Configuring DSAU(cfgenfine) on 11.23
Configuring DSAU(cfgenfine) on 11.23.
Using DSAU to sync files.
First I configured SSHD so it would let me log in as root.
Then I setup all my /etc/hosts to be exactly the same
Then I used the csshsetup tool that dsau provides, so it automatically exports all the public ssh keys to the allowed keys file on the other hosts:
iumtest3_omv:/opt/dsau/bin# ./csshsetup -r iumtest4 iumtest2
If asked, enter password and/or add fingerprint for root@iumtest4.bocata.mare
The authenticity of host 'iumtest4.bocata.mare (10.10.75.45)' can't be established.
RSA key fingerprint is bb:96:67:5b:d3:1f:0d:55:77:59:e2:b5:04:d8:5f:e9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'iumtest4.bocata.mare,10.10.75.45' (RSA) to the list of known hosts.
Password:
Please be patient.... Key generation may take a few minutes
Testing...
Success: iumtest3.bocata.mare -> iumtest3.bocata.mare
Success: iumtest3.bocata.mare -> iumtest4.bocata.mare
Success: iumtest4.bocata.mare -> iumtest3.bocata.mare
Please be patient.... Key generation may take a few minutes
Testing...
Success: iumtest3.bocata.mare -> iumtest3.bocata.mare
Success: iumtest3.bocata.mare -> iumtest2.bocata.mare
Success: iumtest2.bocata.mare -> iumtest3.bocata.mare
Failure: iumtest2.bocata.mare -> iumtest2.bocata.mare
Once this is done we can check and ssh to our 3 servers without typing in a passwd.
Now we are going to configure the cfengine, and our master server, we are goin to use and HA config, so our cfengine will be a package in the cluster:
iumtest2_omv:/opt/dsau/sbin# ./csync_wizard
Querying the system iumtest2 for current status, one moment...
This Configuration Synchronization Wizard (csync_wizard) helps you set
up the Configuration Engine (cfengine) environment. Cfengine is a powerful
tool used to perform policy-based management for groups of systems and
cluster environments.
csync_wizard is a client/server based utility. With csync_wizard, the
user can configure a standalone system or Serviceguard cluster as the
cfengine "master". The master contains the configuration description and
configuration files that will be used by all the clients. Clients copy the
configuration description from the master and apply it to themselves.
The configuration description supports a rich set of management actions
such as copying configuration files from the master to the client,
performing edits to files, checking file ownership, permissions, and
checksums, executing shell commands, checking for processes, etc.
For a detailed description of the cfengine management actions,
please refer to the cfengine man page.
The csync wizard helps you set up this system as a cfengine master,
add or remove cfengine managed-clients, and perform the required
security setup.
Press "Enter" to continue...
Configuration Synchronization Wizard Menu
=========================================
(1) Set up a cfengine master server
(2) Add a client
(3) Remove a client
(4) Manage keys for cfengine clients
(5) Display current configuration
(9) Exit
Enter choice: 1
This system is a member of a Serviceguard cluster. The cfengine
configuration will be defined as a package for high availability
unless you answer no to the question below. If you answer no, for the
purposes of cfengine control, this machine will be treated as a single
machine without failover capability for cfengine.
If you accept the default answer of "HA" to the question below,
cfengine will be configured as a highly available Serviceguard package.
This ensures that your cfengine master server is available as long
as one of the cluster members that can run the package is also available.
You will need a free IP address for this package and you must
configure storage for the package before proceeding. For details
on creating highly available file systems, please refer to the
Managing Serviceguard manual.
Will this master server be Highly Available (HA) [Y]: y
Configuring the csync Serviceguard package for a
highly available cfengine master.
The cfengine master server is being configured as a
HA Serviceguard Package on this cluster.
Please provide the following information for the package:
Enter the Volume group []: /dev/vglock
Enter the Logical Volume []: /dev/vglock/lvtest1
Enter the Filesystem (Mount Point) []: /dsau
Enter the Mount Options [-o rw,largefiles]:
Enter the Filesystem Type [vxfs]:
Enter the IP address []: 10.10.75.46
Enter the Subnet []: 255.255.252.0
You can optionally specify additional remote clients to manage at this
time. If you are running in an HA environment, you do not need to
specify the cluster members.
Would you like to manage clients? [N]:
******* WARNING!!!! ********
To protect against possible corruption of sensitive configuration files,
control-c has been disabled for the remainder of this configuration.
Configuring the "csync" Serviceguard package.
Applying the "csync" Serviceguard package configuration file.
This will take a moment.
Starting the "csync" Serviceguard package. This will take a few moments...
Configuration of the cfengine master server is starting.
cfengine keys are being created...
cfengine keys have been created, now distributing....
Verifying that the master has an entry in the /etc/hosts file
on each client...
The Configuration Synchronization Wizard has completed the
configuration of cfengine:
- The master configuration description template is here:
This default template has examples of typical configuration
synchronization actions performed in a cluster. For example,
synchronizing critical files such as /etc/hosts, package
scripts, etc.
