Cfengine 3 Ö¸µ¼ÊÖ²á

Cfengine¹«Ë¾  2008 °æȨËùÓÐ

 

Mark Burgess    Cfengine¹«Ë¾   

 

 

 

 

Ŀ¼

·âÃæ................................................................................................................................. 1

°æȨËùÓÐ.......................................................................................................................... 2

Ŀ¼................................................................................................................................. 3

1 ϵͳ×Ô¶¯»¯................................................................................................................... 5

1.1 ÎÞ·ìÎÞÐεعÜÀí¶àÑù»¯¸´ÔÓµÄϵͳ»·¾³............................................................... 5

1.2 ÆÚÍû¹ÜÀí—— Ò»ÖÖ³ÐŵÀíÂÛ............................................................................... 5

1.3 Ϊʲô×Ô¶¯»¯£¿.................................................................................................. 6

1.4 Éý¼¶»»´ú............................................................................................................. 6

1.5 ÄãÈçºÎ¿´´ýCfengine ?......................................................................................... 7

2  Cfengine µÄ×é¼þ.......................................................................................................... 9

2.1 °²×°.................................................................................................................... 9

2.2 ¹¤×÷Ŀ¼............................................................................................................. 9

2.3 ÑÝ×àÕß.............................................................................................................. 10

2.4 ¹ØÓÚ Cfengine µÄ¼Ü¹¹....................................................................................... 11

2.5 ²ßÂÔ¾ö¶¨Á÷³Ì.................................................................................................... 12

2.6 ´ÓÃâ·Ñ°æ±¾¿ªÊ¼................................................................................................ 13

3 ÈçºÎÖ´ÐкͲâÊÔÒ»¸öcfengine²ßÂÔ............................................................................... 15

3.1 Hello World........................................................................................................ 15

3.2 ²é¿´Ò»¸öÎļþ.................................................................................................... 17

3.3 ¸Ä±äÃÜÂë........................................................................................................... 18

3.4 ¸üÐÂ×é-¹©Ó¦...................................................................................................... 19

3.5 ±¨¸æ.................................................................................................................. 20

3.6 cf-execd.............................................................................................................. 20

4  Ò»¸ö¸ÅÄîÉϵļòµ¥ËٳɿÎ.......................................................................................... 22

4.1 ¹æÔò¾ÍÊdzÐŵ.................................................................................................... 22

4.2 ¿ØÖƳÐŵ........................................................................................................... 23

4.3 ±äÁ¿.................................................................................................................. 25

4.3.1 ±êÁ¿±äÁ¿................................................................................................. 25

4.3.2 Áбí±äÁ¿................................................................................................. 25

4.3.3 ¹ØÁªµÄÊý×é.............................................................................................. 26

4.4  ¾ö¶¨................................................................................................................ 26

4.5 Ñ­»·³ÌÐò........................................................................................................... 29

4.6 Ö÷ÒªµÄ³ÐŵÀàÐÍ................................................................................................ 30

5. ʹÓÃcfengine×÷Ϊǰ¶Ë»òÕß´úÌæcron.......................................................................... 31

5.1 ÎÒÐèҪʹÓÃcronÂð?........................................................................................... 31

5.2 µ¥Ò»cronÈÎÎñµÄʵÏÖ......................................................................................... 31

5.3 ½á¹¹»¯ÃüÁî³Ðŵ................................................................................................ 32

5.4Õ¹¿ªÖ÷»úʱ¼ä..................................................................................................... 33

5.5´´½¨Áé»îµÄʱ¼äÀà.............................................................................................. 33

5.6Ñ¡ÔñÒ»¸ö¿É°²ÅŵÄʱ¼ä¼ä¸ô................................................................................ 34

6£®ÍøÂç·þÎñ................................................................................................................... 35

6.1 cfengine ÍøÂç·þÎñ.............................................................................................. 35

6.2 ·þÎñÔõÑù¹¤×÷.................................................................................................... 35

6.2.1 Ô¶³ÌÎļþ·Ö²¼.......................................................................................... 35

6.2.2Ô¶³ÌÖ´ÐÐcf-agent............................................................................................. 37

6.3 Ô¶³Ì·ÃÎʽâÊÍ.................................................................................................... 37

6.3.1 ·þÎñÆ÷Á¬½Ó.............................................................................................. 37

6.3.2 Ô¶³Ì·ÃÎʵÄÒÉÄѽâ´ð................................................................................ 38

6.3.3 ½»»»ÃÜÔ¿................................................................................................. 39

6.3.4 ʱ¼ä´°¿Ú£¨¾ºÕù£©................................................................................... 40

6.3.5 ³ýÁËrootÒÔÍâµÄÓû§............................................................................... 40

6.3.6 ¼ÓÃÜ........................................................................................................ 41

7 ֪ʶ¹ÜÀí..................................................................................................................... 42

7.1 ³ÐŵÓë֪ʶ....................................................................................................... 42

7.2 ֪ʶµÄ»ù´¡....................................................................................................... 42

7.3 ×¢ÊͳÐŵ........................................................................................................... 43

7.4 »°ÌâͼÐΣ¨topic maps£©ÌṩЩʲô................................................................... 44

7.5Ñ­Ðò½¥½ø............................................................................................................ 46

7.6 ²éѯ»°ÌâͼÐÎ.................................................................................................... 49

7.7 »°ÌâͼÐεľßÌåϸ½Ú......................................................................................... 51

7.7.1 »°ÌâͼÐεĶ¨Òå....................................................................................... 51

7.7.2 cf-know.................................................................................................... 52

7.8 ×÷Ϊ»°ÌâͼÐεÄÄ£ÐÍÅäÖóÐŵ........................................................................... 53

7.9 ¸½¼þ£º¼¼ÊõµÄÇ°ÌáÒªÇó...................................................................................... 54

7.9.1 ֪ʶ»ù±¾ÒªÇó.......................................................................................... 54

7.9.2 ֪ʶ¿âÎÊÌâ½â¾ö....................................................................................... 55

8£®¸ü¶à¡­...................................................................................................................... 56

 

 

 

 

 

 

1 ϵͳ×Ô¶¯»¯

1.1 ÎÞ·ìÎÞÐεعÜÀí¶àÑù»¯¸´ÔÓµÄϵͳ»·¾³

δÀ´´Ó²»Ò£Ô¶¡£ÔÚδÀ´£¬ÖÇÄÜ»¯µÄ¼ÆËãÉ豸ÎÞ´¦²»ÔÚ£¬ÎÒÃǵÄÃÎÏëÒѾ­ÂýÂý¿ªÊ¼ÊµÏÖ¡£½ñÌ죬ÖÇÄÜ»¯µÄ²Ù×÷ϵͳÒѾ­Ç¶Èë¼ÆËã»úºÍÊÖ»ú£¬ÈçLinux ºÍ Windows ¡£Ê©ÀÖÑо¿ÖÐÐĵÄMark Weiser ÔøдµÀ:

 "×îÓÐÉîÔ¶ÒâÒåµÄ¼¼ÊõÊÇÄÇЩËƺõÏûʧµÄ¼¼Êõ¡£ÒòΪËüÃÇÒѾ­½øÈ뵽ÿÌìÉú»îÖеķ½·½ÃæÃ棬ÈÚΪһÌ壬ֱµ½ÎÞ·¨Çø·Ö³öÀ´¡£"

½ñÌìºÜ¶àÈËÔÚ̸ÂÛÔƼÆË㣬²¢ÈÏΪËüÊÇÃÎÏëµÄÁíÒ»ÖÖÏÔÏÖ£¬ÄÇʱ¼ÆËã»úÎÞ´¦²»ÔÚ£¬¸üÈ·ÇеÄ˵¼ÆËã»ú¸²¸ÇÁËÊÀ½çÉÏËùÓеÄÊý¾ÝÖÐÐÄ£¬²»Ö»Êǰ칫ÊҺͼÒÀï¡£ÕâÊÇÈüÆËã»úʹÓýøÈëÎÒÃÇËùÐèÒªÁìÓòµÄÒ»¸ö·½Ãæ¡£Èκμ¼ÊõµÄ»ù´¡ÊÇÐèÒªÓÐÄܹ»Ö´ÐдóÁ¿×¼È·ÅäÖõŤ¾ß¡£Cfengine ¾ÍÊÇÕâÑùµÄÒ»ÖÖ¹¤¾ß¡£         

ÔÚÈκεÄϵͳ»·¾³ÖУ¬Cfengine ¿ÉÒÔΪÕû¸öϵͳµÄÉúÃüÖÜÆÚ½øÐпÉÀ©Õ¹µÄÅäÖùÜÀí ¡£¼¸ºõËùÓÐÆäËûµÄϵͳÅäÖö¼ÉèÏëÓÐÒ»¸öÎȶ¨¿É¿¿µÄÍøÂç²¢ÇÒÄܹ»´Óһ̨ȨÍþµÄÖ÷·þÎñÆ÷ÖÁÉ϶øϵÄÕ¹¿ª¸üÐÂÅäÖá£ÕâЩϵͳÔÚÈçϵĻ·¾³ÖÐÊÇûÓÐÓõģº

l         ´øÓоֲ¿µÄ»òÕß²»¿É¿¿µÄÍøÂçÁ¬½ÓµÄÒƶ¯ÏµÍ³£¨ÀýÈ磬DZˮͧ£©

l         ÍøËÙºÜÂýµÄ¼ÆËã»úϵͳ£¨ÀýÈ磬ÎÀÐÇ»òº½Ìì̽²âÆ÷£©

l         ¼ÆËã»úµçÁ¿ºÜµÍµÄ¼ÆËã»úϵͳ£¨ÀýÈ磬Òƶ¯¸ÐÓ¦Æ÷»ò³ø·¿É豸£©

Cfengine ²»ÐèÒª¿É¿¿µÄ»ù´¡ÉèÊ©¡£Ëü¼¸ºõ¿ÉÒÔÔÚÈκλ·¾³ÖÐÔËÐУ¬²¢ÇÒ²»ºÄ×ÊÔ´£¬Ã»ÓÐÈí¼þÒÀÀµÐÔ¡£ Òò´Ë£¬Ëü²»½ö¿ÉÒÔÔÚËùÓеĴ«Í³¼Æ»®µÄÇé¿öÖÐÔËÐУ¬²¢ÇÒÄܹ»ÔÚÍêÈ«Òƶ¯µÄÅäÖÃÖÐÔËÐУ¬ÈçÁÙʱµÄʹʰ칫ÊÒ£¬Æ¯Á÷µÄDZˮͧ£¬ÎÀÐÇ»ò»úÆ÷ÈË̽²â³µ¡£

ÓÐÈ˻ᷴ¶Ô˵£º¡°ºÃ°É£¬µ«ÎÒ²»ÐèÒªÕâÑùµÄϵͳ, ÒòΪÎÒµÄÍøÂçºÜ¿É¿¿¡£¡±È»¶ø£¬ÄãµÄÍøÂç²¢²»ÊÇÄãÏëµÄÄÇô¿É¿¿£¬²¢ÇÒÍøÂçµÄÒƶ¯ÐÔÊÇÒ»¸öÔ½À´Ô½ÖØÒªµÄ»°Ìâ¡£¼´Ê¹ÊÇÒ»¸ö·Ç³£ÈßÓàµÄÍøÂ磬֧³ÖÍøÂçµÄÄÇЩÉ豸Ҳ¿ÉÄÜÒòΪÆäÖÐÈÎÒâһ̨µÄÉ豸Öж϶øÏÝÈëϵͳ̱»¾µÄ״̬¡£ÔÚÏÖ´úÆÕ±éµÄϵͳ»·¾³ÖУ¬ÏµÍ³Äܹ»³ÖÓпÉÐÐÐÔ£¬ÈÝ´íÐÔ£¬²¢¾¡¿ÉÄܵĶÀÁ¢ÓÚÍⲿÌõ¼þÏÞÖÆ£¬ÊǷdz£ÖØÒªºÍ¹Ø¼üµÄ¡£Õâ¾ÍÊÇÈçºÎ½¨Á¢¿ÉÀ©Õ¹µÄ£¬¿É¿¿µÄ·þÎñ¡£

    Cfengine ¿ÉÒÔÔÚÄãËùÈÏΪµÄ¸÷¸öµØ·½¹¤×÷£¬ÉõÖÁËùÓÐÄ㻹ûÓÐÏë¹ýµÄеط½ÔËÐС£ÎÒÃÇÈçºÎÄÜÖªµÀ£¿ÒòΪËüÊÇ»ùÓÚ20¶àÄêµÄϸÐÄÑо¿ºÍʵ¼ù¡£

1.2 ÆÚÍû¹ÜÀí—— Ò»ÖÖ³ÐŵÀíÂÛ

ÔÚϵͳ¹ÜÀíÖÐ×îÀ§ÄѵÄÊÂÇéÖ®Ò»ÊÇÈÃÿһ̨¼ÆËã»úÃ÷°××Ô¼ºµÄ½ÇÉ«ºÍÈÎÎñ£¬²¢½ÓÄܹ»ÒÀ¿¿ÆäËûµÄ¼ÆËã»úÖ´ÐÐÏàͬµÄÈÎÎñ ¡£ÐÅÈμÈÊ¡Ç®ÓÖʡʱ¼ä¡£Èç¹ûÄã²»ÐÅÈΣ¬Äã±ØÐëȥ֤ʵ£¬ÕâÑùµÄ´ú¼ÛÊǺܸߵġ£

 ÎªÁËÔö½øÐÅÈÎÎÒÃÇÐíϳÐŵ¡£³ÐŵÊÇÖ¼ÔÚÒÔijÖÖ·½Ê½À´Ðж¯±íÏÖµÄÎļþÖ¤Êé¡£²»¹ÜËüÃÇÊÇ»úÆ÷»¹ÊÇÈËÀ࣬ÎÒÃÇÐèҪѧϰ³ÐŵÀ´ÐÅÈÎϵͳ¡£

 Ò»¸öCfengine µÄÓû§Ôø¾­¶ÔÎÒ˵£¬Cfengine»ùÓÚ×ÔÖ÷ºÏ×÷µÄÉè¼ÆÔø¾­×î´ó°ïÖúËûÅäÖÃCfengine ."ÎÒÃǵÄÖ÷ÒªÎÊÌâ²»ÊǼ¼ÊõÎÊÌ⣬¶øÊÇÕþÖÎÎÊÌ⣬¼´ÒªÈÃÊÀ½çÉÏÿһ¸ö²¿ÃŵÄÿһ¸öÈ˶¼Í³Ò»Òâ¼û ¡£"  ¶ÔÓÚËùÓеļ¼Êõ¶øÑÔ£¬ÕâÊÇÒòΪÄÇЩ×ö¾ö¶¨µÄÈËÐèÒª¸Ð¾õµ½ÏµÍ³ÊÚȨÓÚËûÃÇ£¬¶ø²»ÊÇÏÞÖÆËûÃÇ¡£

Cfengine ÊÇÒÔ¼òµ¥µÄ³ÐŵÀíÄîÀ´¹¤×÷µÄ¡£ÎÒÃÇ¿ÉÒÔÈÏΪCfengine ÖеÄËùÓÐÒ»ÇÐÊÇÒ»¸öͨ¹ýϵͳ²»Í¬×ÊÔ´À´Î¬³ÖµÄ³Ðŵ¡£

½«³ÐŵºÍÐÎʽ½áºÏÆðÀ´ÃèÊö³ÐŵӦ¸Ãʵ¼ùµÄʱ¼äºÍλÖã¬Õâ¾ÍÊÇËùνµÄCfengine.

 

1.3 Ϊʲô×Ô¶¯»¯£¿

ÈËÀàÉó¤ÓÚ×ö¾ö¶¨£¬È´²»ÄܺܺõÄÈ¥Ö´ÐС£¶ø»úÆ÷²»ÄÜ×ö¾ö¶¨£¬µ«¿ÉÒԺܺõÄÈ¥Ö´ÐС£Èç¹ûÈËÀàºÍ»úÆ÷Äܹ»Ï໥ȡ³¤²¹¶Ì¾Í»áºÜÓÐÒâÒå¡£

ÔÚϵͳ¹ÜÀíÖеÄÖ÷ÒªÎÊÌâÊÇȱ·¦×ÔÂÉ¡£¼ÍÂɲ¢²»ÊÇÒâζ×ÅÒª°´ÕÕÖØÒªµÄָʾÀ´ÓÐÐòÖ´ÐС£ËüÖ»ÒªÇóϵͳµÄÿһ²¿·ÖÄܹ»ÖªµÀËüµÄ¹¤×÷²¢ÇÒÄܹ»ÍêÕûÎÞÎóµÄÖ´ÐС£

Óм¼ÊõµÄ¹¤×÷ÕßÒ×ÓÚÈÏΪËüÒѾ­×ã¹»µÄÖÇÄÜ»¯¡£ÊÂʵÊÇÕâÊÇ´íµÄ£º´ÏÃ÷µÄÈËÒ×ÓÚ³ÉΪÎÊÌâ½â¾öÕß²¢ÇҺܿªÐÄÄܹ»½â¾öÏàͬµÄÎÊÌâºÜ¶à´Î£¬ÕâÑùÆäʵºÄʱÓÖºÄÁ¦¡£´ËÍ⣬ÈËΪµÄ¸ÉÔ¤³£³£ÊÇ»ùÓÚ»ÅÕźÍÃÔºý£¬ËùÒÔÿ´ÎÓÐÈËÊÖ¶¯µÇÈëϵͳ£¬ÆäʵÕâÑùÓк¦ÓÚÿ¸öÈ˶ÔϵͳµÄÀí½â¡£Ö»ÓÐÎȶ¨Õ³̵Ä×ÔÂɲÅÄÜ´øÀ´¿ÉÔ¤²âÐÔ¡£

ÁãÉ¢µÄ¸ü¸ÄÊDz»ºÃµÄ£¬ÒòΪ£º

l         ÆäËûÈ˲»ÖªµÀ·¢ÉúÁËʲô¡£

l         ûÓмǼ¸ü¸ÄµÄÄÚÈݺÍÄ¿µÄ¡£

l         Ö»ÁôÏÂÁ˸ü¸ÄµÄºÛ¼£¡£

ÈËÃǾ­³£·ßÅ­·´¶Ô×Ô¶¯»¯£¬ÒòΪ¾õµÄ×Ô¶¯»¯ÈÃËûÃǹ¤×÷ʧȥÁËÈËÐÔ¡£ÊÂʵȴÏà·´£¬Ç¿ÆÈÈ˲»¶ÏÖظ´Îȶ¨È¥×ö»úÆ÷×öµÄ¹¤×÷£¬Õâ²ÅÊÇɥʧÈËÐÔ¡£Äܹ»ÈÏʶµ½ÕâÒ»»µµÄÏ°¹ß²¢ÇÒÔ¸Òâ·ÅÆúÕâÒ»»µÏ°¹ß¾ÍÊÇÒ»´ó½ø²½¡£

 

1.4 Éý¼¶»»´ú

ÔÚ¹ýÈ¥£¬ÈÃϵͳÉý¼¶»»´úµÄΨһ·½Ê½¾ÍÊÇÈÃËùÓÐϵͳÏàͬ¡£Õâ²»ÔÙÊÇÕýÈ·µÄ·½Ê½¡£

ÔÚ1960ÄêµÄÄ©ÆÚ£¬¼æÓÐÐÂÎŹ¤×÷ÕߺÍδÀ´Ö÷ÒåÕßÉí·ÝµÄAlvin Toffler Ãè»æÁËÒ»·ù¹ØÓÚÎ÷·½ÊÀ½çºÍºó¹¤Òµ»¯Î´À´µÄÃÀÀö¾ªÈ˵Äͼ»­¡£ËûÔÚ1970ÄêдµÄÒ»±¾Êé½Ð¡¶Î´À´³å»÷¡·£¬ÕæʵµÄ»ØÓ¦ÁËÀäսʱÆÚ¶ÔÓÚÔÚÒ»¸ö¹²²úÖ÷Ò幤ҵ½×¶Î´óÁ¿Éú²úͬÀà²úÆ·µÄ¿Ö»Å¡£ËûµÄÊéÕæʵµÄ·´²µÁËÄÇЩÈÏΪ¹¤Òµ»¯ºÍ´óÁ¿Éú²ú¾ÍÒâζ×ÅÒ»Çж¼Ó¦¸ÃÊÇһģһÑùµÄÈËÃÇ¡£ÎÒÍƼö´ó¼ÒÈ¥ÔĶÁÕâ±¾Ê飬µÄÈ·ÊÇдµÄ·Ç³£ºÃ²¢ÇÒÓкܶà½ñÌìÎÒÃÇÐèҪѧϰµÄ¾­Ñé½Ìѵ¡£µ«ÊÇ´ÓËûÈß³¤µÄÅê»÷ÖУ¬ÎÒдÏÂÒ»¾ä¼òµ¥µÄ»°À´×ܽáÎÒÃÇÐèҪѧϰµÄ½Ìѵ£º

¡°µ±¼¼ÊõÔ½À´Ô½ÏȽø£¬Ç±ÔڵķçÏÕ´ú¼ÛÒ²Ô½À´Ô½Ð¡¡£¡±

    »»¾ä»°Ëµ£¬ÓÃÓÚ´óÁ¿Éú²úµÄÈκÎÖÐÁ÷¼¼Êõ¶¼ÄÜ°ïÖúÎÒÃǸü¼ÓæµÊìºÍÁé»î£¬¶ø²»ÊǸüÉÙ¡£µ±Äã¿ÉÒÔÔÚ»ú³¡µÄATM»úÉÏ°´ÒªÇó´òÓ¡³öÃûƬ£¬²¢ÇÒ¿ÉÒÔÔÚÕ£ÑÛ¹¦·òÈÿ§·È±­±äµÄ¸öÐÔ»¯£¬ÔÚÕâÑùÒ»¸öʱ´úÀïÎÒÃÇûÓÐÀíÓÉÈ¥¼á³ÖÒ»¸ö»Äµ®µÄÀíÄÈÏΪ´ó¹æÄ£µÄ»ù´¡ÉèÊ©¾ÍÒªÇóÍêÈ«µÄÖظ´¡£È»¶øÈËÃÇÈÔÈ»ÕâôÈÏΪ£¬°üÀ¨ÍøÂ繤³Ìʦ£¬ÏµÍ³¹ÜÀíÔ±¡£ËûÃÇÉõÖÁ˵ÕâÊÇ¿ÉÀ©Õ¹ÐԱز»¿ÉȱµÄ¡£

    Toffler µÄÒ»¸öÖØÒª¹ÛµãÊÇ´óÁ¿Éú²ú»¯¾­¼ÃÓëÊÊÓ¦ÐÔ¾­¼Ã²¢²»³åÍ»£¬²¢ÇÒÔÚ40ÄêÖ®ºó£¬ÎÒÃÇÈÔÈ»ÔÚÎüÈ¡Õâ¸ö½Ìѵ¡£

 

1.5 ÄãÈçºÎ¿´´ýCfengine ?

