Node: cf.site, Next: , Previous: cf.main, Up: Example configuration file



cf.site

     ##############################################################
     #
     # cf.site - for iu.hioslo.no
     #
     # This file contains site specific data
     #
     #################################################################
     
     ###
     #
     # BEGIN cf.site
     #
     ###
     
     links:
     
        Prepare::
     
           /local     -> /$(site)/$(binserver)/local
           /usr/local -> /local
     
        dax::
     
           /iu/dax/local             +> /iu/nexus/local
           /projects                 -> /iu/dax/local/projects
           /iu/nexus/u1/sowille/data -> /iu/dax/scratch/data
     
        XBootServer::
     
           #
           # Set up a /local/tftpboot area where all X terminal
           # stuff will be kept.
           #
     
           /tftpboot                  -> /local/tftpboot
           /local/tftpboot/td/configs -> /local/tftpboot/td/examples/configs
           /etc/bootptab              -> /tftpboot/bootptab
           /tftpboot/usr/lib/X11/td   -> /tftpboot/td
     
        NameServers::
     
           /etc/named.boot -> /local/iu/named/named.boot
     
        MailHub::
     
           /etc/mail/sendmail.cf ->! /iu/nexus/local/mail/sendmail.cf
     
        MailClients.solaris::
     
           /etc/mail/sendmail.cf ->! /iu/nexus/local/mail/client.cf
     
        nexus::
     
     	/local/bin +> /local/latex/bin
     
     #############################################################
     
     disable:
     
       #
       # We run Berkeley sendmail and the config files are
       # all under /iu/nexus/local/lib/mail
       #
     
         /etc/aliases
     
      WWWServers.Sunday::
     
        #
        # Disabling these log files weekly prevents them from
        # growing so enormous that they fill the disk!
        #
     
        /local/iu/httpd/logs/access_log   rotate=empty
        /local/iu/httpd/logs/agent_log    rotate=empty
        /local/iu/httpd/logs/error_log    rotate=empty
        /local/iu/httpd/logs/referer_log  rotate=empty
     
        #
        # CERT warning, security fix
        #
     
       any::
     
         /usr/lib/expreserve
     
       FTPserver.Sunday.Hr00::
     
        /local/iu/xferlog rotate=3
     
     #################################################################
     
     files:
     
       Prepare::
     
           /etc/motd              m=0644 r=0 o=root act=touch
           /.cshrc                m=0644 r=0 o=root act=touch
     
        PasswdServer::
     
           /local/iu/etc/passwd m=0644 o=root g=other action=fixplain
           /local/iu/etc/shadow m=0644 o=root g=other action=fixplain
     
        WWWServers.Rest::
     
           /local/iu/www                           m=775        g=www act=fixall r=inf
           /local/iu/httpd/conf                    m=664 o=root g=www act=fixall r=inf
           /local/iu/www/cgi-bin-public/count_file m=777 o=root g=www act=fixplain
     
        FTPserver::
     
           #
           # Make sure anonymous ftp areas have the correct
           # protection, or logins won't be able to read
           # files - or perhaps a security risk. This is
           # solaris 2 specific...
           #
     
           $(ftp)/pub        mode=755 o=ftp  g=ftp  r=inf act=fixall
           $(ftp)/Obin       mode=111 o=root g=other      act=fixall
           $(ftp)/etc        mode=111 o=root g=other      act=fixdirs
           $(ftp)/usr/bin/ls mode=111 o=root g=other      act=fixall
           $(ftp)/dev        mode=555 o=root g=other      act=fixall
           $(ftp)/usr        mode=555 o=root g=other      act=fixdirs
     
        Prepare::
     
           /etc/shells mode=0644 action=touch
     
        AllBinaryServers.Rest.longjob::
     
          /local mode=-0002 r=inf owner=root,bin group=0,1,2,3,4,5,6,7,staff
                 links=tidy action=fixall
     
          /local/iu/RootMailLog  m=0666 action=touch
     
        dax.Rest::
     
         /iu/dax/scratch        r=0 o=root mode=1777 action=fixall
         /iu/dax/local/projects r=0 o=root mode=755  action=fixdirs
     
        nexus::
     
         /local/mail/sendmail.cf o=root m=444 act=fixplain
     
         /iu/nexus/ua/robot/.rhosts o=robot m=600 act=touch
     
         /local/iu/named/pz         o=root  m=644 act=fixall r=1
     
         /local/latex/lib/tex/texmf/fonts  owner=root
                                           mode=1666
                                           recurse=inf
                                           action=fixall
     
     #################################################################
     
     tidy:
     
           #
           # Make sure the file repository doesn't fill up
           #
     
           /var/spool/cfengine pattern=*    age=3
     
           /var                pattern=core age=0  r=inf
           /var/spool/mqueue   pattern=*    age=14 type=mtime
     
        BackupHost::
     
           # Here we tidy old backup tar files from the backup area
           # A special tmp area gets cleared every 4 days. The files
           # are created by Audun's backup help script (see shellcommands)
     
           /iu/nexus/backup1      pat=*  age=7
     
     #################################################################
     
     shellcommands:
     
        PasswdServer::
     
           # Build and install the BSD compatible passwd file
           # from the master passwd/shadow file on solaris
     
           "/local/iu/bin/BuildPasswdFiles"
           "/local/iu/bin/BuildGroupFiles"
     
       BackupHost.Sunday.Hr00|BackupHost.Wednesday.Hr00::
     
