-- inputs
|-- modules
|-- ppkeys
|-- ppkeys1
|-- rpc_in
|-- rpc_out
`-- state

6.6. cfrun

¸¶½ºÅͼ­¹ö¿¡¼­ ¿ø°ÝÀ¸·Î ¿©·¯°¡Áö ¸í·ÉÀ» ½ÇÇàÇÏ´Â °ÍÀÌ´Ù. ¸¶½ºÅÍ¿¡¼­ °¢ ¼­¹ö·Î ½ÇÇàÀ» ÇÏ´Â push ¹æ½ÄÀÌ´Ù. ÀÌ ÇÁ·Î±×·¥À» ½ÇÇàÇÏ·Á¸é cfrun.hosts ÆÄÀÏÀÌ ÇÊ¿äÇϸç /var/cfengine/inputs ¿¡ ³Ö¾îµÎ¸é µÈ´Ù. ¶ÇÇÑ °¢ È£½ºÆ®¿¡´Â cfservd°¡ ¶° ÀÖ¾î¾ßÇÑ´Ù. cfservd°¡ ¸¶½ºÅÍ¿¡ ¶° ÀÖÀ»¶§´Â °¢ Ŭ¶óÀ̾ðÆ®¿¡¼­ Á¢¼ÓÀ» ÇÒ ¼ö ÀÖµµ·Ï ÇÏ´Â ¿ªÇÒÀÌÁö¸¸ cfrunÀ» ÀÌ¿ëÇÒ °æ¿ì¿¡´Â °¢ ´ë»ó ÄÄÇ»ÅÍ¿¡ ´ë¸óÀÌ ¶° ÀÖ¾î¾ß ÇÑ´Ù.

# cat cfrun.hosts
domain=tunelinux.pe.kr
cent.tunelinux.pe.kr
cent2.tunelinux.pe.kr

¾Æ¹« ÀÎÀÚ¾øÀÌ cfrun À» ½ÇÇàÇϸé ÀÚµ¿À¸·Î cfrun.hosts ÆÄÀÏÀ» Àоîµé¿© °¢ ½Ã½ºÅÛ¸¶´Ù cfagent¸¦ ½ÇÇàÇÑ´Ù. È­¸é¿¡¼­´Â ½ÇÁ¦ Àû¿ëµÈ ºÎºÐ¸¸ °£´ÜÇÏ°Ô º¸¿©ÁØ´Ù. ¾Æ·¡´Â ÀϺη¯ cent2 ÀÇ /etc/crontab, /etc/security/access.conf ÆÄÀÏÀ» ¼öÁ¤ÇÑ °ÍÀÌ´Ù.
# cfrun
cfrun(0):         .......... [ Hailing cent.tunelinux.pe.kr ] ..........
cfrun(0):         .......... [ Hailing cent2.tunelinux.pe.kr ] ..........

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

cfengine:cent2: Saving edit changes to file /etc/crontab
cfengine:cent2: Saving edit changes to file /etc/security/access.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