Cfengine ÊÇÒ»¸ö¹¹¼Ü¡£Ëü²¢Ã»ÓÐÈç´ËµÄ¸´ÔÓ£¬µ«ËüµÄÈ·ºÜ¹ã·º¡£¾­³£µ±ÊÔͼÃèÊöCfengineµÄʱºò,ËƺõÓкܶàҪ˵µÄ²¢ÇÒºÜÄÑÓÃÒ»¸ö¼òµ¥·½Ê½À´±í´ïÕâ¸öÈí¼þÄÜ×öʲô¡£ÏÂÃæÕâ·ùͼÄܹ»¸øÄãһЩ˼·ȥÈÏʶCfengine ¡£

 

 

¶ÔÐí¶àÓû§À´Ëµ£¬Cfengine ÊÇÒ»¸ö¼òµ¥µÄÅäÖù¤¾ß£¬ÀýÈ磬¸ù¾Ý²ßÂÔÀ´ÅäÖúÍÐÞ²¹ÏµÍ³µÄÈí¼þ¡£²ßÂÔÊÇͨ¹ý³ÐŵÀ´ÃèÊöµÄ£¬ÊÂʵÉÏ£¬ÔÚCfengine3 ÀïµÄÿһ¸öÉùÃ÷¶¼ÊÇÒ»¸ö½«ÔÚijʱijµØ¶ÒÏֵijÐŵ¡£³ý´ËÒÔÍ⣬Ȼ¶øCfengine ²»Ïñ´ó¶àÊý×Ô¶¯»¯µÄ¹¤¾ßÒ»´ÎÐÔÕ¹¿ªÒ»Ð©Èí¼þµÄÀ¶Í¼²¢ÇÒ±§ÓÐÀÖ¹ÛµÄÏ£Íû¡£ÄãÔÚCfengineÀïËùÐíϵÄÿһ¸ö³Ðŵ¶¼ÊDz»¶Ï±»¼ìÑéºÍά»¤¡£Ëü²¢²»ÊÇÒ»´ÎÐԵIJÙ×÷£¬¶øÊÇÒ»¸ö·â×°µÄ½ø³Ì£¬ËüÄܹ»×ÔÎÒÐÞ¸´ÄÇЩƫÀë²ßÂÔµÄÐÐΪ¡£

ÎÞÒÉ°ÑCfengine·ÅÔÚÒ»¸ö×Ô¶¯»¯µÄÍõ¹úÀ¾­³£»áÓÐÎÊÌâÌá³ö£ºÄѵÀËüÖ»ÊÇÁíÒ»Öֽű¾ÓïÑÔÂ𣿠²»¿É·ñÈÏCfengine ȷʵ°üº¬ÁËÒ»ÖÖÇ¿´óµÄ½Å±¾ÓïÑÔ£¬µ«ÊÇËü²»ÏñÆäËüÖÖÓïÑÔ¡£Cfengine ²»ÏñPerl ,Python or Ruby ÊÇÒ»Öֵͼ¶ÓïÑÔ¡£ËüÊÇÒ»ÖÖ³ÐŵµÄÓïÑÔ£¬Äã¿ÉÒÔÓÃËüÀ´±í´ï¶Ôϵͳ¸ß²ã´ÎµÄÆÚÍûºÍʵÏÖ½á¹ûËùÐèÒªµÄËã·¨»úÖƵÄÄÚ²¿Ï¸½Ú¡£ÎÒÃǽ«»áÔÚÏÂÃæÔÙ´ÎÌáµ½¡£

¶ÔÓÚÐí¶àÈËÀ´Ëµ£¬Cfengine ÊÇÒ»¸öÓÃÀ´ÔÚϵͳÉÏÖ´Ðа²È«Îȶ¨µÄ²½Öè²¢ÇÒÔÚÒÔºó½øÐв»¶Ï¼à²âµÄ¹¤¾ß¡£Õâ¿Ï¶¨ÊÇÒ»¸öÖ÷ÒªµÄÓ¦Ó÷½Ãæ¡£Cfengine ÒÔÎȶ¨ºÍ°²È«ÁôϺܺõĿڱ®¡£ÕâÊÇÒòΪËüµÄ»ù±¾Éè¼ÆÊÇ°²È«µÄ¡£Ëü²»¿ÉÄÜ´ÓϵͳÍâ·¢ËÍÓйزßÂÔµÄÐÅÏ¢µ½Cfengine . Èç¹û±»ÔÊÐí½øÈëϵͳ£¬ËüÖ»¿ÉÄÜ·¢ËÍһЩ´óСÓÐÏ޵ļòµ¥µÄЭÒéÇëÇóµ½·þÎñÆ÷¡£ÕâÑùµÄÉè¼Æ±È´ó¶àÊý·À»ðǽ¸ü°²È«¡£´ó¶àÊý·þÎñÆ÷²»ÄܽøÐа²È«²âÊÔ£¬ÒòΪ²âÊÔÓпÉÄܻᷢËÍÊý¾Ýµ½·þÎñÆ÷¡£

Äܹ»ÃèÊöÒ»¸öϵͳµÄ´ó¶àÊý²ßÂÔµÄÄÜÁ¦¾ÍÊÇÒâζ×ÅÎÒÃÇËù½¨ÒéϵͳËùÐèÒªÐíϵĺÍ×ñÐеijÐŵ¡£Òò´ËCfengine Ò²¿ÉÒÔ±»ÈÏΪÊÇÒ»¸ö³ÐŵÒýÇæ¡£Ëü¿ÉÒÔÈÝÒ׵طþ´ÓһЩ¿ò¼ÜÄ£ÐÍ£¬ÈçSOX ,'EUROSOX'(µÚ8ÌõÅ·ÃË×ÊÁÏÖ¸Òý), ITILµÄ¼Ü¹¹ºÍÏñISO1 7799,ISO 200000µÄ±ê×¼µÈµÈ¡£

×îºó£¬ËäÈ»Cfengine ²»ÊÇ×î³õÉèÏëÓÃÀ´¼à²âµÄ£¬µ«Ëü°üº¬ÁË×îÁé»îºÍÊ¡¿ªÏúµÄ¼à²âÒýÇæ¡£Äã¿ÉÒÔÌáÈ¡¹ØÓÚϵͳÅäÖã¬Ó÷¨£¬×ÊÔ´£¬¼Ç¼ÎļþµÄÊý¾Ý£¬²¢ÇÒ½«Ëüת»¯³É¿É¶ÁµÄ±¨¸æ¡£Cfengine ·¢ÏÖºÍÌáȡϵͳÐÅÏ¢ºÍ±¨¸æµÄÄÜÁ¦Òâζ×ÅÄã¿ÉÒÔ½«ÏµÍ³×ª»¯ÎªÒ»¸ö¼òµ¥µÄÅäÖùÜÀíÊý¾Ý¿â¡£ÔÚÃâ·Ñ°æ±¾ÖУ¬¼à²âÊÇÒ»¸ö»¹Î´ÊµÐеĽø³Ì¡£Ëæ×ÅCfengine µÄÉÌÒµÀ©Õ¹£¬¶ÔÄãËù×÷µÄ¼à²â³ÐŵÖÖÀ༸ºõûÓÐÏÞÖÆ£¬²¢ÇÒ²»»áÏñ´ó¶àÊý¼à²âϵͳºÄ¾¡È«²¿µÄ×ÊÔ´¡£

×ܶøÑÔÖ®£¬CfengineÄ¿µÄÊÇ´Ù½øÈËÀà¶Ô¸´ÔÓ½ø³ÌµÄÀí½â¡£ËüµÄ³ÐŵÒ×ÓÚÌṩÎĵµ£¬²¢ÇÒÔÚ´íÎ󱨸æÖÐϵͳ»á¼Çס²¢ÌáÐÑÎÒÃÇ¡£ËüÒþ²ØÁËÔÝʱÎ޹صÄÖ´ÐÐϸ½Ú´Ó¶øÍ»³ö³Ðŵ±³ºóµÄÄ¿µÄ¡£ÕâÒâζ×ÅÄ㹫˾µÄ֪ʶ¿ÉÒÔ±àÈëCfengine µÄÓïÑÔÖС£

Ϊʲô֪ʶºÜÖØÒª£¿ÆäÖÐÓÐÁ½¸öÔ­Òò£º µÚÒ»¾ÍÊǼ¼ÊõÐÔµÄÃèÊöºÜÄѱ»¼ÇÒä¡£Ö»Óе±ÄãÔÚдµÄʱºòÄã²ÅÓпÉÄÜÀí½âÄãµÄÅäÖþö¶¨£¬µ«µ±¼¸¸öÔºó³öÏÖһЩÎÊÌ⣬ÄãºÜ¿ÉÄÜÒѾ­Íü¼ÇÄ㵱ʱËùÏëµÄ¡£Õâ¾Í»¨·ÑÁËÄãµÄʱ¼äºÍŬÁ¦À´Õï¶ÏÆäÖеÄÎÊÌâ¡£µÚ¶þ¸öÔ­Òò¾ÍÊǹ«Ë¾Ò×ÓÚÒÀÀµÄÇЩ±àд²ßÂÔµÄÈË¡£Ò»µ©ËûÃÇÀ뿪£¬ ʣϵÄÈËÍùÍù²»ÄÜÄܹ»Àí½âºÍÐÞ¸´ÏµÍ³¡£Ö»ÓÐÍêÕûÕýÈ·µÄÎĵµ£¬ÏµÍ³²ÅÓпÉÄÜÃâÓÚÊÜËð¡£

 

2  Cfengine µÄ×é¼þ

Cfengine ÊÇÓÉ´óÁ¿µÄ×é¼þ¹¹³ÉµÄ¡£ÔÚÕâÕ£¬ÎÒÃǽ«ÌÖÂÛÈçºÎ×齨ËüÃDz¢½âÊÍËüÃÇÊǸÉʲôÓõġ£

2.1 °²×°

Òª°²×°Cfengine £¬ÄãÐèҪһЩÈí¼þ°ü¡£ÈçÏ£º

OpenSSL  ¿ªÔ´¼ÓÃܵݲȫÌ×װЭÒé

          ÍøÖ·£ºhttp://www.openssl.org

 

BerkeleyDB (3.2°æ±¾»ò¸üеİ汾 )

          ÇáÁ¿µÄƽÃæÎļþÊý¾Ý¿âϵͳ

          ÍøÖ·£ºhttp://www.oracle.com/technology/products/berkeley-db/index.html

ÆäËû...

½¨ÒéʹÓÃPerl ÓïÑÔ¼æÈݵÄÕýÔò±í´ïʽ£¨PCRE£©¾²Ì¬¿â£¬ÒòΪÕâÊǶÔ×î±ê×¼µÄ¿ÉÒÆÖ²ÐÔ²Ù×÷ϵͳ½Ó¿Ú¾²Ì¬¿âµÄÒ»´ó¸Ä½ø¡£Õâ¸öÎĵµÊDzÉÈ¡PCRE µÄʹÓá£

ÔÚWindowsϵͳÖУ¬ÎªÁ˱£Ö¤Cfengine Õý³£ÔËÐУ¬ÄãÐèÒª°²×°»ù±¾Ð¡Ð͵ÄUnixÄ£Äâ»·¾³£¨Cygwin£©¶¯Ì¬Á´½Ó¿â¡£

꿅᣼http://www.cygwin.com

 

    Èç¹ûÓÐÆäËûµÄ¾²Ì¬¿â£¬ÈçOpenLDAP, MySQLµÄÓû§»ú¾²Ì¬¿â ºÍ PostgreSQLµÈµÈ£¬ ÁíÍâµÄ¹¦ÄÜ£¨ÆäÖÐÓÐһЩÐèÒª¸¶·ÑʹÓã©Ò²ÊÇ¿ÉÓõġ£Ã»ÓÐÕâЩ¾²Ì¬¿âCfengine Ò²Äܹ»ÔËÐУ¬Ö»ÊÇÏà¹ØµÄ¹¦Äܽ«²»¿ÉÓá£

    ³ý·ÇÄãÒѾ­¹ºÂòÁËÏֳɵÄÔ´´úÂ룬»òÕßÔÚÕýÔÚʹÓÃÒ»¸ö·¢Ðеİü£¬ÄãÐèÒª±àÒëCfengine . Èç¹ûÕâÑùÄãҲͬÑùÐèÒªÒ»¸öÒѾ­×°ÓÐ gcc , flex ºÍbison µÄϵͳ»·¾³¡£

ÍƼöµÄ°²×°·½·¨ÈçÏ£º

tar zxf cfengine-x.x.x.tar.gz

cd cfengine-x.x.x

./configure

make

make install

ÕâÑùÔ´´úÂë¾Í°²×°ÔÚ`/usr/local/sbin' Ŀ¼Ï¡£

 

2.2 ¹¤×÷Ŀ¼

Cfengine ÓÐÒ»¸ö¿ÉÒÔʹÓõŤ×÷¿Õ¼äĿ¼¡£µ±ÒÔroot Éí·ÝÔËÐУ¬ËüµÄĬÈÏλÖÃÔÚ`/var/cfengine' £¬¶øĿ¼~/.cfagent ÊÇÁô¸øÆäËûÓû§Ê¹Óõġ£

/var/cfengine

/var/cfengine/bin

/var/cfengine/inputs

/var/cfengine/outputs

    Ò»¸ö¿ÉÐÅÈεÄÊäÈëÎļþ»º³åÇøÄ¿Ç°±ØÐë±»·ÅÖÃÔÚ`inputs' ×ÓĿ¼Ï¡£µ± Cfengine ×Ô¶¯±»¼¤»î£¬°´ÕÕÔ¤ÆÚËü¾Í»áÖ»¶ÁÈ¡Õâ¸öĿ¼ÏµÄÎļþ¡£ÔÚÿ̨»úÆ÷Éϸüлº³åÇøÊÇÓû§µÄ¹¤×÷£¨ÕâÊÇÓÉĬÈÏÅäÖÃÎļþ¾ö¶¨µÄ£©¡£

²»ÏñCfengine 2£¬Cfengine 3 ²»ÄÜʶ±ðCFINPUTS »·¾³±äÁ¿¡£

    ÏÖÔÚ'outputs' Ŀ¼ÊÇһϵÁÐÔËÐб¨¸æµÄÒ»¸ö¼Ç¼ ¡£ÕâЩÍùÍùͨ¹ýcf-execd·¢Óʼþ¸ø¹ÜÀíÔ±£¬»òÕß±»¸´ÖƵ½ÆäËûÖØÒªµÄλÖò¢Çҿɱ»ÏàÓ¦µÄä¯ÀÀÆ÷ÔĶÁ¡£

2.3 ÑÝ×àÕß

Ò»¸öCfengineϵͳÓеãÀàËÆÒ»¸ö¹ÜÏÒÀÖ¶Ó¡£ËüÓÉÈÎÒâÊýÁ¿µÄ¼ÆËã»ú£¨ÑÝ×àÕߣ©×é³É£¬Ã¿Ò»¸öÈ˶¼ÓÐ×Ô¼ºµÄÀÖÆײ¢ÇÒÖªµÀµ¯×àʲô¡£ÓÐÎÞÖ¸»ÓÕßЭµ÷ÕûºÏÿһ²¿·Ö£¬ÕâÊÇÓÉÄã×Ô¼º¾ö¶¨µÄ¡£

Cfengine µÄÈí¼þ´úÀíÔÚÿһ̨¶ÀÁ¢µÄ¼ÆËã»úÉÏÔËÐУ¬µ«ÔÚ±ØÒªÇé¿öÏ¿ÉÒÔ½øÐÐͨÐÅ£¬ÈçÏÂͼËùʾ¡£Õâ¾ÍÒâζ×ÅÄãûÓбØҪΪÁËÔËÐÐÄãµÄÍøÂç¶ø¹æ·¶±ê×¼ÒÔ·À²»°²È«µÄµÇ¼£¬Èç¹ûÍøÂçͨÐųöÏÖÁËÎÊÌ⣬ÔÚÔËÐÐÖжÏÆÚ¼äcfengine¾Í¿ÉÒÔÈçÐèÐÞ¸´ºÍ±£»¤ÏµÍ³ ¡£

Èç¹ûÍøÂç²»¹¤×÷£¬ cfengin¾Í»áÌø¹ýÕâЩ²¿·Ö²¢ÇÒ¼ÌÐøËüµÄ¹¤×÷¡£Ëü¾ßÓÐÈÝ´íÐԺͶàÑ¡ÔñÐÔ¡£

 

cf-promises  ³ÐŵµÄ¼ìÑéÕߺͱàÒëÕߣ¬ÔÚÊÔͼִÐÐÒ»Ì×ÅäÖóÐŵǰԤÏȼì²â¡£

cf-agent     ±ä»¯µÄ·¢¶¯Õߣ¬´úÀíÊÇCfengine ²Ù×÷ϵͳ×ÊÔ´µÄ²¿·Ö¡£

cf-serverd   ·þÎñÆ÷Äܹ»¹²ÏíÎļþ²¢ÇÒ½ÓÊÜÔÚһ̨¸öÌå¼ÆËã»úÉÏÖ´Ðе±Ç°²ßÂÔµÄÇëÇó¡£  

           Ëü²»¿ÉÄÜ´ÓÍⲿ·¢ËÍ£¨ÍƳö£©ÐÂÐÅÏ¢¸øCfengine .

cf-execd    ÕâÊÇÒ»¸ö°²ÅÅÈճ̵ĺǫ́³ÌÐò£¨ËüÄܲ¹³ä»òÈ¡´úcron£©.ËüÒ²¿ÉÒÔ×÷Ϊ°ü×°Æ÷£¬

           Ö´ÐкÍÊÕ¼¯cf-agent µÄÊä³ö£¬²¢ÇÒ·¢ËÍÓʼþ¸øÓбØÒªµÄϵͳÓû§¡£

cf-runagent  ÕâÊÇÒ»¸ö°ïÖúÕß³ÌÐò£¬ËüÄܹ»¶Ô»°cf-serverd ²¢ÒªÇóÖ´ÐÐcf-agent Éϵĵ±Ç°²ß

           ÂÔ¡£Èç¹û´úÀí»úÉϵIJßÂÔ°üº¬Á˼ìÑé¸üУ¬ËüÒò´ËÄ£ÄâΪһ¸ö·¢¶¯Õߣ¬¶Ô

           cfengine µÄÖ÷»ú²úÉú±ä»¯¡£

cf-report    ËüÄܵóö×ܽáºÍÆäËû±¨¸æ£¬ÒÔ¶àÖÖ¸ñʽÊä³ö»òÓëÆäËûϵͳÕûºÏ¡£

cf-know    Õâ¸ö´úÀíÄܹ»´Ó´óÁ¿¹ØÓÚϵͳ֪ʶµÄ³ÐŵÖвúÉúÒ»¸öISO±ê×¼Ö÷Ìâͼ¡£Ëü¿É

           ×÷ΪÓïÒåÍøÏÔʾÎĵµ¡£

 

2.4 ¹ØÓÚ Cfengine µÄ¼Ü¹¹

Õⲿ·Ö½âÊÍcfengine ½«ÈçºÎÔÚÄãµÄÒýµ¼ÏÂÔÚÍøÂçÖÐ×Ô¶¯»¯µÄ²Ù×÷¡£Èç¹ûÄãµÄ¹«Ë¾ÓкܴóµÄ¹æÄ££¨³ÉǧÉÏÍòµÄ·þÎñÆ÷£©£¬µ±ÕâÑùµÄ¹æÄ£ÒªÇóÄãÓиü¶àµÄ»ù´¡ÉèÊ©ºÍÒ»¸öDZÔڵĸü¸´ÔÓµÄÅäÖã¬Äã¸Ã»¨Ò»Ð©Ê±¼ä¸úCfengine ר¼ÒÌÖÂÛÈçºÎ½«ÕâÑùµÄÃèÊöµ÷гµ½ÄãµÄϵͳ»·¾³ÖС£ÈκÎcfengine ÅäÖõÄʵÖÊÊÇÏàͬµÄ¡£

 

ÔÚ¹ÜÀíϵͳÖУ¬ÓÐËĸö¹²Í¬±»ÒýÓõĽ׶Σ¬×ܽáÈçÏ£º

l         °²×°

l         ÅäÖÃ

l         ¹ÜÀí

l         ÉóºË

ÕâЩ¶ÀÁ¢µÄ½×¶ÎÀ´×ÔÓÚϵͳ¹ÜÀíµÄÒ»¸öģʽ£¬ËüÊÇ»ùÓÚÊÂÎñ´¦ÀíµÄ±ä»¯¡£Cfengine µÄ¹ÜÀíÀíÄîÓе㲻ͬ£¬ÒòΪÊÂÎï´¦ÀíµÄ½ø³Ì¶ÔÓÚϵͳ¹ÜÀíÀ´Ëµ²»ÊÇÒ»¸öºÃµÄģʽ£¬µ«ÎÒÃÇ¿ÉÒÔÓÃÕâ¸öÄ£°åÈ¥¿´¿´cfengine ÈçºÎ²»Í¬µØ¹¤×÷¡£

 

°²×°       Ò»¸öϵͳÊÇ»ùÓÚ´óÁ¿µÄµÄ¾ö¶¨ºÍÐèÒªÔÚÖ´ÐÐÇ°±»°²×°µÄ×ÊÔ´¡£½¨Á¢Ò»¸öϵͳµÄ

           ¿ÉÐÅÈεĸù»ùÊÇÒýµ¼ËüÅäÖõĹؼüËùÔÚ¡£Äã²»ÐèÒª¾ö¶¨Ã¿Ò»¸öϸ½Ú£¬¾Í×ãÒÔ        

           ÔÚÄãµÄϵͳÖн¨Á¢ÐÅÈκÍÁ¼ºÃµÄ¿ÉÔ¤²âÐÔ¡£   

           ÔÚcfengine ÖУ¬Äã°²×°µÄÊÇÒ»¸öΪ¹«Ë¾µÄ¼ÆËã»úËùÍƼöµÄ³Ðŵģ°å£¬ÒÔÖÂÈç

           ¹ûËùÓмÆËã»ú¶¼ÄÜ×ö³öºÍ±£³ÖÕâЩ³Ðŵ£¬ÏµÍ³½«ÈçÆÚÁ÷³©µÄÔËÐС£Õâ¾ÍÊÇËüÈç

           ºÎÔÚÈËȺ×éÖ¯Öй¤×÷£¬²¢ÇÒÈçºÎΪ¼ÆËã»ú·þÎñ¡£

 

ÅäÖà      ÅäÖÃȷʵÊÇÒâζ×ÅÖ´ÐÐÒѾ­¾ö¶¨µÄ²ßÂÔ¡£ÔÚÊÂÎñ´¦ÀíϵͳÖУ¬Ò»Ì¨»ú×ÓÊÔͼһ

           ¸ö½ÓÒ»¸öµØÍƳö¸üУ¬Òò´ËÐèÒª²¿ÊðÕâ¸ö¾ö¶¨¡£ÔÚcfengine ÄãºÜ¼òµ¥µÄ·¢²¼ÁË

           ÄãµÄ²ßÂÔ£¨ÔÚcfengine µÄÓï·¨ÖÐÕâЩÊÇ¡®³ÐŵÌáÒ顯£©²¢ÇÒÕâЩ¼ÆËã»ú¿´¼ûÁË

           еÄÌáÒé²¢ÇÒÄÜÏàÓ¦µÄµ÷Õû¡£Ã¿Ò»Ì¨¼ÆËã»ú¶¼ÔËÐÐ×ÅÒ»¸öÄܹ»Ëæ×Åʱ¼äÖ´

           ÐвßÂÔºÍά»¤ËüÃǵĴúÀí£¬¶øÎÞÐè½øÒ»²½µÄЭÖú¡£

 

¹ÜÀí       Ò»µ©×öÁËÒ»¸ö¾ö¶¨£¬³öºõÒâÁϵÄʽ«»á·¢Éú¡£ÕâÖÖÍ»·¢Ê¼þͨ³£»áÒýÆ𾯾õ£¬

           ²¢ÇÒÈËÃÇ»á´Ò´ÒææµÄ×ö³öеÄÊÂÎñ´¦ÀíÀ´ÐÞ¸´ËüÃÇ¡£ÔÚcfengine ÖУ¬×Ô¶¯»¯

           µÄ´úÀíÄܹ»¹ÜÀíϵͳ£¬²¢ÇÒÄãÖ»ÐèÒª´¦ÀíÄÇЩ²»Äܱ»×Ô¶¯´¦ÀíµÄº±¼ûʼþ¡£

 

ÉóºË       ÔÚ´«Í³µÄÅäÖÃϵͳÖУ¬ÔÚÒ»´Îͨ¹ýµÄÊÂÎñ´¦ÀíºóÊä³öÍùÍù²»¹»Ã÷È·£¬ËùÒÔÓÐÈË          

           À´ÉóºËϵͳÒÔ±ãÕÒ³öÎÊÌâËùÔÚ¡£ÔÚ cfengine ÖÐ, ²»Ö»ÊDZ仯»á±»·¢ÆðÒ»´Î£¬¶ø

           ÇÒ±¾µØµÄÉóºËºÍά»¤Ò²ÊÇÈç´Ë¡£Cfengine µÄÉè¼Æ²¢²»Äܱ£Ö¤ºÍ×Ô¶¯»¯µØά»¤¾ö

           ¶¨Êä³ö£¬ËùÒÔÖ÷ÒªµÄµ£ÓÇÊǹÜÀí³åÍ»µÄÒâͼ¡£Óû§¿ÉÒÔÐÝÏ¢²¢ÇÒ¼ì²é´úÀí²úÉú

           µÄÈÕ³£±àÒ뱨¸æ£¬²¢ÇÒûÓбØÒª°²ÅÅеı¸·ÝÊÂÎñ´¦Àí¡£

 

±¸·ÝºÍ»Ö¸´£¿ Äã²»Ó¦¸ÃÈÏΪcfengine ÊÇÒ»¸ö±¸·Ýϵͳ£¬ÀýÈ磬ÓÐÈËÊÔͼ×èֹϵͳ¾ø¶ÔµÄ±ä»¯²¢ºÜ¿ÉÄָܻ´ËüÃÇÒÔ·À³ö´í¡£±¸·ÝºÍ»Ö¸´ÊÇÔÚÀíÂÛÉÏÓÐ覴õĸÅÄֻÊÇÓÐʱÔÚʵ¼ÊÖпÉÐС£Í¨¹ýcfengine ,Äã·¢²¼ÁËһϵÁеIJßÂÔÐ޸ģ¬×ÜÊÇÔÚÍùÇ°½ø²½£¨ÒòΪ²»¹Üϲ²»Ï²»¶£¬Ê±¼äÖ»ÊÇÔÚÁ÷ÊÅ£©¡£ËùÓб»ÆÚÍû״̬µÄ±ä»¯ÊÇ¿ÉÒÔͨ¹ýÿһ̨¶ÀÁ¢µÄ¼ÆËã»úÔÚ±¾µØ¹ÜÀí£¬²¢ÇÒ²»¶ÏµÄÐÞ¸´ÒÔ±£Ö¤½øÐÐÖеıàÒëÓë²ßÂÔÒ»Ö¡£

 

 

2.5 ²ßÂÔ¾ö¶¨Á÷³Ì

Cfengine ûÓÐ×ö³ö·Ç³£¶à¾ø¶ÔµÄÑ¡Ôñ¡£ËüµÄ´ó¶àÊýÐÐΪÊDzßÂÔµÄÎÊÌ⣬²¢Äܹ»±»¸Ä±ä¡£È»¶ø£¬ÍƼöʹÓÃÒ»¸ö½á¹¹£¬¼ûÏÂͼ¡£

ΪÁ˱£Ö¤²Ù×÷¾¡¿ÉÄܼòµ¥£¬cfengine ÔÚÿ̨¼ÆËã»úÉϱ£³ÖÒ»¸ö˽Óй¤×÷Ŀ¼£¬¼´ÔÚÎĵµÖеÄWORKDIR£¬ÔÚ²ßÂÔÖÐÒÔ±äÁ¿$(sys.workdir)µÄÐÎʽ³öÏÖ¡£Õâ¸öĿ¼µÄĬÈÏλÖÃÊÇÔÚ'/var/cfengine'ºÍ' c:\var\cfengine' . Ëü°üº¬ÁËcfengine ÐèÒªÔËÐеÄÒ»ÇС£

ÏÂÃæµÄÕâ·ùͼÏÔʾÁ˾ö¶¨ÈçºÎÔÚϵͳ֮¼äÁ÷¶¯¡£

 

l         Эµ÷ºÏ×÷µÄµ¥Ò»µãÊǺÜÓÐÒâÒåµÄ¡£Òò´Ëͨ³£µ¥Ò»µÄ±¾µØ£¨²ßÂÔ¶¨ÒåÖÐÐÄ£©×öÁ˾ö¶¨¡£ÄãÑ¡ÔñÒ»¸öµÄ°æ±¾¿ØÖÆϵͳ£¨ÀýÈ磬SubVersion ,CVS,µÈµÈ£©¿ÉÒÔ¸ú×Ù¾ö¶¨ºÍ±ä»¯µÄÀúÊ·¼Ç¼¡£

l         ͨ¹ý±à¼­cfengine µÄ²ßÂÔÎļþ 'promises.cf ' £¨»òÕßËü°üÀ¨µÄ×ÓÎļþ£©¿ÉÒÔ×ö³ö¾ö¶¨¡£Õâ¸ö¹ý³ÌÊÇÔÚ·ÇÔËÐÐ״̬ÏÂÖ´Ðеġ£

l         Ò»µ©¾ö¶¨±»¶¨Ðβ¢±àÂëÁË£¬ÐµIJßÂԻᱻÊÖ¶¯£¨ÈËΪ¾ö¶¨£©µØ¸´ÖƵ½Ò»¸ö¾ö¶¨·Ö²¼µã£¬Ä¬ÈÏÊÇλÓÚËùÓвßÂÔ·Ö²¼·þÎñÆ÷ÉϵÄĿ¼'/var/cfengine/masterfiles 'ÖС£

l         ÿһ¸ö¿Í»§»úÁªÏµ²ßÂÔ·þÎñÆ÷²¢ÇÒÏÂÔØÕâЩ¸üС£Èç¹û¿Í»§»úµÄÊýÁ¿ºÜÅÓ´ó£¬ÎÒÃÇ¿ÉÒÔ¸´ÖÆÕâ¸ö²ßÂÔ·þÎñÆ÷£¬µ«ÎÒÃǽ«ÈÏΪÄÇÀﻹÊÇÖ»ÓÐÒ»¸ö²ßÂÔ·þÎñÆ÷¡£

