A modern operating system is not like a PC, it more like a society of PC's in which there are many independent parts which cooperate in order to achieve the whole. In many ways, modern operating systems and networks have developed together and there are many parallels. Computer networks have no choice but to use this model in order to function. Operating systems are best served by this model because it leads to a clean object orientation and a better sharing of resources. It is a fundamental mechanism by which distributed systems work.Cfengine is a language based system written by Mark Burgess, specifically designed for testing and configuring unix-like systems attached to a TCP/IP network. You can think of cfengine as a very high level language --- much higher level than Perl or shell. A single statement can result in many hundreds of links being created, or the permissions of many hundreds of files being set. The idea of cfengine is to create a single file or set of configuration files which will describe the setup of every host on your network. cfengine runs on every host and parses one file (or file-set), the configuration of the host is checked against this file and, if desired, any deviations are fixed.
Although originally intended to be a scheme for system administation to be run by the superuser, cfengine can also be used a scripting language by ordinary users. It is a handy tool for tidying your old junk files and for managing the rights and permissions of your files when collaborating with other users.
When you start out from a small network with just a few workstations, or perhaps even a single mainframe system, it is quite easy to get into the habit of `fixing' the configuration of your system manually, making links, writing scripts etc. When the size of a network increases, before you know it you have five different types of UNIX from different vendors and each type of system has to be configured in a special way. You realize also pretty soon that UNIX is not as standard as you thought and that none of your scripts work on every system without a considerable amount of hacking and testing. The number of if..then..else.. constructions in your scripts grows to be so large that you can't really see what the script is doing anymore.
For large systems with many different flavours of operating system, what is needed is a more disciplined way of making changes which is robust against reinstallation. After all, if you suddenly have to replace a damaged disk then all of your manually placed symbolic links will have to be made from scratch!
The idea behind cfengine is to focus upon a few key areas of basic system administration and provide a language which removes all of the if..then...else nonsense from scripts so that the transparency of a configuration program is optimal.
Because it is almost impossible to do everything, cfengine focusses on a few key functions which are handled rather poorly from scripts. It eliminates the need for lots of tests by allowing you to organize your network according to classes. From a single configuration file (or set of files) you specify, using classes, how your network should be configured -- and cfengine will then parse your file and carry out the instructions, warning or fixing errors as it goes.
Here are some of the possibilites which can be automated:
- Check and configure the network interface.
- Edit textfiles.
- Make and maintain symbolic links, including multiple links from a single command.
- Check and set the permissions and onwership of files.
- Tidy (delete) junk files which clutter the system.
- Systematic, automated mounting of NFS filesystems.
- Checking for the presence of important files and filesystems.
- Controlled execution of user scripts and shell commands.
- Cfengine follows a class-based decision structure.