cfengine par la pratique

[root@calaz /usr/src/redhat/SPECS]
$ rpm -Uvh /usr/src/redhat/RPMS/i386/cfengine-2.1.14-1_int.i386.rpm
Préparation...              ########################################### [100%]
   1:cfengine               ########################################### [100%]

[root@calaz /var/cfengine]
$ ls -R
.:
bin  inputs  outputs  plugins  ppkeys  sbin  share

./bin:
cfagent

./inputs:

./outputs:

./plugins:

./ppkeys:
root-157.159.50.197.pub

./sbin:
cfagent  cfenvd      cfexecd  cfrun    cfshow
cfdoc    cfenvgraph  cfkey    cfservd  vicf

./share:
cfengine

./share/cfengine:
cfagent.conf-advanced.example  cf.main.example       cf.solaris.example
cfagent.conf.example           cf.motd.example       cf.sun4.example
cf.chflags.example             cf.preconf.example    cf.users.example
cfengine.el                    cfrc.example          ChangeLog
cf.freebsd.example             cfrun.hosts.example   INSTALL
cf.ftp.example                 cfservd.conf.example  NEWS
cf.groups.example              cf.services.example   README
cf.linux.example               cf.site.example       update.conf.example

[root@calaz /var/cfengine/inputs]
$ cat update.conf

#######
#
# BEGIN update.conf
#
# This script distributes the configuration, a simple file so that,
# if there are syntax errors in the main config, we can still
# distribute a correct configuration to the machines afterwards, even
# though the main config won't parse. It is read and run just before the
# main configuration is parsed.
#
#######

control:

 actionsequence  = ( copy tidy )  # Keep this simple and constant

 domain          = ( int-evry.fr )  # Needed for remote copy

 #
 # Which host/dir is the master for configuration roll-outs?
 #
 policyhost      = ( calaz.int-evry.fr )

# le répertoire masterinputs contient entre autre le cfagent.conf et toute ses inclusions

 masterinputs  = ( /var/cfengine/masterinputs )

 #
 # Some convenient variables
 #

 workdir         = ( /var/cfengine )
 cf_install_dir  = ( /var/cfengine/sbin )

 # Avoid server contention

 SplayTime = ( 5 )

############################################################################

 #
 # Make sure there is a local copy of the configuration and
 # the most important binaries in case we have no connectivity
 # e.g. for mobile stations or during DOS attacks
 #

copy:

# Tout le contenu du masterinputs ira dans $(workdir)/inputs

     $(masterinputs)            dest=$(workdir)/inputs
                                  r=inf
                                  mode=700
                                  type=binary
                                  exclude=*.lst
                                  exclude=*~
                                  exclude=#*
                                  server=$(policyhost)
#####################################################################

tidy:

     #
     # Cfexecd stores output in this directory.
     # Make sure we don't build up files and choke on our own words!
     #

     $(workdir)/outputs pattern=* age=7

[root@calaz /var/cfengine/masterinputs]
$ ls
cfagent.conf  cf.groups  cf.linux  cf.main  cfservd.conf  update.conf

[root@calaz /var/cfengine]
$ /var/cfengine/sbin/cfkey
Making a key pair for cfengine, please wait, this could take a minute...
Writing private key to /var/cfengine/ppkeys/localhost.priv
Writing public key to /var/cfengine/ppkeys/localhost.pub

[root@calaz /var/cfengine]
$ /var/cfengine/sbin/cfservd -F -d 2
cfservd: Debug mode: running in foreground
AddClassToHeap(any)
....
Loaded /var/cfengine/ppkeys/localhost.priv
Loaded /var/cfengine/ppkeys/localhost.pub
New Parser Object::(BEGIN PARSING /var/cfengine/inputs/cfservd.conf)
Looking for an input file /var/cfengine/inputs/cfservd.conf
(No file /var/cfengine/inputs/cfservd.conf)
(END OF PARSING /var/cfengine/inputs/cfservd.conf)
Finished with /var/cfengine/inputs/cfservd.conf