 

Ò»µ©¿Í»§»úÓÐÒ»¸ö²ßÂԵı¸·Ý£¬ËüÖ»´ÓÖÐÌá³öÓëÖ®Ïà¹ØµÄ³ÐŵÌáÒ飬²¢ÇÒÔÚûÓÐÈËΪ°ïÖúÏÂÖ´ÐÐÈκεı仯¡£Õâ¾ÍÊÇcfengine ¹ÜÀí±ä»¯¡£

 

ΪʲôÕâô×ö£¿Cfengine ÊÔͼͨ¹ý·ÖÀë½ø³ÌÀ´¼õÉÙÒÀÀµÐÔ¡£Í¨¹ý×ñÐлùÓÚÀ­µÄ¼Ü¹¹¡£Cfengine ½«ÄÜÈÝÈÌÍøÂçÖжϣ¬²¢ºÜÈÝÒ×´ÓÅäÖôíÎóÖлָ´¡£Í¨¹ý°Ñ¾ö¶¨µÄÔðÈÎÖص£·ÅÔÚ×ÉÏ£¬È»ºó°ÑÖ´ÐзÅÔÚ×îµ×Ï£¬ÎÒÃÇ¿ÉÒÔ±ÜÃâÎÞÐèµÄ´àÈõ£¬²¢±£³ÖÁ½¸ö¶ÀÁ¢µÄÖÊÁ¿±£Ö¤½ø³Ì·Ö¿ª¡£

 

2.6 ´ÓÃâ·Ñ°æ±¾¿ªÊ¼

Éý¼¶µ½cfengineµÄÉÌÒµ°æ±¾ÊÇÒ»²½µ½Î»µÄ²Ù×÷£¬ÕâÔÚËüÃǸ÷×ÔµÄÎĵµÖÐÒѾ­ÃèÊöÁË¡£ÒÔÃâ·Ñ°æ±¾¿ªÊ¼µÄ×î¿ì·½·¨ÊÇ°Ñ°²×°ÔÚ`/usr/local/share/cfengine/'µÄ·Ö²¼µÄ²ßÂÔÎļþ¸´ÖƵ½²ßÂÔ·Ö²¼µã£¬ÈçÏ£º

1.         Ñ¡ÔñÄãµÄ²ßÂÔ·þÎñÆ÷¡£

2.         ³ÉΪÄÇ̨·þÎñÆ÷µÄ³¬¼¶Óû§»òÕß¹ÜÀíÔ±¡£

3.         ´´½¨²ßÂÔԴĿ¼£º

      host# mkdir -p /var/cfengine/masterfiles

      host# cp /usr/local/share/cfengine/*.cf /var/cfengine/masterfiles  

4.         ÏÖÔÚÆô¶¯ÏµÍ³

  host# /usr/local/sbin/cf-key

  host# cd /var/cfengine/masterfiles

  host# /usr/local/sbin/cf-agent --bootstrap

 

ÏÖÔÚCfengineÔÚÄãµÄ·þÎñÆ÷ÉÏÔËÐÐ, Ëü½«×öЩʲô£¿Ö»ÊÇÒ»µ½Á½¾ä¼ò¶ÌµÄ»°ÓËùÒÔÈËÃÇÖªµÀÑ°ÕÒʲô£¨»òÖªµÀÄÇÊÇ°²È«µÄ£©

 

  host# ps waux | grep cf-

 

ÄãÓ¦¸Ãä¯ÀÀÔÚĿ¼`/var/cfengine/masterfiles' µÄÎļþ£¬¿´¿´ËüÃÇ°üº¬ÁËʲô£¬ÉõÖÁÔÚÆô¶¯Ç°×öһЩÐ޸ġ£ÔÚÆäËüÊÂÖ®¼ä£¬ÄãÏëÒª×Ô¶¨ÒåһЩ²ÎÊý£¬¾ÍÏñÄãÕ¾µãÖС®resolv.conf ¡¯µÄÄÇЩ²ÎÊý¡£Èç¹ûÄãÒÔÇ°ÒѾ­Ê¹ÓÃÁËcfengine µÄÔçÆÚ°æ±¾£¬ÕâЩÎļþµÄÄÚÈݽ«²»»á¿´ÆðÀ´Èç´ËµÄÉñÃØ¡£ÖÁÓÚÆäËû£¬ÎªÁËÓÐÒ»¸ö¸Å¹ÛÇë¼ÌÐøµÄ¹Ø×¢¡£

×¢Ò⣺Èç¹ûÄãÒѾ­Îªcfengine µÄ¹¤×÷Ŀ¼ÊÖ¶¯ÅäÖÃÁËÒ»¸ö²»Í¬µÄλÖã¬Ä㽫ÐèÒªµ÷Õû£¬ÓÃÄãÒѾ­ÅäÖõÄ·¾¶À´È¡´ú¡®/var/cfengine¡¯¡£ÀýÈ磬»ùÓÚ°üµÄDebian¸Ð¾õ¡®/var/lib/cfengine¡¯¶ÔÓÚËüÀ´Ëµ¾ÍÊÇÕýÈ·µÄλÖᣠ

3 ÈçºÎÖ´ÐкͲâÊÔÒ»¸öcfengine²ßÂÔ

Äã²»ÐèÒª³¬¼¶Óû§µÄȨÏÞÀ´Ê¹ÓÃcfengine .ÒÔÆÕͨÓû§¿ÉÒÔ°²È«µØ²âÊÔ´ó¶àÊýµÄÊÔÑé¡£ÄãÓ¦¸ÃÔÚ×¼±¸¿ªÊ¼ÅäÖÃϵͳÒÔÇ°»¨Ò»Ð©Ê±¼äÀ´ÊÔÑéСµÄÀý×Ó¡£ÎªÁËÕâô×öÄãÓ¦¸ÃÒÔ³£¹æÎÞÌØȨµÄÓû§µÇ¼µ½ÄãµÄϵͳ²¢¿ªÊ¼ÅäÖãº

   host$ /usr/local/sbin/cf-key

   host$ cp /usr/local/sbin/cf-* ~/.cfagent/bin

Cfengine ÏëÒª¿´¿´ÔÚ¹¤×÷Ŀ¼ÖÐËüµÄÔ´´úÂëµÄ±¸·Ý¡£¶ÔÓÚÒ»¸ö³£¹æÓû§À´Ëµ£¬Õâ¸öͨ³£Î»ÓÚ`~/.cfagent' £¬¶ø²»ÊÇÔÚ`/var/cfengine'¡£ÄãÓ¦¸ÃÏÖÔÚ×¼±¸ºÃÁË¡£

 

3.1 Hello World

ÏÂÃæÊÇÔÚcfengine3ÖÐ×î¼òµ¥µÄ¡®Hello world¡¯³ÌÐò:

 

# ÿ¸ö²ßÂÔ±ØÐëÓÐÒ»×éÐø·¢Ê¼þ

body common control

{

bundlesequence => { "test" };

}

#

bundle agent test

{

reports:          #Õâ¸öÊdzÐŵÀàÐÍ This is a promise type

cfengine_3::      # Õâ¸öÊÇÀà»·¾³£¨Õâ¸ö³ÐŵֻÄÜÔÚcfengine3ϵͳʵÐУ©

"Hello world";    # ÕâÊÇÒ»¸ö¼òµ¥µÄ³Ðŵ(Ëü²úÉúÁËÒ»¸öдÓÐ"Hello world"µÄ±¨¸æ)

}

 

ÔÚÒ»¸öÎļþÖÐÊäÈëÕâ¸ö£¬ÀýÈç`emacs ~/test.cf' ¡£È»ºó¼ì²éÓï·¨ÈçÏÂ

     /usr/local/sbin/cf-promises -f ~/test.cf

Èç¹û¶¼ÊÇÕýÈ·µÄ£¬Äǽ«Ã»ÓÐÈκεÄÊä³ö¡£ÏÖÔÚÖ´ÐÐÈçÏ£º

     /usr/local/sbin/cf-agent -f ~/test.cf

ÄãÓ¦¸Ã¿´¼ûÕâ¸ö£º

     R: Hello world

Õâ¸ö¡®R¡¯£º¸æËßÄãÕâÊǸöÀ´×ÔÓÚÒ»¸ö±¨¸æµÄÊä³ö£¨ºÍ¼Ç¼Îļþ¡®L¡¯»òÕßһЩǶÈë³ÌÐòµÄ´øÒýºÅµÄÊä³ö¡®Q¡¯Ïà·´£©¡£

    Õâ²»ÊÇÒ»¸ö¾­µäµÄcfengine³ÌÐò£¬Ê×ÏÈÒòΪcfengine ²¢²»ÊÇͨ³£µØÒâζ×ÅÊä³öÏûÏ¢£¬³ýÁËÌØÀýÇé¿öÏ¡£È»¶ø×÷Ϊһ¸ö³õ¼¶Ê¹ÓÃÕߣ¬ËüÊDZãÓÚ¸üºÃµÄ¿´µ½Ò»Ð©Êä³ö¡£

    Èç¹ûÄãÁ¢¼´Öظ´ÏàͬµÄÃüÁ½«Ê²Ã´Ò²²»»á·¢Éú¡£µ«Èç¹ûÄãµÈÉÏÒ»·ÖÖÓ£¬Ëü½«»áÔٴεŤ×÷¡£ÒÔÏêϸµÄģʽ£¨Ê¹ÓÃ-v »òÕß--verbose £©ÔËÐÐÃüÁîÀ´¿´¿´ÊÇʲôԭÒò£º

    /usr/local/sbin/cf-agent --verbose -f ~/test.cf

ÏÖÔÚÄ㽫¿´µ½ £º

cf3> =========================================================

cf3> reports in bundle hello (1)

cf3> =========================================================

cf3>

cf3> XX Nothing promised here [lock.hello.reports..Hello_worl] (0/1

minutes elapsed)

cf3>

    Õâ¸æËßÄãcfengineÈÏΪÖظ´Ö¸ÁîµÄʱ¼äÌ«¶ÌÁ˶ø²»ÐèÒªÔٴα£³Ö³Ðŵ¡£Õâ¸öʱ¼äÊÇÓɲÎÊýifelapsed¾ö¶¨µÄ£¬Ëü¿ÉÒÔ·Ö±ðΪÿһ¸ö³Ðŵµ¥¶ÀµÄÉèÖá£ÄãÒ²¿ÉÒÔʹÓÃ'-K'Ñ¡ÏîÈÃcfengine ºöÂÔÕâЩʱ¼äµÄÏÞÖÆ¡£

    ÔÚ'Hello world 'Óï¾ä֮ǰ£¬Äã¿´¼ûÁËÀà±í´ï`cfengine_3::'¡£Õâ¾ÍÊÇcfengine ÈçºÎ×ö¾ö¶¨¡£Èç¹ûÌõ¼þÂú×㣬ÄÇôÊä³öÐÅÏ¢µÄ³Ðŵ½«»áÖ´ÐС£ÎªÁËÃ÷È·Õâ¸öÀàÊÇ·ñÕýÈ·À´Ö´ÐУ¬Äã¿ÉÒÔ¼üÈëÃüÁîÀ´¿´¿´ÏêϸµÄÊä³ö¡£Ä㽫»á¿´µ½ÏñÕâÑùµÄһЩÊä³ö£º

Defined Classes = ( any verbose_mode Tuesday Hr08 Morning Min48

Min45_50 Q4 Hr08_Q4 Day7 July Yr2009 Lcycle_2 GMT_Hr6 linux atlas

undefined_domain 64_bit linux_2_6_27_23_0_1_default x86_64

linux_x86_64 linux_x86_64_2_6_27_23_0_1_default

linux_x86_64_2_6_27_23_0_1_default__1_SMP_2009_05_26_17_02_05__0400

compiled_on_linux_gnu localhost_localdomain localhost net_iface_lo

net_iface_wlan0 ipv4_192_168_1_100 ipv4_192_168_1 ipv4_192_168

ipv4_192 fe80__21c_bfff_fe6e_70ef cfengine_3_0_2b4 cfengine_3_0

cfengine 3 SuSE lsb_compliant suse suse_n/a suse_11_1 suse_11

agent )

    ÀýÈç, һϵÁÐÄ¿Ç°ÒѶ¨ÒåºÃµÄÀà¡£ÈκÎÆäÖеÄÒ»¸öÀࣨ»òÒ»¸ö×éºÏ£©±¾Äܹ»±»ÓÃÀ´±êʶ³Ðŵ¡£Õâ¾ÍÊÇcfengine ËùÖ¸µÄÄÄÖÖ³¡ºÏ±£³ÖÄÄÖÖ³ÐŵµÄ·½·¨¡£²¹³ä²Î¿¼¼ûÕ½Ú4.4¡£

    ×îºó¼Çסһ¼þÊ£ºÈç¹ûÄãÊÔͼÓÃÃüÁî`cf-promises -r' À´´¦ÀíÕâ¸ö£¬Ä㽫¿´µ½ÕâÑùµÄһЩÊä³ö£º

atlas$ ~/LapTop/Cfengine3/trunk/src/cf-promises -r -f ~/test.cf

Summarizing promises as text to ~/test.cf.txt

Summarizing promises as html to ~/test.cf.html

`-r' Ñ¡Ïî²úÉúÁËÒ»¸ö±¨¸æ¡£¼ì²éËù²úÉúµÄÎļþ£º

cat ~/test.cf.txt

firefox ~/test.cf.html

    Ä㽫»á¿´µ½Ò»¸ö¹ØÓÚcfengine ÈçºÎ·­ÒëÕâЩHTML»òtextÎļþµÄ×ܽᡣÔÚʹÓÃÕâ¸öÑ¡Ïîʱ£¬ËùÓеÄcfengine ×é¼þ½«²úÉú´øÓÐÀ©Õ¹ÊÓͼµÄµ÷ÊÔÎļþ£¨ÀýÈçΪÁËÅäÖÃÎļþ±»ÃüÃûΪ'promise_output_agent.h'£¬ËüÃǽ«´´½¨Îļþ'promise_output_agent.html' and  'promise_output_agent.txt' £©¡£

 

3.2 ²é¿´Ò»¸öÎļþ

¼üÈëÏÂÃæµÄÀý×Ó£º

 

body common control

{

bundlesequence => { "test" };

}

bundle agent test

{

files:

# ÕâÊÇÒ»¸öÒ»´ÎÐÔµÄÆÀÂÛ£¬ÏÂÃæÊǾßÌåµÄ³Ðŵ

"/tmp/testfile"                  # ÐíŵÕß

comment => "This is for keeps...",  # ¼´Ê±×¢ÊÍ

create => "true",                # Ô¼ÊøÌõ¼þ 1

perms => p("612");              # Ô¼ÊøÌõ¼þ2, rw---x-w-

}

# ÕâÊÇÒ»¸öÆÕͨµÄÌî³äÄ£°å£¬ÈóÐŵÖ÷ÌåÓòÎÊýÀ´±íʾ£¬¸ü¼ÓÕû½à²¢¿ÉÔÙÀûÓÃ

# ³ÐŵÖ÷Ìåthe promise body tidier and re-usable

body perms p(x)

{

mode => "$(x)";

}

 

    Õâ¸öÀý×ÓÏÔʾÁËÆäËûµÄÊôÐÔÈçºÎ¼ÓÈë³ÐŵµÄÖ÷Ìå¡£Perms ÉùÃ÷µÄÓÒ±ßÊÇÒ»¸öÎÒÃÇÒѾ­¶¨ÒåΪ'p()'µÄÄ£°å£¬Ëüµ÷ÓÃÒ»¸ö²ÎÊý¡£Ä£°å±»¶¨ÒåÔÚÒªµ÷ÓÃËüµÄ³Ðŵ×éÏÂÃ棬ÏÔʾÎÒÃÇÈçºÎ´´½¨¿ÉÔÙÓõIJÎÊý×éºÏ¡£ÔÚÕâÖÖÇé¿öÏ£¬Àý×Ó²»ÖØÒª£¬µ«ÎÒÃǽö½öÖ»ÊÇ¿ªÊ¼¡£µ±ÊÂÇé±äµÃ¸üæµÊ죬ÎÒÃǽ«ÔÚÕâЩ²ÎÊýÖÐÒþ²Ø´óÁ¿µÄϸ½Ú£¬Òò´ËÈÃÖ÷ÒªµÄ³Ðŵ¸üÇåÎú²¢ÇÒÄ¿µÄ¸üÃ÷È·¡£

    ÏÖÔÚÖ´ÐÐcf-agentÉϵijÐŵ£º

host$ /usr/local/sbin/cf-agent -f /tmp/test.cf -I

-> Object /tmp/testfile had permission 600, changed it to 612

host$ ls -l /tmp/testfile

-rw---x-w- 1 mark users 33 2009-06-30 06:06 /tmp/testfile

 

'-I ' ±êÖ¾¸æËßcfengine ֻ֪ͨÎÒÃǹØÓÚÒ»Çеı仯¡£Õâ¾ÍÌṩÁË¿ÉÀí½âµÄ´óÁ¿Êä³ö£¬²¢¶àÓÚĬÈÏÇé¿ö£¨Ö»±¨¸æ²»ÄÜÐÞ¸´µÄÎÊÌâ»òÕßÃ÷È·µÄ±¨¸æ£©¡£ÎÒÃÇ·¢ÏÖcfengine °´Ë³Ðò´´½¨Îļþ£¬²¢ÏàÓ¦µØÉèÖÃȨÏÞ¡£ÏÖÔÚÊÔͼ¸Ä±äȨÏÞ£º

host$ chmod 400 /tmp/testfile

host$ ls -l /tmp/testfile

-r-------- 1 mark users 33 2009-06-30 06:06 /tmp/testfile

host$ /usr/local/sbin/cf-agent -f /tmp/test.cf -I

-> Object /tmp/testfile had permission 400, changed it to 612

host$ ls -l /tmp/testfile

-rw---x-w- 1 mark users 33 2009-06-30 06:06 /tmp/testfile

 

    ÔÙÀ´Ò»´Î£¬¼ÇסǰÃæµÄÀý×Ó¹ØÓÚËø¶¨ºÍifelapsedµÄ×¢ÊÍ¡£

    ×¢ÒâÕâ¸ö³ÐŵûÓÐÒ»¸öÏñcfengine_3::µÄÀà±í´ï¡£Èç¹ûûÓÐÈκεÄÉùÃ÷£¬½«²ÉÓÃÕâ¸öĬÈϵÄÀàany:: £¬ËüÒâζ×ÅÈκεÄʱ¼ä£¬Èκεص㣬ÈκÎλÖá£

 

3.3 ¸Ä±äÃÜÂë

ΪÁ˸ıäϵͳµÄ³¬¼¶Óû§ÃÜÂ룬ÎÒÃÇÐèÒª±à¼­Ò»¸öÎļþ¡£Ò»¸öÎļþÊÇÒ»¸ö¸´ÔÓµÄʵÌ壬һµ©´ò¿ª£¬Äǽ«ÊÇÒ»¸ö¾ÍËüÄÚÈÝÐíÏ¿ÉÄܳÐŵµÄÐÂÊÀ½ç¡£Cfengine ÓµÓÐÒ»×éÌرðÓÃÀ´±à¼­³Ðŵ¡£±¸·Ýshadow Îļþ²¢¸´ÖÆËüµ½'/tmp'ÒÔÖÂÄãÄÜʹÓÃËü¡£

 

body common control

{

bundlesequence => { "test" };

}

bundle agent test

{

files:

"/tmp/shadow"

comment => "Set the root password",

edit_line => SetPasswd("root","xyajd673j.ajhfu");

}

 

Õâ¾ÍÊÇÎÒÃÇÐèÒªÔÚµÚÒ»´Î¹Û²ìÖз¢ÏÖÈ¥Àí½âÒѾ­ÐíϵijÐŵ¡£

ÏÂÃæµÄ´úÂëÊôÓÚ±ê×¼¾²Ì¬¿â£¬²¢¿ÉÔÙÀûÓÃÀ´È·±£ÒÔÉϳÐŵ¡£È»¶ø£¬ÓëÆäËûϵͳ²»Í¬£¬Äã¿ÉÒÔÓÃCfengine×Ô¼ºµÄÓïÑÔÀ´À©Õ¹Ëü. Äã²»ÐèÒª×Ô¼º±àд¸´ÔÓµÄËã·¨»òÕßÓµÓÐÒ»¸ö¿ª·¢»·¾³¡£

#

# Òþ²ØµÄ¾²Ì¬¿â´úÂë

#

bundle edit_line SetPasswd(user,value)

{

field_edits:

"$(user):.*"

# ÒÔÓû§Ãû¿ªÊ¼Æ¥ÅäÐÐ

# ÉèÖÃÎļþµÄµÚ¶þ¸ö²ÎÊý

# ÎļþÓµÓиñʽroot:HASH: »òÕß user:HASH:

comment => "Set field 2 of a colon-table",

edit_field => col(":","2","$(value)","set");

}

########################################

body edit_field col(split,col,newval,method)

{

field_separator => "$(split)";

select_field => "$(col)";

value_separator => ",";

field_value => "$(newval)";

field_operation => "$(method)";

extend_fields => "true";

}

 

3.4 ¸üÐÂ×é-¹©Ó¦

ĬÈϵÄcfengine ÅäÖðüº¬ÁËÒ»×é³Ðŵ£¬Ëü°ÑcfengineµÄÔ´´úÂ븴ÖƵ½¸ßËÙ»º´æĿ¼²¢ÇÒ°Ñ·þÎñÆ÷ÉϵIJßÂÔÎļþ¸´ÖƵ½Ä¬ÈϵÄλÖá£Õâ¸öÀý×ÓÊÇÓÃÀ´ËµÃ÷ÔÚ±¾µØÎļþϵͳÉÏ´ÓÒ»¸öÎļþ¸´ÖƵ½ÁíÒ»¸öÎļþ¡£ºóÀ´£¬µ±ÎÒÃǽ¨Á¢Ò»¸ö·þÎñÆ÷×é¼þ£¬Ä㽫Äܹ»´ÓÔ¶³ÌµÄÖ÷»úÉϸ´ÖÆÎļþ¡£ÕâÊÇÒ»¸öÄܹ»×Ô¶¯¸üÐµĹ©Ó¦ÏµÍ³µÄ¼òµ¥ÊµÀý¡£

 

bundle agent update

{

vars:

# Ò»¸öÔ´¸´ÖƵãµÄ±ê׼λÖÃ

"master_location" string => "/var/cfengine/masterfiles";

files:

"/var/cfengine/inputs"

comment => "Update the policy files from the master",

perms => my_p("600"),

copy_from => my_cp("$(master_location)","localhost"),

depth_search => recurse("inf");

"/var/cfengine/bin"

comment => "Update the cached binaries from installation",

perms => my_p("700"),

copy_from => my_cp("/usr/local/sbin","localhost"),

depth_search => recurse("2");

}

ÕâЩ³ÐŵÔÚËüÃǵÄÖ÷ÌåÖаüº¬Á˼¸¸öÎÒÃÇ»¹Ã»¿´¼ûµÄ¡£copy_from ÊôÐÔ¸æËßcfengine ÈçºÎ´Ó·þÎñÆ÷¸´ÖÆÎļþ¡£depth_search ÊôÐÔ¸æËßËüÔÚ×ÓĿ¼¼°ÆäÎļþÖнøÐеݹéËÑË÷¡£

³¢ÊԸıäÔ´ÎļþºÍÖ´ÐдúÀí¡£

ÁíÍâÄÇÓпÉÔÙÓõľ²Ì¬¿âÄ£°å£º

 

body perms my_p(p)

{

mode => "$(p)";

}

#

body copy_from my_cp(from,server)

{

servers => { "$(server)", "failover.example.org" };

source => "$(from)";

compare => "digest";

}

#

body depth_search recurse(d)

{

depth => "$(d)";

exclude_dirs => { "\.X11", ".*kde.*", "logs", "log" };

}

Õâ¶ùÓиöÁ·Ï°£º³¢ÊÔʹÓòο¼ÊÖ²áÀ´²éÕÒÔÚÕâ¸öÀý×ÓÖеÄÔªËØ¡£¿´¿´ÄãÄÜ·ñÀí½âÈ«²¿¡£

 

3.5 ±¨¸æ

Cfengine °üº¬ÁËÒ»¸ö³ÉΪ'cf-report 'µÄ±¨¸æÉú³ÉÆ÷ ¡£ËüÊÇͨ¹ýʹÓÿØÖƲÎÊýÀ´ÅäÖõģ¬Õⲿ·Ö½«ÔÚÏÂÕÂÃèÊö¡£³¢ÊÔÈçÏ£º

host$ /usr/local/sbin/cf-reports

host$ ls ~/.cfagent/reports

host$ mywebbrowser ~/.cfagent/reports/performance.html

 ´ó¶àÊýµÄÕâЩ±¨¸æÆð³õ¶¼Êǿհ׵ģ¬³ý·ÇÄãÔÚcfengineÉÏÒѾ­ÔËÐÐÁËһЩÖØÒªµÄ³Ðŵ¡£

 

3.6 cf-execd

Cfengine °üº¬ÁËÒ»Ïî·þÎñ£¬ËüÓÃÀ´ÔËÐгÆ×÷exec-daemonµÄ´úÀí£¬Õâ¸ö´úÀíÔÚĿ¼¡¯WORKDIR/inputs/promises.cf¡¯ ÒѾ­ÓÐĬÈÏÅäÖá£Èç¹ûÄãÖ±½ÓÖ´ÐÐÔ´´úÂ룬Ëü½«Ö±½Ó½øÈëºǫ́²¢Ä¬ÈÏÿÎå·ÖÖÓÖ´ÐÐ'cf-agent'ÉϵÄĬÈϲßÂÔ¡£

Äã¿ÉÒÔ³¢ÊÔÔÚǰ̨³ÌÐòÖÐÔËÐУº

host$ /usr/local/sbin/cf-execd -F

µ±ÄãÏñÕâÑùÔËÐÐcfengine ,À´×ÔÓÚcfengineµÄÈκÎÊä³ö½«±»ÊÕ¼¯²¢·ÅÔÚÔÚ¡¯WORKDIR/outputs¡¯Ä¿Â¼ÖС£Èç¹ûÄãÒѾ­ÅäÖÃÁËÒ»¸öÓʼþµØÖ·²¢ÇÒÄãµÄÖ÷»úÕýÔÚÔËÐÐSMTP·þÎñ£¬Õâ¸öÊä³ö½«ÒÔÓʼþÐÎʽ·¢ËͳöÈ¥¡£ÎªÁËÈç´ËÅäÖã¬ÄãÒªÔÚ¡®promises.cf¡¯ÎļþÖмÓÈëÒ»¸ö¿ØÖÆÖ÷Ìå¡£

body executor control

{

splaytime => "1";

mailto => "cfengine_mail@example.org";

smtpserver => "localhost";

mailmaxlines => "30";

