##################################################################### # # CFENGINE CONFIGURATION FOR site = sdsc.edu # # This file is for root only. # # $Header: /sdsc/refsys/Data/cfengine/RCS/cfengine.conf,v 1.406 2000/07/12 21:57:59 kowalski Exp $ # ###################################################################### ### # # BEGIN cfengine.conf # ### groups: #### # This is where we define classes for special configurations. # Format is: # classname = ( host1 host2 host3 host4 ) #### ### LPRNG clients (replaces the BSD lpd tools with lprng ones) [FAD] # lprng = ( yamato shovel delphi spirit ghidorah torah lart damia mojo ) lprng = ( yamato shovel spirit ghidorah torah lart damia mojo ) lprng = ( espresso apogee perigee gaos guiron mach5 number6 aspen flynn ) lprng = ( clara pdbdev woodsman glub operations-xterm capsun ) lprng = ( suraj equinox lorien austin elmak vortex pollux nbcr1 castor ) lprng = ( aith catharsis banzai knight snafu koshka clang molecule ) lprng = ( entropy ca oak clyde postal mount-xterm slow-boat lonesun1 ) lprng = ( slowboat sequence surprise lonesun2 shanti wind playmate ) lprng = ( sloth blah topflop nitz ) ### Kerberos Key Distribution Centers (KDCs) ### KDCs are installed by installing a complete new reference system, ### makeing them KDCs, and then stopping the automatic use of cfengine, e.g ### once installed, a KDC wil never run cfengine automatically. ### Manual cfengine runs will be performed as necessary. kdc = ( kdc1 ) ### DHCP server ### DHCP servers are installed by installing a complete new reference system, ### and adding them to this class dhcp_server = ( moe ) ### NQE execution servers # nqe_ex_server = ( ) ### NQE Master Server nqe_master_server = ( solomon ) ### LSF machines lsf = ( catharsis ) ### "nf" FDDI interface (for installing Solaris patches) fddi = ( ghost neptune postal spirit ) ### SunOS 4.x and IRIX 6.2 machines with console terminals on a serial port serialcons = ( barfly calvin dns-tmp dns1 dns2 knuth rosebud time genie ) ### Solaris multiprocessor machines # sol_multicpu = ( gaos delphi aith torah nbcr1 castor pollux ) sol_multicpu = ( gaos aith torah nbcr1 castor pollux ) sol_multicpu = ( xena ) ### machines with Sun SPARCstorage Arrays # storagearray = ( delphi ) ### machines with Sun A1000/A3500 class disk arrays. Hardware Raid. sun_raid_mgr = ( pollux torah aith ) ### machines using Sun's Alternate Pathing software # sun_ap = ( delphi ) ### Sun's HPC software hpc = ( gaos ) ### OpenStep openstep = ( redbaron ) ### Solaris CDE users cde = ( aberjy aspen bigdog blah clang espresso flopsy goldeneye ) cde = ( happy hotspare1 ispy lart mahalo mojo jumpstart ) cde = ( playmate pluto scooby sunrise sunset talac woodsman ) cde = ( grumpy lorien equinox austin elmak banzai koshka ) cde = ( snafu molecule eyes-n-ears ca aurora magic ) cde = ( sleepy ) ### Sun OpenGL users ogl = ( lorien molecule ) ### DNS servers dns_server = ( ns0 ns1 dns1 dns2 dns-tmp NS1.ARPA.NET SRI-NIC.ARPA.NET ) # dns_test = ( dns-tmp ) ### Hosts that live outside the fence extra_security = ( calvin chauncey dns1 dns2 HVCCO.ARPA.NET NS1.ARPA.NET SRI-NIC.ARPA.NET ) ### Foreign hosts are non-SDSC.EDU systems foreign = ( BERNINI.ARPA.NET BRAQUE.ARPA.NET CEZANNE.ARPA.NET ) foreign = ( DALI.ARPA.NET GRIS.ARPA.NET HVCCO.ARPA.NET MANET.ARPA.NET ) foreign = ( NS1.ARPA.NET RAPHAEL.ARPA.NET SRI-NIC.ARPA.NET