cfengineテスト
環境
3台の仮想マシン:
192.168.60.128(policy hub) server
192.168.60.129(client) agent1
192.168.60.130(client) agent2
構成が完了しました.テストの準備ができました.次の要件があります.
1.server、agent 1はtestユーザーを確立し、agent 2はtestユーザーを削除する
2.sshを設定してtestユーザーがログインできないようにする
3.同期スクリプトディレクトリ
4.スクリプトに実行権限があることを確認する
5.lamp環境のインストール
6.apache、mysqlサービスの運行を確保する
次の例はテストされたもので、serverで作成されたいくつかの修正が必要かもしれません.
server、agent 1はtestユーザーを確立し、agent 2はtestユーザーを削除する
sshを構成してtestユーザーがログインできないようにする
スクリプト・ディレクトリを同期し、スクリプトに実行権限があることを確認します.
lamp環境のインストール
apache、mysqlサービスの実行を確認
上のファイルをmasterfilesディレクトリに置いてmasterfilesでpromisesを変更します.cf
Lampインストールスクリプトは添付ファイルにあり、Notepad++を使用して開き、スクリプトを/mnt/public/shellにコピーします.
3台の仮想マシン:
192.168.60.128(policy hub) server
192.168.60.129(client) agent1
192.168.60.130(client) agent2
構成が完了しました.テストの準備ができました.次の要件があります.
1.server、agent 1はtestユーザーを確立し、agent 2はtestユーザーを削除する
2.sshを設定してtestユーザーがログインできないようにする
3.同期スクリプトディレクトリ
4.スクリプトに実行権限があることを確認する
5.lamp環境のインストール
6.apache、mysqlサービスの運行を確保する
次の例はテストされたもので、serverで作成されたいくつかの修正が必要かもしれません.
server、agent 1はtestユーザーを確立し、agent 2はtestユーザーを削除する
- bundle agent user_add_del # user_add_del.cf
- {
- vars:
- "users" slist => {"test"};
- classes:
- "add_$(users)" not => userexists("$(users)"); # class
- commands:
- # classes test , echo
- # cfengine ,
- # ifvarclass class expression
- # "cfengine::"
- "/bin/bash $(sys.workdir)/inputs/shell/useradd.sh $(users)"
- ifvarclass => "add_$(users)&(192_168_60_128|192_168_60_129)";
- # "192_168_60_130" hard class, cfengine
- "/usr/sbin/userdel -rf $(users)"
- ifvarclass => "!add_$(users)&192_168_60_130";
- }
sshを構成してtestユーザーがログインできないようにする
- bundle agent config_ssh # config_ssh.cf
- {
- vars:
- # ssh config file
- "ssh" string => "/etc/ssh/sshd_config";
-
- # ssh config to set
- "sshd[DenyUsers]" string => "test";
-
- methods: # methods agent bundle,
- "sshd" usebundle => edit_sshd;
- }
-
- bundle agent edit_sshd
- {
- files:
- "$(config_ssh.ssh)"
- handle => "edit_sshd",
- comment => "Set desired sshd_config parameters",
- edit_line => set_config_values("config_ssh.sshd"),
- classes => if_repaired("restart_sshd"); # promises repaired restart_sshd
-
- commands:
- restart_sshd.!no_restarts::
- "/etc/init.d/sshd reload"
- handle => "sshd_restart",
- comment => "Restart sshd if the configuration file was modified";
- }
-
- # Sets the RHS of variables in the file of the form # LHS RHS
- bundle edit_line set_config_values(v)
- {
- vars:
- "index" slist => getindices("$(v)");
- "cindex[$(index)]" string => canonify("$(index)"); #canonify class
-
- replace_patterns:
- "^\s*($(index)\s+(?!$($(v)[$(index)])).*|# ?$(index)\s+.*)$"
- replace_with => value("$(index) $($(v)[$(index)])"),
- classes => always("replace_attempted_$(cindex[$(index)])");
-
- insert_lines:
- "$(index) $($(v)[$(index)])"
- ifvarclass => "replace_attempted_$(cindex[$(index)])";
- }
- body classes always(x)
- {
- promise_kept => { "$(x)" };
- promise_repaired => { "$(x)" };
- repair_failed => { "$(x)" };
- repair_denied => { "$(x)" };
- repair_timeout => { "$(x)" };
- }
スクリプト・ディレクトリを同期し、スクリプトに実行権限があることを確認します.