}

ÕâЩÆäËûµÄÐиıäÁËÖ´ÐÐÕß¹ÌÓÐÐÐΪµÄ²»Í¬·½Ãæ¡£ÀýÈ磬ÔÚÖ´ÐдúÀíÇ°µÄÒ»¸ö¸ºÔØƽºâµÄʱ¼äÑÓ³Ù£¬Ò»¸öÓÊÏäµØÖ·£¬SMTP Óʼþ·þÎñµÄ±ðÃûºÍIPµØÖ·£¬»¹Óб»°üº¬ÔÚ·¢³öµÄÈκÎÓʼþÖеÄÊä³öµÄ×î¶àÐÐÊý¡£

ͨ¹ýcfengineµÄÅäÖã¬ÄãÓ¦¸Ã¿ªÊ¼Ã÷°×ËüµÄģʽ¡£ÔÚÏÂÒ»Õ½ڣ¬ÎÒÃǽ«Á˽âÒ»ÏÂÕâЩһ°ãµÄ»ù±¾ÄÚÈÝ¡£

 

4  Ò»¸ö¸ÅÄîÉϵļòµ¥ËٳɿÎ

4.1 ¹æÔò¾ÍÊdzÐŵ

Cfengine 3ÖеÄÒ»Çж¼¿ÉÒÔ±»½âÊÍΪһ¸ö³Ðŵ¡£³Ðŵ¿ÉÒÔ±»Öƶ¨¹ØÓÚËùÓв»Í¬ÖÖÀàµÄÖ÷Ì⣬´ÓÎļþµÄÊôÐÔµ½ÃüÁîµÄÖ´Ðм°·ÃÎÊ¿ØÖƾö¶¨ºÍ֪ʶÁªÏµ¡£

 Õâ¸ö¼òµ¥µ«Ç¿´óµÄÀíÄî±£³ÖÔÚcfengine Óï·¨ÉϵÄÒ»ÖÂÐÔ¡£ÔÚ±à³ÌÓïÑÔÖÐÖ»ÓÐΨһµÄÒ»¸öÓÃ×÷ÉùÃ÷µÄÓï·¨¸ñʽ£¬ÕâÊÇÐèÒªÄãÖªµÀµÄ¡£Ëü¿´ÉÏÈ¥Ò»°ãÏñÕâÑù£º

type:

classes::

 "promiser" -> { "promisee1", "promisee2", ... }

     attribute_1 => value_1,

     attribute_2 => value_2,

     ...

     attribute_n => value_n;

 

ÎÒÃÇ̸µ½³ÐŵÕߣ¨Öƶ¨³ÐŵµÄ³éÏóʵÌ壩£¬³ÐŵÈËÊdzÐŵÖƶ¨µÄ¶ÔÏóʵÌ壬²¢ÇÒÄÇÓÐһϵÁеĹØϵ±í£¬ÎÒÃdzÆÆäΪ³ÐŵµÄÖ÷Ìå¡£³ÐŵµÄÖ÷ÌåºÍ³ÐŵÕßµÄÀàÐ͸æËßÁËÎÒÃÇÆäÖеÄÒªÁì¡£

³ÐŵÕß×ÜÊDZ»³ÐŵӰÏìµÄ¶ÔÏó¡£

 

²¢²»ÊÇËùÓеÄÕâЩԪËØÿ´Î¶¼ÊDZØÒªµÄ¡£Ò»Ð©³Ðŵ°üº¬Á˺ܶàÒþº¬µÄÐÐΪ¡£ÔÚÆäËûÇé¿öÏÂÎÒÃÇ¿ÉÄÜÏë¸ü¼ÓÃ÷ȷЩ¡£ÀýÈ磬×î¼òµ¥µÄ±¨¸æ³ÐŵÈçÏ£º

      reports:

      "hello world";

 

×î¼òµ¥µÄÃüÁî³ÐŵÈçÏÂ:

  Commands:

  "/bin/echo hello world";

 

³ÐŵÓгýÁ˳ÐŵÕßÒÔΪµÄÆäËûÒ»ÇеÄĬÈÏÊôÐÔ£¬ÀýÈ磬ִÐгÐŵµÄÃüÁî´®£¬Ò»¸ö¸ü¸´ÔӵijÐŵ°üº¬Á˺ܶàÊôÐÔ£º

 

# ³ÐŵÀàÐÍ

files:

# ÐíŵÕß ->  ³ÐŵÕß (Èç¹ûÖ»ÓÐÒ»ÐУ¬²»ÐèÒª»¨À¨ºÅ)

"/home/mark/tmp/test_plain" -> "system blue team",

# ÊôÐÔ => Öµ

comment => "This comment follows the rule for knowledge integration",

perms => users("@(usernames)"),

create => "true";

 

    ³ÐŵÕßµÄÁÐ±í±»ÓÃÀ´ÌṩÖÆ×÷Îĵµ£¬¶ø²»±»cfengine ʹÓã¬ÕýÈçÃüÁîÊôÐÔ£¨¿ÉÒÔ±»Ìí¼Óµ½ÈκεijÐŵÖУ©³ýÁËÔÚ´íÎó¸ú×ÙºÍÉó²éÉϸøÓû§Ìṩ¸ü¶àµÄÐÅÏ¢Í⣬ûÓÐÆäËûʵ¼ÊµÄ¹¦ÄÜ¡£

    ÔÚÕâ¸öÀý×ÓÖÐÄã¿´µ½¼¸¸ö²»Í¬ÀàÐ͵ÄʵÌå¡£ÔÚcfengine3ÖеÄËùÓÐ×Ö·û´®£¨ÀýÈç¡°true ¡±£©±ØÐë¼ÓÉÏÒýºÅ¡£ÕâÌṩÁ˾ø¶ÔµÄÒ»ÖÂÐÔ£¬Ê¹ÀàÐͼì²é¸ü¼òµ¥£¬´íÎó¾ÀÕýÄÜÁ¦¸üÇ¿´ó¡£ËùÓÐÀàËƺ¯ÊýµÄʵÌ壨ÀýÈç users("..")£©ÒªÃ´ÊÇǶÈëµÄÌرðº¯Êý£¬ÒªÃ´ÊÇÔÚÓÒ²à´øÓÐÄÚÈݵIJÎÊý»¯Ä£°å¡£

 

4.2 ¿ØÖƳÐŵ

Cfengine ×é¼þÖƶ¨µÄijЩ³ÐŵÒѾ­Ôú¸ùÔÚËüÃǵĴúÂëÖС£ÀýÈ磬ͨ¹ýÓʼþ·¢ËÍÊä³öµ½Ò»¸öÕýÈ·µØÖ·µÄ³Ðŵ£¬»òÔÚÖظ´¼ì²éÒ»¸ö³Ðŵ֮ǰ£¨ifelapsed£©µÄµÈ´ýʱ¼ä³Ðŵ¡£ËäÈ»ÕâЩ³ÐŵÊǹÌÓеģ¬µ«ËüÃǵÄÐÐΪ¿ÉÒÔ±»¸Ä±ä¡£ÔÚcfenigne , ÐÐΪ×ÜÊÇÊܵ½³ÐŵÖ÷ÌåµÄÔ¼Êø¡£Òò´Ë¹ÌÓеÄÐÐΪËæ×Åÿ¸ö¿ØÖÆÖ÷ÌåµÄ¸Ä±ä¶ø¸Ä±ä¡£ÄãÄÜÔڲο¼ÊÖ²áÖÐÕÒµ½ÕâЩ¿É¸Ä¶¯µÄ²ÎÊý¡£

    Common ×éÊÇ×îÖØÒªµÄ×飬Äܱ»ËùÓÐcfengineµÄ×é¼þ¶ÁÈ¡¡£Ëü°üº¬Á˳Ðŵ×éµÄÁÐ±í£¬Õâ¸öÁбíÓ¦¸Ã±»¶ÁÈë²¢Òò³Ðŵ½¨Òé¶ø±»¼ì²é¡£ÔÚ`promises.cf 'ÎļþÖУº

 

body common control

{

bundlesequence => {

"update",

"garbage_collection",

"main",

"cfengine"

};

inputs => {

"update.cf",

"site.cf",

"library.cf"

};

}

#######################################################

body agent control

{

#Èç¹ûĬÈÏÔËÐÐʱ¼äÊÇ5·ÖÖÓ£¬ÎªÁ˳¤µÄ×÷ÒµÎÒÃÇÐèÒªÕⲿ·Ö 

 

ifelapsed => "15";

}

#######################################################

body monitor control

{

forgetrate => "0.7";

histograms => "true";

}

#######################################################

body executor control

{

splaytime => "1";

mailto => "cfengine_mail@example.org";

smtpserver => "localhost";

mailmaxlines => "30";

}

#######################################################

body reporter control

{

reports => { "performance", "last_seen", "monitor_history" };

build_directory => "/tmp/nerves";

report_output => "html";

}

#######################################################

body runagent control

{

hosts => {

"127.0.0.1"

# , "myhost.example.com:5308", ...

};

}

#######################################################

body server control

{

allowconnects => { "127.0.0.1" , "::1" };

allowallconnects => { "127.0.0.1" , "::1" };

trustkeysfrom => { "127.0.0.1" , "::1" };

# ÈøüкÍÔËÐÐÒ»´ÎÐÔ·¢Éú

cfruncommand => "$(sys.workdir)/bin/cf-agent -f failsafe.cf &&

$(sys.workdir)/bin/cf-agent";

allowusers => { "root" };

}

 

4.3 ±äÁ¿

±äÁ¿£¨»ò"±äÁ¿¶¨Òå"£©Ò²ÊdzÐŵ—±íʾËüÃÇÖµµÄ³Ðŵ¡£ÎÒÃÇ¿ÉÒÔÔÚÈκγÐŵ×éÖÐдÏÂÕâЩ¡£Cfengine ÈÏʶµ½Á½¸öʵÌåÀàÐÍ£º±êÁ¿ºÍÁÐ±í£¨ÁÐ×é°üÀ¨0»ò¸ü¶àµÄʵÌ壩£¬»¹ÓÐÈý¸öÊý¾ÝÀàÐÍ£¨×Ö·û´®£¬ÕûÊýºÍʵÊý£©¡£ÔÚcfengine µÄÊäдÊÇÁé»îµÄ£¬ÕýÈçÔÚPerl ºÍÆäËûµÄ½Å±¾ÓïÑÔÖС£Òò´ËÈκÎÊý¾ÝÀàÐ͵ıäÁ¿¿ÉÄܱ»µ±×÷×Ö·û´®¡£

 

4.3.1 ±êÁ¿±äÁ¿

±êÁ¿±äÁ¿ÓµÓÐÒ»¸öµ¥Ò»µÄÖµ¡£ÉùÃ÷ÈçÏÂ:

bundle <type> name

{

vars:

"my_scalar" string => "String contents...";

"my_int" int => "1234";

"my_real" real => "567.89";

}

 

    `<type>' ±íʾÈκÎÀàÐ͵Ä×éÊÊÓÃÓÚÕâÀï¡£±êÁ¿±äÁ¿Í¨¹ý `$(name)' (or `${name}')±»ÒýÓ㬲¢ÇÒËüÃÇÿһ´Î´ú±íÒ»¸öµ¥Ò»µÄÖµ¡£

l          ²»´ø»·¾³µÄ±êÁ¿ £¬ÀýÈç `$(myvar)' Ö»ÏÞÓÚµ±Ç°×é

l          Èç¹ûÓÐÈËʹÓÃÁË»·¾³À´¼ìÑéËü£¬ÄÇô±êÁ¿ÔÚÈκ䦶¼¿ÉÓá£ÀýÈ磬`$(context.myvar)' ÓÃÓÚ·ÃÎʶÁÈ¡'context'×éÖеÄ'myvar'±äÁ¿.

 

4.3.2 Áбí±äÁ¿

Áбí±äÁ¿ÓµÓм¸¸öÖµ¡£ ÉùÃ÷ÈçÏ£º

bundle <type> name

{

vars:

"my_slist" slist => { "list", "of", "strings" };

"my_ilist" ilist => { "1234", "5678" };

"my_rlist" rlist => { "567.89" };

}

 

   Ò»¸öÁбí»á´øÓзûºÅ`@'×÷Ϊ²Î¿¼£¬µ«ÊÇÔÚ×Ö·û´®ÖÐ,Õâ¸ö²Î¿¼Í¨³£Ã»ÓÐÈκÎÒâÒå¡£¾Ù¸öÀý×Ó:

 

  reports:

     cfengine_3::

       "My list is @(my_slist)";

 

ÕâûÓÐÈκÎÒâÒå²¢ÇÒ²»ÄÜÕ¹¿ª£¨Ëü²»²úÉúÒ»¸ö´íÎ󣬵«Ïà·´²åÈëÎÄ×ÖÄÚÈÝ@(my slist)µ½×Ö·û´®ÖУ©£»µ«ÊÇÈç¹ûÎÒÃÇʹÓñêÁ¿ÒýÓõ½Ò»¸öÁбí±äÁ¿£¬cfengine½«ÔÚÕâ¸öÁбíÖÐÖظ´Õâ¸öÖµ£¬ÓбØÒª½«Ëü¹é½øÈëÒ»¸ö³ÐŵÁÐ±í¡£

¼ò¶øÑÔÖ®£º

l         ±êÁ¿ÒýÓõ½local µÄÁбí±äÁ¿Òâζ×ŵü´ú¡£ÀýÈ磬¼ÙÉèÎÒÃÇÒѾ­Óб¾µØÁбí±äÁ¿`@(list)', ÄÇô±êÁ¿`$(list)' Òâζ×ÅÔÚÁбíÿһ¸öÖµµÄÒ»´Îµü´ú¡£

l         Áбí¿ÉÔÚÈκλ·¾³ÖÐÈ«¾ÖͨÓ㬲¢ÇÒÓà `@(list)'±íʾ,

    e.g.

    vars:

    "longlist" slist => { @(shortlist), "plus", "plus" };

    "shortlist" slist => { "you", "me" };

    ÉùÃ÷µÄ˳Ðò²»ÖØÒª—cfenging ½«Ö´ÐзÖÅä±äÁ¿`@(shortlist)'µÄ³Ðŵ£¬È»ºóÖ´ÐзÖÅä±äÁ¿    `@(longlist)' µÄ³Ðŵ¡£

 

l         Ö»Óб¾µØÁбí¿ÉÒÔÖ±½ÓÕ¹¿ª¡£Òò´Ë`$(list)' ¿ÉÒÔ±»Õ¹¿ª¶ø²»ÊÇ`$(context.list)' ¡£Èç¹ûÄãÏëÓÃËüÃÇÀ´µü´ú£¬È«¾ÖÁбíÒýÓñØÐëÓ³Éäµ½Ò»¸ö±¾µØ»·¾³ÖС£ÎªÁ˸ü¶àµÄÁ˽âÇë¿´²Î¿¼Êֲᡣ

4.3.3 ¹ØÁªµÄÊý×é

¹ØÁªµÄÊý×é±äÁ¿Ò²ÓµÓм¸¸öÖµ¡£ÉùÃ÷ÈçÏ£º

   bundle <type> name

{

vars:

"switches[mellow]" int => "1";

"switches[relaxed]" int => "1";

"off_keys" slist => { "red", "grouchy", "coarse", "febrile" };

"switches[$(off_keys)]" int => "0";

}

 

ΪÁËÁ˽â¹ØÁªÊý×é`getindices' µÄ¹¦ÄܺÍÆäËûϸ½Ú²¿·Ö£¬Çë¿´²Î¿¼Êֲᡣ

 

4.4  ¾ö¶¨

CfengineµÄ¾ö¶¨ÊÇÔÚºǫ́×÷³öµÄ£¬È·¶¨µÄ¶Ô»ò´íÌáÒéµÄ½á¹û±»´¢´æÔÚ²¼¶ûÖµÖУ¬±»³ÆΪÀà¡£

ÔÚcfengine ÖÐûÓÐif-then-else ÉùÃ÷Óï¾ä¡£ËùÓеľö¶¨ÊÇͨ¹ýÀàÀ´×÷³öµÄ¡£

    Cfengine ÔÚÿһ̨µçÄÔÉ϶ÀÁ¢µØÔËÐУ¬Ã¿´Îµ±Ëü»½ÐÑDZÔÚµÄͨÓôúÀíƽ̨£¬ËüÄÜ·¢ÏÖÔËÐл·¾³»ò±³¾°µÄÌØÐÔ²¢ÇÒ½øÐйéÀà¡£

    Àà·Ö³ÉÓ²¼þÐÍ£¨¹«¿ªµÄ£©ºÍÈí¼þÐÍ£¨×Ô¶¨ÒåµÄ£©¡£Ò»¸ö¼òµ¥µÄÓ²¼þÐÍÀà¿ÉÒÔÊǼ¸ÖÖÇé¿öµÄÆäÖÐÖ®Ò»£º

l         Ò»¸ö²Ù×÷ϵͳ¼Ü¹¹µÄÃüÃû £¬ÀýÈç ultrix ,sun4µÈµÈ¡£

l         Ò»¸öרÓÃÖ÷»úµÄδÏÞ¶¨Ãû×Ö¡£Èç¹ûÄãµÄϵͳ·µ»ØÒ»¸öÍêÈ«ÏÞ¶¨µÄÖ÷»úÓòÃû£¬cfengine½«ÉáÈ¥µÚÒ»²¿·Ö¡£×¢Ò⣺www.sales.company.com ºÍ www.research.company.com ÓÐÏàͬµÄδÏÞ¶¨Ãû×Ö¡£

l         Ö÷»úµÄÒ»¸ö×Ô¶¨Òå×éµÄÃû×Ö

l         Ò»ÐÇÆÚÖÐÒ»Ì죨ÒÔMonday, Tuesday, Wednesday, .. ¸ñʽ±íʾ£©

l         Ò»ÌìÖеÄһСʱ£¬Ä¿Ç°Ê±Çø£¨ÒÔHr00, Hr01 ... Hr23 ¸ñʽ±íʾ£©

l         Ò»ÌìÖеÄһСʱ£¬¸ñÁÖÍþÖÎʱ¼ä£¨ÒÔGMT_Hr00, GMT_Hr01 ... GMT_Hr23¸ñʽ±íʾ£©¡£ÕâÓëÊÀ½çͬ²½£¬ÒÔ·ÀÄãÐèÒª¸Ä±äºÏ×÷ʱ±£³Öʵ¼ÊµØͬ²½

l         СʱÖеķÖÖÓ£¨ÒÔMin00, Min17 ... Min45¸ñʽ±íʾ£©

l         СʱÖеÄ5·ÖÖÓ¼ä¸ô£¨ÒÔMin00_05, Min05_10 ... Min55_00¸ñʽ±íʾ£©

l         ÿһ¿ÌÖÓ£¨ÒÔQ1, Q2, Q3, Q4¸ñʽ±íʾ£©

l         Ò»ÔÂÖÐÒ»Ì죨ÒÔDay1, Day2, ... Day31¸ñʽ±íʾ£©

l         Ò»¸öÔ£¨ÒÔJanuary, February, ... December¸ñʽ±íʾ£©

l         Ò»Ä꣨ÒÔYr1997, Yr2004¸ñʽ±íʾ£©

l         Ò¹Íí¡¢Ô糿¡¢ÏÂÎçºÍ°øÍíµÄÒ»¸öת»»£¬»®·ÖΪ6СʱµÄʱ¼ä¿é£¬ÒÔʱ¼ä00£º00¿ªÊ¼

l         Ò»¸öÉúÃüÖÜÆÚµÄË÷Òý£¬¾ÍÊÇÄêÊýÒÔ3Ϊģ £¨Ê¹ÓÃÔÚ³¤ÆÚ×ÊÔ´µÄÄÚ´æÖУ©

l         Ò»¸öÈÎÒâµÄ×Ô¶¨Òå´®

l         ÈκÎÓÐЧ½Ó¿ÚµÄIP µØÖ·°Ëλ×飨ÒÔipv4_192_0_0_1,ipv4_192_0_0, ipv4_192_0, ipv4_192¸ñʽ±íʾ£©

 

    À´¿´¿´ËùÓж¨ÒåÔÚרÓÃÖ÷»úÉϵÄÀà £¬ÔËÐÐ

      host# cf-promises –v

    ×÷Ϊһ¸öÏíÓÐÌØȨµÄÓû§¡£×¢ÒâÆäÖеÄһЩÀàÖ»ÓÐÔÚÓÃcfenvd½¨Á¢ÐÅÈÎÁ¬½ÓµÄÇé¿öϲÅÄÜÉ趨¡£ÀýÈ磬Èç¹û¶¼ÒÔÌØȨÔËÐУ¬ÄÇôÎļþ`/var/cfengine/state/env_data' ÊÇ°²È«µÄ¡£¸ü¶à¹ØÓÚÀàµÄÐÅÏ¢¿ÉÒÔ²ÎÓÐ¹Ø allclasses .

    ×Ô¶¨ÒåÐÍ»òÈí¼þÐÍÀà±»¶¨ÒåÔÚ×éÖС£ÀàÐÍcommonµÄ×é¿ÉÒÔÒÔÀà±íʾ£¬¾ßÓÐÈ«¾ÖÐÔ£¬È»ºóÔÚÆäËû×éÀàÐÍÖÐÊDZ¾µØ¿ÉÓõġ£µ±ÆÀ¹À×éʱ£¬Èí¼þÐ͵ÄÀàÒ²±»ÆÀ¹ÀÁË¡£ËüÃÇ¿É»ùÓÚ²âÊÔ¹¦ÄÜ»òÕßÀ´×ÔÆäËûÀàÐ͵ÄÀࣺ

bundle agent myclasses

{

classes:

"solinus" expression => "linux||solaris";

# Áгö¸ñʽÓÐÒæÓÚËù°üÀ¨µÄ¹¦ÄÜ

"alt_class" or => { "linux", "solaris", fileexists("/etc/fstab") };

"oth_class" and => { fileexists("/etc/shadow"), fileexists("/etc/

passwd") };

reports:

alt_class::

# Õ⽫ÔÚ linux, solaris,»òÈκÎϵͳÖÐÖ»±¨¸æ "Boo!"

# ϵͳÉϵÄÎļþ /etc/fstab ´æÔÚ

"Boo!";

}

 

Àà¿ÉÒÔÓëÔËËã·û½áºÏ£¬ÓÅÏȼ¶°´´Ó¸ßµ½µÍµÄ˳ÐòÁгö£º

`()'    À¨ºÅ×éÔËËã·û

`!'     ·ÇÔËËã·û

`.'     Âß¼­ÓëÔËËã·û

`&'    Âß¼­ÓëÔËËã·û (¶þÑ¡Ò»)

`|'     Âß¼­»òÔËËã·û

`||'     Âß¼­»òÔËËã·û(¶þÑ¡Ò»).

