csync_wizard(1M)csync_wizard(1M)NAMEcsync_wizard - The configuration wizard for the Configuration Engine
(cfengine). csync_wizard is part of the Distributed Systems Administra‐
tion Utilities (DSAU).
SYNOPSISDESCRIPTION
The Configuration Synchronization Wizard (csync_wizard) helps set up a
Configuration Engine (cfengine) environment. cfengine is a policy-
based configuration management tool. The administrator creates a con‐
figuration-description file on the configuration master that defines
the management actions for cfengine to perform on each managed client.
The administrator can use cfengine to perform tasks such as:
· synchronize a set of files across managed clients
· disable inappropriately configured files on the client
· check file permissions, ownership, and track checksum changes
· make edits to files
· execute arbitrary shell commands on each client
· check for processes or signal processes
For additional detailed cfengine information, refer to the cfengine
reference manual in /opt/dsau/doc/cfengine. (For the current version
of cfengine, see the DSAU Release Notes.)
While there are many manual steps required to configure a cfengine
environment, the csync_wizard guides the administrator through the
steps to create the configuration master, allow managed-clients to be
added to and removed from the environment, and distribute the required
security keys between the configuration master and the managed clients.
The administrator must choose a system to act as the configuration mas‐
ter. This system can be a standalone system or a Serviceguard cluster.
· Standalone system acting as the configuration master
In this configuration, cfengine's master configuration
description files and any reference files that need to dis‐
tributed to the managed clients reside in a designated direc‐
tory on this standalone system.
Remote clients can include standalone systems and members of
Serviceguard clusters. cfengine securely communicates with
the managed clients using a public/private key exchange mech‐
anism. The wizard helps the administrator distribute keys to
managed clients but requires that passwordless ssh be config‐
ured. See the csshsetup tool for details on configuring ssh.
An alternative, but less secure, way to distribute cfengine
keys is to use cfrun -T. Refer to the cfengine reference
manual for details.
· Serviceguard cluster acting as the configuration master
In a Serviceguard cluster, cfengine can be configured as a
highly available (HA) service using a Serviceguard package.
All members of the cluster must be up when running the wiz‐
ard, and cluster members are automatically configured as
cfengine clients. The node hosting the package acts as the
configuration master. Clients access the configuration mas‐
ter using its relocatable IP address.
For the intra-cluster-only case, the wizard performs the ini‐
tial cfengine public/private key exchange automatically, and
no special ssh setup is required for the cluster members.
When using the wizard to add remote clients, ssh is required.
See the ssh description in the Standalone system case above
for details.
When configuring the cfengine master to run as part of a HA
service using a Serviceguard package, several data points are
required to establish the service. Refer to the "Prerequi‐
sites for using the wizard" section of this man page for fur‐
ther details.
The wizard provides cfengine templates containing examples of
common files that are synchronized in a Serviceguard cluster.
If cfengine has previously been configured on the configura‐
tion master, any existing cfengine configuration files are
saved in the directory /var/opt/dsau/cfengine/backups. Files
from the master inputs area are also saved here and will
include "master.save" in the filename. Dated subdirectories
are also created in this directory so that more than one copy
of the files will be archived.
Post-configuration Maintenance
After completing configuration of the cfengine master, further adminis‐
tration is accomplished using the csync_wizard, with which you can per‐
form the following tasks.
· Adding managed clients:
Run the wizard on the configuration master to add additional
managed clients. An ssh trust relationship must already be
configured for the wizard to manage the remote clients. See
the ssh section above.
· Deleting managed clients:
Run the wizard on the configuration master to delete any man‐
aged clients. An ssh trust relationship must already be con‐
figured for the wizard to manage the remote clients (see the
ssh section above). You cannot delete the cfengine master to
the Serviceguard member currently hosting the HA Serviceguard
package.
· Key management:
Run the wizard on the configuration master to regenerate the
cfengine keys for the master and all clients. An ssh trust
relationship must already be configured for the wizard to
manage the remote clients (see the ssh section above).
Prerequisites for using the wizard:
· The wizard will configure clients that are in the same domain
as the master, or in multiple DNS domains. See the for addi‐
tional information.
· When using the wizard to add remote clients, password-less
ssh access is required. See the ssh section above.
· DSAU must be installed on all systems (the configuration mas‐
ter and all managed clients).
· Serviceguard package requirements:
· A registered DNS name, IP address, and IP subnet for use
by a Serviceguard package.
· An LVM shared storage environment for use with the pack‐
age. This includes the LVM volume group, logical volume,
and filesystem. The filesystem should have enough space
to accommodate copies of reference files that will be dis‐
tributed to the managed clients.
Running the Wizard
In interactive mode, the wizard prompts for the answers to certain
questions. In non-interactive mode, using the -f option, the wizard
reads entries from the input file. See the -f option for more informa‐
tion.