           #
           # Make a system backup of /iu/nexus/u? with Audun's script
           #
     
           "$(cfbin)/cfbackup -p -f /iu/nexus/backup1 -s /iu/nexus/ud"
           "$(cfbin)/cfbackup -p -f /iu/nexus/backup1 -s /iu/nexus/ua"
           "$(cfbin)/cfbackup -p -f /iu/nexus/backup1 -s /iu/nexus/u1"
           "$(cfbin)/cfbackup -p -f /iu/nexus/backup1 -s /iu/nexus/u2"
           "$(cfbin)/cfbackup -p -f /iu/nexus/backup2 -s /iu/nexus/u3"
           "$(cfbin)/cfbackup -p -f /iu/nexus/backup2 -s /iu/nexus/u4"
           "$(cfbin)/cfbackup -p -f /iu/nexus/backup2 -s /iu/nexus/u5"
           "$(cfbin)/cfbackup -p -f /iu/nexus/backup2 -s /iu/nexus/u6"
     
       nexus.Sunday.longjob.Hr00::
     
           #
           # See how much rubbish users have accumulated each Sunday
           #
     
           "$(cfbin)/noseyparker /iu/nexus/u1 $(sysadm) "
           "$(cfbin)/noseyparker /iu/nexus/u2 $(sysadm) "
           "$(cfbin)/noseyparker /iu/nexus/u3 $(sysadm) "
           "$(cfbin)/noseyparker /iu/nexus/u4 $(sysadm) "
           "$(cfbin)/noseyparker /iu/nexus/u5 $(sysadm) "
           "$(cfbin)/noseyparker /iu/nexus/u6 $(sysadm) "
           "$(cfbin)/noseyparker /iu/nexus/ua $(sysadm) nomail"
           "$(cfbin)/noseyparker /iu/nexus/ud $(sysadm) nomail"
     
        nexus.longjob.Hr00::
     
           #
           # Update the GNU find/locate database each night
           #
     
           "$(gnu)/lib/locate/updatedb"
           "/local/iu/bin/newhomepage.sh"
     
     ###############################################################
     
     editfiles:
     
         #
         # cfengine installs itself as a cron job - sneaky! :)
         #
     
         { /var/spool/cron/crontabs/root
     
         AppendIfNoSuchLine "0 * * * * $(cfbin)/cfwrap $(cfbin)/cfhourly"
         }
     
        FTPserver::
     
           { /etc/shells
     
           AppendIfNoSuchLine "/bin/tcsh"
           AppendIfNoSuchLine "/local/gnu/bin/bash"
           }
     
     
        XBootServer::
     
           { /etc/inetd.conf
     
           AppendIfNoSuchLine
               "bootp dgram udp wait root /local/bin/bootpd bootpd -i -d"
           }
     
        nexus::
     
           { /iu/nexus/ua/robot/.rhosts
     
           AppendIfNoSuchLine "borg"
           AppendIfNoSuchLine "borg.iu.hioslo.no"
           AppendIfNoSuchLine "aud4"
           AppendIfNoSuchLine "aud4.iu.hioslo.no"
           }
     
        dax::
     
           { /etc/system
     
           AppendIfNoSuchLine "set pt_cnt=128"
           }
     
     
     ######################################################################
     
     required:
     
        #
        # Any host must have a /local, /usr/local fs. Check that
        # it exists and looks sensible. (i.e. not empty)
        #
     
        /$(site)/$(binserver)/local
     
     
     ######################################################################
     
     copy:
     
        #
        # NIS seems broken at IU, so here we use NFS to fudge
        # a file distribution as a temporary solution. Actually
        # this makes the system work faster without NIS!
        #
     
           $(nisfiles)/services dest=/etc/services o=root g=other mode=0644
           $(nisfiles)/hosts.deny dest=/etc/hosts.deny o=root mode=0644
     
        !debian::
     
           $(nisfiles)/hosts    dest=/etc/hosts o=root g=other mode=0644
     
        PasswdServer::
     
           /etc/passwd dest=$(nisfiles)/passwd o=root g=other mode=0644
           /etc/shadow dest=$(nisfiles)/shadow o=root g=other mode=0644
     
        nexus::
     
           /local/iu/etc/dfstab dest=/etc/dfs/dfstab  o=root  mode=0744
     
        solaris.!PasswdServer::
     
           $(nisfiles)/passwd dest=/etc/passwd o=root g=other mode=0644
           $(nisfiles)/shadow dest=/etc/shadow o=root g=other mode=0600
           $(nisfiles)/group.solaris dest=/etc/group o=root g=other mode=0644
     
        linux::
     
           $(nisfiles)/passwd.linux dest=/etc/passwd o=root g=other mode=0644
           $(nisfiles)/group.linux dest=/etc/group o=root g=other mode=0644
     
     ###############################################################
     
     processes:
     
           "eggdrop"                           signal=kill
           "irc"                               signal=kill
           "ping"                              signal=kill
           "NetXRay"                           signal=kill
           "netxray"                           signal=kill
           "ypserv"                            signal=kill
           "ypbind"                            signal=kill
           "rarpd"                             signal=kill
           "rpc.boot"                          signal=kill
           "README"                            signal=kill # You don't sh README !
     
        !XBootServer::
     
           "bootp"                             signal=kill
     
        #
        # These processes are not killed every hour, but once a day
        # when cfengine runs at night. Note that there are often
        # hanging pine and elm processes. These programs crash and
        # go berserk, using hundreds of hours of CPU time.
        #
     
        Hr00::
     
           "cron"                 signal=hup  # HUP these to update their config
           "inetd"                signal=hup
     
           "/local/sdt/sdt/bin"   signal=term # For those elektro dudes who forget
                                              # to log out
           "netscape"             signal=kill
           "pine"                 signal=kill
           "elm"                  signal=kill
     
     
     ###
     #
     # END cf.site
     #
     ###