[root@calaz /var/cfengine/inputs]
$ cat cfservd.conf
#########################################################
#
# This is a cfd config file
#
control:
 
  domain = ( int-evry.fr )
# Autorisation de connexion depuis 2 reseaux IP
  AllowConnectionsFrom = ( 157.159.27.0/24 157.159.50.0/24 )
# Autorisation de connexion depuis un service cfengent lancé par root sur le client
  AllowUsers = ( root )
 
  any::
 
  ChecksumDatabase = ( /tmp/testDATABASEcache )
  IfElapsed = ( 1 )
  MaxConnections = ( 100 )
 
#########################################################
 
admit:   # or grant:

# Autorisation de transferts de fichiers du serveur vers les clients sur les reseaux ip suivants:

/var/cfengine/masterinputs 157.159.27.*
/var/cfengine/masterinputs 157.159.50.*
/var/cfengine/data 157.159.27.*
/var/cfengine/data 157.159.50.*

[root@calaz /var/cfengine/inputs]
$ /var/cfengine/sbin/cfservd -F -d 2

Loaded /var/cfengine/ppkeys/localhost.priv
Loaded /var/cfengine/ppkeys/localhost.pub
New Parser Object::(BEGIN PARSING /var/cfengine/inputs/cfservd.conf)
Looking for an input file /var/cfengine/inputs/cfservd.conf
# BEGIN PARSING /var/cfengine/inputs/cfservd.conf
Path: /var/cfengine/masterinputs (encrypt=0)
   Admit: 157.159.50.* root=
   Admit: 157.159.27.* root=
Path: /var/cfengine/data (encrypt=0)
   Admit: 157.159.50.* root=
   Admit: 157.159.27.* root=
ACCESS DENIAL ------------------------ :
 
Host IPs allowed connection access :
 
IP: 157.159.27.0/24
IP: 157.159.50.0/24

Bound to address :: on linux=6
Listening for connections ...
Checking file updates on /var/cfengine/inputs/cfservd.conf (4284bfe4/4284c008)

[root@calaz /var/cfengine/inputs]
$ lsof -i tcp | grep cfser
cfservd   14660    root    4u  IPv6 279008       TCP *:cfengine (LISTEN)

[root@arvouin /var/cfengine/inputs]
$/var/cfengine/sbin/cfagent -q -v
....
Connect to calaz.int-evry.fr = 157.159.50.197 on port cfengine
cfengine:: Time out

[root@calaz /var/cfengine]
$ grep 5308 /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5308 -j ACCEPT
[root@calaz /var/cfengine]
$ /etc/init.d/iptables restart

[root@arvouin /var]
$rpm -Uvh /root/cfengine-2.1.14-1_int_sample.i386.rpm
Préparation...              ########################################### [100%]
   1:cfengine               ########################################### [100%]

[root@arvouin /var/cfengine]
$ls ppkeys/
root-157.159.50.197.pub

[root@arvouin /var/cfengine/inputs]
$ls

[root@arvouin /var/cfengine]
$ls -R
.:
bin  inputs  outputs  plugins  ppkeys  sbin  share
 
./bin:
cfagent
 
./inputs:
 
./outputs:
 
./plugins:
 
./ppkeys:
root-157.159.50.197.pub
 
./sbin:
cfagent  cfenvd      cfexecd  cfrun    cfshow
cfdoc    cfenvgraph  cfkey    cfservd  vicf
 
./share:
cfengine
 
./share/cfengine:
cfagent.conf-advanced.example  cf.main.example       cf.solaris.example
cfagent.conf.example           cf.motd.example       cf.sun4.example
cf.chflags.example             cf.preconf.example    cf.users.example
cfengine.el                    cfrc.example          ChangeLog
cf.freebsd.example             cfrun.hosts.example   INSTALL
cf.ftp.example                 cfservd.conf.example  NEWS
cf.groups.example              cf.services.example   README
cf.linux.example               cf.site.example       update.conf.example