TURNER.ARPA.NET ) ### ShowMe Video showme_video = ( goldeneye infinity sloth timberwolf xena yamato ) showme_video = ( eyes-n-ears iseeu doctor nafai mahalo ispy issib ) ### Loghosts loghost = ( lager ) ### Install platforms installplatform = ( hydra starfire ) ### Anonymous FTP anonftp = ( webfarm1 webfarm2 ) pdbanonftp = ( castor pollux ) ### Machines where disk space is at a premium... need_diskspace = ( clapton db1 lager triton playmate ) need_diskspace = ( michelangelo rowan silicon zero sark monopoly ) need_diskspace = ( driver8 db1 talac ptlc ) ### hosts with customized local flexlm license files localflexlm = ( arjuna bugs buzz chagall ecco fandango foraker mckinley ) localflexlm = ( nala ozma scratchy simba startrek surprise tick ) ### Webfarm nodes webfarm = ( webfarm0 webfarm1 webfarm2 webfarm3 webfarm4 webfarm5 ) webfarm = ( webfarm6 webfarm7 webfarm8 webfarm9 ) ### E10000 domains # e10k = ( delphi gaos torah ) e10k = ( gaos torah ) ### E10000 SSPs e10k_ssp = ( miki keni ) ### DEC Alpha Cluster rawhide = ( heinlein vinge ) ### Other unique classes disksuite = ( flenser ) logdaemon = ( snk ) news = ( tabloid ) otp = ( snk ) nobel_tmp = ( nobel-tmp ) mailhub = ( billthecat postal hpcmail HVCCO.ARPA.NET ) pop_server = ( postal ) tpage_gateway = ( postal ) rcsb = ( castor pollux pdbdev ) webmail_server = ( webmail ) ### For new password maintenance system testing pwhosts = ( startrek playmate knuth ) ### LPRng server lprng_server = ( shovel ) ### Xnewu_client xnewu_client = ( playmate ) ### Servers running Veritas Volume Manager # vvm = ( delphi castor nbcr1 torah ) vvm = ( castor nbcr1 torah ) ### F5 load balancer machines f5 = ( morpheus neo ) ### Machines for which accounting will be run and maintained acct = ( nbcr1 aith ) ### Samba server samba_server = ( samba1 samba2 ) ### Solaris boot server: runs tftp, rarpd, bootparamd solaris_bootserver = ( blah ) ### define 64bit if local machine is currently running 64bit instruction set. ### Currently only Solaris7 platform uses this group of definition. ### To include other platforms, just modify the script below and make sure ### the script ahheres 0 true and 1 (or others) false. This also sets an ### example on how to custome define a class based on certain condition. ### BE AWARE: try no to overload the script since every machine will be ### evaluating it. haisong@sdsc.edu (06-13-00) 64bit = ( '/sdsc/admin/refsys/Data/cfengine/scripts/isainfo' ) ### decide whether openstep needs to be installed or it has already been. need_openstep = ( '/sdsc/admin/refsys/Data/cfengine/scripts/check_openstep') ### decide whether cde needs to be installed. only apply to 251 and 25 need_cde = ( '/sdsc/admin/refsys/Data/cfengine/scripts/check_cde') ### decide whether opengl needs to be installed. only apply to 251 need_opengl = ( '/sdsc/admin/refsys/Data/cfengine/scripts/check_opengl') ### decide whether the machine is running RedHat 6.0 or RedHat 6.2 (for now) redhat60 = ( '/sdsc/admin/refsys/Data/cfengine/scripts/check_redhat60' ) ### decide whether the machine is SMP or not. linuxsmp = ( '/sdsc/admin/refsys/Data/cfengine/scripts/check_linuxsmp' ) ###################################################################### control: # foreign class hosts running cfengine 1.4.17 can't do this !foreign:: domain = ( sdsc.edu ) any:: site = ( sdsc ) sysadm = ( tep@sdsc.edu ) netmask = ( 