blas.phemo.usTres' Notes from Under*nix |
Posted by Tres Sun, 21 Oct 2007 14:13:00 GMT
If CfEngine starts complaining about too many cfagents running, just shut down all cfengine related services
sudo /etc/init.d/cfexecd stop sudo /etc/init.d/cfenvd stop sudo /etc/init.d/cfservd stop
then move /var/cfengine/cfenginelockdb
[tres@calliope cfengine]$ sudo mv /var/cfengine/cfengine_lock_db /var/cfengine/cfengine_lock_db.old
Posted by Tres Fri, 12 Jan 2007 09:23:00 GMT
The following CFEngine configuration file will take all the necessary steps required to set up OpenVirtuozzo on a system. It’s a good idea to have a separate, and fairly large partition set aside for the virtual environments. Mount it as /vz. The file contains some stuff that’s internal; mostly file copy stuff. You can easily remove the stuff you don’t need–CFEngine will still build you a working OpenVZ server as fast as you can type cfagent -qv
If you don’t want to screen scrape the file, you can download it from here.
##################################################
#
# System Specific Configuration
#
##################################################
classes:
linux::
has_vz_yum = ( FileExists(/etc/yum.repos.d/openvz.repo) )
has_vz_kernel = ( ReturnsZero(/bin/rpm -q --quiet ovzkernel-enterprise) )
has_vzctl = ( ReturnsZero(/bin/rpm -q --quiet vzctl) )
has_vzquota = ( ReturnsZero(/bin/rpm -q --quiet vzquota) )
has_vzpkg = ( ReturnsZero(/bin/rpm -q --quiet vzpkg) )
has_vzyum = ( ReturnsZero(/bin/rpm -q --quiet vzyum) )
has_vzprocps = ( ReturnsZero(/bin/rpm -q --quiet vzprocps))
has_vzrpm43_python = ( ReturnsZero(/bin/rpm -q --quiet vzrpm43-python) )
has_vzrpm44_python = ( ReturnsZero(/bin/rpm -q --quiet vzrpm44-python) )
has_vztmpl_fedora_core_3 = ( ReturnsZero(/bin/rpm -q --quiet vztmpl-fedora-core-3 ) )
has_vztmpl_fedora_core_4 = ( ReturnsZero(/bin/rpm -q --quiet vztmpl-fedora-core-4 ) )
has_vztmpl_fedora_core_5 = ( ReturnsZero(/bin/rpm -q --quiet vztmpl-fedora-core-5 ) )
has_vztmpl_centos_4 = ( ReturnsZero(/bin/rpm -q --quiet vztmpl-centos-4 ) )
has_vztmpl_debian_31 = ( FileExists(/vz/template/cache/debian-3.1-i386-minimal.tar.gz) )
has_vztmpl_gentoo_63 = ( FileExists(/vz/template/cache/gentoo-20060317-i686-stage3.tar.gz) )
has_sysstat = ( ReturnsZero(/bin/rpm -q --quiet sysstat))
init_vzpkgcache = ( FileExists(/vz/.vzpkgcache_init) )
has_ruby = ( ReturnsZero(/bin/rpm -q --quiet ruby) )
has_screen = ( ReturnsZero(/bin/rpm -q --quiet screen) )
has_prm = ( FileExists(/usr/local/prm/prm) )
control:
iptables_status = ( ExecResult(/sbin/chkconfig --list iptables) )
shaper_status = ( ExecResult(/sbin/chkconfig --list shaper) )
VpsAdminLib = ( /usr/local/lib/vpsadmin )
groups:
iptables_enabled = ( RegCmp(".*3:on.*","${iptables_status}") )
shaper_enabled = ( RegCmp(".*3:on.*","${shaper_status}") )
##################################################
directories:
##################################################
links:
linux::
/usr/local/sbin/prm -> /usr/local/prm/prm
/vz/scripts -> /etc/sysconfig/vz-scripts
##################################################
copy:
linux::
${FileSource}/node/installers/prm/prm
dest=/usr/local/prm/prm
ignore=.svn
recurse=5
mode=751
owner=root
group=root
${FileSource}/node/etc/prm.cron
dest=/etc/cron.d/prm
mode=644
owner=root
group=root
${FileSource}/node/etc/sysconfig/iptables
dest=/etc/sysconfig/iptables
mode=644
owner=root
group=root
${FileSource}/node/etc/init.d/shaper
dest=/etc/init.d/shaper
mode=755
owner=root
group=root
${FileSource}/node/etc/sysconfig/tc
dest=/etc/sysconfig/tc
mode=644
owner=root
group=root
${FileSource}/node/lib/vpsadmin
dest=${VpsAdminLib}
ignore=.svn
recurse=2
mode=751
owner=root
group=root
${FileSource}/node/bin
dest=/usr/local/bin
recurse=1
mode=751
owner=root
group=root
${FileSource}/node/etc/sysconfig/vz-scripts
dest=/etc/sysconfig/vz-scripts
mode=644
recurse=1
owner=root
group=root
##################################################
editfiles:
linux.serviceadd::
{
/etc/sysctl.conf
EmptyEntireFilePlease
InsertFile "${FileSource}/node/etc/sysctl.conf"
AppendIfNoSuchLine "kernel.core_uses_pid = 1"
AppendIfNoSuchLine "net.ipv4.ip_forward = 1"
AppendIfNoSuchLine "net.ipv4.conf.default.proxy_arp = 0"
AppendIfNoSuchLine "net.ipv4.conf.all.rp_filter = 1"
AppendIfNoSuchLine "kernel.sysrq = 1"
AppendIfNoSuchLine "net.ipv4.conf.default.send_redirects = 1"
AppendIfNoSuchLine "net.ipv4.conf.all.send_redirects = 0"
}
{
/etc/sysconfig/selinux
EmptyEntireFilePlease
