Hello community,
here is the log from the commit of package cfengine-masterfiles for
openSUSE:Factory checked in at 2014-10-18 09:08:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cfengine-masterfiles (Old)
and /work/SRC/openSUSE:Factory/.cfengine-masterfiles.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cfengine-masterfiles"
Changes:
--------
---
/work/SRC/openSUSE:Factory/cfengine-masterfiles/cfengine-masterfiles.changes
2014-08-07 12:38:02.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.cfengine-masterfiles.new/cfengine-masterfiles.changes
2014-10-18 09:08:44.000000000 +0200
@@ -1,0 +2,17 @@
+Thu Oct 9 07:21:46 UTC 2014 - [email protected]
+
+- Update to 3.6.2
+ Bugfix release
+
+-------------------------------------------------------------------
+Tue Sep 16 12:16:41 UTC 2014 - [email protected]
+
+- Update to 3.6.2-build5 pre-release
+
+-------------------------------------------------------------------
+Thu Aug 7 18:02:29 UTC 2014 - [email protected]
+
+- fix build for SLE 11
+ add cfengine-masterfiles-rpmlintrc
+
+-------------------------------------------------------------------
Old:
----
masterfiles-3.6.1.tar.gz
New:
----
cfengine-masterfiles-rpmlintrc
masterfiles-3.6.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cfengine-masterfiles.spec ++++++
--- /var/tmp/diff_new_pack.uo5bAR/_old 2014-10-18 09:08:45.000000000 +0200
+++ /var/tmp/diff_new_pack.uo5bAR/_new 2014-10-18 09:08:45.000000000 +0200
@@ -26,7 +26,7 @@
Summary: CFEngine promises master files
License: MIT and LGPL-3.0+
Group: Productivity/Networking/System
-Version: 3.6.1
+Version: 3.6.2
Release: 0
%define srcname masterfiles-%{version}
Url: http://www.cfengine.org/
@@ -42,6 +42,11 @@
BuildRequires: automake
BuildRequires: findutils
BuildRequires: unzip
+# wtf? SLE_11 does not honor rpmlintrc
+Source1: %{name}-rpmlintrc
+%if 0%{?suse_version} <= 1130
+BuildRequires: -post-build-checks
+%endif
%description
Masterfiles are the pristine version of the CFEngine promises. These
++++++ cfengine-masterfiles-rpmlintrc ++++++
addFilter(".* is not allowed anymore in FHS 2.2.");++++++
masterfiles-3.6.1.tar.gz -> masterfiles-3.6.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/cfe_internal/CFE_cfengine.cf
new/masterfiles-3.6.2/cfe_internal/CFE_cfengine.cf
--- old/masterfiles-3.6.1/cfe_internal/CFE_cfengine.cf 2014-07-24
11:21:34.000000000 +0200
+++ new/masterfiles-3.6.2/cfe_internal/CFE_cfengine.cf 2014-10-01
16:04:11.000000000 +0200
@@ -39,10 +39,6 @@
handle => "cfe_internal_management_setup_knowledge",
comment => "Manage CFE Knowledge Map";
- "hub" usebundle => cfe_internal_hub_maintain,
- handle => "cfe_internal_management_hub_maintain",
- comment => "Start the hub maintenance process";
-
"hub" usebundle => cfe_internal_apache_sudoer,
handle => "cfe_internal_management_apache_sudoer",
comment => "Permit Apache user to run passwordless sudo cf-runagent";
@@ -55,6 +51,13 @@
handle => "cfe_internal_management_php_runalerts",
comment => "To run PHP runalerts to check bundle status on SQL and
Sketch";
+ # As passive hub is supposed to run read-only PostgreSQL instance
+ # doing maintenance makes no sense and is not possible at all.
+ (am_policy_hub.enterprise.!ha_enabled)||(ha_enabled.hub_active)::
+
+ "hub" usebundle => cfe_internal_hub_maintain,
+ handle => "cfe_internal_management_hub_maintain",
+ comment => "Start the hub maintenance process";
"hub" usebundle => cfe_internal_truncate_events,
handle => "cfe_internal_truncate_events",
comment => "To run CFE truncate to pending";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/cfe_internal/CFE_hub_specific.cf
new/masterfiles-3.6.2/cfe_internal/CFE_hub_specific.cf
--- old/masterfiles-3.6.1/cfe_internal/CFE_hub_specific.cf 2014-07-24
11:21:34.000000000 +0200
+++ new/masterfiles-3.6.2/cfe_internal/CFE_hub_specific.cf 2014-10-01
16:04:11.000000000 +0200
@@ -358,7 +358,8 @@
processes:
- kill_script::
+ # Make sure to kill script on non active hub(s).
+ kill_script||(ha_enabled.!hub_active)::
"$(runalerts_script)"
comment => "kill the php runalerts script because it is stale for some
reason",
@@ -366,7 +367,8 @@
signals => { "term" },
classes => if_repaired("run_script");
- any::
+ # Run script only on active hub to not send duplicated alert emails.
+ !ha_enabled||(ha_enabled.hub_active)::
"$(runalerts_script)"
comment => "check if the php runalerts script is running or not",
@@ -377,7 +379,8 @@
commands:
- run_script::
+ # Run script only on active hub to not send duplicated alert emails.
+ (run_script.!ha_enabled)||(run_script.ha_enabled.hub_active)::
"$(runalerts_script) > /dev/null < /dev/null 2>&1 &"
comment => "to run php alerts script",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/cfe_internal/ha/ha.cf
new/masterfiles-3.6.2/cfe_internal/ha/ha.cf
--- old/masterfiles-3.6.1/cfe_internal/ha/ha.cf 1970-01-01 01:00:00.000000000
+0100
+++ new/masterfiles-3.6.2/cfe_internal/ha/ha.cf 2014-10-01 16:04:11.000000000
+0200
@@ -0,0 +1,152 @@
+bundle agent ha_main
+{
+ vars:
+ ha_enabled::
+ "policy_servers" slist => { @(ha_def.ips) };
+ "connected_servers" slist => filter("$(sys.policy_hub)", policy_servers,
false, true, 10);
+
+ classes:
+ ha_enabled::
+ "ha_master_valid" expression => isvariable("sys.hub_active_ip");
+
+ methods:
+ policy_server.enterprise::
+ "manage_mp_ha_enabled_file" usebundle => ha_manage_mp_status_file;
+
+ policy_server.ha_enabled::
+ "sync_client_keys" usebundle => ha_hub_sync_clients_keys;
+ "copy_hubs_keys" usebundle => ha_hub_copy_hubs_keys;
+
+ policy_server.ha_enabled.!hub_active::
+ "sync_config_data" usebundle => ha_hub_sync_config_data;
+
+ policy_server.keys_staged::
+ "establish trust" usebundle => ha_update_staged_ppkeys;
+
+ !policy_server.ha_enabled::
+ "Copy hub keys to clients" usebundle => ha_node_sync_hub_keys;
+ "Write new master IP on hub" usebundle => update_master_ip_server;
+}
+
+# ha_enabled file is used by MP as a first test to figure out if
+# HA functionality is switched on or not. Based on existence of this
+# file further actions are performed.
