Justin,
at the first glance it seems like once the first item sets
"insert_needed" class, latter ones would be inserted as well. Perhaps,
you need to add -insert_need and -update_need output to your module to
cancel unnecessary classes on subsequent runs. Another approach is to
define more tight classes like "wtmpx_insert_needed" and use
ifvarclass in promises.
2010/5/28 Justin Lloyd <jll...@digitalglobe.com>:
> So, here's the solution I've developed, in case anyone wants to use and/or
> critique it. I know that best practice is to use Cfengine's internal
> capabilities rather than heavyweight external scripts, but I simply couldn't
> come up with a clean way to manage /etc/logadm.conf, especially maintaining
> the -P 'timestamp' flags.
>
> One thing I wasn't sure about is how to handle the module script. I put it in
> /var/cfengine/modules, but update.cf doesn't include copying down that
> directory. I'll probably need to add a promise somewhere to ensure that has
> been copied down and to only execute the script if it exists.
>
> Justin
>
> #========================================================
>
> bundle agent manage_solaris_logadm_conf {
> vars:
> solaris::
> "logadm_entries" slist => {
> "/var/adm/wtmpx -C 5 -c -p 1m",
> "/var/adm/sudo.log -C 5 -N -p 1d -s 1m",
> };
>
> methods:
> solaris::
> "logadm" usebundle =>
> _manage_logfile_rotation("$(logadm_entries)");
> }
>
> bundle agent _manage_logfile_rotation(entry) {
> vars:
> solaris::
> "logadm_conf" string => "/etc/logadm.conf";
>
> commands:
> solaris.Min00_05::
> "$(sys.workdir)/modules/chklogadm $(entry)"
> module => "true";
>
> files:
> insert_needed::
> "$(logadm_conf)"
> handle => "insert_new_logadm_entry",
> comment => "Insert new entry into $(this.promiser).",
> edit_line => insert_logadm_entry("$(entry)"),
> classes => if_repaired("inserted_entry");
>
> update_needed.!inserted_entry::
> "$(logadm_conf)"
> handle => "update_logadm_entry_options",
> comment => "Update $(this.promiser) options for a specific
> entry.",
> edit_line => update_logadm_entry("$(entry)",
> "$(chklogadm.new_options)");
>
> }
>
> bundle edit_line insert_logadm_entry(entry) {
> insert_lines:
> "$(entry)";
> }
>
> bundle edit_line update_logadm_entry(old_entry, new_options) {
> classes:
> "ok" expression => regextract("(\S+)\s+(.*)" ,"$(old_entry)", "entry");
>
> replace_patterns:
> ok::
> "$(entry[1]).*" replace_with => value("$(entry[1])
> $(new_options)");
> }
>
> #===========================================================
> # modules/chklogadm
>
> #!/usr/bin/perl
> use strict;
> use warnings;
>
> exit 1 if @ARGV < 2;
>
> my $logfile = shift @ARGV;
> my $options = "@ARGV";
>
> my $entry = "";
> my $timestamp = "";
>
> open CONF, "/etc/logadm.conf" or exit 1;
>
> while (<CONF>) {
> chomp;
> next unless /^$logfile/;
> $entry = $_;
> last;
> }
>
> close CONF;
>
> unless ($entry) {
> print "+insert_needed\n";
> exit 0;
> }
>
> if ($entry =~ / (-P '[^']+?')/) {
> $timestamp = $1;
> $entry =~ s/ -P '[^']+?'//;
> }
>
> if ($entry ne "$logfile $options") {
> print "+update_needed\n";
> print "=new_options=$options $timestamp\n";
> }
> else {
> print "=new_options=$options\n";
> }
>
>
>
>
> -----Original Message-----
> From: Justin Lloyd
> Sent: Thursday, May 27, 2010 10:21 AM
> To: 'Seva Gluschenko'
> Cc: help-cfengine@cfengine.org
> Subject: RE: Managing Solaris logadm.conf
>
> Seva,
>
> I thought about something like that. One complication is that it's not just
> the wtmpx log. I left others out for simplicity. The approach you suggest
> would require a similar regex check for each log.
