Hey, Paul. I re-posted your question to the Cfengine mailing list.
Here are two answers:
a) There is a component in Cfengine 3 that's like a "do it now" button,
it tells the cfengine clients to pull down the latest policy from the policy
server and execute it: cf-runagent. You run that on the policy server
and it pings all the policy clients that there is a new policy available.
b) If you want to use ssh and sudo, you can run cfengine using
"cf-execd -FD doitnow" to define the "doitnow" class -- see more
below.
----- start quote from Neil Watson -----
Hi Aleksey,
If I understand correctly the question is how can the agent run in dry-run
only mode unless specifically told otherwise. I think you could do this
using classes in the control bodies. For example.
body executor control {
splaytime => "3"; # CHANGEME for development
schedule => { "Min05", "Min25" }; # CHANGEME for development
!doitnow::
exec_command => "/var/cfengine/bin/cf-agent --dry-run";
doitnow::
exec_command => "/var/cfengine/bin/cf-agent";
}
To 'do it now' run the executor with the above class set: cf-execd -FD doitnow
The above is completely untested.
Sincerely,
--
Neil Watson
416-673-3465
----- end quote from Neil -----
c) There's likely a way to tie (a) and (b) together so you can do the
whole thing within Cfengine and without the ssh/sudo loop - in other
words define "doitnow" true or false within the policy itself.
If you want to follow up on the details of this Cfengine 3
implementation, or your
success with it, please come to the help-cfengine mailing list.
HTH,
Aleksey
_______________________________________________
Discuss mailing list
Discuss@lopsa.org
http://lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