[root@arvouin /var/cfengine]
$scp root@calaz:/var/cfengine/masterinputs/update.conf ./inputs/

[root@arvouin /var/cfengine/inputs]
$/var/cfengine/sbin/cfagent -p -v
Unable to detect environment from cfenvd
 
cfengine:: No preconfiguration file
 * (Changing context state to: update) *
Looking for an input file /var/cfengine/inputs/update.conf
Finished with update.conf
LogDirectory = /var/cfengine
cfengine:: Couldn't find a private key (/var/cfengine/ppkeys/localhost.priv) - use cfkey to get one
cfengine:: open: No such file or directory

[root@arvouin /var/cfengine/inputs]
$/var/cfengine/sbin/cfkey
Making a key pair for cfengine, please wait, this could take a minute...
Writing private key to /var/cfengine/ppkeys/localhost.priv
Writing public key to /var/cfengine/ppkeys/localhost.pub

[root@arvouin /var/cfengine/ppkeys]
$/var/cfengine/sbin/cfagent  -q -v
Checking copy from calaz.int-evry.fr:/var/cfengine/masterinputs to /var/cfengine/inputs
Connect to calaz.int-evry.fr = 157.159.50.197 on port cfengine
Updating last-seen time for calaz.int-evry.fr
Loaded /var/cfengine/ppkeys/root-157.159.50.197.pub
cfengine:: BAD: key could not be accepted on trust
cfengine:: Authentication dialogue with calaz.int-evry.fr failed
cfengine:: Unable to establish connection with calaz.int-evry.fr (failover)

[root@arvouin /var/cfengine/ppkeys]
$scp localhost.pub root@calaz:/var/cfengine/ppkeys/root-157.159.27.199.pub
root@calaz's password:
localhost.pub                                 100%  426     1.1MB/s   00:00

$ grep Trust /var/cfengine/inputs/cfservd.conf
  TrustKeysFrom = ( 157.159.27.0/24 )

[root@calaz /var/cfengine/outputs]
$ /var/cfengine/sbin/cfservd -F -d 2
Host IPs from whom we shall accept public keys on trust :
 
IP: 157.159.27.0/24

[root@calaz /var/cfengine/ppkeys]
$ ls
localhost.priv  localhost.pub  root-157.159.50.197.pub

[root@arvouin /var/cfengine/inputs]
$/var/cfengine/sbin/cfagent -q -v

cfservd -F -d 2 sur calaz signal:

Received: [CAUTH 157.159.27.199 arvouin.int-evry.fr root 0] on socket 5
Connecting host identifies itself as 157.159.27.199 arvouin.int-evry.fr root 0
(ipstring=[157.159.27.199],fqname=[arvouin.int-evry.fr],username=[root],socket=[::ffff:157.159.27.199])
cfservd: Allowing 157.159.27.199 to connect without (re)checking ID
Non-verified Host ID is arvouin.int-evry.fr (Using skipverify)
Non-verified User ID seems to be root (Using skipverify)
Havekey(root-157.159.27.199)
Did not have key root-157.159.27.199
cfservd: Weak authentication of trusted client arvouin.int-evry.fr/::ffff:157.159.27.199 (key accepted on trust).

[root@calaz /var/cfengine/ppkeys]
$ ls
localhost.priv  localhost.pub  root-157.159.27.199.pub  root-157.159.50.197.pub

