I have cf3 community v 3.0.2 running on 30+ servers, all machines on
Solaris 10. Most of the machines are running as Solaris zones,
installed from the exact same Solaris image.
Almost every day, 1-3 of these machines ends up with an empty
/var/cfengine/inputs directory. cf-execd -F is run every hour out of
cron, but with update.cf and failsafe.cf gone, it has to give up. I
get alerted via email from cron because of the error message cf-execd
gives (default cron behaviour). The deletes don't happen on all of the
servers, from my email log I can see that at least 12 of them has had
this problem one or more times.
What is wrong?
- Erlend
r...@m5000# cat -n failsafe.cf
1
#------------------------------------------------------------------------
2 #simply include and execute the update.cf file
3 body common control {
4 bundlesequence => { "update" };
5 inputs => { "update.cf" };
6 }
r...@m5000# cat -n update.cf
1
#------------------------------------------------------------------------
2 bundle agent update{
3 vars:
4 "policyserver" string => "10.0.1.230";
5 "policyfiles" string => "/export/cfengine/master";
6 "cf3binaries" string => "/usr/local/sbin";
7
8 files:
9
10
#---------------------------------------------------------------------
11 #get policy files from policy server
12 "${sys.workdir}/inputs"
13 handle => "update_policy_files",
14 copy_from => getfiles("${policyserver}", "${policyfiles}"),
15 depth_search => recurse;
16
17
#---------------------------------------------------------------------
18 #get cf3 binaries from policy server
19 "/var/cfengine/bin"
20 handle => "cf3_update_binaries",
21 #perms => u_p("700"),
22 copy_from => getfiles("${policyserver}","${cf3binaries}"),
23 depth_search => recurse,
24 action => immediate;
25 }
26
27
#------------------------------------------------------------------------
28 #define body of the getfiles "subroutine"
29 body copy_from getfiles(server, path) {
30 servers => { "${server}" };
31 encrypt => "true";
32 trustkey => "true";
33 source => "${path}";
34 compare => "digest";
35 preserve => "true";
36 verify => "true";
37 purge => "true";
38 }
39
40
#------------------------------------------------------------------------
41 body depth_search recurse {
42 depth => "inf";
43 }
r...@m5000# cat -n cf-serverd.cf
1
2 #------------------------------------------------------------------------
3 #controls for the cf-serverd process
4 body server control {
5 trustkeysfrom => { "10.0.1.0/24" };
6 allowconnects => { "10.0.1.0/24" };
7 allowusers => { "root" };
8 maxconnections => "100";
9 logallconnections => "true";
10 }
11
12 #------------------------------------------------------------------------
13 body executor control {
14 splaytime => "1";
15 mailto => "sys...@some.domain.com";
16 smtpserver => "mail.some.domain.com";
17 mailmaxlines => "1000";
18 #make policy updates apply in first run
19 exec_command => "$(sys.workdir)/bin/cf-agent -f failsafe.cf
&& $(sys.workdir)/bin/cf-agent";
20 }
21
22 #------------------------------------------------------------------------
23 #access rules for the cf-serverd process
24 bundle server access_rules {
25 access:
26 "/export/cfengine/master"
27 admit => { "10.0.1.0/24" };
28 "/export/cfengine/depot"
29 admit => { "10.0.1.0/24" };
30 "/usr/local/sbin"
31 admit => { "10.0.1.0/24" };
32 }
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
