Cultured Perl: Automating UNIX System Administration with Perl

By Teodor Zlatanov
2004-07-15


The Tool Cfengine
If you are serious about automating system administration, cfengine is a tool you should know. Ignoring cfengine is a viable option only if you like to spend your days in the vi editor.

cfengine is a system configuration engine. It takes configuration scripts as input, and then takes actions based on these scripts. It is currently at version 1.6.3 (a very stable release), and version 2.0 is on the horizon. For more information on cfengine development, visit the cfengine Web site (see Resources later in this article).

You don't have to use everything cfengine offers, and you will probably not need the whole thing all at once. Your cfengine configuration files should start out simple, and grow as you discover more things that you want automated.

From the cfengine command reference, here are its most notable features:

• File permissions and ACLs can be monitored and fixed. For example, /etc/shadow can be kept with 0400/root/sys permissions, and if those permissions change, you can either warn the system administrator or fix them immediately.
• NFS filesystems can be automatically mounted or unmounted, with the corresponding fstab changes.
• Netmasks, DNS configuration, default routes, and primary network interfaces can be administered through a single file;
• Files and directories can be recursively copied to another location, either locally or from a remote server.
• Files can be edited (this is a very powerful feature, offering regular expressions and global search/replace), rotated (log files, for instance), or deleted.
• Files (singly and/or everything in a directory or matching a regex) and whole directories can be linked.
• Processes can be started, killed, restarted, or sent arbitrary signals based on regular expression matches in the process table.
• Arbitrary commands can be run.
• All of the above can be conditional upon the operating system type and revision, time of day, arbitrary user-defined classes, presence or absence of files, directories, or data in files, and so on.

Even though you can do with Perl all the things that cfengine does, why would you want to reinvent the wheel? Editing files, for instance, can be a simple one-liner if you want to replace one word with another. When you start allowing for system subtypes, logical system divisions, and all the other miscellaneous factors, your one-liner could end up being 300 lines. Why not do it in cfengine, and produce 100 lines of readable configuration code?

From my own experience, introducing cfengine to a site is quite easy, because you can start out with a minimal configuration file and gradually move things into cfengine over time. No one likes sudden change, least of all system administrators (because they will get blamed if anything goes wrong, of course).

Tutorial Pages:
» A Centralized Configuration File Strategy
» The Tool Cfengine
» Configuration File Management
» Task Automation
» Summary
» Resources


First published by IBM DeveloperWorks

Related Tutorials: » Random subroutines in Perl » Log Script Use » Creating Perl Modules for Web Sites » Bit Vector, Using Perl Vec » Build a Perl/CGI Voting System » Perl Range Operator

Tutorials AJAX ASP CGI & Perl CSS Flash HTML Illustrator Java JavaScript Linux MySQL PHP Photoshop Python Wireless XML Miscellaneous Scripts AJAX ASP ASP.NET CGI & Perl Flash Java JavaScript PHP Python Remotely Hosted Tools & Utilities XML Web Hosting Articles ASP.NET Budget Dedicated Servers Ecommerce Linux Resellers Shared Small Business Windows Developer Manuals Learn HTML Learn PHP Learn CSS Learn AJAX Learn JavaScript Learn Pear White Papers Resources Developer Tools Developer Content