You have purge=true, could this be causing the problem? Cfengine disables
purging if it
cannot contact the server, but if something else is happening perhaps that
gives a clue.
Nothing else here seems to indicate that anything would get deleted.
M
Erlend Leganger wrote:
> I have cf3 community v 3.0.2 running on 30+ servers, all machines on
> Solaris 10. Most of the machines are running as Solaris zones,
> installed from the exact same Solaris image.
>
> Almost every day, 1-3 of these machines ends up with an empty
> /var/cfengine/inputs directory. cf-execd -F is run every hour out of
> cron, but with update.cf and failsafe.cf gone, it has to give up. I
> get alerted via email from cron because of the error message cf-execd
> gives (default cron behaviour). The deletes don't happen on all of the
> servers, from my email log I can see that at least 12 of them has had
> this problem one or more times.
>
> What is wrong?
>
> - Erlend
>
> r...@m5000# cat -n failsafe.cf
> 1
> #------------------------------------------------------------------------
> 2 #simply include and execute the update.cf file
> 3 body common control {
> 4 bundlesequence => { "update" };
> 5 inputs => { "update.cf" };
> 6 }
>
> r...@m5000# cat -n update.cf
> 1
> #------------------------------------------------------------------------
> 2 bundle agent update{
> 3 vars:
> 4 "policyserver" string => "10.0.1.230";
> 5 "policyfiles" string => "/export/cfengine/master";
> 6 "cf3binaries" string => "/usr/local/sbin";
> 7
> 8 files:
> 9
> 10
> #---------------------------------------------------------------------
> 11 #get policy files from policy server
> 12 "${sys.workdir}/inputs"
> 13 handle => "update_policy_files",
> 14 copy_from => getfiles("${policyserver}",
> "${policyfiles}"),
> 15 depth_search => recurse;
> 16
> 17
> #---------------------------------------------------------------------
> 18 #get cf3 binaries from policy server
> 19 "/var/cfengine/bin"
> 20 handle => "cf3_update_binaries",
> 21 #perms => u_p("700"),
> 22 copy_from => getfiles("${policyserver}","${cf3binaries}"),
> 23 depth_search => recurse,
> 24 action => immediate;
> 25 }
> 26
> 27
> #------------------------------------------------------------------------
> 28 #define body of the getfiles "subroutine"
> 29 body copy_from getfiles(server, path) {
> 30 servers => { "${server}" };
> 31 encrypt => "true";
> 32 trustkey => "true";
> 33 source => "${path}";
> 34 compare => "digest";
> 35 preserve => "true";
> 36 verify => "true";
> 37 purge => "true";
> 38 }
> 39
> 40
> #------------------------------------------------------------------------
> 41 body depth_search recurse {
> 42 depth => "inf";
> 43 }
>
>
> r...@m5000# cat -n cf-serverd.cf
> 1
> 2
> #------------------------------------------------------------------------
> 3 #controls for the cf-serverd process
> 4 body server control {
> 5 trustkeysfrom => { "10.0.1.0/24" };
> 6 allowconnects => { "10.0.1.0/24" };
> 7 allowusers => { "root" };
> 8 maxconnections => "100";
> 9 logallconnections => "true";
> 10 }
> 11
> 12
> #------------------------------------------------------------------------
> 13 body executor control {
> 14 splaytime => "1";
> 15 mailto => "[email protected]";
> 16 smtpserver => "mail.some.domain.com";
> 17 mailmaxlines => "1000";
> 18 #make policy updates apply in first run
> 19 exec_command => "$(sys.workdir)/bin/cf-agent -f failsafe.cf
> && $(sys.workdir)/bin/cf-agent";
> 20 }
> 21
> 22
> #------------------------------------------------------------------------
> 23 #access rules for the cf-serverd process
> 24 bundle server access_rules {
> 25 access:
> 26 "/export/cfengine/master"
> 27 admit => { "10.0.1.0/24" };
> 28 "/export/cfengine/depot"
> 29 admit => { "10.0.1.0/24" };
> 30 "/usr/local/sbin"
> 31 admit => { "10.0.1.0/24" };
> 32 }
> _______________________________________________
> Help-cfengine mailing list
> [email protected]
> https://cfengine.org/mailman/listinfo/help-cfengine
--
Mark Burgess
-------------------------------------------------
Professor of Network and System Administration
Oslo University College, Norway
Personal Web: http://www.iu.hio.no/~mark
Office Telf : +47 22453272
-------------------------------------------------
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