 

ËùÒÔÏÂÃæµÄ±í´ïÊÇÕýÈ·µÄ:ÔÚWindows XPϵͳÖÐÓÚÐÇÆÚÒ»»òÐÇÆÚÈýµÄÏÂÎç2µãµ½2£º59 :

 

       (Monday|Wednesday).Hr14.WinXP::

 

¿´¿´ÏÂÃæ¸ü¸´ÔÓµÄÀý×Ó¡£ÔÚcommon ÀàÐÍ×éµÄ³Ðŵ¾ßÓÐÈ«¾ÖÐÔ£¬¶øËùÓÐÆäËûµÄ³ÐŵֻÏÞÓÚËûÃǸ÷×ÔµÄ×éÖС£

 

body common control

{

bundlesequence => { "g","ls_1", "ls_2" };

}

#################################

bundle common g

{

classes:

# "zero" ³Ðŵ×ÜÊÇÄÜÂú×㣬Ëü²»ÏÞ·¶Î§

"zero" expression => "any";

}

#################################

bundle agent ls_1

{

classes:

# "one" ³Ðŵ×ÜÊÇÄÜÂú×㣬ËüÖ»ÏÞÓÚls_1µÄ·¶Î§

"one" expression => "any";

}

#################################

bundle agent ls_2

{

classes:

# "two" ³Ðŵ×ÜÊÇÄÜÂú×㣬ËüÖ»ÏÞÓÚls_2µÄ·¶Î§

"two" expression => "any";

reports:

zero.!one.two::

# Õâ¸ö±¨¸æ@b½«»á±»Éú³É

"Success";

}

 

    ÔÚÕâÀïÎÒÃÇ¿´µ½`zero'Àà¾ßÓÐÈ«¾ÖÐÔ¶ø`one'ÀàºÍ`two' ÀàÊÇÏÞÖÆÔÚ±¾µØʹÓõġ£ÒòΪֻÓÐ `zero' and `two' ÔÚ`ls_2'×éµÄ·¶Î§ÄÚ¡££¬Òò´Ë`Success'µÄ±¨¸æ½á¹ûÊÇÕýÈ·µÄ result is therefore (²¢ÇÒ`ls_2' ×éµÄÀà±í´ïÒªÇó`zero'ºÍ`two' ¶¼ÊÇÕýÈ·µÄ£¬³ýÁË`one'Ö®Íâ)¡£

 

4.5 Ñ­»·³ÌÐò

µ±ÄãÒÔ³ÌÐòÔ±µÄ˼άÀ´Ë¼¿¼£¬Èç¹ûÄãÔÚcfengine ÖÐÑ°ÕÒÑ­»·³ÌÐò£¬ÄÇôÎÒÃÇÐèÒª¶ÔÄã½øÐÐÒ»²¿·ÖµÄÏ´ÄÔ¡£Cfengine ²»ÊÇÒ»ÖÖÒâζןøÄãµÍ¼¶µÄ¿ØÖÆȨÏ޵ıà³ÌÓïÑÔ£¬ËüÖ»ÊÇÒ»Ì×¾ßÌåÃèÊö¹ý³ÌµÄÉùÃ÷¡£Õâ¾ÍÏ൱ÓÚ×ÔÐгµÉϵijÝÂֺʹ«ËÍÉ豸ÉϵÄ×Ô¶¯´«ËÍ´øµÄÇø±ðÖ®´¦¡£

    ÔÚcfengine ÖÐÑ­»·³ÌÐòÊÇÒþº¬Ö´Ðеģ¬µ«Ã»ÓпɼûµÄ»úÖÆ£¬ÒòΪÕâÑù»á·ÖÉ¢Á˶ԳÐŵÒâͼµÄ×¢ÒâÁ¦¡£±í´ïËûÃǵķ½Ê½ÊÇͨ¹ýÁÐ±í¡£

    Ñ­»·³ÌÐòȷʵÊÇÒ»ÖÖÔÚÒ»¸öÁбíÖеü´úÒ»¸ö±äÁ¿µÄ·½·¨¡£¿´¿´Ï±ߡ£

body common control

{

bundlesequence => { "example" };

}

###########################################################

bundle agent example

{

vars:

# ÕâÊÇÒ»¸öÁбí

"component" slist => { "cf-monitord", "cf-serverd", "cf-execd" };

#ÕâÊÇÒ»¸ö¹ØÁªÊý×é

"array[cf-monitord]" string => "The monitor";

"array[cf-serverd]" string => "The server";

"array[cf-execd]" string => "The executor, not executionist";

reports:

cfengine_3::

"$(component) is $(array[$(component)])";

}

 

Êä³öÈçÏÂËùʾ£º

/usr/local/sbin/cf-agent -f ./unit_loops.cf -K

R: cf-monitord is The monitor

R: cf-serverd is The server

R: cf-execd is The executor, not executionist

 

    Äã´ÓÕâÀï¿´µ½£¬Èç¹ûÎÒÃÇÉæ¼°µ½Ò»¸öʹÓñêÁ¿ÒýÓÃÔËËã·û'$()'µÄÁбí±äÁ¿£¬cfengine½«½øÐжԴ˱àÒ룬¼´µü´úÁбíÖÐËùÓеÄÖµ¡£Òò´ËΪÎÒÃÇÒѾ­ÓÐÒ»¸ö·Ç³£ÓÐЧµÄ'foreach' Ñ­»·£¬¶ø²»ÐèÒª¼ÓÈëÆäËûµÄÈκεÄÓï·¨¡£

 

4.6 Ö÷ÒªµÄ³ÐŵÀàÐÍ

ÒÔϵijÐŵÀàÐÍ¿ÉÒÔÔÚÈκÎ×éÖÐʹÓãº

vars               Ò»¸ö±íʾֵµÄ±äÁ¿µÄ³Ðŵ

classes             Ò»¸ö±íʾϵͳ״̬µÄ³Ðŵ

reports             Ò»¸ö±¨¸æÐÅÏ¢µÄ³Ðŵ

 

ÕâЩÁíÍâµÄ³ÐŵÀàÐÍÖ»ÄÜÔÚ´úÀí×éÖÐʹÓãº

commands          Ò»¸öÖ´ÐÐÃüÁîµÄ³Ðŵ

databases           Ò»¸öÅäÖÃÊý¾Ý¿âµÄ³Ðŵ

files               Ò»¸öÅäÖÃÎļþµÄ³Ðŵ£¬°üÀ¨ËüµÄ´æÔÚ£¬ÊôÐÔÒÔ¼°ÄÚÈÝ

interfaces           Ò»¸öÅäÖÃÍøÂç½Ó¿ÚµÄ³Ðŵ

methods            Ò»¸ö³Ðµ£Õû¸ö×éµÄ³Ðŵ

packages           Ò»¸ö°²×°°üµÄ³Ðŵ

storage             Ò»¸ö¼ìÑ鸽¼Ó´æ´¢Æ÷µÄ³Ðŵ

 

ÕâЩ³ÐŵÀàÐÍÊôÓÚÆäËûµÄ×é¼þ£º

access              Ò»¸öÊÚȨ»ò¾Ü¾ø·ÃÎÊÔÚcf-serverdÖеÄÎļþ¶ÔÏóµÄ³Ðŵ

measurements       Ò»¸ö´Óϵͳ¹ÀÁ¿Êý¾Ý»ò³éÑùÊý¾Ý³Ðŵ£¬ÓÃÀ´ÔÚ cf-monitord¼à²âºÍ±¨¸æ

                    (Cfengine ³õ¼¶°æ±¾ÒÔ¼°¸üеİ汾).

roles                µ±ÔÚcf-serverdÉÏÔ¶³ÌµÄÔËÐÐcf-agent ,Ò»¸öÔÊÐíÌض¨µÄÓû§¼¤»îÌض¨

                    ÀàµÄ³Ðŵ

topics            Ò»¸öÔÚcf-know½«ÖªÊ¶ÓëÃû×ÖºÍÆäËû¿ÉÄܵÄÖ÷ÌâÁªÏµÆðÀ´µÄ³Ðŵoccurrences         Ò»¸öÔÚcf-knowÖÐÖ¸Ïò»òÉ漰֪ʶ×ÊÔ´µÄ³Ðŵ

 

 

5. ʹÓÃcfengine×÷Ϊǰ¶Ë»òÕß´úÌæcron

5.1 ÎÒÐèҪʹÓÃcronÂð?

Unix µÄcronÃüÁîÊÇÓÐÓõģ¬µ«ËüʹÓÃÆðÀ´ÓÖÍùÍù·Ç³£±¿×¾¡£ Cfengine µÄÒ»´óÓŵã¾ÍÊÇËüÄÜʹÓÃÀಢͨ¹ýÒ»¸ö»òÕ߶à¸öÎļþʶ±ð²»Í¬µÄϵͳ¡£Ðí¶à¹ÜÀíÔ±ÈÏΪÈç¹ûcron½ø³ÌÒ²ÄÜÒÔÕâÖÖ·½Ê½¹¤×÷£¬ÄǸöàºÃ¡£ Ò»ÖÖ´ÓÈ«¾ÖÅäÖõĽǶÈÉèÖÃcronµÄ¿ÉÐз½·¨¾ÍÊÇʹÓÃcfengineµÄÎı¾±à¼­¹¦ÄÜÀ´·Ö±ð±à¼­Ã¿Ò»¸öcronÎļþ¡£µ«²»¹ÜÔõÑùÕâÖÖ·½·¨»¹ÊÇ´í¹ýÁËÒ»¸öºÜÃ÷ÏԵĻú»á¡£

Ò»¸ö¸üºÃµÄ·½·¨ÊÇʹÓÃcfengineµÄʱ¼äÀàÈÃcronÒÔÓû§½Ó¿ÚµÄ·½Ê½¹¤×÷¡£ ÕâÖÖ·½·¨¿ÉÒÔÈÃÄãÓµÓÐÒ»¸öµ¥¶ÀµÄ°üº¬ÁËϵͳËùÓÐcronÈÎÎñµÄcfengineµÄÖ÷ÒªÎļþ£¬²¢ÇÒ²»»áʧȥcronËùÌṩ¸øÄãµÄÖն˿ØÖÆ¡£ÕâÖÖ·½·¨¾ß±¸ÁËËùÓÐÆÕ±éµÄÓŵã:

µ±Äã°ÑËùÓеĶ«Î÷¶¼·ÅÔÚÒ»´¦Ê±£¬ Ëü»áʹµÃ±£³Ö¸ú×ÙÄãµÄϵͳÕýÔÚÔËÐÐʲôÑùµÄcronÈÎÎñ±äµÄ¸üÈÝÒס£

Äã¿ÉÒÔʹÓÃËùÓÐÄ㾫ÐÄÉè¼ÆµÄ×éºÍÓû§¶¨ÒåµÄÀàÀ´Ê¶±ðÄÄÒ»¸öÖ÷»úµÃÒªÓÐÔËÐÐÄÄЩ³ÌÐò¡£

Õâ¸ö»úÖƵĺËÐÄ˼ÏëÊÇÔÚÿһ¸öϵͳÉÏÉèÖÃÒ»¸ö¹æÂɵÄcronÈÎÎñ,Õâ¸öÈÎÎñ»á°´Ò»¶¨µÄƵÂʼä¸ôÖ´ÐÐcfagent¡£ ÿ´Îcfagent Æô¶¯ºó£¬ Ëü»áÆÀ¹ÀÒ»ÏÂʱ¼äÀಢÇÒÖ´ÐÐÅäÖÃÎļþÖж¨ÒåµÄshellÃüÁͨ¹ýÕâÖÖ·½Ê½ ÎÒÃÇʹÓÃcfagent·â×°cronµÄ½Å±¾,´Ó¶ø¿ÉÒÔʹÓÃcfengineµÄÀàÀ´¿ØÖƶà¸öÖ÷»úµÄÈÎÎñ¡£ CfengineµÄʱ¼äÀàÖÁÉÙÓëcronµÄʱ¼ä˵Ã÷ÊéµÄ¹¦Äܲ¶àÇ¿´ó£¬ ËüÃÇ»¹Ôö¼ÓÇøÓò¿ØÖƵŦÄÜ¡£ÕâÒ»µãÍêÈ«²»»áÏÞÖÆÄ㣬¼ûÕ½Ú5.5 [´´½¨Áé»îµÄʱ¼äÀà]£¬µÚ32Ò³¡£×öÕâЩµÄΨһµÄ´ú¼Û¾ÍÊÇÐèÒª½âÎöcfenginÖÐÎ޹ؽôÒªµÄÎļþ¡£

 

ÎÒÊÇ·ñÐèҪʹÓÃCRON? ²»ÐèÒª¡£ÓÐÁËcfengineµÄ cf-execd, Äã¾Í²»ÐèҪʹÓÃcronÁË£¬cfengineÄܹ»×Ô¶¯°²ÅźÃÒ»ÇС£¹ØÓÚÊÇÑ¡ÔñÒÔºǫ́³ÌÐòµÄģʽ£¨daemon mode£©»¹ÊÇ·â×°µÄģʽ(wrapped mode)À´ÔËÐÐcf-execd£¬ÕâÍêÈ«ÓÉÄãÀ´¾ö¶¨¡£ÔÚcfengineµÄÉÌÒµ°æ±¾ÖУ¬¿ÉÖ´Ðеĺǫ́³ÌÐò(exec daemon)¾ß±¸Á˸ü¼Ó¾«Ï¸µÄ¿É¿¿ÐÔ¡£ÔÚ¿ªÔ´µÄ°æ±¾ÖУ¬ÄãÒ²Äܹ»·Ç³£ÊæÊʵÄʹÓÃcfengine¶ÀÁ¢µØ¼àÊÓϵͳ£¬ÓÈÆäÊÇÓöµ½Ô´´úÂë¸üеĹý³ÌÖгöÏÖµÄÔËÐгÌÐòÓÉÓÚ³ö´í¶øËÀ»úµÄÇé¿ö¡£

 

5.2 µ¥Ò»cronÈÎÎñµÄʵÏÖ

ΪÁËÄܸüÃ÷È·µÄ˵Ã÷£¬¼ÙÉèÎÒÃÇÔÚÄãµÄÍøÂçµÄÿһ̨Ö÷»úÉ϶¼°²×°ÁËÒÔÏ嵀 ¡®crontab¡¯Îļþ£º

#

# CronÈ«¾ÖÎļþ

#

*/5 * * * * /usr/local/sbin/cf-execd -F

 

5.3 ½á¹¹»¯ÃüÁî³Ðŵ

Ò»¸ö³Ðŵ×éµÄ½á¹¹ÐèÒªÄÜ·´Ó³ÄãµÄϵͳÉÏÕýÔÚÔËÐеÄÈÎÎñµÄ²ßÂÔ¡£ÄãÐèÒª¸ù¾ÝÿÌìµÄʱ¼ä´ò¿ªÏà¹ØµÄÈÎÎñ²¢ÇҹرÕÄÇЩ²»ÏëÒªµÄÈÎÎñ¡£Õâ¸ö¹¤×÷¿ÉÒÔͨ¹ý°Ñ²»Í¬µÄ¶¯×÷·ÅÔÚÏàÓ¦µÄʱ¼äÀàÏÂÀ´ÊµÏÖ£¬ÕâЩʱ¼äÀàÄܹ»ÏÞÖÆÔÚʲôʱ¼äÀ´Ö´ÐÐÕâЩÈÎÎñ¡£

¡¡¡¡¡¡promise-type:

¡¡¡¡¡¡¡¡¡¡¡¡¡¡time-based classes::

¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡Promise

 

ÀýÈ磺

bundle agent example

{

commands:

# ÔÚÎçºóµÄµÚÒ»¸ö15·ÖÖÓÄÚÖ´ÐÐ

¡¡¡¡Hr12.Q1::

¡¡¡¡¡¡¡¡"/path/myscript -arg1 -arg2";

# ÔÚÈκÎʱ¼äµÄ15·ÖÖÓÄÚÖ´ÐÐ

¡¡¡¡Q2::

¡¡¡¡¡¡¡¡"/path/otherscript";

# ÔÚʱ¼ä¶Î 00:10 µ½ 00:15 ºÍ12:45 µ½12:55Ö´ÐÐ

# ÔÚÓ¢ÓïÓïÑÔÖбíʾΪ"ºÍ"£¬ µ«ÔÚÂß¼­ÓïÑÔÖбíʾΪ"Ö»ÒªÂú×ãÆäÖÐÒ»¸öʱ¼ä¶Î"

¡¡Hr00.Min10_15||Hr12.Min45_55::

¡¡¡¡¡¡¡¡"/path/amongstourscripts";

}

 

Èç¹ûÄãÏëÒª¸ü»¨ÉÚÒ»µã£¬Äã¿ÉÒÔͬ´´½¨Ò»¸ö²ã´Î½á¹¹À´·ÅÖÃÖ´Ðнű¾µÄ²ÎÊý£¬Õâ¸ö²ã´Î½á¹¹Äܹ»ÏÞÖÆÊä³ö½á¹ûºÍÓÅÏȼ¶£¨Õâ¸ö¹¦ÄÜÖ»ÓÐrootÓû§¿ÉÒÔʹÓã¬ÒòΪֻÓÐrootÓû§ÓÐȨÀû¸Ä±äÓÅÏȼ¶£©¡£

bundle agent example

{

commands:

#ÔÚÎçºóµÄµÚÒ»¸ö15·ÖÖÓÄÚÖ´ÐÐ

¡¡¡¡Hr12.Q1::

¡¡¡¡¡¡"/path/myscript -arg1 -arg2",

¡¡¡¡¡¡contain => jail("nobody","true");

}

# ...

body contain jail(owner,devnull)

{

¡¡¡¡exec_owner => "$(owner)"; # ʹÓà setuidÔËÐÐ

¡¡¡¡no_output => "$(devnull)"; # ÀàËÆ > /dev/null 2>&1

¡¡¡¡umask => "77"; # ÉèÖÃÎļþȨÏÞÑÚÂë

}

    `contain'·½·¨ÌåÌṩÁËÒ»¸ö°²È«Áé»îµÄ»·¾³À´Ç¶Èë½Å±¾¡£

ÀàµÄʱ¼ä·Ö±æÄÜÁ¦ÊÜÏÞÓÚÄã¶à¾ÃÔËÐÐÒ»´Îcfengine»òÕßcron»òÕßcf-execd¡£Í¨³££µ·ÖÖÓÊDZȽÏÍƼöµÄʱ¼ä¼ä¸ô¡£

 

5.4Õ¹¿ªÖ÷»úʱ¼ä

ÔÚÒ»¸ö³Éǧ̨¼ÆËã»úµÄÍøÂçÖУ¬Ðí¶à´úÀí£¨agents£©¿ÉÒÔͬʱ¿ªÊ¼Ö´Ðв¢´Ó·þÎñÆ÷ÉÏÏÂÔØ×ÊÔ´¡£ÀýÈ磬Èç¹ûÓÐһǧ̨cf-agents¶¼Í»È»Ïë´ÓÒ»¸ö·þÎñÔ´£¨master source£©Í¬Ê±¿½±´Ò»¸öÎļþ£¬Õ⽫»áµ¼Ö·þÎñÆ÷³ÐÔØÌ«´óµÄ¸ºÔØ¡£ÎÒÃÇ¿ÉÒÔͨ¹ýÒý½øʱ¼äÑÓʱÀ´±ÜÃâÕâ¸öÎÊÌâµÄ²úÉú£¬Ê±¼äÑÓʱ¶ÔÓÚÿһ¸öÖ÷»ú¶¼ÊÇΨһµÄ²¢ÇÒ²»»á³¬¹ý¸ø¶¨µÄʱ¼ä¼ä¸ô£»cf-execd ʹÓÃÉ¢ÁÐËã·¨£¨hashing algorithm£©Éú³ÉÒ»¸öÊýÖµ£¬·¶Î§ÔÚ£°µ½ÄãËù¹æ¶¨µÄ·ÖÖÓÊýµÄ×î´óÖµÖ®¼ä£¬ÀýÈ磺

 

body executor control

{

¡¡splaytime => "10"; # Minutes

}

Èç¹ûÕâ¸öÊýÖµ·ÇÁ㣬cf-execd»áÔÚ½âÎöÁËÅäÖÃÎļþ²¢¶ÁÁËʱÖÓºó½øÈëÐÝÃß״̬¡£Ã¿Ò»Ì¨»úÆ÷µÄcf-execd¶¼»áÔÚ²»Í¬µÄʱ¼ä³¤¶Èºó½øÈëÐÝÃß״̬£¬Õâ¸öʱ¼ä³¤¶È²»»á³¬¹ý¹æ¶¨µÄʱ¼ä¡£

É¢ÁÐËã·¨£¨hashing algorithm£©£¬»ùÓÚÍêÈ«ºÏ¸ñµÄÖ÷»úÃû£¬±»ÓÃÀ´ÎªÃ¿Ì¨Ö÷»ú¼ÆË㲻ͬµÄʱ¼ä¡£¼ä¸ôʱ¼äÔ½¶Ì£¬Ö÷»úËùÊôµÄ×éÔ½¶à¡£¼ä¸ôʱ¼äÔ½³¤£¬Äã·þÎñÆ÷Ëù³Ðµ£µÄ¸ºÔØÔ½Çá¡£ÔËÐÐʱ¼äµÄ¡®Õ¹¿ª¡¯Äܹ»¼õÇá·þÎñÆ÷µÄ¸ºµ££¬¼´Ê¹ËüÃÇÀ´×ÔÓÚÄãËù²»ÄÜ¿ØÖƵÄÓò£¬µ«Ö»ÒªÓÐÀàËƵÄcron²ßÂԾͿÉÒÔ¡£

 

5.5´´½¨Áé»îµÄʱ¼äÀà

ÿ´ÎcfengineÔËÐеÄʱºò£¬Ëü»á¶ÁȡϵͳʱÖÓ²¢»ùÓÚʱ¼äºÍÈÕÆÚÀ´¶¨ÒåÀࣨ¼û²Î¿¼Êֲᣩ¡£

ʱ¼äÀàÊÇ»ùÓÚcfagentÆô¶¯Ê±µÄ¾ßÌå·ÖÖÓ£¬µ«Ëü²»»áÖ±½Ó±»ÓÃÔÚ²ßÂÔÖУ¨³ý·Çcf-execdÖÐÒѾ­¹æ¶¨ÁË£©¡£Ðí¶àÊÂÇé¿ÉÄÜÇ¡ÇÉ»áÑÓ³ÙcfengentÆô¶¯µÄ¾ßÌåʱ¼ä¡£Äܹ»¼à²â¾ßÌåÆô¶¯Ê±¼äµÄÖ÷ҪĿµÄÊÇΪÁËÄܹ»¶¨Òå¹ØÓÚÈÎÒâʱ¼ä¼ä¸ôµÄ×éºÏÀࡣΪÁËʵÏÖÕâ¸ö¹¦ÄÜ£¬ÎÒÃÇʹÓÃÀà×éµÄÐÐΪÀ´´´½¨Ò»¸ö×éµÄʱ¼äÖµµÄ±ðÃû¡£½ÓÏÂÀ´ÊÇһЩºÜÓд´ÔìÐÔµÄÀý×Ó£º

¡¡¡¡¡¡¡¡classes: # synonym groups:

¡¡¡¡¡¡¡¡"LunchAndTeaBreaks" expression => "!(Saturday|Sunday).(Hr12|Hr10|Hr15)";

¡¡¡¡¡¡¡¡"NightShift" or => { "Hr22", "Hr23", "Night" };

¡¡¡¡¡¡¡¡"ConferenceDays" or => { "Day26", "Day27", "Day29", "Day30" };

¡¡¡¡¡¡¡¡"TimeSlices" or => { "Min01", "Min02", "Min03", "Min10_15"

¡¡¡¡¡¡¡¡"Min33", "Min34", "Min35" };

¡¡¡¡¡¡¡¡"Exception" not => "Hr12.Min15_20";

ÔÚÇ°Èý¸öÀý×ÓÖУ¬×ó±ßµÄ¸½Öµ¶ÔÓÚÓұߵÄORed½á¹û·Ç³£ÓÐЧ¡£Òò´ËÈç¹û»¨À¨ºÅÀïµÄÈκÎÀà±»¶¨ÒåÁË£¬ÄÇ×ó±ßµÄÄǸöÀà¾Í»á³ÉΪÒѶ¨ÒåµÄ¡£ÕâΪ¹æ¶¨Ò»¸ö³ÌÐòµÄʱ¼ä¼ä¸ôÌṩÁËÁé»îµÄ¿É¶ÁµÄ·½Ê½£¬¶ø²»ÔÙÐèÒªµ½´¦Ê¹Óá®|¡¯ ºÍ¡®.¡¯ÔËËã·û¡£

 

5.6Ñ¡ÔñÒ»¸ö¿É°²ÅŵÄʱ¼ä¼ä¸ô

ÄãµÃ¶à¾ÃÒ»´Îµ÷ÓÃÄãµÄÈ«¾ÖcfengineÅäÖÃÄØ£¿ÓÐÈçϼ¸¼þÊÂÇéÄãµÃ¿¼ÂÇ£º

l         ÄãÐèÒª¶àºÃµÄ¿ØÖÆ£¿Í¨³£Ã¿Ð¡Ê±ÔËÐÐÒ»´ÎcronÈÎÎñ¶ÔÓÚ´ó¶àÊýÈÎÎñÀ´ËµÒѾ­×ã¹»ÁË£¬µ«Äã¿ÉÄÜÐèҪΪһЩÌرðµÄÈÎÎñ×öÌرðµÄ¸üºÃµÄ¿ØÖÆ¡£

l         ÄãÊÇÒªÑéÖ¤Õû¸öµÄcfengineÅäÖÃÎļþ»¹ÊÇÖ»ÊÇÓÐÑ¡ÔñµÄ³Ðŵ£¿

 

cfengine ÓµÓÐÖÇÄܵÄËø²ßÂÔ(locking)ºÍ³¬³öʱ¼ä²ßÂÔ£¨timeout£©£¬ÕâЩ²ßÂÔ×ã¹»½«shellÃüÁî¹ÒÔص½Ö®Ç°µÄcron£¬ ´Ó¶ø²»»á²úÉú¸ôºÒ¡£

 

 

6£®ÍøÂç·þÎñ

ÕâÒ»Õ½²ÊöÔõÑù´´½¨cfengineµÄÍøÂç·þÎñÀ´´¦ÀíÔ¶³ÌÎļþ·Ö²¼ÒÔ¼°Ô¶³ÌÖ´ÐÐcfengine£¬ ¶ø²»ÐèҪʹÄãµÄÖ÷»ú¿ÉÄÜÃæÁÙʹÓÃrshЭÒéµÄºÚ¿Í¹¥»÷¡£

 

6.1 cfengine ÍøÂç·þÎñ

ͨ¹ýÆô¶¯cf-serverd½ø³Ì£¬Äã¿ÉÒÔΪÖ÷»úÖ®¼ä´´½¨Í¨ÐÅÏß·£¬ÔÊÐíËüÃÇͨ¹ýÍøÂç½»»»Îļþ»òÕßÔÚÁíÒ»¸öϵͳÉÏÔ¶³ÌµØÖ´ÐÐcfengine¡£ CfengineÍøÂç·þÎñÊÇ»ùÓÚÒÔÏÂ×é¼þ´´½¨µÄ£º

 

Cf-agent    ÒýÇæµÄÅäÖÃÓëÍøÂçµÄΨһÁªÏµ·½Ê½¾ÍÊÇͨ¹ýÔ¶³Ì¿½±´ÇëÇó¡£Ëü²»»áÒ²²»ÄÜÓ¦´ð

           ºÎÀ´×ÔÍøÂçµÄ·ÃÎÊϵͳÇëÇó¡£ËüÖ»Äܹ»´Ó·þÎñÆ÷µÄ×é¼þÀ´ÇëÇó·ÃÎÊÎļþ¡£

Cf-serverd   ÊÇÒ»¸ö¼È¿ÉÒÔ×÷ΪÎļþ·þÎñÆ÷Ò²¿ÉÒÔ×÷Ϊһ¸öÔ¶³ÌµÄcf-agentÖ´ÐÐÆ÷µÄºǫ́³Ì

           Ðò£¨daemon£©¡£ Õâ¸öºǫ́³ÌÐò¿ÉÒÔÈÏÖ¤À´×ÔÍøÂçµÄÇëÇó²¢ÇÒ¸ù¾Ý·þÎñÆ÷µÄ¿ØÖÆ

           Ì壨control body£©ºÍ°ü£¨bundles£©Öаüº¬µÄ·ÃÎʳÐŵ£¨access promises£©Ëù¶¨Òå

            µÄ¹æÔòÀ´´¦ÀíÕâЩÇëÇó¡£

Cf-runagent  ÕâÊÇÒ»¸ö¼òµ¥µÄ³õʼ»¯³ÌÐò£¬¿ÉÒÔ±»ÓÃÀ´ÔÚ¶à¸öÔ¶³ÌÖ÷»úÉÏÔËÐÐcf-agent¡£Ëü

            ²»Äܱ»ÓÃÀ´¸æËßcf-agent ×öʲô£¬ËüÖ»ÄÜÈÃÔ¶³ÌÖ÷»úÉϵÄcf-serverd¸ù¾ÝÏÖÓÐ

            µÄÅäÖÃÀ´ÔËÐÐcf-agent¡£ ͨ¹ýÊÚȨ¸øÓû§À´Îª²¿·ÖÏÖÓеIJßÂÔÌṩһÖÖ»ùÓÚ½Ç

            É«µÄ·ÃÎÊ¿ØÖÆ£¨RBAC£©¡£

 

ÓÐÁËÕâЩ×é¼þ£¬Äã¾ÍÓÐÁËËùÓÐÄãÐèÒªµÄ¶«Î÷¶ÔϵͳµÄ×ÊÔ´½øÐÐÓÐЧµØ·Ö²¼¡£ 

 