[root@arvouin /var/cfengine/ppkeys]
$/var/cfengine/sbin/cfagent  -q -v
Setting cfengine new port to 5308
Setting cfengine old port to 5308
Reference time set to Fri May 13 17:06:24 2005
GNU Configuration Engine -
2.1.14
Loaded /var/cfengine/ppkeys/localhost.priv
Loaded /var/cfengine/ppkeys/localhost.pub
Checksum database is /var/cfengine/checksum.db
Checking copy from calaz.int-evry.fr:/var/cfengine/masterinputs to /var/cfengine/inputs
Connect to calaz.int-evry.fr = 157.159.50.197 on port cfengine
Updating last-seen time for calaz.int-evry.fr
Loaded /var/cfengine/ppkeys/root-157.159.50.197.pub
cfengine:: Strong authentication of server=calaz.int-evry.fr connection confirmed
cfengine:: /var/cfengine/inputs/cf.main wasn't at destination (copying)
cfengine:: Copying from calaz.int-evry.fr:/var/cfengine/masterinputs/cf.main
cfengine:: Object /var/cfengine/inputs/cf.main had permission 600, changed it to 700
cfengine:: /var/cfengine/inputs/cf.linux wasn't at destination (copying)
cfengine:: Copying from calaz.int-evry.fr:/var/cfengine/masterinputs/cf.linux
cfengine:: Object /var/cfengine/inputs/cf.linux had permission 600, changed it to 700
cfengine:: /var/cfengine/inputs/cfagent.conf wasn't at destination (copying)
cfengine:: Copying from calaz.int-evry.fr:/var/cfengine/masterinputs/cfagent.conf
cfengine:: Object /var/cfengine/inputs/cfagent.conf had permission 600, changed it to 700
cfengine:: /var/cfengine/inputs/cf.groups wasn't at destination (copying)
cfengine:: Copying from calaz.int-evry.fr:/var/cfengine/masterinputs/cf.groups
cfengine:: Object /var/cfengine/inputs/cf.groups had permission 600, changed it to 700
cfengine:: /var/cfengine/inputs/cfservd.conf wasn't at destination (copying)
cfengine:: Copying from calaz.int-evry.fr:/var/cfengine/masterinputs/cfservd.conf
cfengine:: Object /var/cfengine/inputs/cfservd.conf had permission 600, changed it to 700
cfengine:: Update of image /var/cfengine/inputs/update.conf from master /var/cfengine/masterinputs/update.conf on calaz.int-evry.fr
cfengine:: Object /var/cfengine/inputs/update.conf had permission 600, changed it to 700
Checking copy from calaz.int-evry.fr:/var/cfengine/masterinputs/cfservd.conf to /var/cfengine/inputs
cfengine:: image exists but destination type is silly (file/dir/link doesn't match)
cfengine:: source=/var/cfengine/masterinputs/cfservd.conf, dest=/var/cfengine/inputs
Saving the setuid log in /var/cfengine/cfagent.arvouin.int-evry.fr.log

 * (Changing context state to: main) *

#Execution du cfagent.conf ...

Looking for an input file /var/cfengine/inputs/cfagent.conf
Looking for an input file cf.groups
Looking for an input file cf.main
Looking for an input file cf.linux
Finished with cfagent.conf

Main Tree Sched: copy pass 1 @ Fri May 13 17:06:27 2005
*********************************************************************

Checking file(s) in /etc/passwd
cfengine:arvouin: File /etc/passwd was not in database - new file found
Checking file(s) in /etc/shadow
cfengine:arvouin: File /etc/shadow was not in database - new file found

 Main Tree Sched: editfiles pass 1 @ Fri May 13 17:06:28 2005
*********************************************************************
 
Begin editing /etc/inittab
End editing /etc/inittab

 Main Tree Sched: shellcommands pass 1 @ Fri May 13 17:06:28 2005
*********************************************************************
 
cfengine:arvouin: Executing script /bin/echo shellcommands de cf.main !...(timeout=0,uid=-1,gid=-1)
(Setting umask to 77)
cfengine:arvouin:/bin/echo shell: shellcommands de cf.main !
cfengine:arvouin: Finished script /bin/echo shellcommands de cf.main !

