For years, I’ve looked at cfengine and thought “I must get around to learning that”. Today, I was reading Building a Self-Healing Network and finally thought that I need to give it a try.
One of my problems is that processes on my FreeBSD server often get stopped when I run portupgrade and I don’t notice. cfengine claims to be good at fixing non-running processes, so I gave it a try and came up with this:
control:
actionsequence = ( processes )
processes:
"amavisd" restart "/usr/local/etc/rc.d/amavisd restart"
"clamd" restart "/usr/local/etc/rc.d/clamav-clamd restart"
"dhcpd" restart "/usr/local/etc/rc.d/isc-dhcpd.sh restart"
"dovecot" restart "/usr/local/etc/rc.d/dovecot restart"
"freshclam" restart "/usr/local/etc/rc.d/clamav-freshclam restart"
"httpd" restart "/usr/local/etc/rc.d/apache restart"
"named" restart "/etc/rc.d/named restart"
"nmbd" restart "/usr/local/etc/rc.d/samba restart"
"ntpd" restart "/etc/rc.d/ntpd restart"
"postfix/master" restart "/usr/local/etc/rc.d/postfix restart"
"postmaster" restart "/usr/local/etc/rc.d/010.pgsql.sh restart"
"smartd" restart "/usr/local/etc/rc.d/smartd restart"
"smbd" restart "/usr/local/etc/rc.d/samba restart"
"squid" restart "/usr/local/etc/rc.d/squid restart"
When run via cfagent -f checkprocs.conf, this works a treat.
The next step should be getting all the other cfengine gumph working on my network. However, I’ve only got one box, so running it every hour out of cron is good enough.
0 * * * * root /usr/local/sbin/cfexecd -f /usr/local/etc/cfengine/checkprocs.conf
In accordance with the cfexecd documentation, I also amended my control section so I’ll get mail when it does something.
control:
actionsequence = ( processes )
smtpserver = ( localhost )
sysadm = ( root@happygiraffe.net )
This seems to be a good start on getting cfengine working. Now I can play more with it. It seems like it’d be another useful tool for work.
Update: cfexecd doesn’t work. Running cfagent directly does. How annoying.
Jabbering Giraffe 