+bundle agent ha_manage_mp_status_file
+{
+ files:
+ policy_server.!ha_enabled::
+ "$(sys.workdir)/httpd/htdocs/ha_enabled"
+ delete => tidy;
+
+ policy_server.ha_enabled::
+ "$(sys.workdir)/httpd/htdocs/ha_enabled"
+ create => "true",
+ perms => mog("0644",$(def.cf_apache_user),$(def.cf_apache_group));
+}
+
+bundle agent ha_hub_sync_config_data
+{
+ files:
+ "$(sys.workdir)/httpd/htdocs/application/config/cf_robot.php"
+ copy_from =>
no_backup_scp("$(sys.workdir)/httpd/htdocs/application/config/cf_robot.php",
$(sys.hub_active_ip)),
+ comment => "Synchronize cf_robot configuration",
+ handle => "ha_sync_robot_config";
+
+ "$(sys.workdir)/share/GUI/application/config/appsettings.php"
+ copy_from =>
no_backup_scp("$(sys.workdir)/share/GUI/application/config/appsettings.php",
$(sys.hub_active_ip)),
+ comment => "Synchronize appsetings configuration",
+ handle => "ha_sync_appsettings_config";
+
+ "/opt/cfengine/notification_scripts"
+ copy_from => no_backup_scp("/opt/cfengine/notification_scripts",
$(sys.hub_active_ip)),
+ comment => "Copy MP notification scripts",
+ handle => "ha_copy_notification_scripts",
+ depth_search => recurse("1");
+}
+
+bundle agent ha_hub_copy_hubs_keys
+{
+ files:
+ "$(ha_def.ppkeys_hubs)"
+ copy_from => no_backup_cp("$(sys.workdir)/ppkeys"),
+ file_select => hubs_keys_select,
+ comment => "Copy all hubs keys to directory accessible by clients",
+ handle => "ha_copy_hubs_keys",
+ depth_search => recurse("1"),
+ classes => if_repaired("hubs_keys_staged");
+}
+
+
+bundle agent update_master_ip_server
+{
+ files:
+ !policy_server::
+ "$(sys.workdir)/policy_server.dat"
+ copy_from => u_rcp("$(sys.workdir)/state/master_hub.dat",
@(def.policy_servers)),
+ comment => "Update master hub IP on CFEngine node",
+ handle => "ha_cfengine_node_update_master";
+}
+
+bundle agent ha_hub_sync_clients_keys
+{
+ vars:
+ "exclude_files" slist => {"localhost.priv", "localhost.pub",
@(ha_def.hub_shas)};
+ files:
+ "$(ha_def.ppkeys_staging)"
+ copy_from => no_backup_scp("$(sys.workdir)/ppkeys",
@(ha_main.connected_servers)),
+ file_select => ex_list(@(exclude_files)),
+ comment => "Distribute all client keys between replica set servers",
+ handle => "ha_copy_client_keys_between_replica_set_servers",
+ depth_search => recurse("1"),
+ classes => if_repaired("keys_staged");
+}
+
+bundle agent ha_update_staged_ppkeys
+{
+ files:
+ "$(sys.workdir)/ppkeys"
+ copy_from => no_backup_cp("$(ha_def.ppkeys_staging)"),
+ file_select => plain,
+ comment => "Copy staged client keys to ppkeys",
+ handle => "ha_copy_staged_client_keys",
+ depth_search => recurse("1"),
+ classes => if_repaired("ppkeys_updated");
+}
+
+bundle agent ha_node_sync_hub_keys
+{
+ files:
+ !policy_server::
+ "$(sys.workdir)/ppkeys"
+ copy_from => no_backup_scp("$(ha_def.ppkeys_hubs)",
@(def.policy_servers)),
+ file_select => hub_all_keys,
+ depth_search => u_recurse("inf"),
+ comment => "Distribute all hub keys to clients",
+ handle => "ha_copy_hub_keys_to_nodes",
+ classes => if_repaired("keys_copied_clients");
+}
+
+body file_select hub_all_keys
+{
+ leaf_name => {".*.pub"};
+ file_result => "leaf_name";
+}
+
+body file_select hubs_keys_select
+{
+ search_size => irange("426", "426");
+ leaf_name =>
{escape("root-SHA=$(ha_def.config[$(ha_main.connected_servers)][sha]).pub")};
+ file_result => "leaf_name";
+}
+
+
+body copy_from no_backup_scp(from,server)
+{
+ servers => { "$(server)" };
+ source => "$(from)";
+ compare => "digest";
+ copy_backup => "false";
+ encrypt => "true";
+ trustkey => "true";
+}
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/cfe_internal/ha/ha_def.cf
new/masterfiles-3.6.2/cfe_internal/ha/ha_def.cf
--- old/masterfiles-3.6.1/cfe_internal/ha/ha_def.cf 1970-01-01
01:00:00.000000000 +0100
+++ new/masterfiles-3.6.2/cfe_internal/ha/ha_def.cf 2014-10-01
16:04:11.000000000 +0200
@@ -0,0 +1,32 @@
+bundle common ha_def
+{
+ classes:
+ any::
+ "ha_enabled" expression => "!any";
+ #"ha_enabled" expression => "enterprise";
+
+ vars:
+ ha_enabled::
+ "config_file" string => "$(this.promise_dirname)/ha_info.json";
+ "ppkeys_staging" string => "$(sys.workdir)/ppkeys_staging";
+ "ppkeys_hubs" string => "$(sys.workdir)/ppkeys_hubs";
+
+ "config" data => readjson("$(config_file)", "4k");
+
+ "ips" slist => getindices("config");
+
+ "hub_sha[$(ips)]"
+ string => escape("root-SHA=$(config[$(ips)][sha]).pub"),
+ comment => "We need to construct an intermediary array so that we can
+ extract a combined list of all hub keys.";
+
+ "hub_shas"
+ slist => getvalues("hub_sha"),
+ comment => "We use the list of hub key files for restricting clients
access only to those";
+
+ reports:
+ verbose_mode::
+ "HA hub $(ips) $(config[$(ips)][sha])";
+}
+
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/cfe_internal/ha/ha_info.json
new/masterfiles-3.6.2/cfe_internal/ha/ha_info.json
--- old/masterfiles-3.6.1/cfe_internal/ha/ha_info.json 1970-01-01
01:00:00.000000000 +0100
+++ new/masterfiles-3.6.2/cfe_internal/ha/ha_info.json 2014-10-01
16:04:11.000000000 +0200
@@ -0,0 +1,15 @@
+{
+ "192.168.100.10":
+ {
+ "sha": "3e9df4ec8c9826eaa2c397f99eeae22e0a35a22307474d56f7fdedadff7dd485",
+ "internal_ip": "192.168.100.10",
+ "tags": ["node1"]
+ },
+ "192.168.100.11":
+ {
+ "sha": "37baa6f2f18a907131dadbf3e255d4ed0eda2f403e2123bab2c5f82f7ac8cd79",
+ "internal_ip": "192.168.100.11",
+ "tags": ["node2"]
+ }
+}
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/cfe_internal/host_info_report.cf
new/masterfiles-3.6.2/cfe_internal/host_info_report.cf
--- old/masterfiles-3.6.1/cfe_internal/host_info_report.cf 2014-07-24
11:21:34.000000000 +0200
+++ new/masterfiles-3.6.2/cfe_internal/host_info_report.cf 2014-10-01
16:04:11.000000000 +0200
@@ -140,7 +140,7 @@
reports:
host_info_report_output_repaired::
- "Host info report generated and avilable at
'$(host_info_report.host_info_report_output)'";
+ "Host info report generated and available at
'$(host_info_report.host_info_report_output)'";
host_info_report_output_not_ok::
"There was a problem generating your host info report at
'$(host_info_report.host_info_report_output)'";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/controls/cf_serverd.cf
new/masterfiles-3.6.2/controls/cf_serverd.cf
--- old/masterfiles-3.6.1/controls/cf_serverd.cf 2014-07-24
11:21:34.000000000 +0200
+++ new/masterfiles-3.6.2/controls/cf_serverd.cf 2014-10-01
16:04:11.000000000 +0200
@@ -92,34 +92,76 @@
comment => "Grant access to plugins directory",
admit => { @(def.acl) };
+ !windows::
"$(def.cf_runagent_shell)"
handle => "server_access_grant_access_shell_cmd",
comment => "Grant access to shell for cfruncommand",
- admit => { "$(sys.policy_hub)" };
+ admit => { @(def.policy_servers) };
+
+ policy_server.ha_enabled::
+ "$(sys.workdir)/ppkeys"
+ handle => "server_access_grant_access_ppkeys_hubs",
+ comment => "Grant access to ppkeys for HA hubs",
+ admit => { @(def.policy_servers) };
+
+ # Allow slave hub to synchronize cf_robot and appsettings content.
