help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

using cfengine for cluster updates (and a tripwire replacement?)

From: steve rader
Subject: using cfengine for cluster updates (and a tripwire replacement?)
Date: Fri, 19 Jul 2002 09:27:16 -0500 
I manage a cluster of "clone" afs+nis nodes.  To update them, I've
been installing and configuring stuff on a "master system", doing a
"find -newer" to create a list of list of new files, using tripwire
reports to create a list of files to be removed, creating pre and
post update scripts and then (<sigh>) manually updating each node by
doing something like the following:

  sudo /afs/hep/src/clone-updates-rh6/0.19.preinst
  (cd /; sudo tar -zxpf /afs/hep/src/clone-updates-rh6/0.19.tar.gz)
  sudo /afs/hep/src/clone-updates-rh6/0.19.postinst
  sudo vi /etc/motd  # s/UW HEP 0.18/HW HEP 0.19/g
  (cd /tmp; sudo /usr/local/etc/tripwire.update)

I am very excited about automating this process using cfengine but
I'd like some help because I'm not quite sure how to migrate (from
the process above) to cfengine.  Here are my simple questions that
I can't answer after perusing the doc...

 - should I have cfengine run the pre/post install scripts 
   (en toto) or should I configure cfengine to run each 
   individual command in the pre/post install scripts?  

 - given a directory tree (or file with a list) of new 
   files only, how do I configure cfengine to push them
   out to each node? 

 - how do I update (eg "s/UW HEP 0.18/UW HEP 0.19/g") the
   version info in /etc/motd?

Here, I think, is the big issue:

Assuming some nodes are at version 0.17 and some at 0.18, can I
configure cfengine to update each node to 0.19?  It seems that, if
I untar all my updates into a single directory tree, then cfengine
will push/sync to those files on all nodes, and thus cfengine will
magically configure each node from any version to 0.19?  If so, then
can/how do I configure cfengine to run certain commands if and only
if certain files have been installed or updated?  (For example, if 
a new sshd is updated, then restart ssh service.)

And here's another big issue: 

For system (file) integrity management, are there compelling reasons
to migrate from tripwire to cfengine??

Thanks in advance for any hints, suggestions, sample configs etc!

steve 
- - - 
systems & network guy
high energy physics
university of wisconsin
reply via email to
[Prev in Thread] Current Thread [Next in Thread]