255.255.255.0 ) timezone = ( PST8PDT ) nfstype = ( nfs ) # can't use this until we fix the daemon restart script to recognize the # files in the repository # repository = ( /var/tmp/cfrepository ) sensiblesize = ( 1000 ) sensiblecount = ( 2 ) editfilesize = ( 200000 ) ### For new password maintenance system testing pwmenu = ( /sdsc/local/generic/sdscbin/pwmaint_mods ) actionsequence = ( # mountall # mountinfo checktimezone # netconfig resolve # unmount editfiles.entrance shellcommands.basics # addmounts directories links.basics files.basics tidy copy links # mailcheck # mountall required disable files # copy editfiles.basics shellcommands.exitcommands processes ) baseline = ( /sdsc/admin/refsys ) base_images = ( "$(baseline)/Images" ) base_data = ( "$(baseline)/Data" ) common = ( "$(base_data)/common/root" ) irix:: base_data_arch = ( "$(base_data)/mips-sgi-irix6.2/root" ) base_images_arch = ( "$(base_images)/mips-sgi-irix6.2/root" ) base_patches_arch = ( "$(base_images)/mips-sgi-irix6.2/patches" ) etcinet = ( /etc ) setuid = ( 4755 ) addclasses = ( krb5_nrl ) owner = ( root ) group = ( sys ) group2 = ( sys ) linux:: base_data_arch = ( "$(base_data)/i386-redhat-linux/root" ) base_images_arch = ( "$(base_images)/i386-redhat-linux/root" ) base_patches_arch = ( "$(base_images)/i386-redhat-linux/patches" ) etcinet = ( /etc ) setuid = ( 4755 ) addclasses = ( krb5_nrl ) addclasses = ( newlprng ) owner = ( root ) group = ( root ) group2 = ( root ) osf1_V3_0|osf1_V3_2|osf1_V4_0:: base_data_arch = ( "$(base_data)/alpha-dec-osf4.0/root" ) base_images_arch = ( "$(base_data)/alpha-dec-osf3.0/root" ) base_patches_arch = ( "$(base_images)/alpha-dec-osf3.0/patches" ) etcinet = ( /etc ) setuid = ( 4711 ) addclasses = ( krb5_nrl ) owner = ( root ) group = ( system ) group2 = ( system ) sunos_5_5:: base_data_arch = ( "$(base_data)/sparc-sun-solaris2.5/root" ) base_images_arch = ( "$(base_data)/sparc-sun-solaris2.5/root" ) base_patches_arch = ( "$(base_data)/sparc-sun-solaris2.5/patches" ) etcinet = ( /etc/inet ) setuid = ( 4755 ) addclasses = ( krb5_nrl ) addclasses = ( logdaemon ) addclasses = ( patches ) addclasses = ( newpatch ) owner = ( root ) group = ( root ) group2 = ( other ) sunos_5_5_1:: base_data_arch = ( "$(base_data)/sparc-sun-solaris2.5.1/root" ) base_images_arch = ( "$(base_data)/sparc-sun-solaris2.5.1/root" ) base_patches_arch = ( "$(base_data)/sparc-sun-solaris2.5.1/patches" ) etcinet = ( /etc/inet ) setuid = ( 4755 ) addclasses = ( krb5_nrl ) addclasses = ( logdaemon ) addclasses = ( patches ) owner = ( root ) group = ( root ) group2 = ( other ) sunos_5_6:: base_data_arch = ( "$(base_data)/sparc-sun-solaris2.6/root" ) base_images_arch = ( "$(base_data)/sparc-sun-solaris2.6/root" ) base_patches_arch = ( "$(base_data)/sparc-sun-solaris2.6/Patches" ) etcinet = ( /etc/inet ) setuid = ( 4755 ) addclasses = ( krb5_nrl ) addclasses = ( logdaemon ) addclasses = ( lprng ) addclasses = ( newlprng ) owner = ( root ) group = ( root ) group2 = ( other ) os_version = ( 2.6 ) sunos_5_7:: base_data_arch = ( "$(base_data)/sparc-sun-solaris7/root" ) base_images_arch = ( "$(base_data)/sparc-sun-solaris7/root" ) etcinet = ( /etc/inet ) setuid = ( 4755 ) addclasses = ( krb5_nrl ) addclasses = ( logdaemon ) owner = ( root ) group = ( root ) group2 = ( other ) os_version = ( 2.7 ) sunos_5_8:: base_data_arch = ( "$(base_data)/sparc-sun-solaris8/root" ) base_images_arch = ( "$(base_data)/sparc-sun-solaris8/root" ) etcinet = ( /etc/inet ) setuid = ( 4755 ) addclasses = ( krb5_nrl ) addclasses = ( logdaemon ) owner = ( root ) group = ( root ) group2 = ( other ) os_version = ( 2.8 ) sunos_4_1_4:: base_images_arch = ( "$(base_data)/sparc-sun-sunos4.1.4/root" ) base_patches_arch = ( "$(base_data)/sparc-sun-sunos4.1.4/patches" ) base_data_arch = ( "$(base_data)/sparc-sun-sunos4.1.4/root" ) etcinet = ( /etc ) setuid = ( 4755 ) addclasses = ( krb5_1_0_5 ) # SunOS logdaemon binaries are not working properly on some architectures # addclasses = ( logdaemon ) addclasses = ( patches ) owner = ( root ) group = ( wheel ) group2 = ( staff ) # Kernel architectures sunos_sun4:: archk = ( sun4 ) sunos_sun4c:: archk = ( sun4c ) sunos_sun4m:: archk = ( sun4m ) sunos_sun4u:: archk = ( sun4u ) # Host variables anonftp:: base_ftp = ( /misc/ftp ) pdbanonftp:: base_ftp = ( /misc/rcsb_ftp ) pdbdev:: base_ftp = ( /misc/rcsb/prod ) !pdbdev.!anonftp.!pdbanonftp:: base_ftp = ( /tmp ) rcsb:: base_rcsb = ( "$(base_data)/rcsb/root" ) #### # Classes for special confgurations #### solaris.!foreign:: addclasses = ( nqe_client ) nqe_version = ( 3.2.1.2 ) irix_6_2:: kerberos_base = ( "$(base_data)/mips-sgi-irix6.2/kerberos/6.2" ) irix_6_5:: kerberos_base = ( "$(base_data)/mips-sgi-irix6.2/kerberos/6.5" ) !irix:: kerberos_base = ( "$(base_data_arch)" ) ###################################################################### import: any:: cf.site openstep:: cf.openstep cde.sunos_5_5_1:: cf.cde # must be Solaris 2.5.1 and CDE dns_server:: cf.dns lsf:: cf.lsf ogl:: cf.opengl newlprng:: cf.lprng anonftp:: cf.anonftp rcsb:: cf.rcsb cf.rcsbanonftp nqe_master_server|nqe_ex_server|nqe_client:: cf.nqe irix:: cf.irix cf.tcpd linux:: cf.linux cf.tcpd osf:: cf.osf cf.tcpd solaris:: cf.sun cf.solaris sunos_5_5:: cf.solaris2.5 cf.solaris2.5_patch cf.tcpd sunos_5_5_1:: cf.solaris2.5.1 cf.solaris2.5.1_patch cf.tcpd sunos_5_6:: cf.solaris2.6 cf.solaris2.6_patch sunos_5_7:: cf.solaris7 cf.solaris7_patch sunos_5_7.!foreign:: cf.lprng sunos_5_8:: cf.solaris8 cf.solaris8_patch cf.lprng sunos_4_1_4:: cf.sun cf.sunos4.1.4 cf.sunos4.1.4.patches xnewu_client:: cf.xnewu samba_server:: cf.samba dhcp_server:: cf.dhcpd solaris_bootserver:: cf.solaris_bootserver krb5_nrl:: cf.krb5-nrl krb5_1pl1:: cf.krb5-1.0pl1 krb5_1_0_5:: cf.krb5-1.0.5 kdc:: cf.kdc # needs to be "last" ###################################################################### broadcast: ones ###################################################################### resolve: !foreign:: 198.202.75.26 # ns1 132.249.40.25 # ns0-f0 ###################################################################### ignore: # Don't check or tidy these directories /usr/local /local/lib/gnu/emacs/lock/ /local/tmp /local/ftp /local/bin/top /local/lib/tex/fonts /local/etc /local/www /local/httpd_1.4/conf /usr/tmp/locktelelogic /usr/tmp/lockIDE # # Emacs lock files etc # !* # # X11 keeps X server data in /tmp/.X11 # better not delete this! # .X11 # # Some users like to give a file or two 777 protection here # so netsurfers can update a log or counter when running as # `nobody' # www ##################################################################### disable: any:: /etc/nologin extra_security|foreign:: /.rhosts /etc/hosts.equiv #####################################################################