7. Âü°í»çÇ×

7.1. Ŭ·¡½º

  • Ŭ·¡½º¸¦ Àß È°¿ëÇÏ¿© ±×·ìº°·Î Á¤Ã¥À» Àû¿ëÇÒ ¼ö ÀÖ´Ù.
  • ±âÁ¸ ³»ÀåµÈ Ŭ·¡½º°¡ ÀÖÀ¸¸ç architecture, hostname, ip, os, date, time µîÀÌ ÀÖÀ½.
  • Ŭ·¡½ºÈ®ÀÎÇϱâ : cfagent -p -v | grep -i define ¸í·ÉÀ» ÀÌ¿ëÇÑ´Ù.
  • ÀÌ¹Ì ¼³Á¤µÈ Ŭ·¡½º´Â ¸î°¡Áö Ä«Å×°í¸®·Î ³ª´©¾îÁø´Ù. Operating System, Kernel, Architecture, Hostname, IP Address, Date/Time
  • ¸ðµç ½Ã½ºÅÛÀº any Ŭ·¡½ºÀÇ È¸¿øÀÌ´Ù.
# cfagent -p -v | grep -i define
Additional hard class defined as: 32_bit
Additional hard class defined as: linux_2_6_9_42_0_3_EL
Additional hard class defined as: linux_i686
Additional hard class defined as: linux_i686_2_6_9_42_0_3_EL
Additional hard class defined as: linux_i686_2_6_9_42_0_3_EL__1_Fri_Oct_6_05_59_54_CDT_2006
Defined Classes = ( 222_112_137 222_112_137_162 32_bit DNSservers Day3 Friday Hr18 Hr18_Q2 
INTRAservers MAILservers Min25_30 Min27 November Q2 WWWservers Yr2006 addr_ allservers any c1 
call cent cent_tunelinux_pe_kr centos centos_4 centos_4_4 cfengine_2 cfengine_2_1 cfengine_2_1_21 
cfengineservers compiled_on_linux_gnu dnsservers fe80__20c_29ff_fe14_2f08 i686 ipv4_222 ipv4_222_112 ipv4_222_112_137
 ipv4_222_112_137_162 kr linux linux_2_6_9_42_0_3_EL linux_i686 linux_i686_2_6_9_42_0_3_EL 
linux_i686_2_6_9_42_0_3_EL__1_Fri_Oct_6_05_59_54_CDT_2006 net_iface_eth0 net_iface_lo pe_kr redhat tunelinux_pe_kr )
  • »ç¿ëÀÚ°¡ ÁöÁ¤Çϴ Ŭ·¡½ºÀÇ ¸î°¡Áö ¿¹Á¦
c1 = ( cent.tunelinux.pe.kr )
mailservers = ( '/usr/bin/test -d /var/qmail' )
dnsservers = ( '/usr/bin/test -f /etc/named.conf' )
cfengineservers = ( '/usr/bin/test -f /usr/sbin/cfagent' )
yumservers = ( '/usr/bin/test -f /etc/yum.repos.d/CentOS-Base.repo' )
allservers = ( c1 c2 mailservers dnsservers cfengineservers yumservers )

