Root4Star CFEngine Instructions

Under:

Part1: Steps for installing CFEngine 3 and running the installstar policy manually

 

Step 1-1. Get CFEngine installer file.
     wget http://www.star.bnl.gov/irmo/cfengine/cfengine-community-3.3.9-1.x86_64.rpm

(file was taken from CFEngine website just held locally)

 
Step 1-2. Install Cfengine
     /bin/rpm -ivh cfengine-community-3.3.9-1.x86_64.rpm

 
Step 1-3. Get local ip address
    
/sbin/ifconfig

 

Step 1-4. Bootstrap cfengine to itself (no quotes for ip address)
     /var/cfengine/bin/cf-agent --bootstrap --policy-server ‘ip address’

Note: While we are not using an actual policy server in these instructions, cfengine needs some policy server in order to run. Since any Cfengine client can also be a policy hub, we bootstrap it to itself.

 

Step 1-5. Get the policy and place it in /var/cfengine/masterfiles.
     cd /var/cfengine/masterfiles
     wget http://www.star.bnl.gov/irmo/cfengine/installstar.cf

 

Step 1-6. Manually instigate the policy with output to the screen.
    
/var/cfengine/bin/cf-agent -KI -f installstar.cf

 

(At this time the policy will need to make a few passes because of certain conditions (classes) in the policy that are not met until the first run is finished. You can continue to instigate the policy using the command /var/cfengine/bin/cf-agent –KI –f installstar.cf until the output Reports the 4 lines below.

     R: All of the required packges have been installed! :-)
      R: The installstar script has been installed! :-)
      R: The user staruser has been created and already exists! :-)
      R: The rhstar group has been created and already exists! :-)

Step 1-7. Once the policy has full completed you should su to the staruser.
     su - staruser
 
Y
ou should then be able to run
      root4star

More info: Cfengine policies are designed to reach its desired state by “repairing” the machine to your specification by running the policies multiple times (This is typical with large policies like installstar.cf, this is not usually necessary with smaller policies). Once we have a dedicated policy hub we can tell Cfengine to run every 5 or 10 minutes (or any at time we like). We set this in the promises.cf file; this file is the main CFEngine file that runs all other policies.


-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Part 2: How to setup CFEngine Policy hub & allow CFEngine to automate the installstar policy.

 

Log onto the machine that you want to be the policy hub to be and complete Steps 1-1 to 1-4 as seen above.

 

Step 2-5. Get the policy and place it in /var/cfengine/masterfiles
    
cd /var/cfengine/masterfiles
     wget
http://www.star.bnl.gov/irmo/cfengine/installstar_auto.cf

 

Step 2-6. Get the modified promises.cf file and place it in /var/cfengine/masterfiles

Note: This file must be named promises.cf. It may be wise to backup your default promises file if you need to go back (the changes are minimal from default)
    
mv /var/cfengine/masterfiles/promises.cf promises.cf.old
     cd /var/cfengine/masterfiles
     wget http://www.star.bnl.gov/irmo/cfengine/promises.cf

               

At this point you should be able to just wait and let CFEngine work its magic. You can look in the /var/cfengine/outputs directory and you will see logs generated every 5 minutes. You will see the same logs as you saw in the first part of this tutorial when you ran /var/cfengine/bin/cf-agent –KI –f installstar.

 

Note: You will not be able to run /var/cfengine/cf-agent –KI –f installstar_auto.cf against that policy as it relies on the promises.cf file for its bundlesequence (See commented lines at the top of installstar_auto.cf)

Although, if you keep the original installstar.cf file you can still instigate that policy manually.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Part 3: Allowing other machines to bootstrap (connect) to your policy-hub

 

For this tutorial you will need to complete all of the steps in “Part 2: How to setup CFEngine Policy hub & allow CFEngine to automate installstar.cf”

 
ON THE POLICY HUB

Step 3-1. You will need to add a firewall rule to /etc/sysconfig/iptables to allow machines to bootstrap to the hub.
     Any where under :OUTPUT ACCEPT[0: 0]
     Add the lines -A INPUT -p tcp -m state --state NEW -m tcp --dport 5308 -j ACCEPT

 

Then restart iptables
     service iptables restart

 
ON THE CLIENT MACHINE(s)

Step 3-2. Get CFEngine installer file.
    
wget http://www.star.bnl.gov/irmo/cfengine/cfengine-community-3.3.9-1.x86_64.rpm

 

Step 3-3. Install Cfengine.
    
rpm –Ivh  cfengine-community-3.3.9-1.x86_64.rpm

 
Step 3-4. Bootstrap to the policy-hub (no quotes)
     /var/cfengine/bin/cf-agent --bootstrap--policy-server ‘ip address of Policy Hub’

 

CFEngine will log to the screen that the bootstrap was successful. Now you can wait and watch the policies/policy populate in the directory /var/cfengine/inputs.
You can look in /var/cfengine/outputs to see the generated logs. By using the promises.cf file from www.star.bnl.gov, logs will be generated every 5 minutes.