Cfengine V3 installation and testing 1 in rhel6

Source: Internet
Author: User
Document directory
  • Source code Installation
  • Simple policy execution Test
  • Rpm Installation

Cfengine is a GNU open-source configuration management framework for Computer System Automation. This framework is lightweight and can be built on almost all platforms. It can run on all common platforms, including Aix, Linux, UNIX, apple, and windows.


The Inspectors and compilers promised by CF-Promises should perform pre-detection before attempting to execute a set of configuration commitments.

The initiator of the CF-Agent change. The agent is part of the cfengine operating system resources.

The CF-serverd server can share files and accept requests for executing the current policy on an individual computer. It is impossible to send (publish) new information from outside to cfengine.

CF-exmcm this is a background program for scheduling (it can supplement or replace cron ). It can also be used as a wrapper to execute and collect CF-Agent output and send emails to necessary system users.

CF-runagent: A helper program that can talk to CF-serverd and require the execution of the current policy on CF-agent. If the policy on the proxy includes an update check, it is simulated as an initiator and changes the cfengine host.

CF-report can generate summaries and other reports, and output or integrate with other systems in multiple formats.

The CF-know proxy can generate an ISO standard topic chart from a large number of commitments on system knowledge. It can be used as a semantic Web display document.

Cfengine Installation

Go to the cfengine official website to download the latest cfengine software, the latest version of is v3.3





Source code Installation

You need to install three types of software before installing cfengine:

Ø OpenSSL (OpenSSL-devel)

Ø berkeleydb (db4, db4-devel)

Ø PCRE (PCRE-devel)

For ease of installation, you can directly use Yum to install the above three types of software.

#Yum install OpenSSL * PCRE * db4 *-y


Install cfengine




#Make & make install


#/Usr/local/sbin/CF-Key// Generate a key pair and generate the current cfengine working directory

Making a key pair for cfengine, please wait, this cocould take a minute...

[Root @ server ~] #Tree/var/cfengine/// View the directory structure


── Bin

── Inputs

── Lastseen

── Modules

── Outputs

├ ── Ppkeys

│ ── Localhost. priv

│ ── Localhost. Pub

├ ── Randseed

── Reports

── State

── Cf_otherprocs

── Cf_procs

── Cf_rootprocs

── Cf_state.db


8 directories, 7 files


Cfengine directory:

Ø/var/cfengine/bin --> directory with cfengine binary file

Ø/var/cfengine/inputs --> directory with cfengine configuration file

Ø/var/cfengine/outputs --> directory with cfengine running report

Ø/var/cfengine/ppkeys --> directory with authentication key

Ø/var/cfmasterfiles --> directory of the master file on the Policy Server

Ø/var/cfengine/Repository --> contains the directory where important cfengine files are backed up for recovery (name/location configurable)



#CP/usr/local/sbin/CF-*/var/cfengine/bin/// Copy the command file to/var/cfengine/bin /.

#CP/usr/local/share/cfengine/masterfiles/*. Cf/var/cfengine/masterfiles/

# Tree/var/cfengine/bin/


── CF-agent

── CF-exmcm

── CF-Key

── CF-know

── CF-monitord

── CF-promises

── CF-Report

── CF-runagent

── CF-serverd


0 directories, 9 files

Binary file:

Ø/var/cfengine/bin/CF-Promises --> check the committed syntax command

Ø/var/cfengine/bin/CF-agent --> maintain common commitments and Agent package commands related to system status

Ø/var/cfengine/bin/CF-serverd --> the server (daemon process) used to publish policies or data files to the client and respond to requests from CF-runagent)

Ø/var/cfengine/bin/CF-exmcm --> runs the scheduling daemon process of CF-agent.

Ø/var/cfengine/bin/CF-runagent --> run the CF-Agent command on a remote machine.

Ø/var/cfengine/bin/CF-monitord --> collects system status information for the daemon process.

Ø/var/cfengine/bin/CF-report --> command for generating summary and other reports from the cfengine Embedded Database

Ø/var/cfengine/bin/CF-know --> Generate an ISO standard Topic Map command from a large number of commitments (knowledge modeling agent)

Ø/var/cfengine/bin/CF-key --> Run Once on each host to create a key generation tool for public/private key pairs for secure communication

Configuration file:

Ø/var/cfengine/inputs/promises. Cf --> main configuration file used by CF-agent


#/Var/cfengine/bin/CF-agent -- Bootstrap// Test whether the task can be run

** Cfengine Bootstrap probe initiated



@ Cfengine

@ Cfengine core 3.2.4









Copyright (c) cfengine AS2008-2012.

