cfengine学习笔记
2009-09-30 16:03

系统环境:RedHat as 4U7
软件版本: cfengine 2.2.10
需要用到的软件:BerkeleyDB.4.8 openssl 0.9.8k
下载cfengine 2.2.10 http://www.cfengine.org/tarballs/cfengine-2.2.10.tar.gz
下载BerkeleyDB.4.8 http://www.oracle.com/technology/software/products/berkeley-db/index.html
下载openssl http://www.openssl.org/source/openssl-0.9.8k.tar.gz


安装依赖软件:
1,安装openssl
     # tar zxvf openssl-0.9.8k.tar.gz
     # cd openssl-0.9.8k
     #./configure
     # make
     #make install clean
2,安装Berkeley DB
# tar xvfz db-4.8.tar.gz
# cd db-4.8/build_unix/      //注意这个地方,这个数据库的源码安装方式与其他常见程序不同,要先cd到这个目录下,否则configure会报错,
# ../dist/configure          //Berkeley DB should not be built in the top-level or dist directories.
# make
# make install clean
3,确认系统环境中gcc,flex,byacc等环境均已经安装配置

安装cfengine

# tar zxvf cfengine-2.2.10.tar.gz
# cd cfengine-2.2.10
# ./configure --prefix=/usr/local/cfengine
这时候编译报错:
checking for BerkeleyDB location in default... configure: error: Cannot find BerkeleyDB
很奇怪明明berkeleydb已经安装了的,怎么会找不到呢,于是指定db路径
#./configure --prefix=/usr/local/cfengine --with-berkeleydb=/usr/local/BerkeleyDB.4.8/
仍然报错:

error: This release of cfengine requires BerkeleyDB 3.2 or later
奇怪难道4.8 不是later than 3.2吗? 可能是版本太新了,程序不认识吧,于是指定全局变量
#export LD_LIBRARY_PATH="/usr/local/BerkeleyDB.4.8/lib"

configure 成功
继续编译:
#make
make:报错
make[2]: Entering directory `/root/cfengine-2.2.10/src'
/bin/sh ../ylwrap cfparse.y y.tab.c cfparse.c y.tab.h cfparse.h y.output cfparse.output -- yacc -d
got /root/cfengine-2\.2\.10/src/
../ylwrap: line 82: yacc: command not found
解决 安装byacc-1.9-28.i386.rpm

/root/cfengine-2.2.10/missing: line 46: flex: command not found
解决 安装flex-2.5.4a-33.i386.rpm


继续make,又出现下面的错误,我晕咋这么多问题


lib64 -L/usr/local/ssl/lib ./.libs/libcfengine.a -L/root/cfengine-2.2.10/pub -ldb -lcrypto -lcfpub -lnss_nis -lpthread -lrt -lm -pthread
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0x3e): In function `dlfcn_load':
: undefined reference to `dlopen'
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0xab): In function `dlfcn_load':
: undefined reference to `dlclose'
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0xd4): In function `dlfcn_load':
: undefined reference to `dlerror'
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0x14b): In function `dlfcn_unload':
: undefined reference to `dlclose'
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0x20b): In function `dlfcn_bind_var':
: undefined reference to `dlsym'
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0x257): In function `dlfcn_bind_var':
: undefined reference to `dlerror'
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0x2fb): In function `dlfcn_bind_func':
: undefined reference to `dlsym'
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0x347): In function `dlfcn_bind_func':
: undefined reference to `dlerror'
collect2: ld returned 1 exit status
make[2]: *** [cfagent] Error 1
make[2]: Leaving directory `/root/cfengine-2.2.10/src'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/root/cfengine-2.2.10/src'
make: *** [all-recursive] Error 1

好像是ld的问题强制指定试下
#make LDFLAGS+=-ldl
OK!make通过,真不容易
#make install clean

安装完成,庆祝下吧。

配置Cfengine

1,手动建立Cfengine的工作目录
# mkdir /var/cfengine
# mkdir /var/cfengine/bin
# mkdir /var/cfengine/inputs

2,复制Cfengine二进制代码到工作目录
# cp /usr/local/cfengine/sbin/cfagent /var/cfengine/bin
# cp /usr/local/cfengine/sbin/cfexecd /var/cfengine/bin
# cp /usr/local/cfengine/sbin/cfservd /var/cfengine/bin
# chown -R root:root /var/cfengine
# chmod -R 755 /var/cfengine

3,建立如下的文件:/var/cfengine/inputs/cfagent.conf:

4,策略范例:初次测试的简单策略
编辑cfagent.conf文件,加入相应策略
#vi/var/cfengine/inputs/cfagent.conf
#/var/cfengine/inputs/cfagent.conf
control:
actionsequence = ( shellcommands )
shellcommands:
“/bin/echo Danger, Will Robinson!”
运行策略
# /usr/local/sbin/cfkey 在第一次运行cfagent命令前运行一次该命令
# /var/cfengine/bin/cfagent
cfengine::/bin/echo Dange: Danger, Will Robinson!

现在祝贺你!你已经成功地使用cfengine了!