I'm actually confused about depth_search. Here's what the documentation
says:
"When searching recursively from a directory, the parent directory is
not part of the search. It is only the anchor point. To alter the
parent, a separate non-recursive promise should be made."
I find this wording very confusing, especially with the body provided by
Nakarin. Here's a slightly pared-down example using that body:
bundle agent test {
files:
"/tmp/etc/."
copy_from =>
secure_cp("/usr/local/etc","$(policy_server)"),
file_select => by_name(".*\.rc"),
depth_search => recurse_nodirs("1");
}
body depth_search recurse_nodirs(x) {
depth => "$(x)";
exclude_dirs => { ".*" };
}
If /usr/local/etc is the parent directory in this case, then I'm
confused since it IS being searched. The depth of 1 is also slightly
confusing, since I would otherwise interpret that to mean to go down 1
level from the parent, but in this case, skipping any subdirectories. I
can see how it can mean start at the 1st level under the parent, meaning
the parent itself, which would then seem to conflict with the
documentation, unless I'm misreading it.
That being said, why is the recurse even needed since I only care about
files in /usr/local/etc? I shouldn't want any recursion, so a
depth_search body shouldn't be needed, IMHO. It may be an artifact of
how Cfengine is implemented under-the-hood, but at any rate, it is
definitely confusing.
I'm just having trouble even explaining the source of my confusion.
Hopefully I've gotten it across well enough to make my point understood.
Also, I'm confused on why the trailing "/." is needed on the directory
for the files promise but not on the directory for the server access
promise. That seems to be an unnecessary inconsistency.
Justin
-----Original Message-----
From: help-cfengine-boun...@cfengine.org
[mailto:help-cfengine-boun...@cfengine.org] On Behalf Of Justin Lloyd
Sent: Thursday, March 18, 2010 10:50 AM
To: Nakarin Phooripoom
Cc: help-cfengine@cfengine.org
Subject: RE: Retrieving certain files from a directory
Nakarin,
It looks like this is doing just what I want. I still need to understand
a couple of things better, but I think the main fix was that I had the
paths reversed for the server access_rules promise and the agent files
promise (i.e. the "/." part). I had also tried a depth_search body,
though my just did recursion even though it wasn't necessary, but now I
don't think that was part of the problem.
Thanks!
Justin
-----Original Message-----
From: Nakarin Phooripoom [mailto:mynameisje...@gmail.com]
Sent: Thursday, March 18, 2010 4:06 AM
To: Justin Lloyd
Cc: help-cfengine@cfengine.org
Subject: Re: Retrieving certain files from a directory
Is this what you would like to have?
# add access_rule() to cf-serverd config on the policy_server
bundle server access_rules()
{
access:
"/usr/local/etc"
handle => "grant_access_etcfiles",
comment => "Grant access to etc configurations",
admit => { "192.168.200.2" }; # my client's IP
}
# here is my test policy on the client side
body common control
{
bundlesequence => { "test" };
inputs => { "/var/cfengine/inputs/cfengine_stdlib.cf" };
}
bundle agent test
{
vars:
"policy_server" string => "192.168.200.1";
files:
"/tmp/etc/."
create => "true",
copy_from => secure_cp("/usr/local/etc","$(policy_server)"),
perms => m("644"),
file_select => by_name(".*\.rc"),
depth_search => recurse_nodirs("1");
}
body depth_search recurse_nodirs(x)
{
depth => "$(x)";
exclude_dirs => { ".*" };
}
# Result
cf-FreeBSD# cf-agent -V
This comprises cf-agent core community version 3.0.4p1 - (C) Cfengine AS
2008-
cf-FreeBSD# ls -l /tmp/etc
ls: /tmp/etc: No such file or directory
cf-FreeBSD# cf-agent -f /tmp/test.cf -IK
-> Created directory /tmp/etc/.
-> Copying from 192.168.200.1:/etc/slrn.rc
-> Object /tmp/etc/./slrn.rc had permission 600, changed it to 644
-> Copying from 192.168.200.1:/etc/mail.rc
-> Object /tmp/etc/./mail.rc had permission 600, changed it to 644
cf-FreeBSD# ls -l /tmp/etc/
total 24
-rw-r--r-- 1 root wheel 112 Mar 18 11:00 mail.rc
-rw-r--r-- 1 root wheel 21851 Mar 18 11:00 slrn.rc
Cheers,
--Nakarin
On Mar 17, 2010, at 11:37 PM, Justin Lloyd wrote:
> Ok, I'm stumped again. I've been working on a problem for hours. I
want
> to effectively do the following on each client:
>
> client# scp policy_host:/usr/local/etc/*.rc /usr/local/etc
>
> but I can't figure out how to set up the access rules and files
promise.
> I keep getting either access errors or a copy of the directory itself
> (i.e. "."), not the *.rc files in the remote directory. Note that the
> client's /usr/local/etc directory may well be empty, so I don't have a
> list of files to update. I just want all of the remote location's *.rc
> files.
>
> Any ideas on how to do this?
>
> Thanks,
> Justin
>
> --
> Justin C. Lloyd
> Unix Infrastructure Engineer
> DigitalGlobe, An Imaging and Information Company
>
>
>
> This electronic communication and any attachments may contain
confidential and proprietary
> information of DigitalGlobe, Inc. If you are not the intended
recipient, or an agent or employee
> responsible for delivering this communication to the intended
recipient, or if you have received
> this communication in error, please do not print, copy, retransmit,
disseminate or
> otherwise use the information. Please indicate to the sender that you
have received this
> communication in error, and delete the copy you received. DigitalGlobe
reserves the
> right to monitor any electronic communication sent or received by its
employees, agents
> or representatives.
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
This electronic communication and any attachments may contain
confidential and proprietary
information of DigitalGlobe, Inc. If you are not the intended recipient,
or an agent or employee
responsible for delivering this communication to the intended recipient,
or if you have received
this communication in error, please do not print, copy, retransmit,
disseminate or
otherwise use the information. Please indicate to the sender that you
have received this
communication in error, and delete the copy you received. DigitalGlobe
reserves the
right to monitor any electronic communication sent or received by its
employees, agents
or representatives.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
