cfengine - network configuration engine
is a language based system specifically designed for testing and
configuring unix-like systems attached to a TCP/IP network. You can think of
as a very high level language -- much higher level than Perl
or shell. A single statement can result in many hundreds of links being
created, or the permissions of many hundreds of files being set. The idea of
is to create a single file or set of configuration files
which will describe the setup of every host on your network.
runs on every host and parses one file (or file-set), the
configuration of the host is checked against this file and, if desired, any
deviations are fixed. cfagent
reads a configuration file called
cfengine.conf in a directory pointed to by the environment variable CFINPUTS.
performs host integrity and security checks as well as
installing and repairing system configuration.
- -a (--sysadm)
- Print only the name of the system administrator then
- -b (--force-net-copy)
- Forces net copy even if remote server is localhost
- -c (--no-check-files)
- Do not check access rights on file systems
- -C (--no-check-mounts)
- Check mount points for consistency. If this option is set
then directories which lie in the ”mount point“ area are
checked to see whether there is anything mounted on them.
- -d (--debug)
- Enable debugging output. (parsing -d1,run, -d2, lite
- -D (--define)
- Define a compound class symbol of the form
- -e (--no-edits)
- Suppress file editing.
- -E (--enforce-links)
- Globally force links to be created where plain files or
links already exist. You have to use this in interactive mode and answer a
yes/no query before cfagent will run like this.
- -f (--file)
- Parse filename after this switch. By default cfagent
looks for a file called cfengine.conf in the current directory.
- -h (--help )
- Help information. Display version banner and options
- -H (--no-hard-classes)
- Prevents cfagent from generating any internal class
name information. Can be used for emulation purposes.
- -i (--no-ifconfig)
- Do not attempt to configure the local area network
- -I (--inform)
- Switches on the inform output level, whereby cfagent
reports everything it changes..
- -k (--no-copy)
- Do not copy/image any files.
- -K (--no-lock)
- Ignore locks when running.
- -l (--traverse-links)
- Normally cfagent does not follow symbolic links when
recursively parsing directories. This option will force it to do so.
- -L (--delete-stale-links)
- Delete links which do not point to existing files (except
in user home directories, which are not touched).
- -m (--no-mount)
- Do not attempt to mount file systems or edit the filesystem
- -M (--no-modules)
- Ignore modules in actionsequence.
- -n (--recon,--dry-run,--just-print)
- No action. Only print what has to be done without actually
- -N (--negate,--undefine)
- Cancel a set of classes, or undefine (set value to false) a
compound class of the form alpha.beta.gamma.
- -p (--parse-only)
- Parse file and then stop. Used for checking the syntax of a
- -q (--no-splay)
- Switch off host splaying (sleeping).
- -s (--no-commands)
- Do not execute scripts or shell commands.
- -S (--silent)
- Silence run time warnings.
- -t (--no-tidy)
- Do not tidy file systems.
- -u (--use-env)
- Causes cfagent to generate an environment variable
CFALLCLASSES which can be read by child processes (scripts). This variable
contains a summary of all the currently defined classes at any given time.
This option causes some system 5 systems to generate a Bus Error or
- -U (--underscore-classes)
- When this option is set, cfagent adds an underscore
to the beginning of all hard system classes (like _sun4, _linux etc.) This
can be used to avoid naming conflicts if you are so injudicious as to name
a host by the name of a hard class. Other classes are not affected.
- -v (--verbose)
- Verbose mode. Prints detailed information about actions and
- -V (--version)
- Print only the version string and then quit.
- -x (--no-preconf)
- Do not execute the cf.preconf net configuration file.
- -X (--no-links)
- Do not execute the links section of a program.
- -w (--no-warn,--quiet)
- Do not print warning messages.
Mark Burgess, Oslo University College