+ # Files are containing configuration that must be the same on all hubs.
+ "$(sys.workdir)/httpd/htdocs/application/config/cf_robot.php"
+ handle => "server_access_grant_access_cf_robot",
+ comment => "Grant access to cf_robot file for HA hubs",
+ admit => { @(def.policy_servers) };
+
+ "$(sys.workdir)/share/GUI/application/config/appsettings.php"
+ handle => "server_access_grant_access_appsettings",
+ comment => "Grant access to appsettings for HA hubs",
+ admit => { @(def.policy_servers) };
+
+ # Allow access to notification_scripts directory so passive hub
+ # will be able to synchronize its content. Once passive hub will
+ # be promoted to act as a master all the custom scripts will be
+ # accessible.
+ "/opt/cfengine/notification_scripts"
+ handle => "server_access_grant_access_notification scripts",
+ comment => "Grant access tonotification scripts",
+ admit => { @(def.policy_servers) };
+
+ # When HA is enabled clients are updating active hub IP address
+ # using data stored in master_hub.dat file.
+ "$(sys.workdir)/state/master_hub.dat"
+ handle => "server_access_grant_access_policy_server_dat",
+ comment => "Grant access to policy_server.dat",
+ admit => { @(def.acl) };
+
+ # Hubs keys working in HA configuration are stored in ppkeys_hubs
directory.
+ # In order to perform failover while active hub is down clients needs to
+ # have all hubs keys. This gives ability to connect to slave hub
promoted to active role
+ # once active is down.
+ "$(sys.workdir)/ppkeys_hubs"
+ handle => "server_access_grant_access_to_clients",
+ comment => "Grant access to hubs' keys to clients",
+ admit => { @(def.acl) };
windows::
"c:\program files\cfengine\bin\cf-agent.exe"
handle => "server_access_grant_access_agent",
comment => "Grant access to the agent (for cf-runagent)",
- admit => { @(def.acl) };
+ admit => { @(def.policy_servers) };
!policy_server.enterprise::
-
"$(query_types)"
handle => "server_access_grant_$(query_types)_for_hosts",
comment => "Grant $(query_types) reporting query for the hub on the
hosts",
resource_type => "query",
report_data_select => default_data_select_host,
- admit => { "$(sys.policy_hub)" };
+ admit => { @(def.policy_servers) };
policy_server.enterprise::
-
"$(query_types)"
handle => "server_access_grant_$(query_types)_for_hub",
comment => "Grant $(query_types) reporting query for the hub on the
policy server",
resource_type => "query",
report_data_select => default_data_select_policy_hub,
- admit => { "$(sys.policy_hub)" };
+ admit => { @(def.policy_servers) };
roles:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/def.cf new/masterfiles-3.6.2/def.cf
--- old/masterfiles-3.6.1/def.cf 2014-07-24 11:21:34.000000000 +0200
+++ new/masterfiles-3.6.2/def.cf 2014-10-01 16:04:11.000000000 +0200
@@ -152,6 +152,15 @@
"$(sys.workdir)/reports",
};
+ # ha_enabled is defined in WORKDIR/cfe_internal/ha/ha_def.cf
+ # Disabled by default
+
+ ha_enabled::
+ "policy_servers" slist => {"$(sys.policy_hub)", @(ha_def.ips)};
+
+ !ha_enabled::
+ "policy_servers" slist => {"$(sys.policy_hub)"};
+
classes:
### Enable special features policies. Set to "any" to enable.
@@ -193,6 +202,11 @@
# sketch activations on a host.
"cfengine_internal_sudoers_editing_enable" expression => "!any";
+ # Class defining which versions of cfengine are (not) supported
+ # by this policy version.
+ # Also note that this policy will only be run on enterprise policy_server
+ "postgresql_maintenance_supported" expression =>
"(policy_server.enterprise.!cfengine_3_5.!ha_enabled)|(policy_server.enterprise.ha_enabled.hub_active)";
+
# This class is for PosgreSQL maintenance
# pre-defined to every Sunday at 2 a.m.
# This can be changed later on.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/inventory/any.cf
new/masterfiles-3.6.2/inventory/any.cf
--- old/masterfiles-3.6.1/inventory/any.cf 2014-07-24 11:21:34.000000000
+0200
+++ new/masterfiles-3.6.2/inventory/any.cf 2014-10-01 16:04:11.000000000
+0200
@@ -63,7 +63,7 @@
# default, as it runs instantly and has no side effects.
{
vars:
- "ports" slist => { @(mon.listening_ports) },
+ "ports" slist => sort( "mon.listening_ports", "int"),
meta => { "inventory", "attribute_name=Ports listening" };
}
@@ -324,14 +324,45 @@
"useshell"),
meta => { "inventory", "attribute_name=$(dmidefs[$(dmivars)])" };
+ windows::
+ "dmi[bios-vendor]" string => $(bios_array[1]),
+ meta => { "inventory", "attribute_name=BIOS vendor" };
+
+ "dmi[system-serial-number]" string => $(bios_array[2]),
+ meta => { "inventory", "attribute_name=System serial number" };
+
+ "dmi[bios-version]" string => $(bios_array[3]),
+ meta => { "inventory", "attribute_name=BIOS version" };
+
+ "dmi[system-version]" string => $(bios_array[4]),
+ meta => { "inventory", "attribute_name=System version" };
+
+ "dmi[processor-version]" string => $(processor_array[1]),
+ meta => { "inventory", "attribute_name=CPU model" };
+
+ "split_pscomputername"
+ slist => string_split($(system_array[1]), "PSComputerName\s.*", 2),
+ comment => "Work around weird appearance of PSComputerName into System
manufacturer";
-
- "_canonified_var[$(dmivars)]" string => canonify($(dmivars));
- "_canonified[$(dmivars)]" string => canonify("$(dmi[$(dmivars)])");
+ "dmi[system-manufacturer]" string => nth(split_pscomputername, 0),
+ meta => { "inventory", "attribute_name=System manufacturer" };