 Main Tree Sched: links pass 1 @ Fri May 13 17:06:28 2005
*********************************************************************
 
cfengine:arvouin: Linking files /usr/local/bin/tcsh -> /bin/tcsh
cfengine:arvouin: Linking files /usr/local/bin/bash -> /bin/bash

[root@arvouin /var/cfengine/ppkeys]
$ls ../inputs/
cfagent.conf  cf.linux  cfservd.conf  update.conf.cfsaved
cf.groups     cf.main   update.conf

$ cat cfagent.conf
##################################################
#  cfagent.conf
##################################################
import:
# split things up to keep things tidy
        any::
                cf.groups
                cf.main
 
        linux::
                cf.linux

[root@calaz /var/cfengine/masterinputs]
$ cat cf.groups
#Fichier de definition des groupes/class
groups:
 
# machines unix du service s2ia
s2iaunix = ( calaz arvouin )
 
# machines windows du service s2ia
s2iawindows = ( pat4784 )
 
#classe s2ia -> toutes les machines du service s2ia
s2ia = ( s2iaunix s2iawindows )
 
# strategie de site linux
autoconfigMozilla = ( arvouin )
logoint = ( arvouin )

[root@calaz /var/cfengine/masterinputs]
$ cat cf.main
##################################################
#  cf.main
##################################################
############# Control
control:
 
   EditfileSize = ( 70000 )
   moduledirectory = ( /var/cfengine/plugins )
   AddInstallable = ( restartgdm )
   addclasses = ( noboot )
   actionsequence = ( files directories copy editfiles shellcommands links tidy processes )
   domain         = ( int-evry.fr )
   timezone       = ( MET )
   smtpserver     = ( smtp-int.int-evry.fr )  # used by cfexecd
   sysadm         = ( root@calaz.int-evry.fr )     # where to mail output

# nous modifierons le fichier inittab, une veriable contient son chemin absolu
   inittab   = ( /etc/inittab )
# nous allons copier un fichier d'autoconfiguration de mozilla dans $MOZILA_HOME, ce chemin depend de la version mozilla installée, le nom du package sur le client permet de definir ce chemin qui sera /usr/lib/$mozilladir/
   mozilladir = ( ExecResult(/bin/rpm -q --queryformat "%{VERSION}" mozilla) )

# Definition de chemin absolue pour les machines linux 
   linux::
        grubconfigfile  = ( /etc/grub.conf )
        gdmconffile     = ( /etc/X11/gdm/gdm.conf )
######################################################################
resolve:
   # Add these name servers to the /etc/resolv.conf file
     157.159.10.12      # local nameserver
     157.159.10.13     # backup nameserver
 
######################################################################
copy:
# modification du prompt ($PS1=''[\u@\h \w]\n$'') par la copie du fichier system bashrc
        any::
        /var/cfengine/data/bashrc dest=/etc/bashrc mode=0644 server=calaz
 
######################################################################
 
shellcommands:

# un simpe test de commande shell -> envoie d'un echo
   any::
        "/bin/echo shellcommands de cf.main !"

######################################################################
links:

# Création de liens
       s2iaunix::
  
       /usr/local/bin/tcsh    -> /bin/tcsh
       /usr/local/bin/bash    -> /bin/bash
 
######################################################################
processes:

# action a mener sur des processus
 
   restartgdm::
       "gdm"   signal=hup
 
   any::
        "nscd"
        restart "/sbin/chkconfig --level 345 nscd on ; /etc/init.d/nscd restart" 
##########################EDITFILES
editfiles: 
        any::
# Edition du inittab -> desactivation des consoles text sur CRTL+ALT+F[3-6]
                                                                               
      { $(inittab)
       DeleteLinesMatching "[3-6]:2345:respawn:/sbin/mingetty tty[3-6]"
     }
 
################## Files
files:
# verifications sur le fichier password                                                                               
   /etc/passwd
         mode=644        # make sure the file permissions are right
         owner=root      # make sure it's owned by root
         action=fixall   # if anything is wrong, fix it immediately!
         checksum=md5    # keep a "tripwire" checksum to tell us
                         # if any changes occur here
                                                                                
   /etc/shadow mode=600 owner=root action=fixall checksum=md5                                                           
   /var/cfengine/checksum.db  mode=600 owner=root action=fixall