>
> One approach that came to mind this morning when discussing this with a
> colleague would be to use a module. I could write a Perl script that can do
> much more powerful regex checking than Cfengine can natively and then specify
> a class to define if the desired parameters don't match the existing
> logadm.conf entry. Also, since modules are a bit heavier weight than using
> native capabilities, and since the logadm file doesn't change often anyway, I
> could just restrict the command promise to only check maybe once per hour, at
> most.
>
> I'm going to investigate this approach, but if anyone has any further
> suggestions, or even critiques of using a module for this, please speak up. :)
>
> Thanks,
> Justin
>
> -----Original Message-----
> From: Seva Gluschenko [mailto:seva.glusche...@gmail.com]
> Sent: Thursday, May 27, 2010 12:01 AM
> To: Justin Lloyd
> Cc: help-cfengine@cfengine.org
> Subject: Re: Managing Solaris logadm.conf
>
> Justin,
>
> perhaps, you shouldn't insist on exact match. It seems to be
> sufficient to match vital parts of string you want to maintain, e.g.
>
> classes:
> "must_be_changed" not => regcmp(".*-C 3.*-c.*-p 1m.*", "$(args)");
>
> 2010/5/26 Justin Lloyd <jll...@digitalglobe.com>:
>> I'm trying to decide how best to manage certain entries in Solaris
>> /etc/logadm.conf files. Initially, I'm just trying to ensure that
>> /var/adm/wtmpx is being rotated correctly. However, there are a couple
>> of catches in trying to manage this file.
>>
>> 1. The file is generally maintained through the logadm(1M) command, so
>> that would imply that commands promises would be better than files
>> promises. However...
>>
>> 2. Whenever logadm rotates a file, it adds an option to the file's entry
>> to record the last rotation time for the file. For example, a new wtmpx
>> entry like
>>
>> /var/adm/wtmpx -C 3 -c -p 1m
>>
>> might become
>>
>> /var/adm/wtmpx -C 3 -P 'Sat May 8 03:10:00 2010' -c -p 1m
>>
>> The location of the "-P 'timestamp'" option does not appear
>> deterministic. This complicates trying to determine whether the wtmpx
>> entry is correct. For example, say I have a bundle to which I pass a
>> filename a list of options:
>>
>> "wtmpx" usebundle => _rotate_solaris_log("/var/adm/wtmpx", "-C 3 -c
>> -p 1m");
>>
>> In the bundle, I see if there is already an entry that begins with
>> /var/adm/wtmpx. If not, I add it. If so, I leave it alone. However,
>> if/when I want to change the rotation parameters (say, changing "-p 1m"
>> to "-p 1w"), an exact match against the parameter string won't work
>> because of the added -P flag, and I'd like to avoid changing the line
>> EVERY time Cfengine runs.
>>
>> Any thoughts that I might not have considered yet on how to approach
>> managing this file? Note that the parameters for wtmpx, for example, may
>> vary based on classes.
>>
>> Thanks,
>> Justin
>>
>> --
>> Justin C. Lloyd
>> Unix Infrastructure Engineer
>> DigitalGlobe, An Imaging and Information Company
>>
>>
>>
>> This electronic communication and any attachments may contain confidential
>> and proprietary
>> information of DigitalGlobe, Inc. If you are not the intended recipient, or
>> an agent or employee
>> responsible for delivering this communication to the intended recipient, or
>> if you have received
>> this communication in error, please do not print, copy, retransmit,
>> disseminate or
>> otherwise use the information. Please indicate to the sender that you have
>> received this
>> communication in error, and delete the copy you received. DigitalGlobe
>> reserves the
>> right to monitor any electronic communication sent or received by its
>> employees, agents
>> or representatives.
>>
>> _______________________________________________
>> Help-cfengine mailing list
>> Help-cfengine@cfengine.org
>> https://cfengine.org/mailman/listinfo/help-cfengine
>>
>
>
>
> --
> SY, Seva Gluschenko.
>
> This electronic communication and any attachments may contain confidential
> and proprietary
> information of DigitalGlobe, Inc. If you are not the intended recipient, or
> an agent or employee
> responsible for delivering this communication to the intended recipient, or
> if you have received
> this communication in error, please do not print, copy, retransmit,
> disseminate or
> otherwise use the information. Please indicate to the sender that you have
> received this
> communication in error, and delete the copy you received. DigitalGlobe
> reserves the
> right to monitor any electronic communication sent or received by its
> employees, agents
> or representatives.
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
>
--
SY, Seva Gluschenko.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