classes:
"have_dmidecode" expression =>
fileexists($(inventory_control.dmidecoder));
+ windows::
+ "bios_match" expression => regextract(".*Manufacturer\s+:\s([a-zA-Z0-9
]+)\n.*SerialNumber\W+([a-zA-Z0-9 ]+).*SMBIOSBIOSVersion\W+([a-zA-Z0-9
]+).*Version\W+([a-zA-Z0-9 -]+)",
+ execresult("gwmi -query 'SELECT
SMBIOSBIOSVersion, Manufacturer, SerialNumber, Version FROM WIN32_BIOS'",
"powershell"),
+ "bios_array");
+
+ "processor_match" expression => regextract(".*Name\W+(.*)",
+ execresult("gwmi -query
'SELECT Name FROM WIN32_PROCESSOR'", "powershell"),
+ "processor_array");
+
+ "system_match" expression => regextract(".*Manufacturer\W+(.*)",
+ execresult("gwmi -query 'SELECT
Manufacturer FROM WIN32_COMPUTERSYSTEM'", "powershell"),
+ "system_array");
+
reports:
inform_mode::
"$(this.bundle): Obtained $(dmidefs[$(dmivars)]) = '$(dmi[$(dmivars)])'";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/inventory/lsb.cf
new/masterfiles-3.6.2/inventory/lsb.cf
--- old/masterfiles-3.6.1/inventory/lsb.cf 2014-07-24 11:21:34.000000000
+0200
+++ new/masterfiles-3.6.2/inventory/lsb.cf 2014-10-01 16:04:11.000000000
+0200
@@ -6,7 +6,8 @@
classes:
"have_lsb" expression => fileexists($(lsb_exec));
- "_inventory_lsb_found" expression => regcmp("^[1-9][0-9]*$", $(dim));
+ "_inventory_lsb_found" expression => regcmp("^[1-9][0-9]*$", $(dim)),
+ scope => "namespace";
_inventory_lsb_found::
"lsb_$(os)" expression => "any",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/inventory/os.cf
new/masterfiles-3.6.2/inventory/os.cf
--- old/masterfiles-3.6.1/inventory/os.cf 1970-01-01 01:00:00.000000000
+0100
+++ new/masterfiles-3.6.2/inventory/os.cf 2014-10-01 16:04:11.000000000
+0200
@@ -0,0 +1,17 @@
+bundle common inventory_os
+{
+vars:
+
+_inventory_lsb_found::
+ "description" string => "$(inventory_lsb.os) $(inventory_lsb.release)",
+ meta => { "inventory", "attribute_name=OS" };
+
+!_inventory_lsb_found.windows::
+ "description" string => "$(sys.release)",
+ meta => { "inventory", "attribute_name=OS" };
+
+!_inventory_lsb_found.!windows::
+ "description" string => "$(sys.flavor) (LSB missing)",
+ meta => { "inventory", "attribute_name=OS" };
+
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/lib/3.5/common.cf
new/masterfiles-3.6.2/lib/3.5/common.cf
--- old/masterfiles-3.6.1/lib/3.5/common.cf 2014-07-24 11:21:34.000000000
+0200
+++ new/masterfiles-3.6.2/lib/3.5/common.cf 2014-10-01 16:04:11.000000000
+0200
@@ -213,9 +213,9 @@
# Define x prefixed/suffixed with promise outcome
{
promise_repaired => { "promise_repaired_$(x)", "$(x)_repaired",
"$(x)_ok", "$(x)_reached" };
- repair_failed => { "repair_failed_$(x)", "$(x)_failed", "$(x)_not_ok",
"$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
- repair_denied => { "repair_denied_$(x)", "$(x)_denied", "$(x)_not_ok",
"$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
- repair_timeout => { "repair_timeout_$(x)", "$(x)_timeout",
"$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
+ repair_failed => { "repair_failed_$(x)", "$(x)_failed", "$(x)_not_ok",
"$(x)_error", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
+ repair_denied => { "repair_denied_$(x)", "$(x)_denied", "$(x)_not_ok",
"$(x)_error", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
+ repair_timeout => { "repair_timeout_$(x)", "$(x)_timeout",
"$(x)_not_ok", "$(x)_error", "$(x)_not_kept", "$(x)_not_repaired",
"$(x)_reached" };
promise_kept => { "promise_kept_$(x)", "$(x)_kept", "$(x)_ok",
"$(x)_not_repaired", "$(x)_reached" };
}
@@ -224,9 +224,9 @@
{
scope => "$(scope)";
promise_repaired => { "promise_repaired_$(x)", "$(x)_repaired",
"$(x)_ok", "$(x)_reached" };
- repair_failed => { "repair_failed_$(x)", "$(x)_failed", "$(x)_not_ok",
"$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
- repair_denied => { "repair_denied_$(x)", "$(x)_denied", "$(x)_not_ok",
"$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
- repair_timeout => { "repair_timeout_$(x)", "$(x)_timeout",
"$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
+ repair_failed => { "repair_failed_$(x)", "$(x)_failed", "$(x)_not_ok",
"$(x)_error", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
+ repair_denied => { "repair_denied_$(x)", "$(x)_denied", "$(x)_not_ok",
"$(x)_error", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
+ repair_timeout => { "repair_timeout_$(x)", "$(x)_timeout",
"$(x)_not_ok", "$(x)_error", "$(x)_not_kept", "$(x)_not_repaired",
"$(x)_reached" };
promise_kept => { "promise_kept_$(x)", "$(x)_kept", "$(x)_ok",
"$(x)_not_repaired", "$(x)_reached" };
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/lib/3.5/packages.cf
new/masterfiles-3.6.2/lib/3.5/packages.cf
--- old/masterfiles-3.6.1/lib/3.5/packages.cf 2014-07-24 11:21:34.000000000
+0200
+++ new/masterfiles-3.6.2/lib/3.5/packages.cf 2014-10-01 16:04:11.000000000
+0200
@@ -1016,8 +1016,8 @@
{
package_changes => "bulk";
package_list_command => "/opt/local/bin/pkgin list";
- package_list_name_regex => "(.*)\-[0-9]+.*";
- package_list_version_regex => ".*\-([0-9][^\s]+).*";
+ package_list_name_regex => "([^\s]+)\-[0-9]+.*\s";
+ package_list_version_regex => "[^\s]+\-([0-9][^\s]+)\s";
package_installed_regex => ".*"; # all reported are installed
@@ -1027,10 +1027,10 @@
package_add_command => "/opt/local/bin/pkgin -y install";
package_delete_command => "/opt/local/bin/pkgin -y remove";