[root@calaz /var/cfengine/masterinputs]
$ cat cf.linux
# cfagent file for linux stations
copy:
# copie du fichier d'autoconfiguration mozilla dans $MOZILLA_HOME = variable $mozilladir du cf.main
        autoconfigMozilla::
        /var/cfengine/data/mozilla.cfg   dest=/usr/lib/mozilla-$(mozilladir)/mozilla.cfg mod=644 server=calaz
 
# gestion d'un logo perso à la connexion GDM, copie récursive de l'arborescence INT_theme
        logoint::         /var/cfengine/data/fedora-3/INT_theme dest=/usr/share/gdm/themes/INT_theme server=calaz recurse=inf
 
##################################
editfiles:
 
# edition du gdm.conf afin d'y integrer notre logo copié ci-dessus
        logoint::
        { $(gdmconffile)
        BeginGroupIfNoSuchLine "GraphicalTheme=INT_theme"
        LocateLineMatching "GraphicalTheme=Bluecurve"
        ReplaceLineWith "GraphicalTheme=INT_theme"
        EndGroup
        DefineClasses "restartgdm"
        }
 
##################
shellcommands:

# a minuit et 20H , on lance une mise a jour systeme (yum update)
        Hr0|Hr20::
        "/bin/nice -n 20 /usr/bin/yum -y -d 2 update > /tmp/yum 2>&1"

$ mkdir /var/cfengine/data
$ mkdir /var/cfengine/data/fedora-3/
[root@calaz /var/cfengine/data]
$ cp /etc/bashrc
[root@calaz /var/cfengine/data]
$ vi mozilla.cfg
[root@crotale /var/cfengine/data/fedora-3]
$ scp -r INT_theme root@calaz:/var/cfengine/data/fedora-3

[root@calaz /var/cfengine/data]
$ ls
bashrc  fedora-3  mozilla.cfg

[root@arvouin /var/cfengine/ppkeys]
$/var/cfengine/sbin/cfagent  -q -v

$/var/cfengine/sbin/cfagent -q -v
Setting cfengine new port to 5308
Setting cfengine old port to 5308
Reference time set to Fri May 13 18:40:26 2005

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
 * (Changing context state to: update) *
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
 
Looking for an input file /var/cfengine/inputs/update.conf
Finished with update.conf
*********************************************************************
 Update Sched: copy pass 1 @ Fri May 13 18:40:26 2005
*********************************************************************
 
Checking copy from calaz.int-evry.fr:/var/cfengine/masterinputs to /var/cfengine/inputs
Connect to calaz.int-evry.fr = 157.159.50.197 on port cfengine
Updating last-seen time for calaz.int-evry.fr
Loaded /var/cfengine/ppkeys/root-157.159.50.197.pub

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
 * (Changing context state to: main) *
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Looking for an input file /var/cfengine/inputs/cfagent.conf
Looking for an input file cf.groups
Looking for an input file cf.main
Looking for an input file cf.linux
Finished with cfagent.conf

*********************************************************************
 Main Tree Sched: files pass 1 @ Fri May 13 18:40:28 2005
*********************************************************************
 
Checking file(s) in /etc/passwd
Checking file(s) in /etc/shadow
Checking file(s) in /var/cfengine/checksum.db
Saving the setuid log in /var/cfengine/cfagent.arvouin.int-evry.fr.log

*********************************************************************
 Main Tree Sched: copy pass 1 @ Fri May 13 18:40:29 2005
*********************************************************************
 
Checking copy from calaz:/var/cfengine/data/bashrc to /etc/bashrc
Connect to calaz = 157.159.50.197 on port cfengine
Updating last-seen time for calaz
Loaded /var/cfengine/ppkeys/root-157.159.50.197.pub

cfengine:arvouin: Strong authentication of server=calaz connection confirmed
Checking copy from calaz:/var/cfengine/data/mozilla.cfg to /usr/lib/mozilla-1.7.6/mozilla.cfg
cfengine:arvouin: /usr/lib/mozilla-1.7.6/mozilla.cfg wasn't at destination (copying)
cfengine:arvouin: Copying from calaz:/var/cfengine/data/mozilla.cfg
cfengine:arvouin: Object /usr/lib/mozilla-1.7.6/mozilla.cfg had permission 600, changed it to 644
Checking copy from calaz:/var/cfengine/data/fedora-3/INT_theme to /usr/share/gdm/themes/INT_theme
Saving the setuid log in /var/cfengine/cfagent.arvouin.int-evry.fr.log
 
