Will, I don't really have time to look closely right now, but this might be due to a bug that was cleared up a while ago. You could try 2.2.7 to see if it works.
good luck M Will Murnane wrote: > I have a file which has rules for managing Solaris services, and the > rules are apparently being applied selectively. Here's a cut-down > version of the file. /usr/site/sbin/check-service is a script that > makes sure that a service is enabled and running properly (and sends > email if it's not). > shellcommands: > (solaris|solarisx86):: > "/usr/site/sbin/check-service svc:/network/nis/client:default" > "/usr/site/sbin/check-service > svc:/system/filesystem/autofs:default" > "/usr/sbin/svcadm enable > svc:/network/security/ktkt_warn:default" > "/usr/sbin/svcadm enable svc:/network/smtp-local:sendmail" > stunnelservers.(solaris|solarisx86):: > "/usr/site/sbin/check-service svc:/network/stunnel:default" > ... (more services to enable follow) > # Here begin services that must be disabled > (solaris|solarisx86):: > "/usr/sbin/svcadm disable > svc:/network/rpc/cde-calendar-manager:default" > !stunnelservers.(solaris|solarisx86):: > "/usr/sbin/svcadm disable svc:/network/CSEEstunnel:default" > > and output from "cfagent -qv" on a machine in the stunnelservers group: > Defined Classes = ( 130_85_36 130_85_36_80 32_bit Day13 Friday Hr14 > Hr14_Q3 June Min35_40 Min38 Q3 SUNW_UltraAX_i2 Yr2008 anubis_cs > anubis_cs_umbc_edu any cfengine_2 cfengine_2_2 cfengine_2_2_1 > compiled_on_solaris2_10 cs_umbc_edu cseesystems diskfree_high_normal > edu entropy_cfengine_in_low entropy_dns_in_low entropy_dns_out_low > entropy_ftp_in_low entropy_ftp_out_low entropy_icmp_in_low > entropy_icmp_out_low entropy_irc_in_low entropy_irc_out_low > entropy_misc_in_low entropy_misc_out_low entropy_netbiosdgm_in_low > entropy_netbiosdgm_out_low entropy_netbiosns_in_low > entropy_netbiosns_out_low entropy_netbiosssn_in_low > entropy_netbiosssn_out_low entropy_smtp_in_low entropy_smtp_out_low > entropy_ssh_out_low entropy_tcpack_in_low entropy_tcpack_out_low > entropy_tcpfin_in_low entropy_tcpfin_out_low entropy_tcpsyn_in_low > entropy_tcpsyn_out_low entropy_udp_in_low entropy_udp_out_low > entropy_wwws_in_low fe80__203_baff_fe10_5577 greylistconfexists > haveraid ipv4_130 ipv4_130_85 ipv4_130_85_36 ipv4_130_85_36_80 > loadavg_high_anomaly net_iface_dmfe0 net_iface_lo0 nfsservers > nisclients nofirewall nrpemonitored otherprocs_high_normal servers > solaris sparc stunnelservers sun4u sunos_5_10 sunos_sun4u > sunos_sun4u_5_10 sunos_sun4u_5_10_Generic_127111_06 umbc_edu > users_high_ldt web1 web1_cs web1_cs_umbc_edu webservers > www_in_normal_normal wwws_in_high_ldt ) > > Note that 'solaris' and 'stunnelservers' are in this output, which is > all that matters; the rest is there for completeness. Then here's > some output from later on in the execution: > > cfengine:web1: > Executing script /usr/sbin/svcadm enable > svc:/network/smtp-local:sendmail...(timeout=0,uid=-1,gid=-1) > (Setting umask to 77) > cfengine:web1: Finished script /usr/sbin/svcadm enable > svc:/network/smtp-local:sendmail > Performance(Exec(/usr/sbin/svcadm enable > svc:/network/smtp-local:sendmail)): time=0.00 secs, av=0.00 +/- 0.00 > cfengine:web1: > Executing script /usr/sbin/svcadm disable > svc:/network/rpc/cde-calendar-manager:default...(timeout=0,uid=-1,gid=-1) > (Setting umask to 77) > cfengine:web1: Finished script /usr/sbin/svcadm disable > svc:/network/rpc/cde-calendar-manager:default > Performance(Exec(/usr/sbin/svcadm disable > svc:/network/rpc/cde-calendar-manager:default)): time=0.00 secs, > av=0.00 +/- 0.00 > > So this obviously raises some questions. Why does cfagent decide that > the stunnel line need not be executed? Should the commands listed > under "shellcommands" be executed in order? Am I not making my > intentions clear with the rules? Basically, I want every Solaris > machine to start nis/client et al, and iff a solaris machine is in the > "stunnelservers" group, make the stunnel service enabled. > > Trimming down the entire config file to the following: > groups: > s = ( web1 ) > shellcommands: > s:: > "/usr/site/sbin/check-service > svc:/network/CSEEstunnel:default" > > control: > domain = ( cs.umbc.edu ) > workdir = ( /var/cfengine ) > fileshost = ( ds4.cs.umbc.edu ) > filesdir = ( /var/cfengine/master/files ) > editfilesize = ( 0 ) > IfElapsed = ( 0 ) > SplayTime = ( 45 ) > > actionsequence = ( > directories > copy > links > files > editfiles > disable > tidy > shellcommands > processes > ) > > lets it work when I run as a user (i.e., it runs that command when > web1 is defined and not otherwise) but still not as root! > > Any suggestions are welcome. I'm running cfagent version 2.2.1, and > if anyone wants to see my config files verbatim I'd be glad to send a > copy via private mail. Please CC me with any answers, as I'm not > subscribed to any cfengine lists. > > Thanks! > Will > _______________________________________________ > Bug-cfengine mailing list > [email protected] > https://cfengine.org/mailman/listinfo/bug-cfengine -- Mark Burgess Web: http://www.iu.hio.no/~mark Tlf: +47 22453272 _______________________________________________ Bug-cfengine mailing list [email protected] https://cfengine.org/mailman/listinfo/bug-cfengine
