Hi there,
I'm running cfengine 3.0.4 on Solaris 10, and I'm trying to build a
promise that will append a line to my sshd_config file and then restart
the ssh service, but only when the sshd_config has been updated.
So far I've tried this:
-- Start code
bundle agent authorizedkeyfiles {
files:
"/tmp/sshd_config"
edit_line => append_if_no_line("AuthorisedKeyFile /var/ssh/%u"),
classes => satisfied("sshd_configuration_altered");
commands:
sshd_configuration_altered::
"/usr/sbin/svcadm restart ssh";
}
bundle edit_line append_if_no_line(str) {
insert_lines:
"$(str)"
}
body classes satisfied(new_class) {
promise_kept => { "$(new_class)"};
promise_repaired => { "$(new_class)"};
}
-- End code
And this:
-- Start Code
bundle agent authorizedkeyfiles {
files:
"/tmp/sshd_config"
edit_line => append_if_no_line_set_class("AuthorisedKeyFile
/var/ssh/%u", "sshd_configuration_altered");
commands:
sshd_configuration_altered::
"/usr/sbin/svcadm restart ssh";
}
bundle edit_line append_if_no_line_set_class(str,class) {
insert_lines:
"$(str)"
classes => satisfied($(class));
}
body classes satisfied(new_class) {
promise_kept => { "$(new_class)"};
promise_repaired => { "$(new_class)"};
}
-- End Code
But they both seem to result in ssh being restarted every time the
promise is evaluated. I'm assuming that this is because the
"insert_lines" is deemed to be a kept promise if the line to be inserted
exists in the file?
Is there a way of setting a class to Boolean true only if the file is
actually updated?
Thanks,
Simon
--
Simon Oxwell
ControlCircle
Senior Server Engineer
The Datacentre People
0044 (0)20 7517 6594
Hertsmere House, 2 Hertsmere Road,
simon.oxw...@controlcircle.com <mailto:simon.oxw...@controlcircle.com>
London, E14 4AB
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