7.2. ÁÖÀÇ»çÇ×, »ç¿ëÇϸ鼭 À̽´°¡ µÇ¾ú´ø »çÇ×

  • reverse dns ÁúÀÇ : ƯÁ¤¼­¹ö¿¡ DNS¿¡ µî·ÏµÇ¾îÀÖÁö ¾ÊÀº °æ¿ì class¿¡ ip¸¦ ³ÖÀ¸¸é Àû¿ëÀÌ µÇÁö ¾Ê¾ÒÀ½. ÇØ´ç ¼­¹ö¿¡ µµ¸ÞÀθíÀ» ¼³Á¤ÇØÁÖ°í Ŭ·¡½º¿¡¼­µµ È£½ºÆ®¸íÀ» ³Ö¾îÁØ ´ÙÀ½ cfengine Áß¾Ó ¸¶½ºÅͼ­¹ö¿¡¼­ /etc/hosts¿¡ ÇØ´ç µµ¸ÞÀÎÀ» Ãß°¡ÇØÁÖ´Ï Å¬·¡½º ±¸ºÐÀÌ ÀÛµ¿À» ÇÏ¿´À½. °¡±ÞÀû DNSµî·ÏÇÏ´Â°Ô °¡Àå Æí¸®ÇÏ°ÚÁö¸¸ DNSµî·ÏÀ» ÇÏÁö ¾Ê´Â °æ¿ì ÀÓÀÇÀÇ È£½ºÆ®¸íÀ» ¼³Á¤ÇØÁÖ°í cfengine ¼­¹ö¿¡¼­ /etc/hosts ÆÄÀÏ¿¡ ³Ö¾îÁÖ´Â°Ô ÁÁÀ»°ÍÀÓ. ¾Æ·¡´Â DNS¿¡ µî·ÏµÇÁö ¾ÊÀº È£½ºÆ®³×ÀÓÀ¸·Î cfengine ¼­¹ö¿¡ Á¢¼ÓÇÑ °æ¿ìÀÓ.
Nov 10 11:33:15 mirrot cfservd[9610]:  Unable to lookup hostname (techlab.tunelinux.pe.kr) or cfengine service: Name or service not known
{*} ÀÌ·² °æ¿ì IPRange ¸¦ ÀÌ¿ëÇϸé Æí¸®ÇÔ. ip´ë¿ªÀ» ÁöÁ¤ÇÏ¸é µÊ. ÀÌ°æ¿ì¿¡´Â dns µî·ÏÀ» ÇÏÁö ¾Ê¾Æµµ ±¦Âú¾ÒÀ½.
  • Á¢±Ù±ÇÇÑ°ü¸® : cfservd.conf ¿¡¼­ admit À¸·Î Á¢±ÙÇÒ ¼ö ÀÖ´Â ip¸¦ Á¦ÇÑÇÔ. SkipVerify, /etc/hosts ÆÄÀÏ µî·Ï°ú´Â »ó°üÀÌ ¾øÀ½.
  • cfservd ¿¡¼­ split ¸¦ ÀÌ¿ëÇÏ¿© Á¢±Ù±ÇÇÑÀ» ½±°Ô ¼³Á¤ÇÒ ¼ö ÀÖÀ½
  • ÆÄÀϺ¹»ç : ¼­¹öÀÇ ÆÄÀÏ°ú ŸÀÓ½ºÅÆÇÁ ºñ±³ÇÏ¿© º¹»ç¸¦ ÇÔ. Ŭ¶óÀ̾ðÆ®¿¡¼­ ¼öÁ¤Çß´Ù°í ÇÏ´õ¶óµµ ¼­¹ö¿¡¼­ ¼öÁ¤ÇÏÁö ¾Ê¾ÒÀ¸¸é º¹»ç°¡ µÇÁö ¾ÊÀ½
  • cfservd, cfexecd ´Â cfagent.conf ¿¡¼­ ÁöÁ¤ÇÏ¿© °è¼Ó ¶°ÀÖµµ·Ï ÇÔ
  • cfagent ¸¦ cron¿¡ µî·ÏÇÏ¿© ÀÏÁ¤½Ã°£ °£°ÝÀ¸·Î(¿¹: 1ȸ/1½Ã°£) ½ÇÇàÇϵµ·Ï ÇÏ¿© cfservd/cfexecd ÇÁ·Î¼¼½º¸¦ üũÇÔ
  • rpm À¸·Î ¼³Ä¡ÇÑ °æ¿ì¿¡´Â ¹ÙÀ̳ʸ® ÆÄÀÏÀÌ /usr/bin Àΰ¡ À§Ä¡Çؼ­ /var/cfengine/bin µð·ºÅ丮·Î ½Éº¼¸¯ ¸µÅ©(¹Ýµå½Ã ÇÊ¿äÇÑ °ÍÀº ¾Æ´Ô)
  • cfagent.conf ¿¡¼­ smtp ¼­¹ö¸¦ ÀÌ¿ëÇÏ¿© cfexecd ¿¡¼­ ½ÇÇàÇÑ °æ¿ì ¸ÞÀÏ·Î º¸³»µµ·Ï ÇÒ ¼ö ÀÖÀ½. º¸°í±â´É
  • cfagent.conf ÀÇ control ¿¡¼­ ChecksumUpdates ¸¦ ÁöÁ¤Çسõ°í files ¿¡¼­ checksum ¸¦ ÁöÁ¤ÇسõÀ¸¸é üũ¼¶ °Ë»çÇÔ.
  • /tmp µð·ºÅ丮¿¡¼­´Â /etc/fstab ¿¡ noexec¸¦ »ç¿ëÇÏ´Â ´ë½Å »ç¿ëÀÚ, ±×·ì, others ¿¡°Ô ½ÇÇà±ÇÇÑÀÌ ÀÖ´Â ÆÄÀÏÀ» ÀÚµ¿À¸·Î ½ÇÇà±ÇÇÑÀ» ¾ø¾Öµµ·Ï ÇÏ¿´À½. /tmp ¿¡¼­ ½ÇÇà±ÇÇÑÀÌ ÀÖ´Â ÇÁ·Î±×·¥Àº Å©·¡Å·ÀÇ °¡´É¼ºÀÌ ³ôÀ½
  • files, tidy, copy µî¿¡¼­ ÁöÁ¤ÇÑ µð·ºÅ丮´Â ÀϹÝÆÄÀϸíÀÌ ¾Æ´Ñ .. µîÀ¸·Î ½ÃÀÛÇÏ´Â ÆÄÀÏÀ» °Ë»çÇÔ. control ¿¡¼­ NonAlphaNumFiles ¸¦ ÇسõÁö ¾Ê¾Æµµ µÇ¸ç NonAlphaNumFiles ¸¦ Çϸé ÀÚµ¿À¸·Î ¾ËÆĺªÀÌ ¾Æ´Ñ ÆÄÀÏÀ» º¯°æÇعö¸®±â ¶§¹®¿¡ {*} Çѱۿ¡¼­ ¹®Á¦°¡ »ý±è.
  • files ¿¡¼­´Â ÇÏÀ§µð·ºÅ丮¸¦ ÁöÁ¤Çصµ ÆÄÀÏ¿¡¸¸ ¿µÇâÀ» ÁÜ. directories ¿ÍÀÇ Â÷ÀÌÁ¡Àº directories ´Â µð·ºÅ丮 »ý¼º¿¡ »ç¿ëÇÔ.