- bundle agent copy_shell # copy_shell.cf
- {
- vars:
- # masterfiles/shell ,
- # /var/ftp/pub/shell, "bundle server access_rules"
- "shell_location" string => "/var/cfengine/masterfiles/shell";
- "inputs_location" string => "/var/cfengine/inputs";
- files:
- "$(inputs_location)/shell"
- comment => "copy shell scripts from policy hub",
- handle => "sync_shell_scripts",
- copy_from => secure_cp("$(shell_location)","$(sys.policy_hub)"),
- depth_search => shell_recurse("inf"), #
- file_select => shell_files; # ,
-
- "$(inputs_location)/shell"
- comment => "ensure shell scripts have execute permissions",
- handle => "update_shell_files",
- perms => m("755"),
- depth_search => shell_recurse("inf");
- }
-
- body file_select shell_files
- {
- leaf_name => { ".*.sh" }; # shell
- file_result => "leaf_name"; # leaf_name
- }
-
- body depth_search shell_recurse(d)
- {
- include_basedir => "true";
- depth => "$(d)";
- }
lamp環境のインストール
- #
- bundle agent lamp_pkgs_installed # lamp.cf
- {
- vars:
- "desired_pkgs" slist => { "gcc", "gcc-c++",
- "libtermcap-devel",
- "libxml2-devel",
- };
-
- packages:
- "$(desired_pkgs)"
- package_policy => "add", #
- package_method => yum,
- comment => "install desired packages";
- }
-
- # rpm packages
- bundle agent rpm_pkgs_remove
- {
- vars:
- "rpm_lamp" slist => { "httpd", "httpd-devel",
- "mysql", "mysql-server", "mysql-devel",
- "php", "php-devel", "php-mysql", "php-common",
- };
-
- packages:
- "$(rpm_lamp)"
- package_policy => "delete",
- package_method => yum,
- comment => "remove rpm version packages";
- }
- bundle agent mysql_install # mysql_install.cf
- {
- vars:
- "install_dir" string => "/usr/local/lamp/mysql";
- "config_file" string => "/etc/my.cnf";
- "shell_dir" string => "/mnt/public/shell"; #
- classes:
- "mysql_install_dir_exists"
- expression => fileexists("$(install_dir)");
- "mysql_config_file_exists"
- expression => fileexists("$(config_file)");
- reports:
- !mysql_install_dir_exists::
- "$(install_dir) is not present.";
- commands:
- # ,
- # ,
- # cf-agent,
- !mysql_install_dir_exists.Hr16.Min00_05::
- "$(shell_dir)/install_mysql.sh";
- #
- mysql_install_dir_exists&!mysql_config_file_exists::
- "/bin/cp $(install_dir)/share/mysql/my-large.cf $(config_file)";
- "/bin/chown root:root $(config_file)";
- "/bin/chmod 644 $(config_file)";
- }
- # mysql_install.cf
- bundle agent apache_install # apache_install.cf
- {
- vars:
- "install_dir" string => "/usr/local/lamp/apache";
- "config_file" string => "/etc/httpd.conf";
- "shell_dir" string => "/mnt/public/shell";
- classes:
- "apache_install_dir_exists"
- expression => fileexists("$(install_dir)");
- "apache_config_file_exists"
- expression => fileexists("$(config_file)");
- reports:
- !apache_install_dir_exists::
- "$(install_dir) is not present.";
- commands:
- !apache_install_dir_exists.Hr17.Min00_05::
- "$(shell_dir)/install_apache.sh";
- apache_install_dir_exists&!apache_config_file_exists::
- "/bin/ln -s $(install_dir)/conf/httpd.conf /etc/httpd.conf";
- }
- # mysql_install.cf
- bundle agent php_install # php_install.cf
- {
- vars:
- "install_dir" string => "/usr/local/lamp/php";
- "mysql_dir" string => "/usr/local/lamp/mysql";
- "apache_dir" string => "/usr/local/lamp/apache";
- "config_file" string => "/etc/php.ini";
- "shell_dir" string => "/mnt/public/shell";
- classes:
- "php_install_dir_exists"
- expression => fileexists("$(install_dir)");
- "mysql_install_dir_exists"
- expression => fileexists("$(mysql_dir)");
- "apache_install_dir_exists"
- expression => fileexists("$(apache_dir)");
- "php_config_file_exists"
- expression => fileexists("$(config_file)");
- reports:
- !php_install_dir_exists::
- "$(install_dir) is not present.";
- commands:
- # php mysql、apache ,
- !php_install_dir_exists.mysql_install_dir_exists.apache_install_dir_exists.Hr18.Min00_05::
- "$(shell_dir)/install_php.sh";
- php_install_dir_exists&!php_config_file_exists::
- "/bin/ln -s $(install_dir)/etc/php.ini /etc/php.ini";
- }
apache、mysqlサービスの実行を確認
- bundle agent start_process
- {
- vars:
- "processes" slist => {"httpd", "mysqld"};
- classes:
- "$(processes)_exist" expression => fileexists("/etc/init.d/$(processes)");
- processes:
- "$(processes)" restart_class => canonify("start_$(processes)");
- commands:
- "/etc/init.d/$(processes) start"
- ifvarclass => "start_$(processes)&$(processes)_exist";
- reports:
- cfengine::
- "--> apache is not running on $(sys.fqhost)"
- ifvarclass => "!httpd_exist";
- "--> mysql is not running on $(sys.fqhost)"
- ifvarclass => "!mysqld_exist";
- }
上のファイルをmasterfilesディレクトリに置いてmasterfilesでpromisesを変更します.cf
- bundlesequence => {
- "main", "user_add_del", "config_ssh",
- "copy_shell",
- "lamp_pkgs_installed", "mysql_install", "apache_install",
- "php_install",
-
- };
-
- inputs => {
- "cfengine_stdlib.cf",
- "user_add_del.cf",
- "config_ssh.cf",
- "copy_shell.cf",
- "lamp/lamp.cf",
- "lamp/mysql_install.cf",
- "lamp/apache_install.cf",
- "lamp/php_install.cf",
- };
Lampインストールスクリプトは添付ファイルにあり、Notepad++を使用して開き、スクリプトを/mnt/public/shellにコピーします.