Application Management A CFEngine Special Topics Handbook



Similar documents
IBM Endpoint Manager Version 9.1. Patch Management for Red Hat Enterprise Linux User's Guide

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

Administration Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Workflow Templates Library

Specops Command. Installation Guide

SolarWinds Log & Event Manager

HP Operations Manager Software for Windows Integration Guide

Partek Flow Installation Guide

Server Monitoring. AppDynamics Pro Documentation. Version Page 1

Data Sheets RMS infinity

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide

HP Quality Center. Upgrade Preparation Guide

OnCommand Performance Manager 1.1

Introducing IBM Tivoli Configuration Manager

HP AppPulse Active. Software Version: 2.2. Real Device Monitoring For AppPulse Active

Installation ServerView ESXi CIM Provider V6.12

Oracle EXAM - 1Z Oracle Weblogic Server 11g: System Administration I. Buy Full Product.

Quest ChangeAuditor 4.8

Workflow Automation Support and troubleshooting guide

IT6204 Systems & Network Administration. (Optional)

SAP Business Intelligence Suite Patch 10.x Update Guide

Actualtests.C questions

NETWORK OPERATING SYSTEMS. By: Waqas Ahmed (C.E.O at Treesol)

How to Build an RPM OVERVIEW UNDERSTANDING THE PROCESS OF BUILDING RPMS. Author: Chris Negus Editor: Allison Pranger 09/16/2011

LEARNING SOLUTIONS website milner.com/learning phone

EventSentry Overview. Part I About This Guide 1. Part II Overview 2. Part III Installation & Deployment 4. Part IV Monitoring Architecture 13

ORACLE OPS CENTER: PROVISIONING AND PATCH AUTOMATION PACK

WebSphere Business Monitor

About this release. McAfee Application Control and Change Control Addendum. Content change tracking. Configure content change tracking rule

vsphere Upgrade vsphere 6.0 EN

An Oracle White Paper June Oracle Linux Management with Oracle Enterprise Manager 12c

Tivoli Log File Agent Version Fix Pack 2. User's Guide SC

System Center Configuration Manager

Nixu SNS Security White Paper May 2007 Version 1.2

Net/FSE Installation Guide v1.0.1, 1/21/2008

User's Guide - Beta 1 Draft

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

SAP BusinessObjects Business Intelligence Suite Document Version: 4.1 Support Package Patch 3.x Update Guide

Configuring Informatica Data Vault to Work with Cloudera Hadoop Cluster

Server application Client application Quick remote support application. Server application

AVALANCHE MC 5.3 AND DATABASE MANAGEMENT SYSTEMS

RES ONE Automation 2015 Task Overview

Initializing SAS Environment Manager Service Architecture Framework for SAS 9.4M2. Last revised September 26, 2014

Comparing Microsoft SQL Server 2005 Replication and DataXtend Remote Edition for Mobile and Distributed Applications

Parallels Virtual Automation 6.1

IBM WebSphere Application Server V8.5 lab Basic Liberty profile administration using the job manager

Installation & Upgrade Guide

Deploying Dedicated Virtual Desktops in Hosted Environments

Symantec AntiVirus Corporate Edition Patch Update

Implementing Red Hat Enterprise Linux 6 on HP ProLiant servers

VWVCVIM5.5 VMware vcenter Configuration Manager for Virtual Infrastructure Management [v5.5]

Intellicus Cluster and Load Balancing (Windows) Version: 7.3

Getting Started With Halo for Windows

HP Insight Diagnostics Online Edition. Featuring Survey Utility and IML Viewer

Installing and Configuring Adobe LiveCycle 9.5 Connector for Microsoft SharePoint

How To Set Up An Intellicus Cluster And Load Balancing On Ubuntu (Windows) With A Cluster And Report Server (Windows And Ubuntu) On A Server (Amd64) On An Ubuntu Server

Software Distribution Reference

CS197U: A Hands on Introduction to Unix

Software Deployment and Configuration

ServerView Integration Pack for Microsoft SCCM

HP Enterprise Integration module for SAP applications

How To Deploy Lync 2010 Client Using SCCM 2012 R2

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

How to install software applications in networks to remote computers

Symantec Control Compliance Suite : Reporting and Analytics ReadMe Update

HP SCOM Management Packs User Guide

Rogue Wave HostAccess 7.40J Installation Guide... 1

SapphireIMS 4.0 Asset Management Feature Specification

Rally Installation Guide

Getting Started With Halo for Windows For CloudPassage Halo

Secret Server Installation Windows 8 / 8.1 and Windows Server 2012 / R2

IBM Endpoint Manager Version 9.2. Patch Management for SUSE Linux Enterprise User's Guide

BMC BladeLogic Client Automation Installation Guide

NetBeans IDE Field Guide

Cloud Implementation using OpenNebula

Adobe Acrobat 9 Deployment on Microsoft Windows Group Policy and the Active Directory service

