Is this what you would like to have?
# add access_rule() to cf-serverd config on the policy_server
bundle server access_rules()
{
access:
"/usr/local/etc"
handle => "grant_access_etcfiles",
comment => "Grant access to etc configurations",
admit => { "192.168.200.2" }; # my client's IP
}
# here is my test policy on the client side
body common control
{
bundlesequence => { "test" };
inputs => { "/var/cfengine/inputs/cfengine_stdlib.cf" };
}
bundle agent test
{
vars:
"policy_server" string => "192.168.200.1";
files:
"/tmp/etc/."
create => "true",
copy_from => secure_cp("/usr/local/etc","$(policy_server)"),
perms => m("644"),
file_select => by_name(".*\.rc"),
depth_search => recurse_nodirs("1");
}
body depth_search recurse_nodirs(x)
{
depth => "$(x)";
exclude_dirs => { ".*" };
}
# Result
cf-FreeBSD# cf-agent -V
This comprises cf-agent core community version 3.0.4p1 - (C) Cfengine AS 2008-
cf-FreeBSD# ls -l /tmp/etc
ls: /tmp/etc: No such file or directory
cf-FreeBSD# cf-agent -f /tmp/test.cf -IK
-> Created directory /tmp/etc/.
-> Copying from 192.168.200.1:/etc/slrn.rc
-> Object /tmp/etc/./slrn.rc had permission 600, changed it to 644
-> Copying from 192.168.200.1:/etc/mail.rc
-> Object /tmp/etc/./mail.rc had permission 600, changed it to 644
cf-FreeBSD# ls -l /tmp/etc/
total 24
-rw-r--r-- 1 root wheel 112 Mar 18 11:00 mail.rc
-rw-r--r-- 1 root wheel 21851 Mar 18 11:00 slrn.rc
Cheers,
--Nakarin
On Mar 17, 2010, at 11:37 PM, Justin Lloyd wrote:
> Ok, I'm stumped again. I've been working on a problem for hours. I want
> to effectively do the following on each client:
>
> client# scp policy_host:/usr/local/etc/*.rc /usr/local/etc
>
> but I can't figure out how to set up the access rules and files promise.
> I keep getting either access errors or a copy of the directory itself
> (i.e. "."), not the *.rc files in the remote directory. Note that the
> client's /usr/local/etc directory may well be empty, so I don't have a
> list of files to update. I just want all of the remote location's *.rc
> files.
>
> Any ideas on how to do this?
>
> Thanks,
> Justin
>
> --
> Justin C. Lloyd
> Unix Infrastructure Engineer
> DigitalGlobe, An Imaging and Information Company
>
>
>
> This electronic communication and any attachments may contain confidential
> and proprietary
> information of DigitalGlobe, Inc. If you are not the intended recipient, or
> an agent or employee
> responsible for delivering this communication to the intended recipient, or
> if you have received
> this communication in error, please do not print, copy, retransmit,
> disseminate or
> otherwise use the information. Please indicate to the sender that you have
> received this
> communication in error, and delete the copy you received. DigitalGlobe
> reserves the
> right to monitor any electronic communication sent or received by its
> employees, agents
> or representatives.
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
