On 9/14/10 12:41 PM, "no-re...@cfengine.com" <no-re...@cfengine.com> wrote:
> This sounds good. Just to make sure I'm following you:
>
> In the netboot image I create /etc/classes/readonly, and then set the read
> only class if this exists?
> (I'm pretty new to cfengine and haven't done /etc/classes)
>
> classes:
> !management_node::
> read_only = ( FileExists(/etc/classes/readonly) )
>
> ?
Yeah, that's the idea. /etc/classes is something I saw used a few other
places, and adopted locally for sending "semaphores" to cfengine. A good
place to drop files for FileExists checks.
I have a handful of entries in cfagent.conf's classes section which turn on
my "sys_blade" (read-only) and "sys_bladeserver" (my management hosts)
classes. I also have a module which, among other things, turns on classes
based upon the net-boot image name.
# This exists in all images
imagename_exists = ( FileExists("/etc/imagename") )
# blade-servers
blade_server = ( RegCmp("^blade-server[0-9]+","${host}") )
sys_bladeserver = ( blade_server.!imagename_exists )
# blade images
sys_bladeimage = ( blade_server.imagename_exists )
# blades; including vmare instances that net-boot (don't ask!)
sys_blade = (
RegCmp("^blade[0-9]+","${host}")
sys_vmware.imagename_exists
)
For some background, the cron on my management hosts dumps the filename name
of the net-boot image in /etc/imagename, so I can easily grab it from
anywhere in my module or cfengine policies. Again, this is just a local
convention we ended up using various places.
# "awesome" is our homegrown inventory database, unimportant...
OPS:527 mhosk...@ops-dev:modules$ cat module\:get-awesome-roles
...
# blade/image specific
if [ -e /etc/imagename ]
then
image_name=`cat /etc/imagename 2>/dev/null`
printf "+blade_image_`sanitize ${image_name}`
+image_`sanitize ${image_name}`
=blade_image=${image_name}
=image=${image_name}
"
fi
...
So when this module runs in a blade image or on a netboot node, a class gets
turned on called "blade_image_foo" where foo is usually something like a
product/app name around here... So actions can be controlled. The
'sanitize' shell function just makes sure everything ends up in valid class
name format.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