All the actions in the template are disabled by default
(commented out). Uncomment the lines corresponding to the desired
synchronization actions for this cluster. See the cfengine
reference documentation for a description of additional cfengine
features: /opt/dsau/doc/cfengine/
Press "Enter" to continue...
The cfengine environment consists of:
Master server (policy host):
dsau.bocata.mare
Managed clients:
iumtest3.bocata.mare, iumtest4.bocata.mare, iumtest2.bocata.mare
A file containing the answers for this run of the Configuration
Synchronization Wizard is stored here:
/var/opt/dsau/cfengine/tmpdir/csync_wizard_input.txt
This configuration can be reestablished by issuing the following command:
/opt/dsau/sbin/csync_wizard \
-f /var/opt/dsau/cfengine/tmpdir/csync_wizard_input.txt
Once it has finished we have the packaged created, and runing:
iumtest2_omv:/etc/cmcluster/csync# cmviewcl
CLUSTER STATUS
testcl up
NODE STATUS STATE
iumtest3 up running
iumtest2 up running
PACKAGE STATUS STATE AUTO_RUN NODE
csync up running disabled iumtest2
NODE STATUS STATE
iumtest4 up running
Now we have all the config files in:
iumtest2_omv:/dsau/dsau/cfengine_master/inputs# ls
cf.main cfagent.conf cfrun.hosts cfservd.conf update.conf
The one we have to edit to set what we want to be automatically synct is cf.main, I just config some basic syncing of the /etc/cmcluster directory, and other basic files
what i added to the file:
sg_cluster = ( iumtest2 iumtest3 iumtest4 )
sg_cluster::
${masterfiles}/sg_cluster/etc/hosts
dest=/etc/hosts
server=${policyhost}
type=checksum
${masterfiles}/sg_cluster${sgconf}
dest=${sgconf}
recurse=inf
server=${policyhost}
type=checksum
exclude=*~
${masterfiles}/sg_cluster/etc/ntp.conf
dest=/etc/ntp.conf
server=${policyhost}
type=checksum
${masterfiles}/sg_cluster/etc/resolv.conf
dest=/etc/resolv.conf
server=${policyhost}
type=checksum
After this you have to copy all these files and directories to the master repository:
and example:
cp /etc/inetd.conf /dsau/dsau/cfengine_master/master_files/sg_cluster/etc/inetd.conf
etc....
now from the server we launch a sync:
iumtest2_omv:/# cfrun
cfrun(0): .......... [ Hailing iumtest3.bocata.mare ] ..........
cfrun(0): .......... [ Hailing iumtest4.bocata.mare ] ..........
cfrun(0): .......... [ Hailing iumtest2.bocata.mare ] ..........
If we get now errors we can test out it's working:
iumtest2_omv:/dsau/dsau/cfengine_master/master_files/sg_cluster/etc/cmcluster# touch TESTS_SYNC
iumtest2_omv:/dsau/dsau/cfengine_master/master_files/sg_cluster/etc/cmcluster# cfrun
cfrun(0): .......... [ Hailing iumtest3.bocata.mare ] ..........
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
cfengine:iumtest3: Copying from dsau.bocata.mare:/dsau/dsau/cfengine_master/master_files/sg_cluster/etc/cmcluster/TESTS_SYNC
cfengine:iumtest3: Group of /etc/cmcluster/TESTS_SYNC was 0, setting to 3
cfengine:iumtest3: Object /etc/cmcluster/TESTS_SYNC had permission 600, changed it to 644
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
cfrun(0): .......... [ Hailing iumtest4.bocata.mare ] ..........
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
cfengine:iumtest4: Copying from dsau.bocata.mare:/dsau/dsau/cfengine_master/master_files/sg_cluster/etc/cmcluster/TESTS_SYNC
cfengine:iumtest4: Group of /etc/cmcluster/TESTS_SYNC was 0, setting to 3
cfengine:iumtest4: Object /etc/cmcluster/TESTS_SYNC had permission 600, changed it to 644
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
cfrun(0): .......... [ Hailing iumtest2.bocata.mare ] ..........
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
cfengine:iumtest2: Copying from dsau.bocata.mare:/dsau/dsau/cfengine_master/master_files/sg_cluster/etc/cmcluster/TESTS_SYNC
cfengine:iumtest2: Group of /etc/cmcluster/TESTS_SYNC was 0, setting to 3
cfengine:iumtest2: Object /etc/cmcluster/TESTS_SYNC had permission 600, changed it to 644
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
iumtest2_omv:/dsau/dsau/cfengine_master/master_files/sg_cluster/etc/cmcluster#
Now we check if we have the file we have created in the cmcluster dir:
iumtest4_omv:/# cd /etc/cmcluster
iumtest4_omv:/etc/cmcluster# ls
TESTS_SYNC cmclconfig.tmp cmknowncmds mapfile
cfs cmclconfig.tmp.new config.lck test1
cmclconfig cmclnodelist csync
We have Sync working!!, now the only thing we need to configure is a periodic run on the clients to be up to date:
we can add to the crontab of the other servers:
0 * * * * /var/opt/dsau/cfengine/bin/cfexecd -F
This is just a basic example to get going...