Documentation on custom CFEngine modules. Modules take advantage of CFEngine classes, and support configuration tasks too difficult for CFEngine.
- module:authkey - OpenSSH ~/.ssh/authorized_keys management. See also OpenSSH public key authentication.
- module:groups - Unix group management.
- module:print - Print queue management for the Common Unix Printing System (CUPS) and Windows.
- module:users - User account management for Linux, Mac OS X, Windows, and more.
To deploy these modules on production systems, set the no_modify class, and any changes will be previewed instead of carried out. Then either fix the systems or policy settings as needed, then unset the no_modify class.
The code for these modules is only available by request.
Configuration
Modules must be listed under the CFEngine actionsequence variable. CFEngine can also copy the modules and any required libraries and preferences from a staging area. The default /var/cfengine path is used both in the modules and the module preference files. If the system uses a different path to CFEngine, this path must be changed in all the different files.
control:
any::
workdir = ( /var/cfengine )
masterfiles = ( /var/cfengine/stage/PROD/masterfiles )
moduledirectory = ( /var/cfengine/modules )
actionsequence = (
copy directories files links tidy disable editfiles
module:groups
module:users
module:authkey
module:print
processes shellcommands
)
copy:
any::
# copy modules, ensure executable
${masterfiles}/../cfengine-modules/
dest=${moduledirectory}
mode=0700
recurse=1 backup=false purge=true exclude=README
type=checksum
# supporting Perl modules for above
${masterfiles}/app/cfengine/lib/perl5/
dest=${workdir}/lib/perl5
mode=0444
recurse=inf backup=false purge=true
type=checksum
# configuration and preferences for the modules
${masterfiles}/etc/module/
dest=${workdir}/etc/module/
mode=0400
recurse=inf backup=false purge=true
type=checksum
If storing CFEngine modules under version control, place them into a different top-level directory, such as cfengine-modules. This way, Windows systems will be able to check everything except the special modules area. See Managing Windows with CFEngine and Perl for more information on the problems Windows has with CFEngine modules.
For more information on writing modules, see the CFEngine tutorial.
