On 1 Feb 2010, at 5:47 pm, Justin Lloyd wrote: > Hi all, > > > > For those of you who are part of a team that manage a Cfengine-based > environment, how do you prevent people from making local changes to > things that are managed by Cfengine, thus causing local changes to get > wiped out? For example, if Cfengine manages all NFS mounts in /etc/ > fstab > on Linux systems and someone manually adds such an entry to a host > which > Cfengine later wipes out when enforcing just its specified NFS mounts.
I should add another thing which helps: If you have a particular system which someone claims needs to be configured differently, my first question is: Does it *really* need to be different? Nine times out of ten, the answer is usually "no". If it does need to be different, then presumably that's because it's running a particular kind of service, and that therefore means perhaps you should define a new class for that service, especially if there could later be more than one machine providing that service. Finally, if there really are some machines which need to be configured by hand (something I resist strongly) we have a minimal_cfe class where the vast majority of our cfengine policy is skipped, and only the bare essentials are checked. Tim -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
