help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: using cfengine for cluster updates (and a tripwire replacement?)

From: Adrian Phillips
Subject: Re: using cfengine for cluster updates (and a tripwire replacement?)
Date: 19 Jul 2002 16:42:43 +0200
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 
>>>>> "Steve" == steve rader <rader@ginseng.hep.wisc.edu> writes:

    Steve>  - should I have cfengine run the pre/post install scripts
    Steve> (en toto) or should I configure cfengine to run each
    Steve> individual command in the pre/post install scripts?

Depends upon how many commands - if its more than a few then I'd let
cfengine call the scripts.

    Steve>  - given a directory tree (or file with a list) of new
    Steve> files only, how do I configure cfengine to push them out to
    Steve> each node?

cfengine's copy does this automatically - its just a mirroring of your
master directory to each client.

    Steve>  - how do I update (eg "s/UW HEP 0.18/UW HEP 0.19/g") the
    Steve> version info in /etc/motd?

editfiles is your friend.

    Steve> Here, I think, is the big issue:

    Steve> Assuming some nodes are at version 0.17 and some at 0.18,
    Steve> can I configure cfengine to update each node to 0.19?  It
    Steve> seems that, if I untar all my updates into a single
    Steve> directory tree, then cfengine will push/sync to those files
    Steve> on all nodes, and thus cfengine will magically configure
    Steve> each node from any version to 0.19?  If so, then can/how do
    Steve> I configure cfengine to run certain commands if and only if
    Steve> certain files have been installed or updated?  (For
    Steve> example, if a new sshd is updated, then restart ssh
    Steve> service.)

Hmm, well, you could split up the copying to do each file that may
trigger a command :-

   /etc/ssh/sshd.conf server=server dest=dest define=ssh_restart

Whether this becomes tedious depends upon how many files this may
affect.

    Steve> And here's another big issue:

    Steve> For system (file) integrity management, are there
    Steve> compelling reasons to migrate from tripwire to cfengine??

I'm not very clued about security but the problem with
cfengine/tripwire seems to be having a copy of the checksums which
haven't themselves been tampered with. How others do this I have know
idea as yet as I haven't got this far with using cfengine.

Sincerely,

Adrian Phillips

-- 
Your mouse has moved.
Windows NT must be restarted for the change to take effect.
Reboot now?  [OK]
reply via email to
[Prev in Thread] Current Thread [Next in Thread]