Seva, Thanks for pointing that out. I'd had -insert_needed and -update_needed along with the corresponding class definitions but I'd taken them out for some testing and forgot to add them back in. There was indeed an issue like you described.
I'm avoiding any "hardcoded" classes that are specific to lines in the "logadm_entries" slist. The operational procedure for adding a new logfile to be managed by Cfengine should be only to add the appropriate line to that slist. Justin -----Original Message----- From: Seva Gluschenko [mailto:seva.glusche...@gmail.com] Sent: Friday, May 28, 2010 12:59 PM To: Justin Lloyd Cc: help-cfengine@cfengine.org Subject: Re: Managing Solaris logadm.conf Justin, at the first glance it seems like once the first item sets "insert_needed" class, latter ones would be inserted as well. Perhaps, you need to add -insert_need and -update_need output to your module to cancel unnecessary classes on subsequent runs. Another approach is to define more tight classes like "wtmpx_insert_needed" and use ifvarclass in promises. 2010/5/28 Justin Lloyd <jll...@digitalglobe.com>: > So, here's the solution I've developed, in case anyone wants to use and/or > critique it. I know that best practice is to use Cfengine's internal > capabilities rather than heavyweight external scripts, but I simply couldn't > come up with a clean way to manage /etc/logadm.conf, especially maintaining > the -P 'timestamp' flags. > > One thing I wasn't sure about is how to handle the module script. I put it in > /var/cfengine/modules, but update.cf doesn't include copying down that > directory. I'll probably need to add a promise somewhere to ensure that has > been copied down and to only execute the script if it exists. > > Justin > > #======================================================== > > bundle agent manage_solaris_logadm_conf { > vars: > solaris:: > "logadm_entries" slist => { > "/var/adm/wtmpx -C 5 -c -p 1m", > "/var/adm/sudo.log -C 5 -N -p 1d -s 1m", > }; > > methods: > solaris:: > "logadm" usebundle => > _manage_logfile_rotation("$(logadm_entries)"); > } > > bundle agent _manage_logfile_rotation(entry) { > vars: > solaris:: > "logadm_conf" string => "/etc/logadm.conf"; > > commands: > solaris.Min00_05:: > "$(sys.workdir)/modules/chklogadm $(entry)" > module => "true"; > > files: > insert_needed:: > "$(logadm_conf)" > handle => "insert_new_logadm_entry", > comment => "Insert new entry into $(this.promiser).", > edit_line => insert_logadm_entry("$(entry)"), > classes => if_repaired("inserted_entry"); > > update_needed.!inserted_entry:: > "$(logadm_conf)" > handle => "update_logadm_entry_options", > comment => "Update $(this.promiser) options for a specific > entry.", > edit_line => update_logadm_entry("$(entry)", > "$(chklogadm.new_options)"); > > } > > bundle edit_line insert_logadm_entry(entry) { > insert_lines: > "$(entry)"; > } > > bundle edit_line update_logadm_entry(old_entry, new_options) { > classes: > "ok" expression => regextract("(\S+)\s+(.*)" ,"$(old_entry)", "entry"); > > replace_patterns: > ok:: > "$(entry[1]).*" replace_with => value("$(entry[1]) > $(new_options)"); > } > > #=========================================================== > # modules/chklogadm > > #!/usr/bin/perl > use strict; > use warnings; > > exit 1 if @ARGV < 2; > > my $logfile = shift @ARGV; > my $options = "@ARGV"; > > my $entry = ""; > my $timestamp = ""; > > open CONF, "/etc/logadm.conf" or exit 1; > > while (<CONF>) { > chomp; > next unless /^$logfile/; > $entry = $_; > last; > } > > close CONF; > > unless ($entry) { > print "+insert_needed\n"; > exit 0; > } > > if ($entry =~ / (-P '[^']+?')/) { > $timestamp = $1; > $entry =~ s/ -P '[^']+?'//; > } > > if ($entry ne "$logfile $options") { > print "+update_needed\n"; > print "=new_options=$options $timestamp\n"; > } > else { > print "=new_options=$options\n"; > } > > > > > -----Original Message----- > From: Justin Lloyd > Sent: Thursday, May 27, 2010 10:21 AM > To: 'Seva Gluschenko' > Cc: help-cfengine@cfengine.org > Subject: RE: Managing Solaris logadm.conf > > Seva, > > I thought about something like that. One complication is that it's not just > the wtmpx log. I left others out for simplicity. The approach you suggest > would require a similar regex check for each log. > > One approach that came to mind this morning when discussing this with a > colleague would be to use a module. I could write a Perl script that can do > much more powerful regex checking than Cfengine can natively and then specify > a class to define if the desired parameters don't match the existing > logadm.conf entry. Also, since modules are a bit heavier weight than using > native capabilities, and since the logadm file doesn't change often anyway, I > could just restrict the command promise to only check maybe once per hour, at > most. > > I'm going to investigate this approach, but if anyone has any further > suggestions, or even critiques of using a module for this, please speak up. :) > > Thanks, > Justin > > -----Original Message----- > From: Seva Gluschenko [mailto:seva.glusche...