-
+
# pkgin update doesn't do what you think it does. pkgin install against
and
# already installed package will upgrade it however.
-
+
package_update_command => "/opt/local/bin/pkgin -y install";
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/lib/3.5/paths.cf
new/masterfiles-3.6.2/lib/3.5/paths.cf
--- old/masterfiles-3.6.1/lib/3.5/paths.cf 2014-07-24 11:21:34.000000000
+0200
+++ new/masterfiles-3.6.2/lib/3.5/paths.cf 2014-10-01 16:04:11.000000000
+0200
@@ -103,6 +103,7 @@
"path[dmidecode]" string => "/usr/bin/dmidecode";
"path[echo]" string => "/usr/bin/echo";
"path[egrep]" string => "/usr/bin/egrep";
+ "path[ethtool]" string => "/usr/bin/ethtool";
"path[find]" string => "/usr/bin/find";
"path[free]" string => "/usr/bin/free";
"path[grep]" string => "/usr/bin/grep";
@@ -184,6 +185,10 @@
"path[sort]" string => "/usr/bin/sort";
"path[tr]" string => "/usr/bin/tr";
+ smartos::
+ "path[npm]" string => "/opt/local/bin/npm";
+ "path[pip]" string => "/opt/local/bin/pip";
+
solaris::
"path[awk]" string => "/usr/bin/awk";
@@ -243,6 +248,7 @@
"path[domainname]" string => "/bin/domainname";
"path[echo]" string => "/bin/echo";
"path[egrep]" string => "/bin/egrep";
+ "path[ethtool]" string => "/usr/sbin/ethtool";
"path[find]" string => "/usr/bin/find";
"path[grep]" string => "/bin/grep";
"path[hostname]" string => "/bin/hostname";
@@ -330,6 +336,7 @@
"path[domainname]" string => "/bin/domainname";
"path[echo]" string => "/bin/echo";
"path[egrep]" string => "/bin/egrep";
+ "path[ethtool]" string => "/sbin/ethtool";
"path[find]" string => "/usr/bin/find";
"path[grep]" string => "/bin/grep";
"path[hostname]" string => "/bin/hostname";
@@ -396,6 +403,7 @@
"path[domainname]" string => "/bin/domainname";
"path[echo]" string => "/bin/echo";
"path[egrep]" string => "/usr/bin/egrep";
+ "path[ethtool]" string => "/usr/sbin/ethtool";
"path[find]" string => "/usr/bin/find";
"path[free]" string => "/usr/bin/free";
"path[grep]" string => "/usr/bin/grep";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/lib/3.6/cfe_internal.cf
new/masterfiles-3.6.2/lib/3.6/cfe_internal.cf
--- old/masterfiles-3.6.1/lib/3.6/cfe_internal.cf 2014-07-24
11:21:34.000000000 +0200
+++ new/masterfiles-3.6.2/lib/3.6/cfe_internal.cf 2014-10-01
16:04:11.000000000 +0200
@@ -127,7 +127,7 @@
},
{
"report":
"diagnostics",
- "table":
"__Diagnostics",
+ "table":
"Diagnostics",
"history_length_days": 1,
"time_key":
"TimeStamp"
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/lib/3.6/common.cf
new/masterfiles-3.6.2/lib/3.6/common.cf
--- old/masterfiles-3.6.1/lib/3.6/common.cf 2014-07-24 11:21:34.000000000
+0200
+++ new/masterfiles-3.6.2/lib/3.6/common.cf 2014-10-01 16:04:11.000000000
+0200
@@ -257,9 +257,9 @@
# @param x The unique part of the classes to be defined
{
promise_repaired => { "promise_repaired_$(x)", "$(x)_repaired",
"$(x)_ok", "$(x)_reached" };
- repair_failed => { "repair_failed_$(x)", "$(x)_failed", "$(x)_not_ok",
"$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
- repair_denied => { "repair_denied_$(x)", "$(x)_denied", "$(x)_not_ok",
"$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
- repair_timeout => { "repair_timeout_$(x)", "$(x)_timeout",
"$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
+ repair_failed => { "repair_failed_$(x)", "$(x)_failed", "$(x)_not_ok",
"$(x)_error", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
+ repair_denied => { "repair_denied_$(x)", "$(x)_denied", "$(x)_not_ok",
"$(x)_error", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
+ repair_timeout => { "repair_timeout_$(x)", "$(x)_timeout",
"$(x)_not_ok", "$(x)_error","$(x)_not_kept", "$(x)_not_repaired",
"$(x)_reached" };
promise_kept => { "promise_kept_$(x)", "$(x)_kept", "$(x)_ok",
"$(x)_not_repaired", "$(x)_reached" };
}
@@ -273,9 +273,9 @@
{
scope => "$(scope)";
promise_repaired => { "promise_repaired_$(x)", "$(x)_repaired",
"$(x)_ok", "$(x)_reached" };
- repair_failed => { "repair_failed_$(x)", "$(x)_failed", "$(x)_not_ok",
"$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
- repair_denied => { "repair_denied_$(x)", "$(x)_denied", "$(x)_not_ok",
"$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
- repair_timeout => { "repair_timeout_$(x)", "$(x)_timeout",
"$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
+ repair_failed => { "repair_failed_$(x)", "$(x)_failed", "$(x)_not_ok",
"$(x)_error", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
+ repair_denied => { "repair_denied_$(x)", "$(x)_denied", "$(x)_not_ok",
"$(x)_error", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" };
+ repair_timeout => { "repair_timeout_$(x)", "$(x)_timeout",
"$(x)_not_ok", "$(x)_error", "$(x)_not_kept", "$(x)_not_repaired",
"$(x)_reached" };
promise_kept => { "promise_kept_$(x)", "$(x)_kept", "$(x)_ok",
"$(x)_not_repaired", "$(x)_reached" };
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/lib/3.6/files.cf
new/masterfiles-3.6.2/lib/3.6/files.cf
--- old/masterfiles-3.6.1/lib/3.6/files.cf 2014-07-24 11:21:34.000000000
+0200
+++ new/masterfiles-3.6.2/lib/3.6/files.cf 2014-10-01 16:04:11.000000000
+0200
@@ -1348,6 +1348,17 @@
preserve => "true";
}
+body copy_from perms_dcp(from)
+# @brief Copy a local file if it is different from the existing copy and
+# preserve file permissions on the local copy.
+#
+# @param from The path to the source file.
+{
+ source => "$(from)";
+ preserve => "true";
+ compare => "digest";
+}
+
body copy_from backup_local_cp(from)
# @brief Copy a local file and keep a backup of old versions.
#
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/lib/3.6/packages.cf
new/masterfiles-3.6.2/lib/3.6/packages.cf
--- old/masterfiles-3.6.1/lib/3.6/packages.cf 2014-07-24 11:21:34.000000000
+0200
+++ new/masterfiles-3.6.2/lib/3.6/packages.cf 2014-10-01 16:04:11.000000000
+0200
@@ -1195,8 +1195,8 @@
{
package_changes => "bulk";
package_list_command => "/opt/local/bin/pkgin list";
- package_list_name_regex => "(.*)\-[0-9]+.*";
- package_list_version_regex => ".*\-([0-9][^\s]+).*";
+ package_list_name_regex => "([^\s]+)\-[0-9]+.*\s";
+ package_list_version_regex => "[^\s]+\-([0-9][^\s]+)\s";
package_installed_regex => ".*"; # all reported are installed
@@ -1206,10 +1206,10 @@
package_add_command => "/opt/local/bin/pkgin -y install";
package_delete_command => "/opt/local/bin/pkgin -y remove";