SERVICEGUARD AUTOMATION FEATURES
When using cfengine tools in a Serviceguard cluster, Serviceguard 11.17
or later is required for automated configuration actions to be sup‐
ported. Specifically, when adding new members to the cluster, cfengine
is automatically configured for use on the new member. For versions of
Serviceguard before 11.17, tracking cluster state changes will require
manual invention and management of the configuration files.
When running the wizard in a Serviceguard cluster to define a highly-
available server configuration, the wizard creates a package. If there
are any errors during package creation, the messages from the package
creation commands are displayed. Refer to the log files in the csync
package directory for detailed information on any errors. For example,
Options
-f inputfile
The contains a list of entries used in configuring csync.
The entries are in pairs (keyword:value) as one entry per
line, separated by colons and include the following:
· master: Fully qualified node name of the master server.
If this file is being used to define a highly available
cfengine configuration for a Serviceguard cluster, the
value of master should be "csync" instead of a hostname.
· domain: The DNS domain of the master server or Service‐
guard cluster specified for master:.
· clients: A colon-separated list of hostnames for managed
clients. In an highly available cluster configuration,
you do not need to include the cluster members in this
list. All members will be automatically configured. If
the hostname is not fully qualified, the domain defaults
to the domain of the master server or the cluster.
The remaining keywords are used only when creating a
highly available cfengine configuration using a Service‐
guard cluster. The keywords define the values used for
creating a Serviceguard package:
· volumegroup: The LVM volume group to use for the pack‐
age (for example, /dev/vgcsync)
· logicalvolume: The LVM logical volume in the above vol‐
ume group (for example, /dev/vgcsync/lvol1). Note that
this must be the full pathname of the logical volume.
· filesystem: The filesystem mount point for the logical
volume (for example, /csync).
· filesystemtype: The type of filesystem (for example,
vxfs (HP-UX) or ext3 (Linux)).
· mountoptions: The filesystem mount options (for exam‐
ple: -o rw,largefiles (HP-UX) or -o rw (Linux)).
· packageip: The IP address for the package.
· packagesubnet: The subnet for the package.
-h Display help on csync_wizard command options.
EXAMPLES
Sample contents of an HP-UX configuration file:
master:node05
domain:company.com
clients:node01:node07:
volumegroup:vgdsau
logicalvolume:/dev/vgdsau/lvol1
filesystem:/dsau
filesystemtype:vxfs
mountoptions:-o rw,suid,delaylog,datainlog
packageip:12.34.567.890
packagesubnet:12.34.556.7
Sample contents of a Linux configuration file:
master:node05
domain:company.com
clients:node01:node07:
volumegroup:vgdsau
logicalvolume:/dev/vgdsau/lvol1
filesystem:/dsau
mountoptions:-o rw
packageip:12.34.567.890
packagesubnet:12.34.556.7
NOTE: In order to configure an HA service using a Serviceguard package,
the value of the master in the input file must be hardcoded to "csync",
for example, master:csync.
DEPENDENCIES
BUGS
For Serviceguard clusters, the wizard supports package creation using
only LVM-based volume groups. For VxVM users, the simplest workaround
is to allow the wizard to configure using LVM and after completion, to
modify the resulting package in /etc/cmcluster/csync/ to use VxVM.
AUTHORScsync_wizard was developed by Hewlett-Packard.
FILES
Note: Look in the file /etc/cmcluster.conf to determine the value for
SGCONF, the path to the Serviceguard package configuration directory.
HP-UX:
/etc/rc.config.d/cfservd
cfservd configuration file.
/sbin/init.d/cfservd
cfengine start/stop script.
Linux:
/etc/sysconfig/cfservd
cfservd configuration file.
/etc/init.d/cfservd
cfengine start/stop script.
Serviceguard Package Files:
SGCONF/csync
Serviceguard package control script
SGCONF/csync.conf
Serviceguard package configuration file
Master files in a non-HA setup:
/var/opt/dsau/cfengine_master/inputs
cfengine's master CFINPUTS directory.
Files synchronized by cfengine:
/var/opt/dsau/cfengine_master/inputs/cf.main
/var/opt/dsau/cfengine_master/inputs/cfagent.conf
/var/opt/dsau/cfengine_master/inputs/cfrun.hosts
/var/opt/dsau/cfengine_master/inputs/cfservd.conf
/var/opt/dsau/cfengine_master/inputs/update.conf
/var/opt/dsau/cfengine_master/inputs/master_files
Directory for files to be synchronized by cfengine.
Master files in an HA setup:
<mount_point>/dsau/cfengine_master/inputs
This contains the same files as given in the non-HA setup
above.
Serviceguard cluster configuration directories:
<mount_point>/dsau/cfengine_master/master_files
In a Serviceguard cluster, configuration directories are part
of the filesystem associated with the package.
SEE ALSOcsshsetup(1), ssh(1), cfengine(8), cfrun(8), cfagent(8), cfservd(8),
Distributed Systems Administration Utilities User's Guide, on
http://docs.hp.com or the iiCD where appropriate
csync_wizard(1M)