Having the authors guide you through the process of configuring automated installations and configuration of servers is priceless.
This book is a must for any linux/unix sysadmin out there. I hope there is a 3rd edition with the new Cfengine 3 soon!
This book is not for the beginning linux/unix admin, though. You should have a thorough knowledge of the systems already. Once you have that, using the methods in this book will save you and your bosses countless hours of managing your servers.
I would like to thank the authors for a brilliant piece of work.
Author(s): Nathan Campi, Kirk Bauer
Series: Expert's Voice in Linux
Edition: 2
Publisher: Apress
Year: 2008
Language: English
Pages: 432
1430210591......Page 1
Contents......Page 6
About the Authors......Page 13
About the Technical Reviewer......Page 14
Acknowledgments......Page 15
Introduction......Page 16
CHAPTER 1: Introducing the Basics of Automation......Page 20
Do You Need Automation?......Page 21
Medium-Sized Companies Planning for Growth......Page 23
Web Server Farms......Page 24
Beowulf Clusters......Page 25
Reducing Errors......Page 26
Realizing Other Benefits......Page 27
What Do System Administrators Do?......Page 29
Methodology: Get It Right from the Start!......Page 30
Deciding on Push vs. Pull......Page 32
Dealing with Users and Administrators......Page 33
Who Owns the Systems?......Page 36
Defining Policy......Page 37
Seeing Everything As a File......Page 38
Understanding the Procedure Before Automating It......Page 39
Scripting a Working Procedure......Page 40
Prototyping Before You Polish......Page 41
Turning the Script into a Robust Automation......Page 42
Attempting to Repair, Then Failing Noisily......Page 43
Focusing on Results......Page 44
CHAPTER 3: Using SSH to Automate System Administration Securely......Page 45
Learning the Basics of Using SSH......Page 46
Enhancing Security with SSH......Page 47
Using Public- Key Authentication......Page 48
Generating the Key Pair......Page 49
Specifying Authorized Keys......Page 50
Knowing ssh- agent Basics......Page 51
Getting Advanced with ssh- agent......Page 52
Forwarding Keys......Page 54
Restricting RSA Authentication......Page 55
Allowing Limited Command Execution......Page 56
Forwarding a Port......Page 57
Using SSH for Common Accounts......Page 58
Preparing for Common Accounts......Page 59
Monitoring the Common Accounts......Page 63
Defining cfengine Concepts......Page 66
Evaluating Push vs. Pull......Page 68
Mapping the cfengine Directory Structure......Page 70
Managing cfengine Configuration Files......Page 71
Identifying Systems with Classes......Page 72
Finding More Information About Cfengine......Page 74
Running Necessary Processes......Page 75
Creating Basic Configuration Files......Page 77
Creating the Configuration Server......Page 81
Preparing the Client Systems......Page 82
Creating Sections in cfagent.conf......Page 83
Using Classes in cfagent.conf......Page 84
The copy Section......Page 85
The disable Section......Page 86
The editfiles Section......Page 88
The files Section......Page 89
The processes Section......Page 91
Using cfrun......Page 92
Looking Forward to Cfengine 3......Page 93
Using cfengine in the Real World......Page 94
CHAPTER 5: Bootstrapping a New Infrastructure......Page 95
Installing the Central cfengine Host......Page 96
Setting Up the cfengine Master Repository......Page 97
The cf.preconf Script......Page 98
The update.conf file......Page 104
The cfagent.conf file......Page 108
The cf.motd Task......Page 115
The cf.cfengine_cron_entries Task......Page 118
cfservd.conf......Page 119
Ready for Action......Page 121
CHAPTER 6. Setting Up Automated Installation......Page 122
Introducing the Example Environment......Page 123
FAI for Debian......Page 124
Employing JumpStart for Solaris......Page 137
Kickstart for Red Hat......Page 151
The Proper Foundation......Page 173
Implementing Time Synchronization......Page 175
External NTP Synchronization......Page 176
Internal NTP Masters......Page 177
Configuring the NTP Clients......Page 178
Copying the Configuration Files with cfengine......Page 180
Incorporating DNS......Page 184
Setting Up Private DNS......Page 185
Standardizing the Local Account Files......Page 202
Distributing the Files with cfengine......Page 205
Adding New User Accounts......Page 210
Routing Mail......Page 222
Looking Back......Page 225
The Apache Package from Red Hat......Page 227
Building Apache from Source......Page 230
Synchronizing Data with rsync......Page 232
Sharing Data with NFS......Page 246
Sharing Program Binaries with NFS......Page 249
Sharing Data with cfengine......Page 254
Sharing Data with Subversion......Page 256
NFS and rsync and cfengine, Oh My!......Page 265
Reporting on cfengine Status......Page 267
Configuring the syslog Server......Page 277
Outputting Summary Log Reports......Page 281
Doing Real- Time Log Reporting......Page 283
Seeing the Light......Page 286
CHAPTER 10: Monitoring......Page 287
Nagios......Page 288
Nagios Components......Page 289
Nagios Overview......Page 290
Deploying Nagios with cfengine......Page 292
Create the Nagios Web Interface Configuration Files......Page 298
NRPE......Page 311
Monitoring Remote Systems......Page 320
Ganglia......Page 326
Building and Distributing the Ganglia Programs......Page 327
Configuring the Ganglia Web Interface......Page 332
Now You Can Rest Easy......Page 335
Importing the masterfiles Directory Tree......Page 336
Using Subversion to Implement a Testing Environment......Page 344
Backups......Page 350
Jumpstart......Page 351
Kickstart......Page 353
FAI......Page 355
Subversion Backups......Page 359
Enhancement Is an Understatement......Page 365
CHAPTER 12: Improving System Security......Page 366
Security Enhancement with cfengine......Page 367
Removing the SUID Bit......Page 368
Protecting System Accounts......Page 372
Applying Patches and Vendor Updates......Page 373
Shutting Down Unneeded Daemons......Page 374
Removing Unsafe Files......Page 375
File Checksum Monitoring......Page 376
Using the Lightweight Directory Access Protocol......Page 377
Implementing Host-Based Firewalls......Page 378
Using TCP Wrappers......Page 379
Using Host-Based Packet Filtering......Page 380
Enabling Sudo at Our Example Site......Page 384
Security Is a Journey, Not a Destination......Page 387
The Bash Shell......Page 388
Creating Simple Bash Shell Scripts......Page 389
Debugging Bash Scripts......Page 390
Other Shells......Page 391
Perl......Page 392
Basic Usage......Page 393
Other Scripting Languages......Page 395
Characters......Page 396
Matching Repeating Characters......Page 397
Marking and Back Referencing......Page 398
grep......Page 399
Modifying a File......Page 402
Modifying stdin......Page 403
Other Tools......Page 404
Very Basic Usage......Page 405
Not-Quite-As-Basic Usage......Page 406
AWK Resources......Page 407
Requirements for Using Modules......Page 408
Defining Custom Classes Without Modules......Page 409
Creating Your First cfengine Module......Page 410
Using Modules in Place of shellcommands......Page 412
A......Page 414
C......Page 415
D......Page 419
F......Page 421
I......Page 422
J......Page 423
M......Page 424
N......Page 425
P......Page 426
R......Page 427
S......Page 428
T......Page 431
Z......Page 432