*********************************************************************
 Main Tree Sched: editfiles pass 1 @ Fri May 13 18:40:30 2005
*********************************************************************
 
Begin editing /etc/inittab
Deleted item 3:2345:respawn:/sbin/mingetty tty3
Deleted item 4:2345:respawn:/sbin/mingetty tty4
Deleted item 5:2345:respawn:/sbin/mingetty tty5
Deleted item 6:2345:respawn:/sbin/mingetty tty6
End editing /etc/inittab
.....................................................................
cfengine:arvouin: Saving edit changes to file /etc/inittab
Begin editing /etc/X11/gdm/gdm.conf
(Begin Group - skipping, line exists)
End editing /etc/X11/gdm/gdm.conf
.....................................................................
 
*********************************************************************
 Main Tree Sched: shellcommands pass 1 @ Fri May 13 18:40:30 2005
*********************************************************************
 
cfengine:arvouin: Executing script /bin/echo shellcommands de cf.main !...(timeout=0,uid=-1,gid=-1)
(Setting umask to 77)
cfengine:arvouin:/bin/echo shell: shellcommands de cf.main !
cfengine:arvouin: Finished script /bin/echo shellcommands de cf.main !
 
*********************************************************************
 Main Tree Sched: links pass 1 @ Fri May 13 18:40:30 2005
*********************************************************************
 
cfengine:arvouin: Linking files /usr/local/bin/tcsh -> /bin/tcsh
cfengine:arvouin: Linking files /usr/local/bin/bash -> /bin/bash

*********************************************************************
 Main Tree Sched: processes pass 1 @ Fri May 13 18:40:30 2005
*********************************************************************
 
cfengine:arvouin: Running process command /bin/ps auxw
Defining classes
DoSignals(nscd)
Existing restart sequence found (/sbin/chkconfig --level 345 nscd on ; /etc/init.d/nscd restart)
cfengine:arvouin: Matches found for nscd - no restart sequence

[root@calaz /usr/src/redhat/SPECS]
$ cat cfengine.spec
Summary: cfengine helps set up and maintain BSD and System-5-like systems
Name: cfengine
Version: 2.1.14
Release: 1_int_sample
Copyright: GPL
Group: Utilities/System
Source0: ftp://ftp.iu.hioslo.no/pub/%{name}-%{version}.tar.gz
Source1: %{name}.rc.init
Source2: localhost.pub
Source7: cfengine.cron
Source4: cfinit
BuildRoot: /tmp/%{name}-%{version}
Requires: dialog
%define ipserver 157.159.50.197

%description
Cfengine is a tool for setting up and maintaining BSD and System-5-like
operating systems optionally attached to a TCP/IP network.  You can think
of cfengine as a very high level language---much higher level than Perl
or shell: a single statement can result in many hundreds of operations
being performed on multiple hosts. Cfengine is good at performing a lot
of common system administration tasks, and allows you to build on its
strengths with your own scripts. You can also use it as a netwide
front-end for cron.  Once you have set up cfengine, you'll be
free to use your time being like a human being, instead of playing R2-D2
with the system.

%prep
%setup
cp -p $RPM_SOURCE_DIR/%{name}.rc.init .

%build
./configure --with-berkeleydb=/usr
make

%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/usr/info
mkdir -p $RPM_BUILD_ROOT/etc/init.d
mkdir -p $RPM_BUILD_ROOT/etc/cron.d
mkdir -p $RPM_BUILD_ROOT/var/cfengine/inputs
mkdir -p $RPM_BUILD_ROOT/var/cfengine/outputs
mkdir -p -m 700 $RPM_BUILD_ROOT/var/cfengine/ppkeys
mkdir -p $RPM_BUILD_ROOT/var/cfengine/plugins
mkdir -p $RPM_BUILD_ROOT/var/cfengine/bin
make prefix=$RPM_BUILD_ROOT/var/cfengine install
cd doc
make prefix=$RPM_BUILD_ROOT/usr/share install-man
cd ..

