Forum: CFEngine Help
Subject: Strange "Overriding incorrect link"
Author: loopx
Link to topic: https://cfengine.com/forum/read.php?3,26754,26754#msg-26754
Hi,
I get a strange behavior with this promise :
bundle agent pam {
files:
winbind::
"/etc/pam.d/password-auth"
link_from =>
ln_s("password-auth-ad"),
move_obstructions => "true",
comment => "Switch
authentication to Winbind";
"/etc/pam.d/password-auth-ad"
comment => "Copy
'password-auth-ad' configuration file (for REMOTE user authentication through
AD, not local).",
copy_from =>
no_backup_rcp("$(g.location_services)/$(g.service_detected)/etc/pam.d/password-auth-ad",
"$(sys.policy_hub)"),
perms => mog(644, "root",
"root");
}
One second before running cf-agent :
lrwxrwxrwx 1 root root 18 Jul 30 11:15 password-auth -> ./password-auth-ad
-rw-r--r--. 1 root root 893 May 9 11:22 password-auth-ac
-rw-r--r-- 1 root root 1179 Jul 30 11:08 password-auth-ad
When running the agent :
Overriding incorrect link /etc/pam.d/password-auth
-> Linked files /etc/pam.d/password-auth -> ./password-auth-ad
Verbose :
cf3> Promise's handle:
cf3> Promise made by: "/etc/pam.d/password-auth"
cf3>
cf3> Comment: Switch authentication to Winbind
cf3> .........................................................
cf3>
cf3> -> Using literal pathtype for /etc/pam.d/password-auth
cf3> -> Handling file existence constraints on /etc/pam.d/password-auth
cf3> Overriding incorrect link /etc/pam.d/password-auth
cf3> -> Linked files /etc/pam.d/password-auth -> ./password-auth-ad
cf3> -> Handling file existence constraints on /etc/pam.d/password-auth
cf3>
cf3> .........................................................
cf3> Promise's handle:
cf3> Promise made by: "/etc/pam.d/password-auth-ad"
cf3>
cf3> Comment: Copy 'password-auth-ad' configuration file (for REMOTE user
authentication through AD, not local).
cf3> .........................................................
cf3>
cf3> -> Handling file existence constraints on /etc/pam.d/password-auth-ad
cf3> -> File permissions on /etc/pam.d/password-auth-ad as promised
cf3> -> Handling file existence constraints on /etc/pam.d/password-auth-ad
cf3> -> File permissions on /etc/pam.d/password-auth-ad as promised
cf3> -> Basedir "/etc/pam.d/password-auth-ad" not promising anything
cf3> -> Copy file /etc/pam.d/password-auth-ad from
/var/cfengine/data/config/services/management/etc/pam.d/password-auth-ad check
cf3> No existing connection to XXX is established...
cf3> Set cfengine port number to 5308 = 5308
cf3> Set connection timeout to 10
cf3> -> Connect to XXX = XXX on port 5308
cf3> skipidentify was promised, so we are trusting and simply announcing the
identity as (vl01003.onemrva.priv) for this host
cf3> .....................[.h.a.i.l.].................................
cf3> Strong authentication of server=XXX connection confirmed
cf3> -> Public key identity of host "XXX" is
"MD5=1062b1d56475367c1ba3d51b66c7d2a4"
cf3> -> Destination file "/etc/pam.d/password-auth-ad" already exists
cf3> -> File permissions on /etc/pam.d/password-auth-ad as promised
cf3> -> File /etc/pam.d/password-auth-ad is an up to date copy of source
cf3>
Performance(Copy(XXX:/var/cfengine/data/config/services/management/etc/pam.d/password-auth-ad
> /etc/pam.d/password-auth-ad)): time=0.0000 secs, av=0.0000 +/- 0.0006
cf3> Existing connection just became free...
cf3> -> Handling file existence constraints on /etc/pam.d/password-auth-ad
cf3> -> File permissions on /etc/pam.d/password-auth-ad as promised
[...]
cf3> =========================================================
cf3> files in bundle pam (3)
cf3> =========================================================
cf3>
cf3> -> Aggregate compliance (promises kept/repaired) for bundle "pam" = 100.0%
Each time I run cf-agent, the link is re-created (mtime is updated for the
link). The targetted file has not been updated and mtime is the same.
Is that normal with my promise ??? I don't understand why it is trying to force
the link every time .. if it's already OK ...
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