-
+
# pkgin update doesn't do what you think it does. pkgin install against
and
# already installed package will upgrade it however.
-
+
package_update_command => "/opt/local/bin/pkgin -y install";
}
@@ -1832,19 +1832,19 @@
debian::
"$(package)"
package_policy => "addupdate",
- package_version => "9999999999",
+ package_version => "999999999",
package_method => apt_get_permissive;
redhat::
"$(package)"
package_policy => "addupdate",
- package_version => "9999999999",
+ package_version => "999999999",
package_method => yum_rpm_permissive;
suse::
"$(package)"
package_policy => "addupdate",
- package_version => "9999999999",
+ package_version => "999999999",
package_method => zypper;
!debian.!redhat.!suse::
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/lib/3.6/paths.cf
new/masterfiles-3.6.2/lib/3.6/paths.cf
--- old/masterfiles-3.6.1/lib/3.6/paths.cf 2014-07-24 11:21:34.000000000
+0200
+++ new/masterfiles-3.6.2/lib/3.6/paths.cf 2014-10-01 16:04:11.000000000
+0200
@@ -141,6 +141,7 @@
"path[dmidecode]" string => "/usr/bin/dmidecode";
"path[echo]" string => "/usr/bin/echo";
"path[egrep]" string => "/usr/bin/egrep";
+ "path[ethtool]" string => "/usr/bin/ethtool";
"path[find]" string => "/usr/bin/find";
"path[free]" string => "/usr/bin/free";
"path[grep]" string => "/usr/bin/grep";
@@ -170,12 +171,11 @@
"path[journalctl]" string => "/usr/bin/journalctl";
"path[netctl]" string => "/usr/bin/netctl";
- freebsd|netbsd::
+ freebsd|netbsd|openbsd::
"path[awk]" string => "/usr/bin/awk";
"path[bc]" string => "/usr/bin/bc";
"path[cat]" string => "/bin/cat";
- "path[cksum]" string => "/usr/bin/cksum";
"path[crontabs]" string => "/var/cron/tabs";
"path[cut]" string => "/usr/bin/cut";
"path[dc]" string => "/usr/bin/dc";
@@ -194,32 +194,19 @@
"path[sed]" string => "/usr/bin/sed";
"path[sort]" string => "/usr/bin/sort";
"path[tr]" string => "/usr/bin/tr";
+
+ freebsd|netbsd::
+
+ "path[cksum]" string => "/usr/bin/cksum";
"path[realpath]" string => "/bin/realpath";
openbsd::
- "path[awk]" string => "/usr/bin/awk";
- "path[bc]" string => "/usr/bin/bc";
- "path[cat]" string => "/bin/cat";
"path[cksum]" string => "/bin/cksum";
- "path[crontabs]" string => "/var/cron/tabs";
- "path[cut]" string => "/usr/bin/cut";
- "path[dc]" string => "/usr/bin/dc";
- "path[df]" string => "/bin/df";
- "path[diff]" string => "/usr/bin/diff";
- "path[dig]" string => "/usr/sbin/dig";
- "path[echo]" string => "/bin/echo";
- "path[egrep]" string => "/usr/bin/egrep";
- "path[find]" string => "/usr/bin/find";
- "path[grep]" string => "/usr/bin/grep";
- "path[ls]" string => "/bin/ls";
- "path[netstat]" string => "/usr/bin/netstat";
- "path[ping]" string => "/usr/bin/ping";
- "path[perl]" string => "/usr/bin/perl";
- "path[printf]" string => "/usr/bin/printf";
- "path[sed]" string => "/usr/bin/sed";
- "path[sort]" string => "/usr/bin/sort";
- "path[tr]" string => "/usr/bin/tr";
+
+ smartos::
+ "path[npm]" string => "/opt/local/bin/npm";
+ "path[pip]" string => "/opt/local/bin/pip";
solaris::
@@ -280,6 +267,7 @@
"path[domainname]" string => "/bin/domainname";
"path[echo]" string => "/bin/echo";
"path[egrep]" string => "/bin/egrep";
+ "path[ethtool]" string => "/usr/sbin/ethtool";
"path[find]" string => "/usr/bin/find";
"path[grep]" string => "/bin/grep";
"path[hostname]" string => "/bin/hostname";
@@ -367,6 +355,7 @@
"path[domainname]" string => "/bin/domainname";
"path[echo]" string => "/bin/echo";
"path[egrep]" string => "/bin/egrep";
+ "path[ethtool]" string => "/sbin/ethtool";
"path[find]" string => "/usr/bin/find";
"path[grep]" string => "/bin/grep";
"path[hostname]" string => "/bin/hostname";
@@ -412,7 +401,7 @@
"path[sysctl]" string => "/sbin/sysctl";
!suse::
- "path[logger]" string => "/usr/bin/logger";
+ "path[logger]" string => "/usr/bin/logger";
suse::
@@ -433,6 +422,7 @@
"path[domainname]" string => "/bin/domainname";
"path[echo]" string => "/bin/echo";
"path[egrep]" string => "/usr/bin/egrep";
+ "path[ethtool]" string => "/usr/sbin/ethtool";
"path[find]" string => "/usr/bin/find";
"path[free]" string => "/usr/bin/free";
"path[grep]" string => "/usr/bin/grep";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/lib/3.6/reports.cf
new/masterfiles-3.6.2/lib/3.6/reports.cf
--- old/masterfiles-3.6.1/lib/3.6/reports.cf 2014-07-24 11:21:34.000000000
+0200
+++ new/masterfiles-3.6.2/lib/3.6/reports.cf 2014-10-01 16:04:11.000000000
+0200
@@ -56,9 +56,7 @@
{
metatags_include => { "inventory", "report" };
metatags_exclude => { "noreport" };
- monitoring_include => { "cpu",
- "loadavg",
- "diskfree" };
+ monitoring_include => { "" };
}
body report_data_select default_data_select_policy_hub
@@ -70,5 +68,5 @@
{
metatags_include => { "inventory", "report" };
metatags_exclude => { "noreport" };
-
+ monitoring_include => { "" };
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/promises.cf
new/masterfiles-3.6.2/promises.cf
--- old/masterfiles-3.6.1/promises.cf 2014-07-24 11:21:34.000000000 +0200
+++ new/masterfiles-3.6.2/promises.cf 2014-10-01 16:04:11.000000000 +0200
@@ -12,6 +12,7 @@
# Common bundle first (Best Practice)
inventory_control,
@(inventory.bundles),
+ ha_def,
def,
cfe_internal_hub_vars,
@@ -25,11 +26,13 @@
# Agent bundle
cfe_internal_management, # See
cfe_internal/CFE_cfengine.cf
service_catalogue,
+ ha_main,
};
inputs => {
# File definition for global variables and classes
+ "cfe_internal/ha/ha_def.cf",
"def.cf",
# Inventory policy
@@ -66,10 +69,11 @@
# List of services here
"services/file_change.cf",
+ "cfe_internal/ha/ha.cf"
};
- version => "CFEngine Promises.cf 3.6.0";
+ version => "CFEngine Promises.cf 3.6.2";
# Uncomment to connect to the hub using latest protocol.
#protocol_version => "latest";
@@ -97,26 +101,26 @@
vars:
# This list is intended to grow as needed
!(cfengine_3_4|cfengine_3_5).debian::
- "inputs" slist => { "inventory/any.cf", "inventory/linux.cf",
"inventory/lsb.cf", "inventory/debian.cf" };
- "bundles" slist => { "inventory_control", "inventory_any",
"inventory_autorun", "inventory_linux", "inventory_lsb", "inventory_debian" };
+ "inputs" slist => { "inventory/any.cf", "inventory/linux.cf",
"inventory/lsb.cf", "inventory/debian.cf", "inventory/os.cf" };
+ "bundles" slist => { "inventory_control", "inventory_any",
"inventory_autorun", "inventory_linux", "inventory_lsb", "inventory_debian",
"inventory_os" };
!(cfengine_3_4|cfengine_3_5).redhat::
- "inputs" slist => { "inventory/any.cf", "inventory/linux.cf",
"inventory/lsb.cf", "inventory/redhat.cf" };
- "bundles" slist => { "inventory_control", "inventory_any",
"inventory_autorun", "inventory_linux", "inventory_lsb", "inventory_redhat" };
+ "inputs" slist => { "inventory/any.cf", "inventory/linux.cf",
"inventory/lsb.cf", "inventory/redhat.cf", "inventory/os.cf" };
+ "bundles" slist => { "inventory_control", "inventory_any",
"inventory_autorun", "inventory_linux", "inventory_lsb", "inventory_redhat",
"inventory_os" };
