Nakarin, It looks like this is doing just what I want. I still need to understand a couple of things better, but I think the main fix was that I had the paths reversed for the server access_rules promise and the agent files promise (i.e. the "/." part). I had also tried a depth_search body, though my just did recursion even though it wasn't necessary, but now I don't think that was part of the problem.
Thanks! Justin -----Original Message----- From: Nakarin Phooripoom [mailto:mynameisje...@gmail.com] Sent: Thursday, March 18, 2010 4:06 AM To: Justin Lloyd Cc: help-cfengine@cfengine.org Subject: Re: Retrieving certain files from a directory Is this what you would like to have? # add access_rule() to cf-serverd config on the policy_server bundle server access_rules() { access: "/usr/local/etc" handle => "grant_access_etcfiles", comment => "Grant access to etc configurations", admit => { "192.168.200.2" }; # my client's IP } # here is my test policy on the client side body common control { bundlesequence => { "test" }; inputs => { "/var/cfengine/inputs/cfengine_stdlib.cf" }; } bundle agent test { vars: "policy_server" string => "192.168.200.1"; files: "/tmp/etc/." create => "true", copy_from => secure_cp("/usr/local/etc","$(policy_server)"), perms => m("644"), file_select => by_name(".*\.rc"), depth_search => recurse_nodirs("1"); } body depth_search recurse_nodirs(x) { depth => "$(x)"; exclude_dirs => { ".*" }; } # Result cf-FreeBSD# cf-agent -V This comprises cf-agent core community version 3.0.4p1 - (C) Cfengine AS 2008- cf-FreeBSD# ls -l /tmp/etc ls: /tmp/etc: No such file or directory cf-FreeBSD# cf-agent -f /tmp/test.cf -IK -> Created directory /tmp/etc/. -> Copying from 192.168.200.1:/etc/slrn.rc -> Object /tmp/etc/./slrn.rc had permission 600, changed it to 644 -> Copying from 192.168.200.1:/etc/mail.rc -> Object /tmp/etc/./mail.rc had permission 600, changed it to 644 cf-FreeBSD# ls -l /tmp/etc/ total 24 -rw-r--r-- 1 root wheel 112 Mar 18 11:00 mail.rc -rw-r--r-- 1 root wheel 21851 Mar 18 11:00 slrn.rc Cheers, --Nakarin On Mar 17, 2010, at 11:37 PM, Justin Lloyd wrote: > Ok, I'm stumped again. I've been working on a problem for hours. I want > to effectively do the following on each client: > > client# scp policy_host:/usr/local/etc/*.rc /usr/local/etc > > but I can't figure out how to set up the access rules and files promise. > I keep getting either access errors or a copy of the directory itself > (i.e. "."), not the *.rc files in the remote directory. Note that the > client's /usr/local/etc directory may well be empty, so I don't have a > list of files to update. I just want all of the remote location's *.rc > files. > > Any ideas on how to do this? > > Thanks, > Justin > > -- > Justin C. Lloyd > Unix Infrastructure Engineer > DigitalGlobe, An Imaging and Information Company > > > > This electronic communication and any attachments may contain confidential and proprietary > information of DigitalGlobe, Inc. If you are not the intended recipient, or an agent or employee > responsible for delivering this communication to the intended recipient, or if you have received > this communication in error, please do not print, copy, retransmit, disseminate or > otherwise use the information. Please indicate to the sender that you have received this > communication in error, and delete the copy you received. DigitalGlobe reserves the > right to monitor any electronic communication sent or received by its employees, agents > or representatives. > > _______________________________________________ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine This electronic communication and any attachments may contain confidential and proprietary information of DigitalGlobe, Inc. If you are not the intended recipient, or an agent or employee responsible for delivering this communication to the intended recipient, or if you have received this communication in error, please do not print, copy, retransmit, disseminate or otherwise use the information. Please indicate to the sender that you have received this communication in error, and delete the copy you received. DigitalGlobe reserves the right to monitor any electronic communication sent or received by its employees, agents or representatives. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