#Copie de la clée public du serveur
cp $RPM_SOURCE_DIR/localhost.pub $RPM_BUILD_ROOT/var/cfengine/ppkeys/root-%{ipserver}.pub
#Copie des scripts de lancement.
cp $RPM_SOURCE_DIR/cfengine.cron $RPM_BUILD_ROOT/etc/cron.d/cfengine
install -m 755 $RPM_SOURCE_DIR/cfinit $RPM_BUILD_ROOT/etc/init.d
install -m 755 $RPM_SOURCE_DIR/%{name}.rc.init $RPM_BUILD_ROOT/etc/init.d/cfengine
cd $RPM_BUILD_ROOT/var/cfengine/bin/
ln -s ../sbin/cfagent  cfagent

%post
/sbin/chkconfig --add cfinit
/sbin/chkconfig --add cfengine

%clean
#rm -rf $RPM_BUILD_ROOT

%files
%defattr(-,root,root)
/usr/share/man/man8/cfengine.8.gz
/usr/share/man/man8/cfagent.8.gz
/usr/share/man/man8/cfenvd.8.gz
/usr/share/man/man8/cfshow.8.gz
/usr/share/man/man8/cfenvgraph.8.gz
/usr/share/man/man8/cfexecd.8.gz
/usr/share/man/man8/cfrun.8.gz
/usr/share/man/man8/cfkey.8.gz
/usr/share/man/man8/cfservd.8.gz
/var/cfengine
/etc/init.d/cfinit
/etc/init.d/cfengine
/etc/cron.d/cfengine
%doc AUTHORS ChangeLog COPYING INSTALL README NEWS TODO
%doc doc/ contrib/

%changelog
* Wed May 11 2005 Jehan Procaccia <jehan.procaccia@int-evry.fr> 2.1.14-1_int_sample
- test de conf cfengine initiale pour doc

* Fri Apr 29 2005 Jehan Procaccia <jehan.procaccia@int-evry.fr> 2.1.14-1
- update to 2.1.14

* Fri Feb 11 2005 Eric Doutreleau <Eric.Doutreleau@int-evry.fr> 2.1.13-1
- update to 2.1.13
- Ajout du module kernelclean

* Mon Feb 16 2004 Jehan Procaccia <jehan.procaccia@int-evry.fr> 2.1.3-5
- changed cfinit to wait 1mn for autorpm pb
- addapted module:hardware for another nvidia chipset

* Thu Feb 12 2004 Jehan Procaccia <jehan.procaccia@int-evry.fr> 2.1.3-4
- upgraded to 2.1.3
- added module:hardware

* Thu Oct 30 2003 Eric Doutreleau <Eric.Doutreleau@int-evry.fr> 2.0.8p1-3
- Added dialog message on cfinit

* Wed Sep 24 2003 Jehan Procaccia <jehan.procaccia@int-evry.fr> 2.0.8p1-1
- chmod 700 on ppkeys directory

* Wed Sep 24 2003 Jehan Procaccia <jehan.procaccia@int-evry.fr> 2.0.8p1-1
- upgraded to 2.0.8p1

* Thu Aug  3 2000 Ian Macdonald <ian@caliban.org>
- strip binaries

* Sat Jul 27 2000 Ian Macdonald <ian@caliban.org>
- 1.5.4 packaged as RPM

control:

 fedora::
actionsequence = ( files directories copy editfiles packages shellcommands links tidy processes )
 RPMInstallCommand = ( "/usr/bin/yum -y install %s" )

groups:
   logcommun2 = ( s2iaunix )

packages:

        logcommun2::
        RealPlayer pkgmgr=rpm action=install
        scilab pkgmgr=rpm action=install