See licensing athttp: //


-> This host is:

-> Operating system type is Linux

-> Operating system release is2.6.32-131.0.15.el6.i686

-> Architecture = i686

-> Internal soft-class is Linux

-> An existing policy was cached on thishost in/var/cfengine/inputs

-> Assuming the policy distribution pointat:

-> Attempting to initiate promisedautonomous services...


** This host recognizes itself as a cfenginepolicy hub, with policy distribution and knowledge base.

-> The system is now converging. fullinitialisation and self-analysis cocould take up to 30 minutes


-> Bootstrapto completed successfully

#PS-E | grep cf// Further checks whether cfengine processes are enabled

12384? 00:00:00 CF-exmcm

12387? 00:00:00 CF-serverd

12398? 00:00:00 CF-monitord


Simple policy execution test root user test cfengine has a usable workspace directory. When running as root, its default location is '/var/cfengine', while the directory ~ /. Cfagent is reserved for other users.

#CAT test. cf// Edit a policy file

Bodycommon Control


Bundlesequence => {"test "};



Bundleagent Test


Reports: # This is the commitment type Thisis a promise type

Cfengine_3: # This is a class environment (this commitment can only be implemented in the cfengine3 System)

"Helloworld"; # This is a simple commitment (it generates a report with "Hello World)


#/Var/cfengine/bin/CF-promises-F/root/test. cf

#/Var/cfengine/bin/CF-agent-F/root/test. cf

R: Hello World

// This 'R' indicates that this is an output from a report.

// If you repeat the same command (/var/cfengine/bin/CF-agent-F/root/test. Cf) immediately, nothing will happen. But if you wait for one minute, it will work again. Cfengine considers that the time for repeated commands is too short and does not need to be committed again.

#/Var/cfengine/bin/CF-agent-v-F/root/test. Cf | grep lock

//-V or -- verbose list the running process in detailed mode

Cf3> making sure that locksare private...

Cf3> XX Nothing promised here [lock. Test. Reports.-server. hello_world_10] (0/1 minuteselapsed)

Cf3>-> no lock purging scheduled




Bodycommon Control


Bundlesequence => {"edit_motd "};



Bundleagent edit_motd



"Motd" string => "/etc/motd ";


"$ (Motd )"

Create => "true ",

Edit_line => addmessage;


Cfengine ::

"Hello world! ";



Bundleedit_line addmessage



"This system is managed bycfengine 3 ";


#/Var/cfengine/bin/CF-agent-ki-f ~ / ignores the lock status, and the-I option is displayed when there is a change

-> Edited file/etc/motd

R: Hello world!


This system is managed bycfengine 3

// If the edited information already exists in the file, it will not be edited.


Normal user test

You do not need superuser permissions to use cfengine. Ordinary users can safely test most tests. You should spend some time experimenting with small examples before preparing to start configuring the system. To do this, you should log on to your system as a regular unprivileged user and start configuring:


$CP/usr/local/sbin/CF -*~ /. Cfagent/bin


$CAT test. cf

Body Common Control


Bundlesequence => {"test "};



Bundle agent test


Reports: # This is the commitment type. This is a promise type.

Cfengine_3: # This is a class environment (this commitment can only be implemented in the cfengine3 System)

"Helloworld"; # This is a simple commitment (it generates a report with "Hello World)


$~ /. Cfagent/bin/CF-promises-f ~ /Test. cf

$~ /. Cfagent/bin/CF-agent-f ~ /Test. cf

R: Hello World


Rpm Installation

Here, the 32-bit RPM software is used as an installation example.

#Rpm-IVH cfengine-community-3.3.0-1.i386.rpm

Preparing... ######################################## ### [100%]

1: cfengine-Community warning: User build does not exist-using root

Warning: group build does notexist-using root

Warning: User build does notexist-using root

Warning: group build does notexist-using root

######################################## ### [100%]


This document describes how to install and configure cfengine source code.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.