Release Notes for Patch Release #2614

Software and Delivery Requirements

IBM WebSphere Application Server Version 7.0

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Using Network Application Development (NAD) with InTouch

Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities

Installing and Administering VMware vsphere Update Manager

IBM Connections Plug-In for Microsoft Outlook Installation Help

TIBCO Spotfire Statistics Services Installation and Administration Guide. Software Release 5.0 November 2012

Websense Support Webinar: Questions and Answers

Install guide for Websphere 7.0

Linux. Managing security compliance

VPS Hosting User Guide

HP ProLiant Essentials Vulnerability and Patch Management Pack Release Notes

Setting Up Resources in VMware Identity Manager

Upgrading VMware Identity Manager Connector

Git - Working with Remote Repositories

W H I T E P A P E R. Best Practices for Building Virtual Appliances

Transcription:

Application Management A CFEngine Special Topics Handbook CFEngine AS

CFEngine is able to install, update and uninstall services and applications across all managed nodes in a platform-independent manner. Updating software across all nodes can be made as simple as copying a package to a software server. Thereafter, applications can be managed and customized using CFEngine. Copyright c 2010 CFEngine AS

i Table of Contents What is Application Management?................................... 1 How can CFEngine help?............................................. 1 Package management................................................ 1 Enterprise Software Reporting........................................ 2 Integrated software installation....................................... 2 Distributing software packages to client hosts...................... 2 Stopping and restarting an application for update.................. 3 Adapting to Windows............................................. 4 Notes on Windows systems....................................... 4 Customizing applications............................................. 5 Starting and stopping software....................................... 6 Auditing software applications........................................ 6

1 What is Application Management? Application management concerns the deployment and updating of software, as well as customization of for actual use, in other words all the activities required to make an application ready for use. Initially, software installation packages must be deployed on host machines, however, we frequently encounter the need to update software due to security flaws, bugs or new features. It is generally unwise to let every application update itself automatically to the newest version from the internet; we want to decide which version gets installed and also make sure that the load on the network does not impair performance during mass-updates. Equally important is making sure certain applications are not present, especially when they are known to have security issues. Using CFEngine, you can verify that the software is in a promised state and is properly customized for use. How can CFEngine help? CFEngine assists with application management in a number of ways. Following the BDMA lifecycle, we note: Build Deploy Manage Audit CFEngine can be used to automate the build of packaged software releases using standardized or custom package formats. CFEngine can distribute and install packaged software on any kind of platform. CFEngine can start, stop, restart, monitor, and upgrade, and customize software applications. CFEngine can monitor and report on packages and patches installed on systems and their versions and status. Package management Application management is simple today on most operating systems due to the introduction of package systems. All major operating systems now have some sort of package management system, e.g. RPM for Linux, and MSI for Windows. However, their capabilities and methods vary greatly. Moreover, the packages they need to install have to be made available to the hosts that need them and the package manager has to be executed at the right time and place. This is where CFEngine assists. Some package managers support online automatic access of online repositories and can download data from the network. Others have to have packages copied to local storage first. CFEngine can work with both types of system to integrate software management. CFEngine communicates with the system using its own standards to utilize the approach suitable for that software system.

2 Application Management Custom software repositories can be made, and CFEngine s agents can perform this distribution by collecting software packages to local storage and then installing from there. When software packages are available on local storage, CFEngine can check whether they are already installed, and if so, which version and architecture are installed. This, in turn, can be verified against the policy for the software should it indeed be installed, updated or removed? Using the CFEngine standard library, agents know how to talk to the native package manager to query information and get the system into the desired state. CFEngine can edit configuration files in real time to ensure that applications are customized to local needs at all times. Enterprise Software Reporting In commercial releases of CFEngine, the state of software installation is reported centrally and is easily accessible through the Knowledge Map. Commercial editions of CFEngine also support querying Windows machines for installed MSI packages and thus allows for easy software deployment in heterogeneous Unix and Windows environments. Integrated software installation CFEngine gives complete freedom to users, so there are many ways to design a system that achieves a desired software end-state. Consider the following example setup which ensures that one particular application is up to date on all hosts. The procedure below is very similar to the way that commercial CFEngine editions update. Rather than using an OS-specific package repository, like yum, we create a universal approach using CFEngine s distribution and installation promises. We first look at the example on an RPM system, then we show the modifications required to handle Windows instead. The examples use body parts from the standard library. Distributing software packages to client hosts To begin with, we promise that the relevant software packages will be locally available to the agents from software servers, i.e. we promise that a local copy of all deployed software packages will exist in the directory /software repo on local storage. The copy will be collected and compared against a directory called /master software repo on host server.example.org in this example.