!(cfengine_3_4|cfengine_3_5).suse::
- "inputs" slist => { "inventory/any.cf", "inventory/linux.cf",
"inventory/lsb.cf", "inventory/suse.cf" };
- "bundles" slist => { "inventory_control", "inventory_any",
"inventory_autorun", "inventory_linux", "inventory_lsb", "inventory_suse" };
+ "inputs" slist => { "inventory/any.cf", "inventory/linux.cf",
"inventory/lsb.cf", "inventory/suse.cf", "inventory/os.cf" };
+ "bundles" slist => { "inventory_control", "inventory_any",
"inventory_autorun", "inventory_linux", "inventory_lsb", "inventory_suse",
"inventory_os" };
!(cfengine_3_4|cfengine_3_5).windows::
- "inputs" slist => { "inventory/any.cf", "inventory/windows.cf" };
- "bundles" slist => { "inventory_control", "inventory_any",
"inventory_autorun", "inventory_windows" };
+ "inputs" slist => { "inventory/any.cf", "inventory/windows.cf",
"inventory/os.cf" };
+ "bundles" slist => { "inventory_control", "inventory_any",
"inventory_autorun", "inventory_windows", "inventory_os" };
!(cfengine_3_4|cfengine_3_5).macos::
- "inputs" slist => { "inventory/any.cf", "inventory/macos.cf" };
- "bundles" slist => { "inventory_control", "inventory_any",
"inventory_autorun", "inventory_macos" };
+ "inputs" slist => { "inventory/any.cf", "inventory/macos.cf",
"inventory/os.cf" };
+ "bundles" slist => { "inventory_control", "inventory_any",
"inventory_autorun", "inventory_macos", "inventory_os" };
!(cfengine_3_4|cfengine_3_5).linux.!specific_linux_os::
- "inputs" slist => { "inventory/any.cf", "inventory/linux.cf",
"inventory/lsb.cf" };
- "bundles" slist => { "inventory_control", "inventory_any",
"inventory_autorun", "inventory_linux", "inventory_lsb" };
+ "inputs" slist => { "inventory/any.cf", "inventory/linux.cf",
"inventory/lsb.cf", "inventory/os.cf" };
+ "bundles" slist => { "inventory_control", "inventory_any",
"inventory_autorun", "inventory_linux", "inventory_lsb", "inventory_os" };
!cfengine_3_5.other_unix_os::
- "inputs" slist => { "inventory/any.cf", "inventory/generic.cf" };
- "bundles" slist => { "inventory_control", "inventory_any",
"inventory_autorun", "inventory_generic" };
+ "inputs" slist => { "inventory/any.cf", "inventory/generic.cf",
"inventory/os.cf" };
+ "bundles" slist => { "inventory_control", "inventory_any",
"inventory_autorun", "inventory_generic", "inventory_os" };
(cfengine_3_4|cfengine_3_5)::
"inputs" slist => { cf_null };
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/update/update_bins.cf
new/masterfiles-3.6.2/update/update_bins.cf
--- old/masterfiles-3.6.1/update/update_bins.cf 2014-07-24 11:21:34.000000000
+0200
+++ new/masterfiles-3.6.2/update/update_bins.cf 2014-10-01 16:04:11.000000000
+0200
@@ -175,7 +175,7 @@
package_policy => "update",
package_select => "==", # picks the newest Nova available
package_architectures => { "$(pkgarch)" },
- package_version => "3.6.1-1", # Install new Nova anyway
+ package_version => "3.6.2-1", # Install new Nova anyway
package_method => u_generic( "$(local_software_dir)" ),
ifvarclass => "nova_edition.have_software_dir",
classes => u_if_else("bin_update_success", "bin_update_fail");
@@ -188,7 +188,7 @@
package_policy => "update",
package_select => "==", # picks the newest Nova available
package_architectures => { "$(pkgarch)" },
- package_version => "3.6.1", # Install new Nova anyway
+ package_version => "3.6.2", # Install new Nova anyway
package_method => u_generic( "$(local_software_dir)" ),
ifvarclass => "nova_edition.have_software_dir",
classes => u_if_else("bin_update_success", "bin_update_fail");
@@ -201,7 +201,7 @@
package_policy => "update",
package_select => "==", # picks the newest Nova available
package_architectures => { "$(pkgarch)" },
- package_version => "3.6.1.0", # Install new Nova anyway
+ package_version => "3.6.2.0", # Install new Nova anyway
package_method => u_generic( "$(local_software_dir)" ),
ifvarclass => "nova_edition.have_software_dir",
classes => u_if_else("bin_update_success", "bin_update_fail");
@@ -214,7 +214,7 @@
package_policy => "update",
package_select => "==", # picks the newest Nova available
package_architectures => { "$(pkgarch)" },
- package_version => "3.6.1-1", # Install new Nova anyway
+ package_version => "3.6.2-1", # Install new Nova anyway
package_method => u_generic( "$(local_software_dir)" ),
ifvarclass => "nova_edition.have_software_dir",
classes => u_if_else("bin_update_success", "bin_update_fail");
@@ -227,7 +227,7 @@
package_policy => "update",
package_select => "==", # picks the newest Nova available
package_architectures => { "$(pkgarch)" },
- package_version => "3.6.1", # Install new Nova anyway
+ package_version => "3.6.2", # Install new Nova anyway
package_method => u_generic( "$(local_software_dir)" ),
ifvarclass => "nova_edition.have_software_dir",
classes => u_if_else("bin_update_success", "bin_update_fail");
@@ -240,7 +240,20 @@
package_policy => "update",
package_select => "==", # picks the newest Nova available
package_architectures => { "$(pkgarch)" },
- package_version => "3.6.1.0", # Install new Nova anyway
+ package_version => "3.6.2.0", # Install new Nova anyway
+ package_method => u_generic( "$(local_software_dir)" ),
+ ifvarclass => "nova_edition.have_software_dir",
+ classes => u_if_else("bin_update_success", "bin_update_fail");
+
+ !am_policy_hub.aix.enterprise::
+
+ "$(novapkg)"
+ comment => "Update Nova package to a newer version (package is there)",
+ handle =>
"cfe_internal_update_bins_packages_nova_update_aix_only_pkg_there",
+ package_policy => "update",
+ package_select => "==", # picks the newest Nova available
+ package_architectures => { "$(pkgarch)" },
+ package_version => "3.6.2.0", # Install new Nova anyway
package_method => u_generic( "$(local_software_dir)" ),
ifvarclass => "nova_edition.have_software_dir",
classes => u_if_else("bin_update_success", "bin_update_fail");
@@ -282,14 +295,14 @@
"$(sys.workdir)/bin/cf-upgrade"
comment => "Copy cf-upgrade binary from policy hub for i386 linux",
handle => "cfe_internal_update_bins_files_cf_upgrade_i386_linux",
- copy_from =>
u_rcp("$(master_software_location)/cf-upgrade/linux.i386/cf-upgrade","$(sys.policy_hub)"),
+ copy_from =>
u_rcp("$(master_software_location)/cf-upgrade/linux.i386/cf-upgrade",
@(update_def.policy_servers)),
perms => u_m("0755"),
ifvarclass => "linux.i686";
"$(sys.workdir)/bin/cf-upgrade"
comment => "Copy cf-upgrade binary from policy hub for x86_64 linux",
handle => "cfe_internal_update_bins_files_cf_upgrade_x86_64_linux",
- copy_from =>
u_rcp("$(master_software_location)/cf-upgrade/linux.x86_64/cf-upgrade","$(sys.policy_hub)"),
+ copy_from =>
u_rcp("$(master_software_location)/cf-upgrade/linux.x86_64/cf-upgrade",
@(update_def.policy_servers)),
perms => u_m("0755"),
ifvarclass => "linux.x86_64";
@@ -312,7 +325,7 @@
"$(local_software_dir)"
comment => "Copy binary updates from master source on policy server",
handle => "cfe_internal_update_bins_files_pkg_copy",
- copy_from =>