8. Âü°íÀÚ·á

  • http://www.cfengine.org/ cfengine »çÀÌÆ®
  • °ü·Ã¸Å´º¾ó : À§ÀÇ »çÀÌÆ®¿¡¼­ Æ©Å͸®¾óÀº ¼¼ÆÃÇÏ´Â ¹æ¹ý ¹× »ç¿ë¹ý¿¡ ´ëÇÏ¿© ·¹ÆÛ·±½º´Â °³º° ÇÁ·Î±×·¥ÀÇ »ó¼¼ÇÑ »ç¿ë¹ý¿¡ ´ëÇؼ­ ³ª¿ÍÀÖ´Ù. ·¹ÆÛ·±½º ¸Å´º¾ó¿¡¼­ ¼³Á¤ÆÄÀÏ ¿¹Á¦°¡ ÀÖÀ¸¸ç À̸¦ Âü°íÇÏÀÚ. ¿©±âÀÇ ¼³Á¤ÆÄÀÏ ¿¹Á¦´Â Ãʱâ ÇÁ·Î±×·¥ ¼³Ä¡½Ã share/ µð·ºÅ丮¿¡µµ »ý¼ºÀÌ µÈ´Ù.
  • Automating UNIX and Linux Administration ¼­Àû http://tunelinux.pe.kr/gboard/bbs/board.php?bo_table=link_book&wr_id=59
  • ½Ã½ºÅÛ°ü¸®ÀÇ ÇÙ½É °³Á¤ 3ÆÇ 14Àå °ü¸® ÀÛ¾÷ ÀÚµ¿È­ (ÇѺû³×Æ®¿öÅ©¿¡ °£´ÜÇÑ ³»¿ëÀÌ ÀÖÀ¸³ª Ã¥¿¡ ÀÖ´Â ³»¿ëÀÓ)
  • http://network.hanbitbook.co.kr/view.php?bi_id=644 ÇѺû³×Æ®¿öÅ© °­Á ½Ã½ºÅÛ °ü¸®¿ë ¿ÀÇ ¼Ò½º ÆÐÅ°Áö Åé 5: Á¦5Æí Cfengine
  • À©µµ¿ìÁî¿¡¼­µµ È°¿ëÀÌ °¡´ÉÇϸç http://www.cfengine.org/confdir/nt-howto.html ³»¿ëÀ» Âü°í·Î ÇÏ¿© ¼³Ä¡ÇÑ´Ù. ¸ÕÀú cygwin À» ¼³Ä¡ÇؾßÇÑ´Ù.


ID
Password
Join
You have an ability to sense and know higher truth.


sponsored by andamiro
sponsored by cdnetworks
sponsored by HP

Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2009-11-12 10:37:00
Processing time 0.0139 sec