Sunday, 24 April 2016

Getting started with CFEngine part 2 (installing the policy server & client)


For the purpose of this installation I've used CFEngine version 3.7.3 which is the latest version available as of this writing.

Installing the policy server (hub):

The packages for installation can be downloaded from the CFEngine official website.

 On the website CFEngine recommends to use the 'quick start' approach for Linux distributions which I followed for my installation.
The version of CFEngine being used here is the full version of CFEngine Enterprise, but the number of hosts (nodes) is limited to 25.
System requirements:

CFEngine
Policyserver
64-bit machine with a recent version of Linux.
2 GB of memory, and 100mb of disk space per host you plan to connect to.
Port 5308 needs to be open. Hostname must be set

Download and Install CFEngine Policyserver:
Run the following command to download and automatically install CFEngine on a fresh 64-bit Linux machine

wget http://s3.amazonaws.com/cfengine.packages/quick-install-cfengine-enterprise.sh  && sudo bash ./quick-install-cfengine-enterprise.sh hub

The above command although looks simple but will fail miserably if the pre-requisites are not in place.

Ensure that your /etc/hosts file is populated appropriately else the install will fail with the following error:

HTTP request sent, awaiting response... 200 OK
Length: 46561674 (44M) [application/x-redhat-package-manager]
Saving to: ‘cfengine-nova-hub-3.7.3-1.x86_64.rpm’

100%[====================================================================================================================================================>] 46,561,674  61.8KB/s   in 16m 25s

2016-04-24 00:43:57 (46.2 KB/s) - ‘cfengine-nova-hub-3.7.3-1.x86_64.rpm’ saved [46561674/46561674]

hostname: Name or service not known
hostname -f does not return a valid name, but this is a requirement for generating a
SSL certificate for the Mission Portal and API.
Please make sure that hostname -f returns a valid name (Add an entry to /etc/hosts or
fix the name resolution).
error: %pre(cfengine-nova-hub-3.7.3-1.x86_64) scriptlet failed, exit status 1
error: cfengine-nova-hub-3.7.3-1.x86_64: install failed

Next, you need to have some dependencies installed else the install fails giving mysterious errors liek this:

2016-04-24 01:29:38 (54.0 KB/s) - ‘cfengine-nova-hub-3.7.3-1.x86_64.rpm.1’ saved [46561674/46561674]

error: unpacking of archive failed on file /var/cfengine/bin/pg_dump;571c59c2: cpio: read failed - No such file or directory
error: cfengine-nova-hub-3.7.3-1.x86_64: install failed

The following are the pre-requisite packages:
  1. openssl 
  2. openssl-devel 
  3. flex 
  4. pcre 
  5. pcre-devel 
  6. openldap 
  7. gcc 
  8. tokyocabinet


In my case the installation still failed with 'pg_dump;571c59c2: cpio: read failed". I later found out that it was a backup utility related to PostgresSQL. So I installed it.
After this the installation finally succeeded:


[root@dockertest ~]# rpm -ivh cfengine-nova-hub-3.7.3-1.x86_64.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:cfengine-nova-hub-3.7.3-1        ################################# [100%]

I didn't use the script this time because the script detects the distro & donloads & installs the rpm.
Since I already had the rpm downloaded I skipped the script.

Once installed, the policyserver needs to bootstrap to itself. Run the bootstrap command as follows:
/var/cfengine/bin/cf-agent --bootstrap <IP address>
[root@dockertest ~]# /var/cfengine/bin/cf-agent --bootstrap 192.168.44.179
R: Bootstrapping from host '192.168.44.179' via built-in policy '/var/cfengine/inputs/failsafe.cf'
R: This host assumes the role of policy server
R: Updated local policy from policy server
R: Started the server
R: Started the scheduler
notice: Bootstrap to '192.168.44.179' completed successfully!


Installing the CFEngine client:

System requirements:
CFEngine Hosts (clients)
32/64-bit machines with a recent version of Linux.
20 mb of memory, and 20mb of disk space.
Port 5308 needs to be open.

CFEngine provides a script for the client install as well which I used here:

wget http://s3.amazonaws.com/cfengine.packages/quick-install-cfengine-enterprise.sh  && sudo bash ./quick-install-cfengine-enterprise.sh agent

After the install completes you'll need to bootstrap the client to the policy server with the following command:

/var/cfengine/bin/cf-agent --bootstrap <Policy server IP address>

[root@cfeclient ~]# /var/cfengine/bin/cf-agent --bootstrap 192.168.44.179
  notice: Bootstrap mode: implicitly trusting server, use --trust-server=no if server trust is already established
  notice: Trusting new key: SHA=dd2074ca7f7d0bbf00f666eea1f0aa3a8121fa2cb924cc6e4739ccef061ebbb3
R: Bootstrapping from host '192.168.44.179' via built-in policy '/var/cfengine/inputs/failsafe.cf'
R: This autonomous node assumes the role of voluntary client
R: Updated local policy from policy server
R: Started the server
R: Started the scheduler
  notice: Bootstrap to '192.168.44.179' completed successfully!

In the next tutorial I share some useful commands & process for logging in to the Mission control GUI.


-
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Using capture groups in grep in Linux

Introduction Let me start by saying that this article isn't about capture groups in grep per se. What we are going to do here with gr...