We say that this approach is data-driven because, by placing software package data in the central repository, client hosts update automatically, as they promise to subscribe to the data. files: /software repo comment = Copy app1 updates from software server, copy from = remote cp( /master software repo/app1/$(sys.flavour), server.example.org ), depth search = recurse( inf ), classes = if repaired( newpkg app1 ); When the agent copies a relevant software package from the software server (sys.flavour is the local operating system), the class newpkg app1 will get defined. This class can act as a trigger to stop the application, update it, and start it again. Stopping and restarting an application for update On some operating systems, software cannot be updated while it is running. CFEngine can promise to enure that a program is stopped before update: processes: newpkg app1:: app1 signals = term, kill ; CFEngine normal ordering, ensures that processes promises are always run prior to packages promises, so the application will be stopped before updated. Next we promise the version of the software we want to install. In this case, any version greater than 1.0.0. packages: newpkg app1:: app1 package policy = update, package select = =, package architectures = i586, package version = 1.0.0, package method = rpm version( /software repo ), classes = if else( app1 update, app1 noupdate ); By promising carefully what package and version you want, using package policy, package select, and package version, CFEngine can keep this promise by updating to the latest version of the package available in the directory repository /software repo. If the available versions are all less than than 1.0.0, an update will not take place. 3

4 Application Management The package version specification should match the versioning format of the software, whatever it is, e.g. you would write something like 1.00.00.0 if two digits were used in the two middle version number positions. CFEngine automatically adapts its versioning to the conventions used by individual package schemas. To summarize, in order for CFEngine to be able to match installed packages with the ones in the directory repository, the same naming convention must be applied. That is, the package name, version and architecture must have the same format in the list of installed packages as the file names of available packages. From the promise above, we see that CFEngine will interpret app1 as the name, 1.0.0 as the version and i586 as the architecture of the package. Using this while looking at the package name convention in the rpm package method, we see that CFEngine will look for packages named as app1-x.y.z-i586.rpm, with X, Y, Z producing the largest version available in the directory repository. If an available version is larger than the one installed, an update will take place the update command is run. Finally, we set classes from the software update in case we want to act differently depending on the outcome. Replacing the policy update with add is all that is required to install the package (once) instead of updating. Using policy add will do nothing if the package is already installed, but installs the largest version available if it is not. Use package select = == to install the exact version instead of the largest. Adapting to Windows To adapt our example to Windows, we change the path to the local software repository from /software repo to c: software repo, to support the Windows path format. Other than that, all we have to change is the package method, yielding the following. package method = msi version( c: software repo ), Refer to the msi version body in the standard library. Notes on Windows systems CFEngine implements Windows packaging using the MSI subsystem, internally querying the Windows Management Interface for information. However, not all Windows systems have the reqired information. CFEngine relies on the name (lower-cased with spaces replaced by hyphen) and version fields found inside the msi packages to look for upgrades in the package repository. Problems can arise when the format of these fields differ from their format in the file names. For example, a package file name may be 7zip-4.65-x86 64.msi, while the product name in the msi is given as 7-Zip 4.65 (x64 edition), and the version is 4.65.00.0.

5 For the formats to match, we can change the product name to 7zip and the version to 4.65 in the msi-package. Free tools such as InstEd can both view and change the product name and version (Tables- Property- ProductName and ProductVersion). Customizing applications By definition, we cannot explain how to customize software for all cases. For Unix-like systems however, software customization is usually a matter of editing a configuration text file. CFEngine can edit files, for instance, to add a configuration line to a file, you might so something like this: bundle agent my application customize files: $(prefix)/config.cf comment = Set the permissions and add a line..., perms = mo( 0600, root ), edit line = append if no line( My custom setting... ); To set a number of variables inside a file, you might do something like this: bundle agent my application customize vars: # want to set these values by the names of their array keys rhs[serverhost] string = 123.456.789.123 ; rhs[portnumber] string = 1234 ; rhs[admin] string = admin@example.org ; files: $(prefix)/config.cf comment = Add new variables or set existing ones, edit line = set variable values( setvars.rhs ); You can also create file templates with customizable variables using the expand template method from the standard library.

6 Application Management Starting and stopping software CFEngine is promise or compliance oriented. You promise whether software will be running or not running at different times and locations by making processes or services promises. To start a service, you might do something like this: processes: myprocess restart class = start me ; commands: start me:: /path/to/software #... many security options, etc or using services services: windows:: Dhcp service policy = start, service dependencies = Alerter, W32Time, service method = winmethod; To stop a service, you take one of these approaches: processes: badprocess signals = term, kill ; snmp process stop = /etc/init.d/snmp stop ; Auditing software applications Commercial Editions of CFEngine generate reports about installed software, showing package names and versions that are installed. There is a huge variety in the functionality offered by different package systems. The most sophisticated package managers are those provided by OpenSuSE Linux and RedHat. These know the difference between installation packages and software updates and can keep track of installed software transparently. Most package systems have fewer functions.

CFEngine tries to make the best of each package system to collect information about the state of software. In commercial editions you have access to reports on the software installed on each system in the network, to the extent permitted by the software subsystems on those hosts. 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information