@gmail.com] > Sent: Thursday, May 27, 2010 12:01 AM > To: Justin Lloyd > Cc: help-cfengine@cfengine.org > Subject: Re: Managing Solaris logadm.conf > > Justin, > > perhaps, you shouldn't insist on exact match. It seems to be > sufficient to match vital parts of string you want to maintain, e.g. > > classes: > "must_be_changed" not => regcmp(".*-C 3.*-c.*-p 1m.*", "$(args)"); > > 2010/5/26 Justin Lloyd <jll...@digitalglobe.com>: >> I'm trying to decide how best to manage certain entries in Solaris >> /etc/logadm.conf files. Initially, I'm just trying to ensure that >> /var/adm/wtmpx is being rotated correctly. However, there are a couple >> of catches in trying to manage this file. >> >> 1. The file is generally maintained through the logadm(1M) command, so >> that would imply that commands promises would be better than files >> promises. However... >> >> 2. Whenever logadm rotates a file, it adds an option to the file's entry >> to record the last rotation time for the file. For example, a new wtmpx >> entry like >> >> /var/adm/wtmpx -C 3 -c -p 1m >> >> might become >> >> /var/adm/wtmpx -C 3 -P 'Sat May 8 03:10:00 2010' -c -p 1m >> >> The location of the "-P 'timestamp'" option does not appear >> deterministic. This complicates trying to determine whether the wtmpx >> entry is correct. For example, say I have a bundle to which I pass a >> filename a list of options: >> >> "wtmpx" usebundle => _rotate_solaris_log("/var/adm/wtmpx", "-C 3 -c >> -p 1m"); >> >> In the bundle, I see if there is already an entry that begins with >> /var/adm/wtmpx. If not, I add it. If so, I leave it alone. However, >> if/when I want to change the rotation parameters (say, changing "-p 1m" >> to "-p 1w"), an exact match against the parameter string won't work >> because of the added -P flag, and I'd like to avoid changing the line >> EVERY time Cfengine runs. >> >> Any thoughts that I might not have considered yet on how to approach >> managing this file? Note that the parameters for wtmpx, for example, may >> vary based on classes. >> >> Thanks, >> Justin >> >> -- >> Justin C. Lloyd >> Unix Infrastructure Engineer >> DigitalGlobe, An Imaging and Information Company >> >> >> >> This electronic communication and any attachments may contain confidential >> and proprietary >> information of DigitalGlobe, Inc. If you are not the intended recipient, or >> an agent or employee >> responsible for delivering this communication to the intended recipient, or >> if you have received >> this communication in error, please do not print, copy, retransmit, >> disseminate or >> otherwise use the information. Please indicate to the sender that you have >> received this >> communication in error, and delete the copy you received. DigitalGlobe >> reserves the >> right to monitor any electronic communication sent or received by its >> employees, agents >> or representatives. >> >> _______________________________________________ >> Help-cfengine mailing list >> Help-cfengine@cfengine.org >> https://cfengine.org/mailman/listinfo/help-cfengine >> > > > > -- > SY, Seva Gluschenko. > > This electronic communication and any attachments may contain confidential > and proprietary > information of DigitalGlobe, Inc. If you are not the intended recipient, or > an agent or employee > responsible for delivering this communication to the intended recipient, or > if you have received > this communication in error, please do not print, copy, retransmit, > disseminate or > otherwise use the information. Please indicate to the sender that you have > received this > communication in error, and delete the copy you received. DigitalGlobe > reserves the > right to monitor any electronic communication sent or received by its > employees, agents > or representatives. > > _______________________________________________ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine > -- SY, Seva Gluschenko. This electronic communication and any attachments may contain confidential and proprietary information of DigitalGlobe, Inc. If you are not the intended recipient, or an agent or employee responsible for delivering this communication to the intended recipient, or if you have received this communication in error, please do not print, copy, retransmit, disseminate or otherwise use the information. Please indicate to the sender that you have received this communication in error, and delete the copy you received. DigitalGlobe reserves the right to monitor any electronic communication sent or received by its employees, agents or representatives. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
