使用cfengine来实现服务器的自动化配置(3)-测试运行/排错

2)测试运行

为了安全我们一般使用cfagent -v –n ,带上了-n参数的意思是只是测试,而不会真的执行.

…(部分略)…

Looking for an input file /var/cfengine/inputs/update.conf

Cfengine input file had no explicit version string

Finished with update.conf

———————————————————————

Looking for remote method collaborations

———————————————————————

Finished with RPC

Accepted domain name: yahoon.org

cfagent -n: Running in “All talk and no action” mode

LogDirectory = /var/cfengine

Loaded /var/cfengine/ppkeys/localhost.priv

Loaded /var/cfengine/ppkeys/localhost.pub

Checksum database is /var/cfengine/checksum_digests.db

Default binary server seems to be centos2

*********************************************************************

Update Sched: copy pass 1 @ Fri Nov 2 00:58:17 2007

*********************************************************************

Checking copy from 192.168.0.114:/masterfile/inputs to /var/cfengine/inputs

Connect to 192.168.0.114 = 192.168.0.114 on port 5308

Loaded /var/cfengine/ppkeys/root-192.168.0.114.pub

………………………………………………………

cfengine:centos2: Strong authentication of server=192.168.0.114 connection confirmed

Need this: /var/cfengine/inputs/cfagent.conf wasn’t at destination (copying)

Performance(Copy(192.168.0.114:/masterfile/inputs > /var/cfengine/inputs)): time=0.2393 secs, av=0.2927 +/- 0.1537

*********************************************************************

Update Sched: processes pass 1 @ Fri Nov 2 00:58:17 2007

*********************************************************************

cfengine:centos2: Running process command /bin/ps auxw

Defining classes

DoSignals(cfservd)

Existing restart sequence found (/var/cfengine/bin/cfservd)

cfengine:centos2: Executing shell command: /var/cfengine/bin/cfservd

Defining classes

DoSignals(cfenvd)

Existing restart sequence found (/var/cfengine/bin/cfenvd -H)

cfengine:centos2: Executing shell command: /var/cfengine/bin/cfenvd -H

*********************************************************************

Update Sched: tidy pass 1 @ Fri Nov 2 00:58:17 2007

*********************************************************************

…(部分略)…

说明整个的执行过程是没问题的.粗体部分是连接服务器复制文件的过程.

上面是测试 我们现在不带-n来执行cfagent –v

…(部分略)…

Accepted domain name: yahoon.org

LogDirectory = /var/cfengine

Loaded /var/cfengine/ppkeys/localhost.priv

Loaded /var/cfengine/ppkeys/localhost.pub

Checksum database is /var/cfengine/checksum_digests.db

Default binary server seems to be centos2

*********************************************************************

Update Sched: copy pass 1 @ Fri Nov 2 01:03:31 2007

*********************************************************************

Checking copy from 192.168.0.114:/masterfile/inputs to /var/cfengine/inputs

Connect to 192.168.0.114 = 192.168.0.114 on port 5308

Loaded /var/cfengine/ppkeys/root-192.168.0.114.pub

………………………………………………………

cfengine:centos2: Strong authentication of server=192.168.0.114 connection confirmed

Performance(Copy(192.168.0.114:/masterfile/inputs > /var/cfengine/inputs)): time=0.2774 secs, av=0.2847 +/- 0.1080

Saving the setuid log in /var/cfengine/cfagent.centos2.log

…(部分略)…

*********************************************************************

Main Tree Sched: shellcommands pass 1 @ Fri Nov 2 01:03:33 2007

*********************************************************************

cfengine:centos2:

Executing script /bin/echo Danger,Will Robison!…(timeout=0,uid=-1,gid=-1)

(Setting umask to 77)

cfengine:centos2:/bin/echo Dange: Danger,Will Robison!

cfengine:centos2: Finished script /bin/echo Danger, Will Robison!

Performance(Exec(/bin/echo Danger,Will Robison!)): time=0.0434 secs, av=0.0472 +/- 0.0217

———————————————————————

可以看到已经成功的下载了cfagent.conf文件,并成功运行了

查看这个目录ls /var/cfengine/inputs 确实已经有了cfagent.conf

如果我们立刻再执行一次cfagent –v ,会发现输出有这么一句

cfengine:centos2: Nothing promised for [shellcommand./bin/echo Danger, Will Robison!] (0/1 minutes elapsed)

这句话的意思是这个配置没超过1分钟就执行过,执行的频率太快,cfengine这次是不会执行的。

如果对服务器上的配置文件做了修改,例如

shellcommands:

"/bin/echo Danger, ======Will Robison!" 我只是在这个地方加了几个等号输出.

然后在客户机上执行cfagent –v输出确实是多了===,不过细心的你会发现inputs目录下多了个文件

cfagent.conf.cfsaved

也就是说当cfagent成功下载了最新版本的配置文件后,会将原来的做个备份.

3.设为开机启动

最后我们需要做的就是将cfengine的程序设为自动启动。客户机和服务器上

#vi /etc/rc.d/rc.local    //加上下面这两行

/var/cfengine/bin/cfservd

/var/cfengine/bin/cfenvd –H

然后让cfagent定期执行,也就是定期到服务器上去下载最新的配置文件来执行。运行

#crontab -e

加上下面这句话

0,15,30,45 * * * * /var/cfengine/bin/cfexecd -F

4.排错:

1).原来我想的是本地子网没有域名,以为用ip就够了,就没有给出domain,在客户端运行cfagent –v输出如下

*********************************************************************

Update Sched: copy pass 1 @ Thu Nov 1 21:52:20 2007

*********************************************************************

Checking copy from 192.168.0.114:/masterfiles/inputs to /var/cfengine/inputs

Connect to 192.168.0.114 = 192.168.0.114 on port 5308

cfengine:centos2: Undefined domain name

cfengine:centos2: Id-authentication for centos2.undefined.domain failed

cfengine:centos2: Unable to establish connection with 192.168.0.114 (failover)

Saving the setuid log in /var/cfengine/cfagent.centos2.log

可以看到连接是失败的.因为cfservd要求连接上来的机器必须有DNS记录.

2)如果设置了domain,但是在/etc/hosts中没有连接的客户机的记录的话(也就是说只是在配置文件里面定义了域,而实际查不到dns记录)那么会有下面的错误

*********************************************************************

Update Sched: copy pass 1 @ Thu Nov 1 22:49:42 2007

*********************************************************************

Checking copy from 192.168.0.114:/masterfiles/inputs to /var/cfengine/inputs

Connect to 192.168.0.114 = 192.168.0.114 on port 5308

Loaded /var/cfengine/ppkeys/root-192.168.0.114.pub

………………………………………………………

cfengine:centos2: Strong authentication of server=192.168.0.114 connection confirmed

cfengine:centos2: Server returned error: Host authentication failed. Did you forget the domain name or IP/DNS address registration (for ipv4 or ipv6)?

cfengine:centos2: Can’t stat /masterfiles/inputs in copy

Saving the setuid log in /var/cfengine/cfagent.centos2.log

另外在cfservd.conf和update.conf中,服务器上用于拷贝的目录路径必须正确,否则也会报这个错误的我这里是:/masterfiles/inputs