Hi all,
I've opened a ticket on this but I wanted to share my thoughts with the
community to see if anyone has had the same thought and perhaps has
already implemented something to this effect.
I'd like for Cfengine on each host to be able to send an email every
time it tries to repair a promise, whether or not it is successful.
Maybe something as simple as this:
body agent control {
repair_email_address => "cfengine-repa...@mycompany.com";
# perhaps some additional tunable parameters, e.g.
# report_on => { "repaired" | "not_kept" | "any" };
# include_error => { "true" | "false" };
# success_subject_prefix => "[nova promise repaired] ";
# failure_subject_prefix => "[nova promise not kept] ";
# etc.
}
This would allow for a more real-time view of the Cfengine environment,
by enabling each host to send an email with repair success or failure,
promise handle, any relevant error message, etc. For example, this could
help detect repairs immediately, especially if the same system keeps
repairing the same thing or multiple systems are performing the same
repair, indicating a fundamental root cause that requires administrator
intervention.
IMHO (if anyone thinks this opinion is misguided please say so),
Cfengine shouldn't have to repair anything in a properly functioning
environment and, if it does, then something needs investigating. It may
just be someone manually changing a file's permissions and Cfengine is
correcting them (which may mean user/admin training is required). This
philosophy does assume, however, that promises are written in a way that
they will only make corrections when necessary.
For example, if I have a promise to ensure that a Solaris system's
hostname is in /etc/nodename, I should write the promise so that it
doesn't do anything if the file is correct, rather than just recreating
the correct file every time the agent runs, regardless of whether the
file's contents are already correct.
Any thoughts or comments on this?
Thanks,
Justin
This electronic communication and any attachments may contain confidential and
proprietary
information of DigitalGlobe, Inc. If you are not the intended recipient, or an
agent or employee
responsible for delivering this communication to the intended recipient, or if
you have received
this communication in error, please do not print, copy, retransmit, disseminate
or
otherwise use the information. Please indicate to the sender that you have
received this
communication in error, and delete the copy you received. DigitalGlobe reserves
the
right to monitor any electronic communication sent or received by its
employees, agents
or representatives.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
