############################################################## # # cf.main - for iu.hio.no # # This file contains generic config stuff # ############################################################## ############### # # BEGIN cf.main # ############### control: Access = ( root ) # Only root should run this site = ( iu ) domain = ( iu.hio.no ) sysadm = ( cfengine@iu.hio.no ) smtpserver = ( nexus.iu.hio.no ) # Welcome to Norway...! timezone = ( MET CET ) # # Where backup files (for copy/tidy) are kept # Repository = ( /var/spool/cfengine ) LockDirectory = ( /var/cfengine ) LogDirectory = ( /var/cfengine ) # # Where extension modules can be found # moduledirectory = ( /var/cfengine/modules ) SpoolDirectories = ( /var/spool/cron/crontabs ) ################################################################### # # Spread the load, make sure the servers get done first though # ################################################################### !AllBinaryServers:: SplayTime = ( 1 ) ################################################################### # # Some local decisions ... # ################################################################### any:: OutputPrefix = ( "cf:$(host)" ) IfElapsed = ( 15 ) # Checks can be repeated only after 15 mins ExpireAfter = ( 240 ) # Hanging checks are killed after 4 hours SensibleSize = ( 1000 ) # Mounted disk looks normal if size > 1000 bytes SensibleCount = ( 2 ) # " if no files > 2 EditfileSize = ( 40000 ) # Will not edit files bigger than this # # Local convention for mounting file systems # e.g. /iu/nexus/u1. Home dirs are u1,u2,u3,u?,ua,ub ... # MountPattern = ( /$(site)/$(host) ) HomePattern = ( u? ) ################################################################### # # Security checks # ################################################################### NonAlphaNumFiles = ( on ) # Warn on filenames with non alphanumic chars FileExtensions = ( c gif jpg ) # Filenames which should NOT be directories # File/dir names which we should NOT be there SuspiciousNames = ( .mo lrk3 lkr3 nuke rootkit cloak zap icepick toneloc .ek wzap clnlog sniff.pid sp.pl ) ChecksumDatabase = ( /var/cfengine/cf.db3 ) # This should be on only when we are updating the db after AUTHORIZED changes ChecksumUpdates = ( on ) ################################################################### # # If we undefine this with cfengine -N longjob # then we switch off all jobs labelled with this class # ################################################################### AddClasses = ( longjob ) AddInstallable = ( rootfull ) AddInstallable = ( pcstudupdate ) AddInstallable = ( dns_update ) AddInstallable = ( syslodgdhup ) ################################################################### # # Macros & constants are inherited downwards in imports # but are not passed up to parent files. Good idea to # define them all here # ################################################################### cfbin = ( /var/cfengine/bin ) checksrc = ( /iu/nexus/ud/mark/comp ) gnu = ( "/local/gnu" ) ftp = ( /local/iu/ftp ) nisfiles = ( /iu/nexus/local/iu/etc ) # Stupid name, since we don't use NIS anymore masterfiles = ( /iu/nexus/local/iu ) ################################################################### # # The action sequence determines the order in which # checks are performed: action.class1.class2... # ################################################################### any:: actionsequence = ( editfiles copy mountall mountinfo checktimezone resolve netconfig unmount shellcommands addmounts links.Prepare files.Prepare directories links.Rest # mailcheck mountall required tidy.IfElapsed120.ExpireAfter240 disable editfiles files.Rest processes ) ################################################################### # # Network configuration. 74+75 are one subnet. 85 is one subnet. # ################################################################### nexus|quetzalcoatal|haddock:: interfacename = ( hme0 ) # A newer type of machine Net75:: netmask = ( 255.255.254.0 ) !Net75:: netmask = ( 255.255.255.0 ) ###################################################################### # # Strategies (mixed, randomised) # ###################################################################### strategies: OnTheHour:: { spread_load percent_10: "1" # These classes get defined in these ratios percent_30: "3" precent_60: "6" } ###################################################################### # # Server relationships for NFS filesystems # ###################################################################### # # Hosts which have home directory disks # homeservers: haddock|daneel:: nexus !haddock.!daneel:: nexus cube # # Hosts which have binary data (software) binservers: solaris:: nexus linux:: cube # # A list of all NFS mountable resources which # are available to *someone* within .iu.hio.no # mountables: any:: cube:/iu/cube/u1 cube:/iu/cube/u2 cube:/iu/cube/u3 cube:/iu/cube/u4 cube:/iu/cube/local nexus:/iu/nexus/local dax:/iu/dax/local nexus:/iu/nexus/local/iu/src 128_39_89|cube|matrix:: nexus:/iu/nexus/ua nexus:/iu/nexus/ub nexus:/iu/nexus/uc nexus:/iu/nexus/ud # # File systems which should be unmounted # and removed (old stuff) # unmount: # when removing mountables... # # NFS mounts which are not covered by binserver/homeserver # miscmounts: # # Even though nexus is software bin-type "solaris" # we need this partition even on non-solaris hosts # because it contains sharable data (for cfengine etc) # linux:: nexus:/iu/nexus/local /iu/nexus/local mode=ro ###################################################################### # # Routing configuration on local net # ###################################################################### broadcast: # # Modern convention for broadcast 1-bits == i.e. .255 # ones defaultroute: (128_39_74|128_39_75):: 128.39.74.1 128_39_89:: 128.39.89.1 ###################################################################### # # DNS configuration. Uninett make this complicated for us # because they own the routers and want to # keep their DNS records themselves # ###################################################################### resolve: NameServers.nexus:: 127.0.0.1 128.39.89.26 # quetx 128.39.74.16 # cube NameServers.!nexus:: 127.0.0.1 # loopback - itself 128.39.89.10 # nexus 128.39.74.16 # cube !NameServers.128_39_89:: 128.39.89.10 # nexus 128.39.89.26 # quetzalcoatal 128.39.74.16 # cube !NameServers.(128_39_74|128_39_75):: 128.39.74.16 # cube 128.39.89.10 # nexus 128.39.89.26 # quetzalcoatal ###################################################################### tidy: # # Some global tidy-ups which all hosts need # !rom21X:: /tmp/ pattern=* recurse=inf age=1 /var/tmp pattern=* recurse=inf age=2 / pattern=core r=1 a=0 /etc pattern=core r=1 a=0 ###################################################################### ignore: # # Don't check or tidy these files/directories in recursive # searches. They need exceptional treatment # # pseudo-filesystems: /dev /proc /devices /kernel ls-R mysql.sock /local/lib/gnu/emacs/lock/ /local/tmp ftp projects /local/bin/top /local/lib/tex/fonts /local/iu/etc /local/etc /local/iu/httpd/conf /usr/tmp/locktelelogic /usr/tmp/lockIDE RootMailLog lock /usr/bin/[ /usr/bin/pico /local/bin/pico # exclude this so we can search for copies (security) # # Emacs lock files etc # !* /local/lib/xemacs # # X11 keeps X server data in /tmp/.X11 # better not delete this! # .X* .Media* ##################################################################### disable: # # These files should never exist on any host # !rom21X:: /etc/hosts.equiv # rlogin security /etc/nologin # Prevents user login ############# # # END cf.main # #############