6.2 ·þÎñÔõÑù¹¤×÷

6.2.1 Ô¶³ÌÎļþ·Ö²¼

Õâ¸ö²¿·Ö½²ÊöÁËÔõÑù°Ñcf-serverd´´½¨³ÉÒ»¸öÔ¶³ÌµÄÎļþ·þÎñÆ÷£¬´Ó¶øʹÎļþÒÔÒ»ÖÖ°²È«¿É¿¿µÄ·½Ê½·Ö²¼µ½¿Í»§Ö÷»úÉÏ¡£

CfengineÓëÆäËüϵͳµÄÒ»¸öÖØÒªµÄ²»Í¬ÔÚÓÚÎļþ·Ö²¼µÄ·½Ê½¡£Cfengine ʹÓÃÁËÒ»ÖÖ¡®À­¶¯¡¯£¨pull£©¶ø·Ç¡®Íƽø¡¯£¨push£©µÄÄ£ÐÍÀ´·Ö²¼ÍøÂçÎļþ¡£¶ø´ó¶àÊýµÄϵͳ£¬¿ÉÄÜͨ¹ýÇ¿ÆÈ·þÎñÆ÷ÉϵÄÒ»¸ö¾µÏñÎļþ·Ö²¼µ½ËùÓеĿͻ§»úÉÏ¡£ÕâÖÖ·½Ê½Ôںڿ͹¥»÷µÄʱºò³£³£·¢Éú––½ÓÊÕÕßȷʵ³£³£±»ÒªÇó´ò¿ª¸÷Öֶ˿ڲ¢ÇÒ½ÓÊÜËûÃÇËù½ÓÊÕµ½µÄËùÓÐÐÅÏ¢¡£Ô­ÔòÉϽ²£¬Cfengine ÊDz»»áÖ§³ÖÕâÖÖ¼¼ÊõµÄ¡£

ʹÓá®Íƶ¯¡¯µÄ·½·¨£¬Îļþ»áÔÚ·Ö²¼ÕßÏ£ÍûËü¸Ä±äµÄʱºò¸Ä±ä£¬¶ø¿Í»§È´Ã»ÓÐÑ¡ÔñµÄÓàµØ£¬Ö»ÄܽÓÊÜÕâÑùµÄºó¹û¡£Cfengine£¬´ÓÁíÒ»¸ö·½ÃæÀ´Ëµ£¬Í¨¹ý×ÔԸЭ×÷£¨voluntary cooperation£©µÄ·½Ê½À´¹¤×÷¡£Ö÷»úÒ²±»ÔÊÐí±£³ÖËüÃǵķÀ»¤¿ØÖÆ£¬´Ó¶ø°´ÕÕËûÃÇ×Ô¼ºµÄÒâÔ¸À´±£»¤×Ô¼ºÃâÊܺڿ͹¥»÷ºÍ¡®Íƶ¯¡¯¡£

ÊÂʵÉÏ£¬(ÔÚÉè¼ÆÉÏ) cfengine²»ÄÜ°Ñ×Ô¼ºµÄÒâ־ǿ¼Ó¸øÆäËûÖ÷»ú£¬Ëü×ÔÉíÒ²²»»á±»Ç¿ÆÈ¡£ ΪÁËÄÜÒÔ×îºÃµÄÐźŷֲ¼µ½ËùÓлúÆ÷ÉÏ£¬²¢ÇÒÈç¹ûÕâЩ»úÆ÷Ô¸Òâ²ÅÏòËüÃÇËѼ¯Îļþ¡£»»¾ä»°Ëµ£¬cfengineÄ£ÄâÁËÒ»ÖÖ¡®Íƽø¡¯Ä£ÐÍ£¬Ëüͨ¹ýÃñÒâµ÷²éÁ˽âÿ¸ö¿Í»§ÒÔ¼°ÆäÕýÔÚÔËÐеı¾µØµÄcfengineÅäÖýű¾£¬´Ó¶øÈÃÖ÷»úÓлú»áÄܹ»´ÓÔ¶³ÌµÄ·þÎñÆ÷¡®À­¶¯¡¯ÈκÎÒѸüеÄÎļþ£¬µ«ÈÔÈ»ÓÉ¿Í»§»úÀ´¾ö¶¨ÊÇ·ñÒª½øÐиüС£

»¹ÓУ¬¶ÔÕÕһЩ³ÌÐò£¬Èçrdist£¬Ëü±»ÓÃÀ´·Ö²¼Îļþµ½Ðí¶àÖ÷»úÉÏ£¬¶øcfengine²»ÐèҪʹÓá®.rhosts¡¯Îļþ»òÕß¡®/etc/hosts.equiv¡¯ÎļþÀ´½øÐÐÈκεÄroot·ÃÎÊϵͳ¡£ÒÔroot Éí·ÝÔËÐкǫ́³ÌÐòÒѾ­×ã¹»ÁË¡£µ«Äã²»ÄÜͨ¹ý°ÑËü¼Óµ½ÏµÍ³µÄ¡®/etc/inetd.conf¡¯ÎļþÖÐÀ´ÔËÐÐËü¡£ÕâÖÖ¶Ôºǫ́³ÌÐò¹¦ÄܵÄÏÞÖÆÄܹ»±£»¤ÄãµÄϵͳ£¬±ÜÃâʹÓÃrsh×÷ΪrootÔËÐÐͨ³£µÄÃüÁî¡£

ÒªÏëÔ¶³ÌµØ·ÃÎÊ·þÎñÆ÷ÉϵÄÎļþ£¬Äã¿ÉÒÔÔÚÒ»¸ö¡®files¡¯³ÐŵÖÐʹÓÃcopy_from attributeµÄÊôÐÔ£º

bundle agent example

{

files:

"/var/cfengine/inputs"

  perms => my_p("600"),

  copy_from => rcp("$(master_location)","localhost"),

  depth_search => recurse("inf"),

  action => immediate;

}

# ¿âÄ£°å

body copy_from rcp(file,server)

{

servers => { "$(server)", "failover.example.org"};

source => "$(file)";

}

 

¼ÙÉècf-serverdºǫ́½ø³ÌÕýÔËÐÐÔÚserver-hostÉÏ£¬cf-agent½«»áÓëÕâ¸öºǫ́½ø³ÌÁªÏµ²¢ÊÔͼ»ñµÃÎļþµÄÐÅÏ¢¡£ÔÚÕâ¸ö¹ý³ÌÖУ¬cfengine ÑéÖ¤ÁËÕâÁ½Ì¨Öð¼¶ÉϵÄϵͳʱÖÓÊÇͬ²½µÄ¡£Èç¹ûûÓÐͬ²½£¬Ëü²»»áÔÊÐíÔ¶³Ì¿½±´³ý·ÇÔÚ·þÎñÆ÷µÄ¿ØÖÆÌ壨control body£©ÖÐ denybadclocks ÊÇ false¡£

Èç¹ûcf-agent ¾ö¶¨Ò»¸öÎļþÐèÒª´ÓÔ¶³Ì·þÎñÆ÷Éϱ»¸üУ¬Ëü¾Í¿ªÊ¼ÔÚÒ»¸öÏàͬµÄÎļþϵͳÉÏ¿½±´Ô¶³ÌµÄÎļþµ½Ò»¸öеÄÎļþÀ´×÷ΪĿµÄÎļþ¡£Õâ¸öÎļþµÄºó׺ÃûÊÇ¡®.cfnew¡¯¡£

Ö»Óе±Îļþ±»³É¹¦µØËѼ¯ÁË£¬cf-agent ²Å»á¿½±´¾ÉµÄÎļþ£¬(¼û²Î¿¼ÊÖ²áµÄ´æ´¢(repository))£¬²¢ÇÒ¸øÐÂÎļþ¸ÄÃû×Ö¡£Éè¼ÆÕâÖÖÐÐΪÊÇΪÁ˱ÜÃâÍøÂçÁ¬½ÓÖеľºÕù״̬(race-condition£©£¬È·ÊµÈκβÙ×÷¶¼»áÕ¼ÓÃʱ¼ä¡£Èç¹ûÎļþÄܹ»ºÜ¼òµ¥µØ±»Ö±½Ó¿½±´µ½ËüÏëÒªµÄеÄÄ¿µÄµØ£¬¶øÒ»¸öÍøÂçÁ¬½ÓµÄ´íÎó¿ÉÄÜ»áÖжϴ«Êä´Ó¶øÖ»ÁôÏÂÒ»¸öÖжÏÁ˵ÄÎļþÔÚÄǶù¡£Cf-agent ¸øÍøÂçÁ¬½ÓÉèÖÃÁ˼¸ÃëÖÓµÄÖÐֹʱ¼äÀ´±ÜÃâÐü¹ÒµÄ½ø³Ì¡£

ͨ³£ºǫ́½ø³ÌÐÝÃߣ¬µÈ´ýÍøÂçÁ¬½Ó¡£ÕâÖÖÁ¬½Ó¿ÉÄÜ»áͨ¹ýÁíһ̨Ö÷»úÉϵÄÒ»¸öÔËÐеÄcf-agent³ÌÐòÇëÇóÔ¶³ÌÎļþ½øÐгõʼ»¯£¬»òÕßͨ¹ýcf-runagent¼òµ¥µØÒªÇóÖ÷»úºǫ́ÔËÐеĽø³ÌÀ´ÔËÐб¾µØµÄcf-agent »òcf-execd³ÌÐò½øÐгõʼ»¯¡£

 

6.2.2Ô¶³ÌÖ´ÐÐcf-agent

ż¶ûÄãÏëÒªÁ¢¿ÌÔËÐÐcf-agentÔÚÒ»¸ö»ò¶à¸öÖ÷»úÉϾ¡¿ìµØʵÏÖÅäÖõĸı䡣Èç¹ûͨ¹ýÊÖ¶¯µÇ¼ÿһ̨Ö÷»úÀ´×öÕâ¼þÊÂÇé»á·Ç³£²»·½±ã¡£

     Èç¹ûÄã°²ÅŵÄʱ¼ä¼ä¸ô×ã¹»µÄ»°£¬Õâ¾ÍûÓбØÒªÁË£¬ÒòΪcfengine½«ÔÚÄãÊÔͼµÇ¼µÄʱºòÒѾ­ÔËÐÐÁË– ÕâÖÖ²¢Ðз½Ê½±íÃ÷ÔÚÊý·ÖÖÓÖ®ÄÚÕû¸öÍøÂçÄܹ»±»¸Ä±ä¶øûÓÐÓÉÓڵȴýÖÐÐÄ¿ØÖƶø²úÉúÑÓ³Ù¡£

     µ«Ò²ÐíÄãÏëÒª·¢ËÍһЩÌرðµÄÐźţ¬ÀýÈ磬ÔËÐвßÂÔº¬ÓÐÒ»¸öÖ»Äܱ»Ò»Ð©»úÆ÷¼¤»îµÄÌØÊâÀà¡£ÄÇôһ¸ö¸üºÃµÄ·½Ê½¾ÍÊÇÔËÐÐÒ»¸ö¼òµ¥µÄÃüÁîÀ´ÓëÔ¶³ÌÖ÷»úÁªÏµ²¢ÇÒÔËÐоßÓлùÓÚ½ÇÉ«·ÃÎÊ¿ØÖÆ£¨RBAC£©µÄcf-agent£¬ÔÚÄã×Ô¼ºµÄÆÁÄ»ÉÏÄܹ»Á¢¼´ÏÔʾÊä³öµÄ½á¹û£º

 

   host$ cf-runagent remote-host -v

   output....

 

l         ΪÁËÖØÐÂÅäÖÃÔ¶³ÌµÄÖ÷»úÄã²»ÐèÒªµÇ¼Զ³ÌµÄÖ÷»ú¡£

l         Óû§¶ø·Çroot¿ÉÒÔÔËÐÐcf-agent À´½â¾öϵͳµÄÈκÎÎÊÌ⣬ËûÃÇÓÐȨÏÞ·ÃÎÊһЩ¸öÌåºÍÀà¡£

 

ÈκδËÀàϵͳµÄÒ»¸öDZÔÚȱÏÝÊÇһЩ¶ñÒâµÄÓû§Äܹ»ÔÚÔ¶³ÌÖ÷»úÉÏÔËÐÐcf-agent¡£ÊÂʵÉÏ·ÇrootÓû§Äܹ»ÔËÐÐcf-agent±¾Éí²¢²»³ÉÎÊÌ⣬±Ï¾¹ËûÃÇÄܹ»×öµÄ´ó²¿·ÖµÄ¶ñÒâʼþ¶¼Äܹ»±»ÏµÍ³ÅäÖüì²â³öÀ´²¢ÇÒÐÞ¸´¡£Ã»ÓÐÈËÄܸæËßcf-agentʹÓÃcfrun³ÌÐòÄܹ»×öʲô£¬ËüÖ»Äܹ»ÔËÐÐÒ»¸öÏÖÓеÄÅäÖᣵ«Ò»¸ö¸üÑÏÖصÄÎÊÌâÊÇÓÐЩ¶ñÒâµÄÓû§¿ÉÄÜÊÔͼ¶à´ÎÔËÐÐcf-agent£¨ËùνµÄ¡®Denial of Service¡¯¹¥»÷£©£¬ÒÔÖÂϵͳÓÉÓÚÁ¬ÐøÔËÐÐcf-agent¶ø¸ºÔعýÖØ¡£ÎªÁ˱ÜÃâÕâÖÖÇé¿ö£¬·þÎñÆ÷ʹÓÃͬÑùµÄifelapsedËøÀ´¸¨Öú·ÃÎÊ¿ØÖÆ¡£

 

6.3 Ô¶³Ì·ÃÎʽâÊÍ

6.3.1 ·þÎñÆ÷Á¬½Ó

ΪÁËÄܹ»Á¬½Óµ½cfengine·þÎñÆ÷£¬ÄãÐèÒª

Ò»¶Ô¹«Ô¿Ë½Ô¿

    ÏëÒª´´½¨Ò»¶ÔÃÜÔ¿£¬ÔËÐÐ cf-key

Ò»¸öIPv4»òÕßIPv6µØÖ·

    Äã±ØÐëÔÚÏß²¢ÓµÓÐÒ»¸öÅäÖúõÄÍøÂçµØÖ·¡£

Ò»¸ö¿Í»§¶Ë³ÌÐò

     Cf-agent ºÍ cf-runagent ¶¼ÊÇÄÜÁ¬½Óµ½·þÎñÆ÷µÄ¿Í»§¶Ë¡£

ÔÊÐíÁ¬½Óµ½·þÎñÆ÷£¬²¢ÇÒ

     ·þÎñÆ÷¿ØÖÆÌ壨control body£©±ØÐëÔÊÐí¶ÔÄã¼ÆËã»úºÍ»ùÓÚÃû×Ö»òÕßipµØÖ·µÄ¹«Ô¿µÄ·ÃÎÊ£¬Í¨¹ýÔÚÒ»¸öÁбíÖÐÏÔʾ³öÀ´£¨ÈçÏ£©¡£

ÄãµÄ¹«Ô¿±ØÐë±»·þÎñÆ÷ÐÅÈΣ¬²¢ÇÒÄã±ØÐëÐÅÈηþÎñÆ÷µÄ¹«Ô¿

     ͨ¹ýÏ໥ÐÅÈα˴˵ÄÃÜÔ¿£¬¿Í»§¶ËÓë·þÎñÆ÷ͳһʹÓøÃÃÜÔ¿×÷Ϊ¼ÆËã»úµÄÒ»¸ö×ã¹»µÄ±êʾ·û¡£

ÔÊÐí·ÃÎÊһЩ¶«Î÷

 ÄãµÄÖ÷»úÃû»òÕßIPµØÖ·±ØÐëÔÚÒ»¸öÄãÏëÒª·ÃÎʵÄÎļþËù²úÉúµÄ·þÎñÆ÷°ü(server bundle)µÄ·ÃÎʳÐŵ£¨access promise£© Öб»Ìá¼°¡£

 

     Èç¹ûÒÔÉϵÄËùÓбê×¼¶¼´ïµ½ÁË£¬Á¬½Ó½«»á±»½¨Á¢²¢ÇÒÊý¾Ý»áÔÚ¿Í»§¶ËºÍ·þÎñÆ÷Ö®¼ä±»´«Êä¡£¸ù¾ÝcfengineµÄЭÒ飬¿Í»§¶ËÖ»ÄÜ·¢Ëͼò¶ÌµÄÇëÇó¡£·þÎñÆ÷Äܹ»ÒÔ¶àÖÖÐÎʽ·µ»ØÊý¾Ý£¬Í¨³£ÊÇÎļþÐÎʽ£¬µ«ÓÐʱ»áÊÇÖÕ¶ËÊä³öÐÎʽ¡£

 

6.3.2 Ô¶³Ì·ÃÎʵÄÒÉÄѽâ´ð

µ±´´½¨cf-serverd£¬ Äã¿ÉÄܻῴµ½´íÎóÐÅÏ¢¡¯Unspecified server refusal¡¯¡£

Õâ±íÃ÷ cf-serverd ²»ÄÜ»òÕß²»Ô¸ÒâÈÏÖ¤À´×ÔÄãµÄ¿Í»§¶Ë»úÆ÷µÄÁ¬½Ó¡£Õâ¸öÐÅÏ¢ÊÇÒ»°ãÐÔ´æÔڵģºËü¹ÊÒâ²»ÊÇרÃŵģ¬Òò¶øÈκÎÈËÏëÒª¹¥»÷»òÕßÀûÓÃÕâ¸ö·þÎñ½«²»»áµÃµ½¿ÉÄܶÔËûÃÇÓÐÓõÄÐÅÏ¢¡£Õâ¶ùÓÐÒ»¸ö¼òµ¥µÄ¼ì²éÁбíÀ´½â¾öÕâ¸öÎÊÌ⣺

1.         È·±£ÔÚ±»¿Í»§¶ËºÍ·þÎñÆ÷¶ÁÈ¡µÄÅäÖÃÎļþÖÐÉèÖÃÓòÃû±äÁ¿£»»òÕßʹÓÃskipidentify ºÍ skipverify À´¼õÈõDNSµÄÈÏÖ¤¡£

2.         È·±£ÄãÔÚ·þÎñÆ÷ʵÌå(server body)ÖÐÊÚȨ·ÃÎÊÄãµÄ¿Í»§¶Ë

        body server control

           {

           allowconnects => { "127.0.0.1" , "::1" ...etc };

           allowallconnects => { "127.0.0.1" , "::1" ...etc };

           trustkeysfrom => { "127.0.0.1" , "::1" ...etc };

           }

3.         È·±£ÄãÒѾ­Ê¹ÓÃÁËcf-keyΪÖ÷»ú´´½¨ÁËÓÐЧµÄÃÜÔ¿¡£

4.         Èç¹ûÄãÔÚʹÓð²È«¿½±´£¬È·±£Äã´´½¨ÁËÒ»¸öÃÜÔ¿Îļþ²¢ÇÒÄãÒѾ­ÔÚËùÓвÎÓëµÄÖ÷»úȺ×éÖзֲ¼²¢°²×°ÁËÕâ¸öÃÜÔ¿Îļþ¡£

 

Ò»Ö±Òª¼ÇµÃÄã¼È¿ÉÒÔÒÔÈßÓàģʽ(verbose mode)ÔËÐÐcfengineÒ²¿ÉÒÔÒÔµ÷ÊÔģʽ(debugging mode)ÔËÐÐcfengineÀ´¿´ÈÏÖ¤¹ý³ÌÊÇÔõÑù·¢ÉúµÄ£º

  Cf-agent  -v

  Cf-serverd –v

 

²»¹ÜÊÇʲô´íÎóÊôÐÔ£¬cf-agent¶¼»á±¨¸æ±»¾Ü¾øµÄ·ÃÎÊ£¬´Ó¶ø±ÜÃâй¶ÐÅÏ¢£¬¸øºÚ¿Í¿É³ËÖ®»ú¡£ÏëÒªÕÒµ½±»¾Ü¾øµÄÕæÕýÔ­Òò£¬Ê¹ÓÃÈßÓàģʽ¡®-v¡¯»òÕßµ÷ÊÔģʽ¡®-d2¡¯¡£

 

6.3.3 ½»»»ÃÜÔ¿

CfengineʹÓõÄÃÜÔ¿½»»»Ä£Ê½ÊÇ»ùÓÚOpenSSHµÄÃÜԿģʽ¡£ËüÊÇÒ»¸öµã¶Ôµã£¨peer to peer£©µÄ½»»»Ä£Ê½£¬¶ø²»ÊÇÒ»¸öÖÐÐÄ»¯µÄÈÏÖ¤ÊÚȨģʽ¡£ÕâÒâζ×ÅËüûÓпÉÀ©Õ¹ÐԵķ½ÃæµÄÆ¿¾±£¨ÖÁÉÙÉè¼ÆÉϽ²£¬Äã¿ÉÒÔ½éÉÜÄã×Ô¼ºµÄÏë·¨Èç¹ûÄãÏëÒªÒ»¸ö¹ý¶ÈÖÐÐÄ»¯µÄ½á¹¹£©¡£

ÃÜÔ¿·Ö²¼µÄÎÊÌâÊÇÿһ¸ö¹«Ô¿½á¹¹µÄÄÑÌâ¡£Cfengine ÄÜ×Ô¶¯ÊµÐн»»»ÃÜÔ¿£¬²¢ÇÒÄãËùÒª×öµÄÖ»ÊǾö¶¨¸ÃÏàÐÅÄǸöÃÜÔ¿¡£

µ±¹«Ô¿±»Ìṩ¸øÒ»¸ö·þÎñÆ÷£¬ËûÃÇ¿ÉÄÜ»á×Ô¶¯±»½ÓÊÜΪ¿ÉÒÔÐÅÈεģ¬ÒòΪûÓÐÈË¿ÉÒÔ¾ö¶¨ËüÃÇ¡£Õâ»áµ¼Ö¹ØÓÚµÚÒ»¸öÌá½»ÃÜÔ¿ÉêÃ÷µÄ¾ºÕù¡£

¼´Ê¹ÓÐDNSÀ´¼ìÑéÏà¹ØÃû×Ö»òÕßIPµØÖ·µÄÕýÈ·ÐÔ£¨¹Ø±Õskiperify£©£¬ËüÈÔÈ»¿ÉÄÜÌá½»¸ø·þÎñÆ÷Ò»¸ö´íÎóµÄÃÜÔ¿¡£

·þÎñÆ÷cf-serverd ĬÈÏÄܹ»×èÖ¹½ÓÊÜδ֪µÄÃÜÔ¿¡£ÎªÁËÄܹ»½ÓÊÜÒ»¸öеÄÃÜÔ¿£¬¼Ù¶¨µÄ¿Í»§¶ËµÄIPµØÖ·±ØÐë±»ÁÐÔÚtrustkeysfromÖС£Ò»µ©Ò»¸öÃÜÔ¿±»½ÓÊÜÁË£¬Ëü½«ÓÀÔ¶²»»á±»Ò»¸öеÄÃÜÔ¿ËùÌæ»»£¬Òò´Ë²»ÔÙÐèÒªÌṩ¸ü¶àµÄÐÅÈΡ£

Ò»µ©ÄãÒѾ­°²ÅÅÁ¬½Óµ½·þÎñÆ÷£¬Äã±ØÐë¾ö¶¨ÄÄЩÖ÷»ú½«Òª·ÃÎÊÄÄЩÎļþ¡£Õ⽫ÓÉ·ÃÎʹæÔò£¨access rules£©À´¾ö¶¨¡£

bundle server access_rules()

{

access:

"/path/file"

admit => { "127.0.0.1", "127.0.0.2", "127.0.0.3" },

deny => { "192.*" };

}

 

ÔÚ¿Í»§¶Ë£¬ÀýÈ磬cf-runagent ºÍ cf-agent, ÓÐÈý¸öÎÊÌâÐèÒª¿¼ÂÇ£º

1.         Ñ¡ÔñÁ¬½ÓÄĸö·þÎñÆ÷

2.         ÐÅÈÎÈκÎÏÈǰδ֪·þÎñÆ÷µÄÉí·Ý£¬ÀýÈ磬ÐÅÈηþÎñÆ÷µÄ¹«Ô¿¾ÍÊǸ÷þÎñÆ÷µÄ¶ø²»ÊDZðÈ˵Ä(Õâµã¶ÔÓÚ·þÎñÆ÷Ò²ÊÇÒ»Ñù)¡£

3.         Ñ¡ÔñÊý¾Ý´«ÊäÊÇ·ñÐèÒª¼ÓÃÜ£¨´øÃÜÂ룩¡£

 

ÒòΪÓÐÁ½¸ö¿Í»§¶ËÁ¬½Óµ½cf-serverd(cf-agent ºÍ cf-runagent)£¬ËùÒÔ¿Í»§¶Ë»¹ÊÇÓÐÁ½ÖÖ·½·¨À´¹ÜÀí·þÎñÆ÷ÃÜÔ¿µÄÐÅÈΡ£Ò»¸öÊÇ×Ô¶¯Ñ¡Ïî(automated option)£¬ÔÚÒ»¸öcopy_from ÖÐÉèÖÃtrustkey Ñ¡ÏÀýÈ磬

 

body copy_from example

  {

   # .. other settings ..

   trustkey => "true";

  }

ÁíÒ»ÖÖ·½·¨ÊÇÒÔ½»»¥µÄģʽÔËÐÐcf-runagent¡£µ±ÄãÔËÐÐcf-runagentʱ£¬Î´ÖªµÄ·þÎñÆ÷ÃÜÔ¿»á»¥¶¯µØÌṩ¸øÄ㣨ÀýÈçͨ¹ýssh£©£¬ÈÃÄãÄܹ»ÊÖ¶¯µØ½ÓÊÜ»òÕ߾ܾø£º

 

 WARNING - You do not have a public key from host ubik.iu.hio.no =

 128.39.74.25

 Do you want to accept one on trust? (yes/no)

 -->

6.3.4 ʱ¼ä´°¿Ú£¨¾ºÕù£©

Ò»µ©¹«Ô¿ÒѾ­±»´Ó¿Í»§¶Ëµ½·þÎñÆ÷ºÍ´Ó·þÎñÆ÷µ½¿Í»§¶Ë½»»»£¬¸ù¾Ý¹«Ô¿ÈÏÖ¤»úÖÆ£¬ÐÅÈεÄÎÊÌâ¾ÍÒѾ­½â¾öÁË¡£ÄãÖ»ÐèÒªµ£ÐÄÄÇЩ´ÓÒ»¶Ëµ½ÁíÒ»¶Ë´Óδ¼û¹ýµÄÁ¬½ÓÊÇ·ñÖµµÃÐÅÈΡ£