AppendIfNoSuchLine "SELINUX=disabled"
}
{
/etc/grub.conf
ReplaceAll "default=1" With "default=0"
}
{
/etc/fstab
LocateLineMatching ".*\/vz.*"
ReplaceAll "defaults " With "defaults,noatime"
}
{
/etc/vz/vz.conf
EmptyEntireFilePlease
InsertFile "${FileSource}/node/etc/vz/vz.conf"
}
{
/root/.bash_profile
AppendIfNoSuchLine "screen -D -R"
}
##################################################
files:
/etc/sysconfig/vz-scripts/disabled/
mode=755
action=create
owner=root
group=wheel
action=touch
/etc/sysconfig/vz-scripts/backups/
mode=755
action=create
owner=root
group=wheel
action=touch
##################################################
shellcommands:
!has_vz_yum::
"/bin/rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ"
"/usr/bin/wget -P/etc/yum.repos.d/ http://download.openvz.org/openvz.repo"
!has_vz_kernel::
"/usr/bin/yum -y install ovzkernel-enterprise"
"/bin/cp /boot/grub/grub.conf /tmp/grub.conf"
"/bin/cat /tmp/grub.conf | /bin/sed 's/default=1/default=0/g' > /boot/grub/grub.conf"
"/sbin/reboot"
!has_vzquota::
"/usr/bin/yum -y install vzquota"
!has_vzctl::
"/usr/bin/yum -y install vzctl"
"/sbin/chkconfig vz on"
!has_vzpkg::
"/usr/bin/yum -y install vzpkg"
!has_vzyum::
"/usr/bin/yum -y install vzyum"
!has_vzprocps::
"/bin/rpm -ivh ${FileSource}/node/installers/vzprocps/vzprocps.rpm"
!has_vzrpm43_python::
"/usr/bin/yum -y install vzrpm43-python"
!has_vzrpm44_python::
"/usr/bin/yum -y install vzrpm44-python"
!has_vztmpl_fedora_core_3::
"/usr/bin/yum -y install vztmpl-fedora-core-3"
!has_vztmpl_fedora_core_4::
"/usr/bin/yum -y install vztmpl-fedora-core-4"
!has_vztmpl_fedora_core_5::
"/usr/bin/yum -y install vztmpl-fedora-core-5"
!has_vztmpl_centos_4::
"/usr/bin/yum -y install vztmpl-centos-4"
!has_vztmpl_debian_31::
"/usr/bin/wget -P/vz/template/cache/ http://download.openvz.org/template/precreated/debian-3.1-i386-minimal.tar.gz"
!has_vztmpl_gentoo_63::
"/usr/bin/wget -P/vz/template/cache/ http://download.openvz.org/template/precreated/gentoo-20060317-i686-stage3.tar.gz"
!init_vzpkgcache::
"/etc/init.d/vz start"
"/usr/bin/vzpkgcache"
"/bin/touch /vz/.vzpkgcache_init"
!has_ruby::
"/usr/bin/yum -y install ruby"
!has_screen::
"/usr/bin/yum -y install screen"
!has_sysstat::
"/usr/bin/yum -y install sysstat"
!iptables_enabled::
"/sbin/chkconfig iptables on"
"/sbin/service iptables start"
!shaper_enabled::
"/sbin/chkconfig shaper on"
"/sbin/service shaper start"
##################################################
processes:
##################################################
tidy:
##################################################
Posted by Tres Fri, 07 Jul 2006 13:56:00 GMT
The easiest way to make sure that your configuration files have the right stuff in them is to use CFEngine’s editfiles: section to remove unwanted lines, and to add lines to them.
The following shows how to remove lines from /etc/rc.conf by using CFEngine’s DeleteLinesContaining command:
editfiles:
This next example shows how to add a line to a file via CFEngine if the line doesn’t already exist in the file:
editfiles:
Posted by Tres Fri, 07 Jul 2006 12:59:00 GMT
CFEngine has built in functionality to work with RPMS, Debian Packages or Solaris packages, but that doesn’t mean that you can’t use it to manage package installations on FreeBSD.
To manage packages on FreeBSD use group: or class: sections to see whether a package is installed, like this:
groups:
The x flag will treat the package name as a regular expression, so you don’t need to worry about versions – just use the package name that you’re looking for.
Now, once CFEngine knows the state of the package installation, it needs to take action based upon that state. In the shellcommands: section, we’ll tell CFEngine to run the installer if the package state is not installed.
!has_<package>::
We can use portinstall (part of the portupgrade package) to install packages, or use pkg_add -r install the pre-compiled package.
!has_<package>::
This will automatically take care of installing the package.
Installing bash via CFEngine
To see whether bash was installed, we would use the following line in the group: or class: section of the .cf file:
groups:
And we’d put the following into the shellcommands: section of the file:
shellcommands:
Posted by Tres Fri, 07 Jul 2006 11:38:00 GMT
So CFEngine has a useless directory: section which will do absolutely nothing if you want to actually create a directory.
To create a directory in CFEngine use the files section like this:
files:
/home/students/