u_pcp("$(master_software_location)/$(sys.flavour)_$(sys.arch)","$(sys.policy_hub)"),
+ copy_from =>
u_pcp("$(master_software_location)/$(sys.flavour)_$(sys.arch)",
@(update_def.policy_servers)),
depth_search => u_recurse("1"), # Nova updates should be in root dir
action => u_immediate,
classes => u_if_repaired("bin_newpkg");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/update/update_policy.cf
new/masterfiles-3.6.2/update/update_policy.cf
--- old/masterfiles-3.6.1/update/update_policy.cf 2014-07-24
11:21:34.000000000 +0200
+++ new/masterfiles-3.6.2/update/update_policy.cf 2014-10-01
16:04:11.000000000 +0200
@@ -156,7 +156,7 @@
"$(inputs_dir)/cf_promises_validated"
comment => "Check whether a validation stamp is available for a new
policy update to reduce the distributed load",
handle => "cfe_internal_update_policy_check_valid_update",
- copy_from =>
u_rcp("$(master_location)/cf_promises_validated","$(sys.policy_hub)"),
+ copy_from => u_rcp("$(master_location)/cf_promises_validated",
@(update_def.policy_servers)),
action => u_immediate,
classes => u_if_repaired("validated_updates_ready");
@@ -165,7 +165,7 @@
"$(modules_dir)"
comment => "Always update modules files on client side",
handle => "cfe_internal_update_policy_files_update_modules",
- copy_from => u_rcp("$(modules_dir)","$(sys.policy_hub)"),
+ copy_from => u_rcp("$(modules_dir)", @(update_def.policy_servers)),
depth_search => u_recurse("inf"),
perms => u_m("755"),
action => u_immediate;
@@ -173,7 +173,7 @@
"$(plugins_dir)"
comment => "Always update plugins files on client side",
handle => "cfe_internal_update_policy_files_update_plugins",
- copy_from => u_rcp("$(plugins_dir)","$(sys.policy_hub)"),
+ copy_from => u_rcp("$(plugins_dir)", @(update_def.policy_servers)),
depth_search => u_recurse("inf"),
perms => u_m("755"),
action => u_immediate;
@@ -183,7 +183,7 @@
"$(sys.workdir)\modules"
comment => "Always update modules files on client side (Windows)",
handle => "cfe_internal_update_policy_files_update_modules_windows",
- copy_from => u_rcp("$(modules_dir)","$(sys.policy_hub)"),
+ copy_from => u_rcp("$(modules_dir)", @(update_def.policy_servers)),
depth_search => u_recurse("inf"),
perms => u_m("755"),
action => u_immediate;
@@ -191,7 +191,7 @@
"$(sys.workdir)\plugins"
comment => "Always update plugins files on client side (Windows)",
handle => "cfe_internal_update_policy_files_update_plugins_windows",
- copy_from => u_rcp("$(plugins_dir)","$(sys.policy_hub)"),
+ copy_from => u_rcp("$(plugins_dir)", @(update_def.policy_servers)),
depth_search => u_recurse("inf"),
perms => u_m("755"),
action => u_immediate;
@@ -201,12 +201,20 @@
"$(inputs_dir)"
comment => "Copy policy updates from master source on policy server if a
new validation was acquired",
handle => "cfe_internal_update_policy_files_inputs_dir",
- copy_from => u_rcp("$(master_location)","$(sys.policy_hub)"),
+ copy_from => u_rcp("$(master_location)", @(update_def.policy_servers)),
depth_search => u_recurse("inf"),
file_select => u_input_files,
action => u_immediate,
classes => u_if_repaired("update_report");
+ !policy_server.ha_enabled::
+ "$(sys.workdir)/policy_server.dat"
+ comment => "Copy policy_server.dat file from server",
+ handle => "cfe_internal_update_ha_policy_server",
+ copy_from => u_rcp("$(sys.workdir)/state/master_hub.dat",
@(update_def.policy_servers)),
+ action => u_immediate,
+ classes => u_if_repaired("replica_failover"); # not needed ?
+
!windows::
"$(dir_bin)/$(agents)"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/update/update_processes.cf
new/masterfiles-3.6.2/update/update_processes.cf
--- old/masterfiles-3.6.1/update/update_processes.cf 2014-07-24
11:21:34.000000000 +0200
+++ new/masterfiles-3.6.2/update/update_processes.cf 2014-10-01
16:04:11.000000000 +0200
@@ -142,18 +142,19 @@
handle => "cfe_internal_maintain_cfe_hub_process_processes_redis",
ifvarclass => "nova|enterprise";
- "$(cfe_internal_process_knowledge.bindir)/postgres"
- restart_class => "start_postgres_server",
- comment => "Monitor postgres process",
- handle => "cfe_internal_maintain_cfe_hub_process_processes_postgres",
- ifvarclass => "nova|enterprise";
-
"$(cfe_internal_process_knowledge.bindir)/cf-consumer"
restart_class => "start_cf_consumer",
comment => "Monitor cf-consumer process",
handle => "cfe_internal_maintain_cfe_hub_process_processes_cf_consumer",
ifvarclass => "(nova|enterprise).no_vacuumdb";
+ am_policy_hub.!ha_enabled::
+ "$(cfe_internal_process_knowledge.bindir)/postgres"
+ restart_class => "start_postgres_server",
+ comment => "Monitor postgres process",
+ handle => "cfe_internal_maintain_cfe_hub_process_processes_postgres",
+ ifvarclass => "nova|enterprise";
+
am_policy_hub.files_ok.!windows::
"cf-hub" restart_class => "start_hub",
comment => "Monitor cf-hub process",
@@ -182,7 +183,7 @@
classes => u_kept_successful_command,
handle => "cfe_internal_maintain_cfe_hub_process_commands_start_redis";
- !windows.am_policy_hub.start_postgres_server::
+ !windows.am_policy_hub.!ha_enabled.start_postgres_server::
"$(cfe_internal_process_knowledge.bindir)/pg_ctl -D
$(cfe_internal_update_policy.postgresdb_dir) -l
$(cfe_internal_update_policy.postgresdb_log) start"
contain => u_postgres,
comment => "Start postgres process",
@@ -386,5 +387,5 @@
repair_failed => { $(theclass) };
repair_denied => { $(theclass) };
repair_timeout => { $(theclass) };
- persist_time => 99999999999;
+ persist_time => 999999999;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/masterfiles-3.6.1/update.cf
new/masterfiles-3.6.2/update.cf
--- old/masterfiles-3.6.1/update.cf 2014-07-24 11:21:34.000000000 +0200
+++ new/masterfiles-3.6.2/update.cf 2014-10-01 16:04:11.000000000 +0200
@@ -7,6 +7,7 @@
body common control
{
bundlesequence => {
+ "ha_def",
"update_def",
"cfe_internal_dc_workflow",
"cfe_internal_update_policy",
@@ -14,9 +15,10 @@
"cfe_internal_update_processes",
};
- version => "update.cf 3.6.1";
+ version => "update.cf 3.6.2";
inputs => {
+ "cfe_internal/ha/ha_def.cf",
"update/update_bins.cf",
"update/cfe_internal_dc_workflow.cf",
"update/cfe_internal_local_git_remote.cf",
@@ -43,7 +45,7 @@
{
vars:
"input_name_patterns" slist => { ".*\.cf",".*\.dat",".*\.txt",
".*\.conf", ".*\.mustache",
- "cf_promises_release_id" },
+ "cf_promises_release_id", ".*\.json" },
comment => "Filename patterns to match when updating the policy (see
update/update_policy.cf)",
handle => "common_def_vars_input_name_patterns";
@@ -75,6 +77,15 @@
comment => "Group that CFEngine Enterprise webserver runs as",
handle => "common_def_vars_cf_cfapache_group";
+ # ha_enabled is defined in WORKDIR/cfe_internal/ha/ha_def.cf
+ # Disabled by default
+
+ ha_enabled::
+ "policy_servers" slist => {"$(sys.policy_hub)", @(ha_def.ips)};
+
+ !ha_enabled::
+ "policy_servers" slist => {"$(sys.policy_hub)"};
+
classes:
# Trigger binary upgrade from policy hub
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