ͨ³£Äã»áÓÐÒ»¸öÖÐÐĵķþÎñÆ÷ºÍÐí¶à¿Í»§¶ËÎÀÐÇ¡£¶ø´«ÊäËùÓÐÃÜÔ¿µÄµÄ×îºÃ·½Ê½ÊÇÔÚ·þÎñÆ÷¶ËºÍ¿Í»§¶ËÉÏÉèÖÃtrustkey±êʶ£¬²¢ÓëÄãÖªµÀcf-agent ½«ÔËÐеÄʱ¼ä±£³ÖÒ»Ö£¬´Ó¶øÆÛÆ­Õ߾Ͳ»¿ÉÄܽøÐиÉÉæ¡£

ÕâÊÇÒ»¸öÒ»´ÎÐÔµÄÈÎÎñ£¬ºÚ¿ÍÄܹ»Î±×°³ÉÃÜÔ¿´«ÊäÕߵļ¸ÂʺÜС¡£ËüÐèÒª¼¼ÇÉÒÔ¼°¹ØÓÚ½»»»¹ý³ÌµÄÄÚ²¿ÐÅÏ¢£¬¶øÕâÒ×ÓÚ°µÊ¾ÐÅÈÎÄ£ÐÍÒѾ­ÆÆÁÑ¡£

ÁíÒ»¸ö·½·¨ÊÇËùÓеÄÔÚÒ»×éµÄÖ÷»ú¶¼´ÓÖÐÐÄ·þÎñÆ÷ÔËÐÐcf-runagent ²¢ÇÒÖð¸öµØÊÖ¶¯½ÓÊÜÃÜÔ¿£¬¾¡¹ÜÕâÖÖ·½·¨Ëù»ñºÜÉÙ¡£

ÐÅÈÎÒ»¸öÖ÷»úÀ´½øÐÐÃÜÔ¿½»»»ÊDz»¿É±ÜÃâµÄ¡£Ã»Óиü´ÏÃ÷µÄ·½·¨À´±ÜÃâËü¡£¼´Ê¹Ê¹ÓôÅÅÌÀ´´«ÊäÎļþ£¬²¢¼ì²éÄãËùÓµÓеÄÿ̨¼ÆËã»úµÄÐòÁкţ¬Ö÷»úÒ²±ØÐëµÃÐÅÈÎÄã¸øËüµÄÐÅÏ¢¡£ÕⶼÊÇ»ùÓÚ¼ÙÉè¡£Ä㼸ºõ²»Äܹ»Ê¹µÃÃÜÔ¿Ôì¼Ù»òÕß±»¹¥»÷£¬µ«ÄãÓÖ²»ÄÜʹËü¾ø¶Ô²»»á·¢Éú¡£°²È«ÊǹØÓÚÈçºÎºÏÀíµÄ¹ÜÀí·çÏճ̶ȣ¬¶ø²»ÊÇħÊõ¡£

ËùÓеݲȫ¶¼ÊÇ»ùÓÚij¸öʱ¿Ì¼°Ê±ÐÅÈÎij¸öµã¡£ÃÜÂëѧµÄÃÜÔ¿·½·¨ÖªÊ¶È¥³ýÁË·´¸´×öÐÅÈξñÔñµÄÐèÒª¡£ÔÚµÚÒ»´Î½»»»ºó£¬ÐÅÈβ»ÔÙÐèÒª£¬ÒòΪËûÃǵÄÃÜÔ¿ÔÊÐíÉí·Ý±»Êµ¼ÊÑéÖ¤¡£

¼´Ê¹Ä㿪·ÅÐÅÈεÄÑ¡ÏÄã²¢²»ÊÇäĿµØÐÅÈÎÄãÖªµÀµÄÖ÷»ú¡£Î¨Ò»µÄDZÔڵIJ»°²È«ÐÔÔÚÓÚÄÇЩÄãËù²»ÖªµÀµÄеÄÃÜÔ¿¡£Èç¹ûÄãÔÚÐÅÈιæÔòÖÐʹÓÃͨÅä·û»òÕßIPǰ׺£¬ÄÇÆäËûµÄÖ÷»ú¿ÉÄܾͻáÓÐһЩÆÛÆ­ÐÐΪ£¬ÒòΪÄã¸øËûÃÇÁôÁËЩ³¨¿ªµÄ©¶´¡£Õâ¾ÍÊÇΪʲôÍƼö£¬ÔÚÿ´Î´«ÊäÍêÃÜÔ¿ºó£¬¿Éͨ¹ý×¢ÊÍÐÅÈÎÑ¡Ïϵͳ»Ø¹éµ½Áã״̬¡£

    ÎÒÃÇ¿ÉÒÔͨ¹ýһЩÓпÉÄܵ«·ÑÁ¦µÄ·½Ê½½«ÃÜԿͨ¹ý²»Í¬µÄƵµÀÐźŽøÐд«Ê䣬ͨ¹ý¿½±´¡®/var/cfengine/ppkeys/localhost.pub¡¯µ½¡®/var/cfengine/ppkeys/user-aaa.bbb.ccc.mmm¡¯(¼ÙÉèʹÓÃIPv4) ÔÚÁíһ̨Ö÷»úÉÏ¡£ÀýÈ磬

     localhost.pub -> root-128.39.74.71.pub

Õâ¿ÉÄÜÊÇÒ»ÖֱȽÏÓÞ´ÀµÄ·½·¨ÔÚÄã×Ô¼º¿ØÖƵÄÁÚ½üÖ÷»úÖ®¼ä´«ÊäÃÜÔ¿£¬µ«Èç¹û´«Êäµ½Ô¶¾àÀ룬Զ³ÌµÄÖ÷»úÉÏ£¬Ëü¿ÉÄÜÊÇÒ»ÖÖ¹ÜÀíÐÅÈεļòµ¥·½·¨¡£

6.3.5 ³ýÁËrootÒÔÍâµÄÓû§

Cfengine ͨ³£ÒÔ¡®root¡¯Óû§ÔËÐУ¨³ýÔÚWindowsϵͳÉÏͨ³£Ã»ÓÐrootÓû§£©£¬ÀýÈ磬 Ò»¸ö¸ß¼¶È¨Ï޵ĹÜÀíÔ±¡£Èç¹ûÆäËûÓû§Ò²±»ÊÚȨ¿ÉÒÔ·ÃÎÊÕâ¸öϵͳ£¬ËûÃDZØÐëÒ²Éú³ÉÒ»¸öÃÜÔ¿²¢ÇÒ¾­¹ýÏàͬµÄ¹ý³Ì¡£³ý´ËÖ®Í⣬Óû§»¹±ØÐë±»¼Óµ½·þÎñÆ÷µÄÅäÖÃÎļþÖС£

 

6.3.6 ¼ÓÃÜ

CfengineΪ´«Êä¹ý³Ì±£³ÖÎļþÄÚÈݵÄÒþ˽ÐÔÌṩÁ˼ÓÃÜ¡£Ëü¼ÙÉèÓû§Äܹ»Ã÷ÖǵØʹÓá£Í¨¹ý¼ÓÃÜ´«ÊäµÄ¹«ÓÃÎļþ£¬¾Í²»Äܱ»ÇÔÈ¡Èκζ«Î÷ÁË–¹ý¶ÈʹÓüÓÃÜÖ»»áÔì³ÉÈ«Çò±äů£¬ºÄ·Ñ²»±ØÒªµÄCPU´¦Àíʱ¼ä¶ø²»ÄÜÌṩÈκΰ²È«¡£

ÅäÖùÜÀíÖмÓÃܵÄÖ÷Òª×÷ÓþÍÊÇÈÏÖ¤¡£Cfengine×ÜÊÇʹÓüÓÃÜÀ´½øÐÐÈÏÖ¤£¬Òò¶ø¼ÓÃÜÉèÖò»»áÓ°ÏìÈÏÖ¤°²È«¡£

 

 

 

7 ֪ʶ¹ÜÀí

Cfengine ¾ßÓÐÒ»¸ö·ÇͬѰ³£µÄÄÜÁ¦¾ÍÊÇËüÄÜ°Ñ֪ʶ¹ÜÀíͳһµ½×Ô¶¯»¯¹ý³ÌÖ®ÖУ¬²¢½«ËüµÄÅäÖü¼Êõ×÷Ϊһ¸ö¡®ÓïÒåÉϵġ¯ÎļþÒýÇæ¡£

֪ʶ¹ÜÀíÊǶÔÎÒÃÇʱ¼äµÄÌôÕ½¡£×éÖ¯»ú¹¹ÀË·ÑÁËÄÑÒÔÏëÏñµÄ´óÁ¿µÄ¾«Á¦À´ÖØÐÂѧϰ¾ÉµÄ¿Î³ÌÒòΪÕâЩ¿Î³ÌûÓб»×ö³ÉÎļþÁô¸øºóÒ»´ú¡£ÏÖÔÚÄã¿ÉÒÔͨ¹ýһЩ¼òµ¥µÄ¹æÔòÀ´»º½âÕâ¸öÎÊÌâ²¢ÇÒÉõÖÁÄܽ¨Á¢³ÉÊìµÄÎļþË÷ÒýÊý¾Ý¿â¡£

 

7.1 ³ÐŵÓë֪ʶ

ÕâЩÄêÀ´£¬ÅäÖùÜÀíϵͳµÄѧϰÇúÏßÒѾ­³ÉΪÁ˾­³£ÅúÆÀ¹ÛĦµÄ¶¯Á¦¡£Óû§±»ÆÚÍûÄܹ»ÒÔÒ»¸ö½Ïϸ½ÚµÄˮƽÀ´Ãæ¶ÔÐÅÏ¢µÄ¸´ÔÓÐÔ£¬»òÕßÄܹ»·ÅÆúÍêºÃͳһ¿ØÖƵÄÏë·¨¡£Õâµ¼ÖµÄÐÅÏ¢¹ýÔØ»òÕß¹ýÓÚ¼òµ¥»¯¡£Òò´ËÕâÖÖ´¦ÀíÐÅÏ¢¸´ÔÓÐÔµÄÄÜÁ¦³ÉΪÁËIT¹ÜÀíµÄ»ù´¡¡£

    Cfengine ΪÅäÖøöÒýÈëÁ˳ÐŵģÐÍ£¬ÊÇΪÁËʹÕâ¸öѧϰÇúÏ߸üƽ̹¡£ÕâÄܹ»¼ò»¯Ê¹ÓõĹý³Ì£¬ÒòΪÐí¶àÐèҪ˼¿¼µÄ¹¤×÷ÒѾ­Íê³É²¢ÇÒ±»·â×°³ÉÁËÄ£ÐÍ¡£ËüµÄÒ»¸öÌØÊâÊôÐÔÊÇËü¼ÈÊÇÒ»¸öϵͳÐÐΪµÄÄ£ÐÍÒ²ÊÇÒ»¸ö֪ʶչÏÖµÄÄ£ÐÍ£¨ÕâÕýÊÇÉùÃ÷ÓïÑÔËùÑ°ÇóµÄ£©¡£¸üÌرðµÄÊÇ£¬Ëü°ÑÒ»¸öISOµÄ±ê×¼×Ó¼¯ºÏ²¢³ÉÁË¡®»°ÌâͼÐΡ¯£¨Topic Maps£©£¬ÕâÊÇÒ»¸öÓÃÓÚÐÅÏ¢×ÊÔ´µÄÓïÒåË÷ÒýµÄ¿ª·Å¼¼Êõ¡£Í¨¹ý°ÑÕâÁ½¸ö¼¼ÊõÈÚºÏÔÚÒ»Æð£¨ÕâÁ½¸ö¼¼ÊõÊǸ߶ȼæÈݵģ©£¬×îÖÕ£¬ÎÒÃÇÄܹ»½«Ç°¶Ë׼ȷÎÞÎóµØÎǺÏÔÚÒ»Æ𲢿ÉÒÔä¯ÀÀϵͳÐÅÏ¢¡£

    ֪ʶ¹ÜÀí±¾Éí¾ÍÊÇÒ»¸öÑо¿ÁìÓò£¬ËüÉæ¼°ÁËÈËÓë¿Æ¼¼´óÁ¿µÄÏà¹ØÎÊÌâ¡£´ó²¿·ÖÈ˶¼»áÈÏ¿É֪ʶÊÇÊÂʵºÍ¹ØϵµÄ×éºÏ£¬Òò´ËΪÁ˺ÏÀíµØÚ¹ÊÍ֪ʶ£¬¼ÈÐèÒªÇåÎúµÄ¶¨Ò壬ÓÖÐèÒªÓïÒåÄÚÈÝ£»µ«ÊÇÎÒÃÇÔõÑù²Å²»»áÄ£ÀâÁ½¿ÉµØ¶¨ÒåÔ­ÐÅÏ¢£¿

    ֪ʶÓëÅäÖÃÓкܶàµÄ¹²Í¬Ö®´¦£ºµ½µ×ʲôÊÇ֪ʶ¶ø²»ÊÇÎÒÃÇ˼ÏëÖеÄÒ»ÖÖÀíÄîÅäÖ㬻òÕßÔÚһЩ±íÏÖý½éÉÏ£¨ÂÛÎÄ£¬¹èµÈ£©¡£ËüÊÇÒ»ÖÖ±»±àÂë¹ýµÄÐÎʽ£¬Í¨³£¸üÇãÏòÓÚÒ»ÖÖÎÒÃÇÄܹ»ÓëÆäËûÈË´ï³ÉÒ»ÖÂÒâ¼û²¢ÇÒ¹²ÏíµÄÐÎʽ¡£ÖªÊ¶ºÍÅäÖùÜÀí¶¼ÊǹØÓÚÃèÊöÑùʽ¡£Ò»¸ö¼òµ¥µÄ֪ʶģÐÍÄܹ»±»ÓÃÀ´±íʾһÖÖ²ßÂÔ»òÕßÅäÖã»Ïà·´µØ£¬Ò»¸ö¼òµ¥µÄ²ßÂÔÅäÖÃÄ£ÐÍÄܹ»²úÉúÒ»ÖÖ֪ʶ½á¹¹£¬¾ÍÈçͬËüÄܲúÉúÒ»¸öÎļþϵͳ»òÕßһϵÁеķþÎñ¡£

 

7.2 ֪ʶµÄ»ù´¡

֪ʶÕæÕý¿ªÊ¼ÓÚÎÒÃǼǼÏÂÊÂÇéµÄʱºò£º

l         ½«Ä³Ð©¶«Î÷ÓÃÊéдÀ´±í´ïÄÜ´øÀ´Ò»ÖÖÏë·¨µÄ×ÔÂÉ£¬¶ø²»½öÖ»ÊÇʹһ¸öÏë·¨¸üÇåÎú¡£

l         ÔÚÄãÊÔͼ½«Ò»¸öÏë·¨¼Ç¼³ÉÓïÑÔ֮ǰ£¬ÄãÊDz»»áÍêÈ«µØÕýÊÓÕâ¸öÏë·¨µÄ¡£

l         ÈκÎÊéд¼Ç¼¶¼ÄÜʹµÃÆäËûÈËÔĶÁËü²¢Á÷´«ÖªÊ¶¡£

 

Âé·³µÄÊÇ£¬ÈËÃÇͨ³£²»Ï²»¶Ð´¶«Î÷£¬¶øÇÒÒ²ºÜÉÙÓÐÈËÊǷdz£Éó¤Ð´¶«Î÷µÄ¡£¶ÔÓÚÒ»¸ö¹¤³Ìʦ¶øÑÔ£¬Í¨³£»á¾õµÃÍ£ÏÂÕýÔÚ×öµÄÊÂÇé¶øÈ¥¼Ç¼Ëù×öµÄÊÂÇ飬¸Ð¾õÊÇÔÚÀË·Ñʱ¼ä£¬ÓÈÆäÊǵ±ÕâÌì±È½Ï·±Ã¦µÄʱºò¡£¶øÇÒ£¬Ð´¶«Î÷ÐèÒªÒ»ÖÖ´´ÐÂÐÔÏë·¨µÄÕÀ·Å£¬Ïà¶ÔÓÚдЩÁ÷³©µÄ¿´ËÆÈß³¤µÄÓïÑÔÐÎʽ£¬¹¤³ÌʦÃÇͨ³£¸üϲ»¶Ê¹Óü¼ÊõÐÔµÄģʽºÍ±ê¼Ç¡£

Cfengine ÊÔͼͨ¹ý¼ò»¯ÎĵµºÍ²¿·Ö¼¼ÊõÅäÖÃÀ´ÃÖ²¹Õâ¸ö²îÒì¡£Cfengine µÄ֪ʶ´úÀíʹÓÃAIºÍÍøÂç¿ÆѧËã·¨(network science algorithms)£¬»ùÓÚ¼¼Êõ×¢ÊÍÀ´´´½¨¿É¶ÁµÄÎĵµ¡£ËüÖ®ËùÒÔÄÜÕâÑù×öÊÇÒòΪÐí¶àÏë·¨ÔçÒѾ­ÈÚÈëÁ˳ÐŵģÐ͵ÄÏë·¨Ö®ÖС£

 

7.3 ×¢ÊͳÐŵ

֪ʶµÄ¿ªÊ¼ÊÇÄܹ»×¢Êͼ¼ÊõÎĵµ¡£¼Çסһ¸ö³ÐŵµÄÖصãÊÇÒª±í´ïÒ»ÖÖÒâͼ¡£ÔÚд³ÐŵµÄʱºò£¬ÒªÑø³ÉÒ»¸öÏ°¹ß£¬¾ÍÊÇÄܹ»¸øÿ¸ö³Ðŵһ¸öÆÀÂÛÀ´½âÊÍËüµÄÒâͼ¡£²¢ÇÒ£¬ÆÚÍûÄܹ»Ò»Ð©ÌØÊâµÄ³Ðŵ¾ä±ú(handles)£¬»òÕßÓÐÓõıêÇ©£¬Ê¹µÃÔÚÆäËû³ÐŵµÄÃèÊöÖÐÄܲο¼ÕâЩÌØÊâµÄ³Ðŵ¡£Ò»¸ö¾ä±ú(handle)¿ÉÒÔÊÇһЩÈÎÒâµÄ´ÊÏñ¡®xyz¡¯£¬µ«ÊÇÄãµÃ¾¡Á¿Ê¹ÓÃһЩ¸üÓÐÒâÒåµÄ±êÇ©´Ó¶øʹµÃ²Î¿¼¸ü¼ÓÇåÎú¡£

files:

"/var/cfengine/inputs"

handle => "update_policy",

comment => "Update the cfengine input files from the policy server",

perms => system("600"),

copy_from => rcp("$(master_location)","$(policy_server)"),

depth_search => recurse("inf"),

file_select => input_files,

action => immediate;

 

Èç¹ûÒ»¸ö³ÐŵÔÚij·½ÃæÓ°ÏìÁíÒ»¸ö³Ðŵ£¬Äã¿ÉÒÔʹÄǸö±»Ó°ÏìµÄ³Ðŵ³ÉΪÆäÖÐÖ®Ò»µÄ³ÐŵÕß

(the promisees)£¬ ÏñÕâÑù£º

 

access:

"/master/cfengine/inputs" -> { "update_policy", "other_promisee" },

handle => "serve_updates",

admit => { "217.77.34.*" };

 

Ïà·´µØ£¬Èç¹ûÒ»¸ö³ÐŵÔÚijЩ·½ÃæÒÀÀµÓÚÁíÒ»¸ö³Ðŵ£¨ÉõÖÁÊǼä½ÓµØ£©£¬Ò²°ÑËü¼Ç¼ÏÂÀ´¡£

 

files:

"/var/cfengine/inputs"

handle => "update_policy",

comment => "Update the cfengine input files from the policy

server",

depends_on => { "serve_updates" },

perms => system("600"),

copy_from => rcp("$(master_location)","$(policy_server)"),

depth_search => recurse("inf"),

file_select => input_files,

action => immediate;

 

×¢Ê͵ÄʹÓÃÊÇcfengingÖÐÎĵµµÄµÚÒ»¸ö²ã´Î¡£ÕâЩעÊÍ»áÔÚcfengine ÄÚ²¿ÓÃÓÚÌṩÓÐÒâÒåµÄ´íÎóÐÅÏ¢ÄÚÈݲ¢ÇÒÄܼÆËã³öÏà¹Ø¹ý³ÌÁ´´æÔÚµÄÒÀÀµ¹Øϵ¡£ÕâЩ¿ÉÒÔ±»×ª»»³ÉÒ»¸ö»°ÌâͼÐΣ¨topic map£©ÓÃÓÚä¯ÀÀ²ßÂÔ¹ØϵÊÇÒ»¸öÍøÒ³ä¯ÀÀÆ÷£¬Ê¹Óà cf-know¡£

  

ΪÁ˽¨Á¢Õâ¸ö֪ʶ¿â£¬Ä㽫ÐèҪһ̨ÔËÐÐApache ÍøÒ³·þÎñÆ÷µÄ¼ÆËã»ú£¬²¢ÔڸüÆËã»úÉÏ°²×°PHP×é¼þ¡£Õâ¸ö֪ʶ»ùµØÒ²¿ÉÒÔÓëÁíһ̨ÍøÒ³·þÎñÆ÷Ò»ÆðÔËÐУ¬Ö»ÒªApacheÊÇÕýÔÚÔËÐеġ£ÒªÉú³Éͼ½â±íʾ·¨£¬ÄãÐèÒªGraphViz °ü¡£¸ü¶àϸ½Ú¼û×îºóµÄannex¡£

 

7.4 »°ÌâͼÐΣ¨topic maps£©ÌṩЩʲô

ÉÌÒµ°æ±¾µÄcfengineÄܹ»×Ô¶¯Ìṩ²ßÂÔÎĵµ£¬Í¨¹ýʹÓÃÉÏÃæËùÌṩµÄ»ù±¾×¢ÊÍ×÷Ϊһ¸ö֪ʶͼÐΡ£ËüÃÇ»ù±¾²»ÐèÒªÓû§×öʲô¡£Èç¹ûÄãÕýÔÚʹÓÿªÔ´°æ±¾µÄCfengine£¬ËùÓеļ¼Êõ¶¼¿ÉÒÔ»ñµÃʹÓ㬵«ÄãµÃÊÖ¶¯À´Íê³ÉÕâ¸ö¹¤×÷¡£²»¹ÜÄÄÖÖÇé¿ö£¬Ò»µ©ÄãÊìϤÁË»°ÌâͼÐÎ(Topic Maps) µÄʹÓã¬Äã¾Í¿ÉÒÔÊÖ¶¯µØÍØÕ¹ÄãµÄ֪ʶ£¬²¢ÓëÒÔÏÂһЩÊÂÇé½áºÏÆðÀ´£º

l         ±¾µØ²ßÂÔÎĵµ£¨¸ß²ã´ÎµÄ£©

l         Ïà¹ØÊý¾Ý¿â£¬ÀýÈçCMDBs

 

ËùÒÔÈÃÎÒÃÇ»¨µãʱ¼äÀ´¿´¿´ÔõÑùʹÓÃcf-know½«ÖªÊ¶Ç¶Èëµ½»°ÌâͼÐÎÖС£

ÄãËùÆÚÍûµÄһЩ½á¹ûÔÚÏÂͼÖÐÏÔʾ¡£ ÕâЩʾÀýͼÏÔʾÁËÓÉ֪ʶ´úÀícf-knowÉú³ÉµÄµäÐ͵ÄÒ³Ãæ¡£µÚÒ»ÕÅͼÏÔʾÎÒÃÇÈçºÎÔÚcfengineÉÌÒµ°æ±¾Ö§³ÖÈë¿Ú'Copernicus'ÖÐʹÓü¼Êõ£¬´Ó¶øʹÍøҳ֪ʶ»ù´¡¸üÇ¿´ó¡£

 

 

 

ÔÚʹÓùý³ÌÖÐ, ËùÓеÄÊý¾Ý¶¼ÊÇ»ùÓÚcfengineÈí¼þµÄÎĵµ£¬²¢ÇÒËùÓеĹØϵ¶¼ÊÇͨ¹ýÊÖ¶¯ÊäÈëµÄ¡£

 

ÔÚµÚ¶þ¸öÀý×ÓÖУ¬¿¼ÂÇÁËcfengineÊÇÔõÑùÉú³É¹ØÓÚÆäÅäÖõÄ֪ʶͼÐηÖÎö£¨×ÔÎÒ·ÖÎö£©¡£ ÏÂÃæͼÐÎÖеÄÊý¾ÝÃèÊöÁËcfengine ÅäÖóÐŵ¡£Ò»¸öÕâÑùµÄÒ³Ò»µ©Éú³É£¬ÀýÈ磬¶ÔÓÚÿһ¸ö²ßÂÔ³Ðŵ£¬»á´Ó²»Í¬µÄ¼ÆËã»úÉú³ÉÒ³ÃæÓÃÓÚ±¨¸æ¡£Ä㻹¿ÉÒÔΪÄãËùÓµÓеı¾µØ£¨ÆóÒµ£©ÐÅÏ¢´´½¨Äã×Ô¼ºµÄ¡®»°ÌâÒ³Ã桯¡£

 

ÔÚÕâ¸öÀý×ÓÖУ¬Ò»¸ö³Ðŵ±»¸øÓèÁËÒ»¸ö³Ðŵ¾ä±ú update_policy£¬²¢ÇÒÕâÖÖ¹ØÁªºÍͼÐαíÃ÷ÁËÕâ¸ö³Ðŵͨ¹ý´æµµµÄÒÀÀµ¹ØϵÓëÆäËûµÄ³ÐŵÏà¹ØÁª£¨ÕâЩÒÀÀµ¹ØϵÀ´×ÔÓÚ±»³ÐŵÕߵĴ浵£¬²¢ÇÒÒÀÀµÓÚÆäËû³ÐŵµÄÊôÐÔ£©¡£

 

ʾÀýÒ³ÃæÖÐÏÔʾÁËÁ½·ùͼÐΣ¬Ò»¸öÔÚÁíÒ»¸öµÄÉÏÃæ¡£ÔÚÉÏÃæµÄͼÏñ±íÃ÷ÁË30¸öÓë´ËÏà¹ØµÄ×î½Ó½üµÄ»°Ì⣨ÈκÎÐÎʽ£©¡£ÔÚ´ËÕâÖÖ¹ØϵûÓб»È·¶¨¡£Õâ¸öͼ±íÄܹ»±íʾһЩÒâÁÏÖ®ÍâµÄÏà¹ØÐÅÏ¢µÄ·¾¶£¬²¢ÇÒ˵Ã÷ËüÃÇÖ®¼äµÄ¹Øϵ£¬´Ó¶øÍØ¿íÁËÎÒÃǶÔÓÚµ±Ç°³ÐŵÔÚÕû¸öͼ±íÖÐËù´¦Î»ÖõÄÀí½â¡£

 

 

