Forum: CFEngine Help
Subject: Re: About cf_promises_validated
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,26590,26626#msg-26626
I've narrowed down my policy. I do not know how but, something in the
following policy seems to be causing cf_promises_validated to be updated on
every run. If there is some sort of logic bomb in this policy I cannot see it.
Can anyone else?
Promises.cf
body common control {
domain => "example.com";
ignore_missing_inputs => "true";
ignore_missing_bundles => "true";
bundlesequence => { "main", };
}
body agent control {
allclassesreport => "true";
}
body server control {
allowconnects => { "10\..*" };
allowallconnects => { "10\..*" };
allowusers => { "root" };
cfruncommand => "${sys.workdir}/bin/cf-agent";
denybadclocks => "false";
maxconnections => "500";
trustkeysfrom => { "${sys.policy_hub}" };
}
body executor control {
splaytime => "1";
exec_command => "$(sys.workdir)/bin/cf-agent -f failsafe.cf &&
$(sys.workdir)/bin/cf-agent";
}
bundle server control {
access:
"${sys.workdir}/masterfiles"
comment => "ACL's for client access.",
admit => { "10.234.253.55" };
}
bundle agent main {
reports:
cfengine::
"Main bundle";
}
failsafe.cf
body common control {
bundlesequence => { "fsg", "fsmain", };
}
bundle common fsg {
vars:
"procs"
comment => "Cfengine processes to restart",
handle => "fsg_vars_procs",
slist => {
"cf-serverd",
"cf-execd",
"cf-monitord"
};
}
bundle agent fsmain {
methods:
"inputs" -> { "Cfengine latest inputs" }
handle => "fsmain_methods_inputs",
usebundle => fs_inputs;
"procs" -> { "Cfengine processes" }
handle => "fsmain_methos_procs",
usebundle => fs_procs;
}
bundle agent fs_inputs {
vars:
"procs"
comment => "Cfengine Processes",
handle => "fs_inputs_vars_procs",
slist => { "@{fsg.procs}" };
classes:
"check_inputs"
comment => "Set class once per day",
handle => "fs_inputs_classes_check_inputs",
expression => splayclass("$(sys.host)$(sys.ipv4)","daily");
files:
"${sys.workdir}/cf_promises_validated"
comment => "Check if new files are available",
handle => "fs_inputs_files_cf_promises_validated",
classes => u_if_repaired("fs_new_inputs_ready"),
copy_from => u_remote_dcp(
"${sys.workdir}/masterfiles/cf_promises_validated",
"${sys.policy_hub}"
);
fs_new_inputs_ready|check_inputs::
"${sys.workdir}/inputs"
comment => "Keep inputs up to date",
handle => "fs_inputs_files_fs_new_inputs_ready_inputs",
perms => u_mog( "640", "root", "root"),
depth_search => u_recurse("inf"),
classes => u_if_repaired("fs_new_inputs"),
copy_from => u_remote_dcp(
"${sys.workdir}/masterfiles",
"${sys.policy_hub}"
);
processes:
fs_new_inputs::
"${procs}"
comment => "Stop processes if inputs are updated",
handle => "fs_inputs_processes_fs_new_inputs_procs",
signals => { "term", "kill" };
}
bundle agent fs_procs {
vars:
"procs"
comment => "Cfengine Processes",
handle => "fs_procs_vars_procs",
slist => { "@{fsg.procs}" };
processes:
"${procs}"
comment => "Ensure processes are running.",
handle => "fs_procs_processes_procs",
restart_class => canonify("${procs}_restart");
commands:
"${sys.workdir}/bin/${procs}"
comment => "Ensure processes are running.",
handle => "fs_procs_commands_procs",
contain => u_silent,
ifvarclass => canonify("${procs}_restart");
}
body perms u_mog(mode,user,group)
{
owners => { "$(user)" };
groups => { "$(group)" };
mode => "$(mode)";
}
body depth_search u_recurse(d)
{
depth => "$(d)";
xdev => "true";
}
body classes u_if_repaired(x)
{
promise_repaired => { "$(x)" };
}
body copy_from u_remote_dcp(from,server)
{
servers => { "$(server)" };
source => "$(from)";
compare => "digest";
}
body contain u_silent
{
no_output => "true";
}
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