¾¡¹ÜͼÐεÄ˵Ã÷Ö»ÊǸü³ä·ÖµØ±íÏÖÁËÎı¾ÖеÄÓïÒå¹Øϵ£¬µ«ËûÃÇÔÚÏ໥¹ØÁªµÄÍøÂçÖл¹¿ÉÒÔÐéÄ⻯¼¸¸ö²ã´ÎµÄÉî¶È¡£ÕâÔÚ¼¯ÌåÌÖÂÛ»òÕßÍÆÀíʱ¿ÉÄÜ»á·Ç³£¾ªÈ˵ÄÓÐÓá£ÓÈÆäÊÇ£¬Èç¹ûÎÒÃǶԵ±Ç°µÄ³Ðŵ×öÁËһЩ¸Ä±ä£¬ÆäËûµÄһЩ³ÐŵҲ¿ÉÄÜ»áÊܵ½Ó°Ïì¡£ÕâÑùµÄÓ°Ïì·ÖÎö¶ÔÓڸıä¼Æ»®ºÍ²ßÂÔ·¢²¼¹ÜÀí¿ÉÄÜÊǷdz£ÖØÒªµÄ¡£

 

 

 

 

Ò»¸ö֪ʶ¿âÊǶÔÓÚÒ»¸öISO±ê×¼¼¼ÊõµÄ»°ÌâͼÐΣ¨Topic Map£©µÄʵÏÖ¡£Ò»¸ö»°ÌâͼÐλáÏñÒ»¸öË÷ÒýÄÇÑù¹¤×÷£¬ËüÄܹ»Ö¸ÏòÐí¶à²»Í¬ÀàÐ͵ÄÍⲿ×ÊÔ´£¬²¢ÇÒ¿ÉÒÔ°üº¬ÄÚ²¿µÄ¼òµ¥Îı¾ºÍͼƬ¡£Òò´ËÄã¿ÉÒÔʹÓÃËüÀ´°ó¶¨ÈκÎÀàÐ͵ÄÎĵµ¡£Ò»¸öcfengineµÄ֪ʶ¿â²¢²»ÊÇÒ»¸öеÄÎĵµ¸ñʽ£¬ËüÊÇÒ»¸ö½«Ïë·¨ºÍ×ÊÔ´½áºÏÆðÀ´µÄµþ¼ÓͼÐΣ¬²¢ÇÒ¿ÉÒÔÏÔʾ¹Øϵ¡£

 

7.5Ñ­Ðò½¥½ø

Äã¿ÉÒÔʹÓÃcf-know ÒÔÎı¾£¨ÓÃÓÚÃüÁîÐУ©»òÕßHTMLµÄÐÎʽÀ´±íʾһ¸ö»°ÌâͼÐΣ¨ÓÃÓÚÍøÒ³ÏÔʾ£©¡£ÎÒÃÇÏÈÀ´ËµÃ÷Ò»ÏÂÎı¾ÏÔʾ£¬ÒòΪËü²»ÐèҪ̫¶àµÄ½á¹¹¡£ÄãÖ»ÐèÒªÒ»¸öÊý¾Ý¿â¡£

ÊÔ×ÅÊäÈëÏÂÃæµÄ֪ʶ³Ðŵ£º

body common control 

{

bundlesequence => { "tm" };

}

body knowledge control

{

query_output => "text";

query_engine => "none";

sql_database => "test_map";

sql_owner => "mark";

sql_type => "mysql";

sql_passwd => ""; # No passwd for localhost

}

###################################################

bundle knowledge tm

{

topics:

any::

#ÎÒÃÇÐèÒª´Óij´¦¿ªÊ¼

"Processes" comment => "Programs running on a computer";

"Computers" comment => "Generic boxes",

association => a("run","Services","are run on");

Computers::

"server" comment => "Common name for a computer in a desktop";

"desktop" comment => "Common name for a computer for end users";

Programs::

"httpd" comment => "A web service process";

"named" comment => "A name service process";

Services::

"WWW" comment => "World Wide Web service",

association => a("is implemented by","httpd","implements");

"WWW" association => a("looks up addresses with","named","serves

addresses to");

#

occurrences:

httpd::

"http://www.apache.org"

represents => { "website" };

}

###################################################

body association a(f,name,b)

{

forward_relationship => "$(f)";

backward_relationship => "$(b)";

associates => { $(name) };

}

 

atlas$ mysql

Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 1

Server version: 5.0.67 SUSE MySQL RPM

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> create database test_map;

Query OK, 1 row affected (0.00 sec)

mysql> CREATE TABLE topics

-> (

-> topic_name varchar(256),

-> topic_comment varchar(1024),

-> topic_id varchar(256),

-> topic_type varchar(256)

-> );

Ò»µ©ÄãÒѾ­´´½¨ÁËÊý¾Ý¿â£¬Äã¿ÉÒÔͨ¹ýÊäÈëÏÂÃæµÄÃüÁîÀ´Ìî³äËü£º

host$ /usr/local/sbin/cf-know -f ./unit_knowledge_txt.cf -s

Äã¿ÉÒÔÑéÖ¤Êý¾ÝÒѾ­²åÈ룺

 

mysql> use test_map;

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

Database changed

mysql> select * from topics;

+------------+-----------------------------------------+-----------

+------------+

| topic_name | topic_comment | topic_id |

topic_type |

+------------+-----------------------------------------+-----------

+------------+

| WWW | World Wide Web service | WWW |

Services |

| named | A name service process | named |

Programs |

| httpd | A web service process | httpd |

Programs |

| desktop | Common name for a computer for end users| desktop |

Computers |

| server | Common name for a computer in a datacent| server |

Computers |

| Computers | Generic boxes | Computers |

any |

| Processes | Programs running on a computer | Processes |

any |

+------------+-----------------------------------------+-----------

+------------+

 

´Ëºó£¬Äã¾Í²»ÐèÒª½âÎöÕû¸öµÄÊý¾ÝÀ´Ê¹ÓÃÕâ¸ö»°ÌâͼÐΡ£Äã¿ÉÒÔʹÓÃÒ»¸öÇáÊ¡µÄ

µÄ¡®Çý¶¯½Å±¾¡¯£¬Ëü×ã¹»¿ÉÒÔ²éѯÊý¾Ý¿âµÄ¹Øϵ¡£

 

body common control

{

bundlesequence => { "tm" };

}

body knowledge control

{

query_output => "text";

query_engine => "none";

sql_database => "test_map";

sql_owner => "mark";

sql_type => "mysql";

sql_passwd => ""; # No passwd for localhost

}

###################################################

bundle knowledge tm

{

topics:

any::

"Nothing needed here -- we get everything from the db cache";

}

 

7.6 ²éѯ»°ÌâͼÐÎ

ÏÖÔÚÄã¿ÉÒÔÖ±½Ó´ÓÊý¾Ý¿â²éѯ»º´æµÄ»°ÌâͼÐΡ£¡®-t¡¯»òÕß¡®--topic¡¯Ñ¡Ïî¿ÉÒÔÓÃÀ´ÊäÈëÒ»¸ö»°ÌâµÄÃû×Ö¡£»¹¿ÉÒÔʹÓá®-r¡¯»òÕß¡®--regex¡¯Ñ¡ÏîÀ´ÊäÈëÈÎÒâ¹æÔòµÄ±íʾÀ´Æ¥ÅäÕâЩ»°Ìâ¡£

_ _ atlas$ ~/LapTop/Cfengine3/trunk/src/cf-know -f ./unit_knowledge_txt.cf

-t Computers

Topic "Computers" found in the context of "any"

Results:

Explanation: "Generic boxes" (Text)

Topics of the type Computers:

desktop

server

Associations:

Computers "run"

- Computers

Computers "are run on"

- any::Computers

Other topics of the same type (any):

Processes - Programs running on a computer

 

 

ÏÖÔÚÈç¹ûÎÒÃÇ°´ÕÕÏÂÃæµÄ²½Ö裺

 

 

atlas$ ~/LapTop/Cfengine3/trunk/src/cf-know -f ./unit_knowledge_txt.cf

-t httpd

Topic "httpd" found in the context of "Programs"

Results:

Explanation: "A web service process" (Text)

website: http://www.apache.org (URL)

Topics of the type httpd:

(none)

Associations:

httpd "implements"

- Services::WWW

Other topics of the same type (Programs):

named - A name service process

 

 

ÔÚÕâ¸öÀý×ÓÖУ¬×¢ÒâÕâÁ½¸ö½á¹û£¬Ò»¸öÊÇURL£¬Ò»¸öÊÇÎÄ×ÖÎı¾×Ö·û´®¡£»¹ÓÐÒ»¸öÓëWWW·þÎñµÄ¹ØÁª¡£Èç¹ûÎÒÃÇ°´ÕÕÏÂÃæµÄ²½Ö裺

 

atlas$ ~/LapTop/Cfengine3/trunk/src/cf-know -f ./unit_knowledge_txt.cf

-t WWW

Topic "WWW" found in the context of "Services"

Results:

Explanation: "World Wide Web service" (Text)

Topics of the type WWW:

(none)

Associations:

WWW "is implemented by"

- httpd

WWW "looks up addresses with"

- named

Other topics of the same type (Services):

£¨none£©

 

ΪÁËÄÜÒÔÍøÒ³¸ñʽÏÔʾÕâ¸ö£¬ÎÒÃǽ«²éѯµÄÊä³ö±ä³É¡®html¡¯£»cf-know ½«»áÏÔʾhtmlÒ³Ãæ¡£¿ÉÒÔͨ¹ýÒ»¸ö¼òµ¥µÄPHP½Å±¾´´½¨Ò»¸ö¼òµ¥µÄ·â×°½Å±¾À´Ê¹Ëü³ÉΪһ¸öÍøÒ³£¬ÀýÈ磺

 

<?php

$arg1 = $_GET['next'];

$cfknow = "/usr/local/sbin/cf-know";

$file = "/path/to/portal/overview.cf";

if ($arg1)

{

system("$cfknow -t $arg1 -f $file");

}

else

{

system("$cfknow -t some_start_topic -f $file");

}

?>

 

ÔÚÕâÀ²»×ãµÄ»°ÌâÒ²ÄܲúÉúһЩͼÐΡ£¡£µ«Ò»¸ö»°Ìâ±ØÐëÖÁÉÙÓÐÁ½¸ö¹ØÁª²ÅÄÜÈ·±£²úÉúÒ»¸öͼ±í¡£

 

7.7 »°ÌâͼÐεľßÌåϸ½Ú

7.7.1 »°ÌâͼÐεĶ¨Òå

»°ÌâͼÐÎÆäʵÊǵç×ÓË÷Òý£¬µ«ËüÃǵÄÐγɺ͹¤×÷·½Ê½ÀàËÆÓÚÍøÒ³¡£Ò»¸ö»°ÌâÊÇ´ú±íÁËÒ»¸ö¼¼ÊõµÄ¡®Ö÷Ì⡯£¬ÀýÈ磬ÈκÎÄã¿ÉÄÜÏëÒªÌÖÂÛµÄÊÂÇ飬ժҪµÄ»òÊÇÎïÖʵģ¬ÀýÈ磬һ¸ö¡®ÖªÊ¶ÕªÒª¡¯ÏîÄ¿£¬Ëü¿ÉÄÜÓÐÐí¶à¾ßÌåµÄ·¶Àý¡£Ëü¿ÉÄÜÊÇÒ»¸öÈË£¬Ò»Ì¨»úÆ÷£¬Ò»ÖÖÖÊÁ¿µÈ¡£

 »°Ìâ¿ÉÒÔ±»·ÖÀà³É²»Í¬µÄÀàÐÍ£¬³ÆΪ topic-types£¬Òò¶øÏà¹ØµÄÊÂÇéÄܹ»±»ÕûÀí²¢ÇÒ²»Ïà¹ØÁªµÄÊÂÇé¿ÉÒÔ±»·Ö¿ª£¬ÀýÈ磬»°ÌâÀàÐÍÄܹ»ÈÃÎÒÃÇÇø·ÖUNIXÃüÁîµÄrmdirºÍUnixϵͳµ÷ÓõÄrmdir¡£

 Ã¿Ò»ÖÖ±»·ÖÀàµÄ»°ÌâÄܹ»½øÒ»²½µØÖ¸Ïò´óÁ¿µÄ²Î¿¼»òÕß·¶Àý£¬³ÆΪʼþ£¨occurrences£©¡£ÀýÈ磬һ¸ö»°Ìâ¡®computer¡¯µÄʼþ¿ÉÄÜ°üÀ¨Ê飬ÍøÒ³Îĵµ£¬Êý¾Ý¿âÌõÄ¿£¬ÎïÖʵÄÏÔÏÖ£¬»òÕßһЩÆäËûµÄÐÅÏ¢¡£Ò»¸öʼþÊÇÒ»¸öÄܹ»¾ÙÀýÖ¤Ã÷ÕªÒª»°ÌâµÄ²Î¿¼¡£Ê¼þ²Î¿¼£¨Occurrence references£©ÀàËÆÓÚË÷ÒýÖеÄÒ³Âë¡£

    Ò»±¾ÊéµÄË÷Òýͨ³£ÓС®²Î¼û¡¯(¡®see also¡¯)µÄ²Î¿¼£¬Ëü¿ÉÒÔ´ÓÒ»¸ö»°ÌâÖ¸ÏòÁíÒ»¸ö»°Ìâ¡£»°ÌâͼÐÎÔÊÐíÎÒÃǶ¨ÒåÈκÎÀàÐ͵Ļ°ÌâÖ®¼äµÄ¹ØÁªÐÎʽ¡£ÓëÒ»¸öÆÕͨµÄË÷Òý²»Í¬µÄÊÇ£¬Ò»¸ö»°ÌâͼÐÎÓи÷ÖַḻµÄ£¨¿ÉÄÜÊÇÎÞÏ޵ģ©½»´íµÄ²Î¿¼ÀàÐÍ¡£ÀýÈ磬

      topic_1 ``is a kind of'' topic_2

      topic_1 ``is improved by'' topic 2

      topic_1 ``solves the problem of'' topic_2

 

Òò¶øÕâ¸ö»°ÌâͼÐεÄÄ£ÐÍÓÐÈý¸ö²ã´ÎµÄÈÝÆ÷£º

ÀàÐÍ    ÎÒÃǽ«Ò»¸ö»°Ìâ»®·Ö³É²»Í¬µÄÀàÐÍ´Ó¶øÏû³ýÁ˾ßÓÐÏàͬÃû×ֵIJ»Í¬»°ÌâÖ®¼ä²úÉú 

        µÄÆçÒå¡£

»°Ìâ    Ò»¸öÖ÷ÌâµÄ±íÏÖ£¨Ò»¸öË÷Òý´Ê£©

ʼþÀàÐÍ  

        ÓÃÓÚ½âÊÍÒ»¸öÕæÕýµÄÎĵµÊ¼þÊÇÔõÑùÓë»°ÌâÏàÁªÏµµÄ£¬¸ÃÊõÓïÓÃÓÚÉùÃ÷һЩ¶«Î÷£¬

        ÀýÈ磨½²Ò壬Êֲᣬ»òÕßʾÀý£¬¶¨Ò壬ÕÕƬÏà²áµÈ£©

ʼþ    ×¨ÃŵÄÐÅÏ¢×ÊÔ´£ºÕâЩÊÇÖ¸ÏòÎÒÃÇÏë¶ÁµÄÄÇЩʵ¼ÊÎĵµµÄÖ¸Õ루ÀàËÆÓÚË÷ÒýÖеÄÒ³

        Â룩¡£

 

ÎÒÃÇ¿ÉÒÔºÜÈÝÒ׵ؽ«»°Ìâ¼ÓÈëµ½cfengineµÄÀàÖС£»°ÌâͼÐÎÒ²ÄܺÜÈÝÒ׵ļÓÈëµ½³ÐŵÕßÖС£Ê¼þÒ²Äܹ»Ó³Éäµ½²»Í¬ÀàÐ͵ijÐŵÕßÖС£ÕâÈý¸ö±êÇ©Çø·ÖÁ˲»Í¬ÒâÒåµÄ¼ä¸ô³ß¶È²ã´Î¡£ÀàÐÍ´ú±íÁËһϵÁеĻ°Ì⣬ÕâЩ»°Ì⻹°üº¬Ò»ÏµÁеÄʼþ¡£ÆäÖУ¬Ö÷ÒªµÄ»°ÌâÀ´×ÔÓÚËûÃÇͨ¹ý¹ØÁªÐÔÀ´ÐγÉÍøÂçµÄÄÜÁ¦¡£

ÐÅϢģÐÍ»¯µÄ¾­µä·½·¨Êǽ¨Á¢·Çµþ¼ÓµÄ¶ÔÏóµÄ²ã´Î»¯·Ö½â½á¹¹¡£Êý¾Ý±»Ç¿ÖƵطÖÔڷǵþ¼ÓµÄÈÝÆ÷ÖУ¬ÕâЩÈÝÆ÷ͨ³£ÊǾßÓйý¶ÈµÄÏÞÖÆÐԵġ£»°ÌâͼÐÎʹµÃÎÒÃÇÄܹ»±ÜÃâ¸÷ÖÖÀàÐ͵ĴíÎó£¬ÀýÈçµ¼ÖÂÀàËÆ´øÓгÉǧÉÏÍòÑϸñµÄ·Çµþ¼ÓÀàÐÍ·ÖÀàµÄ¹²Í¬ÐÅϢģÐÍ£¨CIM£©µÄ»ûÐΡ£

ÿ¸ö»°ÌâʹµÃÎÒÃÇÄܹ»ÓÐЧµØ¡®±íÏÖ¡¯ÐÅϢʼþ´Ó¶øÍ»³ö¹ØÓڸû°ÌâµÄÇ¡µ±µÄ¸ÅÄî¡£

 

7.7.2 cf-know

CfengineµÄ֪ʶ´úÀíÆ÷ cf-know ʹµÃÄãÄܹ»¶ÔÓÚ֪ʶºÍËüÃǵÄÄÚ²¿¹Øϵ×÷³ö³Ðŵ¡£Ëü²»ÊÇרÃŵØÒ»¸öͨÓõĻ°ÌâͼÐÎÓïÑÔ£º¶øÊÇËüÄܹ»Îª¹ÜÀíÒ»¸ö֪ʶ¿âÌṩһÖÖÇ¿´óµÄÅäÖÃÓïÑÔ£¬´Ó¶ø°ÑËü±àÒë³ÉÒ»ÖÖ»°ÌâͼÐΡ£

Ò»¸ö±ê×¼µÄISO»°ÌâͼÐÎÄ£ÐÍÓÉÓÚÌ«·á¸»¶ø²»ÄܳÉΪһ¸öϵͳ֪ʶ¹ÜÀíµÄÓÐÓù¤¾ß¡£È»¶ø£¬Õâ¾ÍÊÇÇ¿´óµÄÅäÖùÜÀíÄܹ»°ïÖú¼ò»¯Õâ¸ö¹ý³ÌµÄËùÔÚÖ®´¦£ºÎªÒ»¸ö»°ÌâͼÐαàÂëÊÇÅäÖÃÖÐÒ»¸ö¸´ÔÓµÄÎÊÌ⣬¶øcfengine Ç¡ºÃÄܽâ¾öÕâ¸öÎÊÌâ¡£CfengineµÄ»°ÌâͼÐγÐŵÓÐÏÂÃæµÄÐÎʽ£º

bundle knowledge example

{

topics:

topic_type_context:: #±ê×¼µÄÈÝÆ÷

"Topic name" #¼ò¶ÌµÄ»°ÌâÃû³Æ

comment => "Use this for a longer description",

association => a("forward assoc to","Other topic","backward assoc");

"Other topic";

occurrences:

Topic_name:: # Topic

"http://www.example.org/document.xyz" # URI to instance

represents => { "Definition", "Tutorial"}; # sub-types

}

¹ØÁªÌåµÄÄ£°åÈçÏ£º:

body association a(f,name,b)

{

forward_relationship => "$(f)";

backward_relationship => "$(b)";

associates => { $(name) };

}

 

³ÐŵÀíÂÛ¸ø»°ÌâͼÐα¾ÌåÔö¼ÓÁËÒ»¸öÇåÎúµÄ¹¹¼Ü£¬ÕâÊǷdz£ÓÐÓõģ¬¾­Ñé±íÃ÷´àÈõµÄ¸ÅÄîÄ£ÐͻᵼÖºܲîµÄ֪ʶͼÐΡ£

 

7.8 ×÷Ϊ»°ÌâͼÐεÄÄ£ÐÍÅäÖóÐŵ

ÔÚcfengineÖÐÎÒÃÇÄܹ»½«»°ÌâͼÐÎËÜÔì³É³ÐŵģÐÍ£»Ê£ÏµÄÎÊÌâ¾ÍÊǹØÓÚÔõÑùʹÓû°ÌâͼÐÎÐγÉÄ£ÐÍÅäÖôӶøcfengineµÄʹÓÃÕßÄܹ»Ê¹ÓÃÍøÒ³ä¯ÀÀÆ÷²éÕÒä¯ÀÀ´æµµµÄ³Ðŵ£¬²¢ÇÒÄܹ»¿´ÇåÔ­±¾¹ÂÁ¢ºÍ±»·Ö¸îµÄ¹æÔòÖ®¼äµÄËùÓйØϵ¡£Õâ¸ö½«ÎªcfengineµÄÈí¼þÐγɻù±¾µÄÓïÒåÅäÖùÜÀíÊý¾Ý¿â£¨sCMDB£©¡£ÊµÏÖÕâ¸öÄ¿±êµÄ¹Ø¼üÊǽ«»°ÌâͼÐεÄÅäÖÿ´³É»°Ìâ³éÏó¿Õ¼äÉú³ÉµÄ´óÁ¿³Ðŵ£¬²¢ÇÒÄܹ»½«Ã¿¸ö³Ðŵ±ä³ÉÒ»¸ö³ÐŵԪ×飨meta-promise£©£¬´Ó¶ø½«ÅäÖÃÄ£ÐͳÉÒ»¸ö´øÓи÷ÖÖ¹ØÁªµÄ»°Ìâ¡£¿´ÒÔϵÄCfengineµÄ³Ðŵ¡£

 

bundle agent update

{

files:

any::

``/var/cfengine/inputs'' -> { ``policy_team'', ''dependent'' },

comment => ``Check policy updates from source'',

perms => true,

mode => 600,

copy_from => true,

copy_source => /policy/masterfiles,

compare => digest,

depth_search => true,

depth => inf,

ifelapsed => 1;

}

 

Cfengine¿ÉÒÔ½«ÏµÍ³ÅäÖóÐŵӳÉäµ½´óÁ¿µÄÆäËû³ÐŵÌáÒ飬ÓÃÓÚcf-know µÄ´úÀíÆ÷¡£Òþ²ØһЩϸ½Ú£¬ÎÒÃÇÓУº

type_files::

"/var/cfengine/inputs"

association => a("promise made in bundle","update","bundle

contains promise");

"/var/cfengine/inputs"

association => a("specifies body type","perms","is specified in");

"/var/cfengine/inputs"

association => a("specifies body type","mode","is specified in");

"/var/cfengine/inputs"

association => a("specifies body type","copy_from","is specified

in");

# etc ...

occurrences:

_var_cfengine_inputs::

"promise_output_common.html#promise__var_cfengine_inputs_update_cf_13"

represents => { "promise definition" };

 

ÔÚ¸ÃÓ³ÉäÖÐҪעÒ⣬ʵ¼ÊµÄ³Ðŵ£¨±»¿´×÷Ò»¸öÏÖʵÊÀ½çµÄʵÌ壩ÊÇÒ»¸ö»°Ìâ¡®³Ðŵ¡¯Ê¼þ£»Í¬Ê±Ã¿¸ö³Ðŵ×÷Ϊһ¸ö²»Í¬µÄ»°ÌâÌÖÂÛ£¬Ê¹µÃʵÌå¹ØϵģÐÍÐγÉÏÖʵÊÀ½çÊý¾ÝµÄÄ£ÐÍÔª×é¡£Ïà·´µÄ£¬»°Ìâ±¾Éí³ÉÁ˸óÐŵģÐÍÖеÄÅäÖÃÏîÄ¿»òÕß¡®³ÐŵÕß¡¯¡£×÷ÓÃÊÇ´´½¨Ò»¸öä¯ÀÀ²ßÂԵĵ¼º½ÓïÒåÍøÒ³£»Õâ¿ÉÒÔʹÓÃÒ»¸öСµÄ±ê×¼¸ÅÄîµÄʵÌåÀ´´æµµ²ßÂԵĽṹºÍÄ¿µÄ£¬²¢ÇÒÄܱ»ÈËÀàÓòÃûר¼ÒÃÇÎÞÏ޵ؽøÐÐÍØÕ¹¡£

 

7.9 ¸½¼þ£º¼¼ÊõµÄÇ°ÌáÒªÇó

7.9.1 ֪ʶ»ù±¾ÒªÇó

ÄãÐèҪһ̨µçÄÔÀ´ÔËÐÐÒ»¸öapacheµÄÍøÒ³·þÎñÆ÷£¬²¢¾ßÓÐһЩ¼¤»îµÄ·þÎñÆ÷Ò³Ãæ¼¼Êõ×÷ΪcfengineµÄ·â×°¡£ÎÒÃÇʾÀý¼ÙÉèÕâ¸ö·â×°ÊÇÒ»¸öʹÓÃPHPµÄÍøÒ³·þÎñÆ÷¡£Ä㻹ÐèÒªÒ»¸öºó¶ËµÄÒ»¸öSQLÊý¾Ý¿â£¨ÓÃÓÚcfengine¶ø²»ÊÇPHP£©¡£Cfengineµ±Ç°Ö§³ÖMySQLºÍPostreSQL¡£Ò»¸öPHP¼¤»îµÄË÷ÒýÒ³Ãæ°üº¬ÁËÒ»¸ö·â×°£¬Äܹ»ÔËÐÐcf-know×é¼þ£¬²¢ÇÒ½«Õâ¸öÒ³ÃæÌá¸øÍøÒ³ä¯ÀÀÆ÷¡£

 

ΪÁËÄܹ»¹¤×÷£¬Äã´´½¨cfengine½øÐбàÒëµÄʱºòÐèÒªÊý¾Ý¿âµÄÖ§³Ö¡£MySQLºÍPostgreSQLÊý¾Ý¿âÄ¿Ç°ÊÇÖ§³ÖµÄ¡£ÄãÔÚ°²×°phpµÄʱºò²»ÐèÒªÕâЩÊý¾Ý¿âµÄÄ£¿é£¬ÒòΪcfengineÄܹ»Ö±½ÓÓëÊý¾Ý¿â¶Ô»°£¬µ«cfengineÔÚ±àÒëµÄʱºòÐèÒªÊý¾Ý¿âµÄÖ§³Ö¡£