Alexey, take it easier
Usually if you're restarting a service upon its configuration file(s)
change, you put those files under Cfengine management as well, so that
Sandra's question about files is being solved pretty easy like
files:
"/etc/ssh/sshd_config"
copy_from => my_scp("$(sys.workdir)/conf/sshd"),
classes => if_repaired("sshd_reconfigured");
processes:
sshd_reconfigured::
"sshd"
signals => { "hup" },
process_select => listening_sshd,
restart_class => restart_sshd;
I left body process_select listening_sshd for your homework exercises ;)
2010/11/11 Aleksey Tsalolikhin <atsaloli.t...@gmail.com>:
> On Wed, Nov 10, 2010 at 3:53 PM, Sandra Wittenbrock
> <san...@hpcrd.lbl.gov> wrote:
>> Hi,
>>
>> What would be the command to make sure a service (sysctl, firewall, etc)
>> is running, and/or restart it when cfengine updates the config files?
>
> Here is what I use on a Linux server - if somebody has a better way, I would
> love to hear it:
>
> a) how to make sure a service is running:
>
> check that CUPS (printer service) is running by checking the "ps" output, and
> if regex match for "cups" fails, restarting cups:
>
> --- start cfengine config ----
> body common control
>
> {
> bundlesequence => { "check_cups_running" };
> }
>
>
> ########################################
>
>
> bundle agent check_cups_running {
>
>
> processes:
>
> "cupsd"
>
> restart_class => "start_cups";
> # restart_class sets up a class if the regex match FAILS
>
> commands:
>
> start_cups::
>
> "/etc/init.d/cups start";
>
> }
>
> --- end cfengine config file ---
>
> It just occurred to me that a more reliable test would be to pretend
> to be a client for that service and to try to connect to it, and if it
> fails then to try to restart. (more reliable because if there is
> another process in the process table, let's say a program called
> mycupsarefull, but cups is not running, cfengine will not proceed to
> restart CUPS)
>
> but anyway, the above does work and should help you start, Sandra
>
> now, question b: how to restart a service if it's config file was
> recently updated
>
> correct me if I'm mistaken, but there is presently no way in cfengine
> to natively test if a file modification time is less than 10 minutes,
> let's say. there is function isnewerthan() but it can only compare
> two files, not a file and a time period.
>
> Hence, I use:
>
> (the following is an example for restarting haproxy if
> /etc/haproxy.conf was recently updated. )
>
> --- start cfengine config ----
>
>
>
> body common control
>
> {
> bundlesequence => {
> "restart_load_balancer_if_load_balancer_config_recently_updated" };
> inputs => { "cfengine_stdlib.cf" };
>
> }
>
> bundle agent restart_load_balancer_if_load_balancer_config_recently_updated
> {
>
> commands:
> load_balancer_hosts::
> "/usr/bin/find /etc/haproxy.conf -mmin -10 | /bin/grep haproxy.conf
>>/dev/null && /usr/bin/pkill
> haproxy && /usr/local/sbin/haproxy -f /etc/haproxy.conf || exit 0"
> contain => in_shell;
>
>
> }
>
> --- end cfengine config ----
>
> note: i tried using "pkill -HUP haproxy" orriginally but this didn't
> seem to work... I have to
> research what haproxy does when it gets SIGHUP. in this example, I
> stop and start
> the proxy. normally, I'd expect pkill -HUP to be sufficient to reload
> the config.
>
>
> Hope this helps!
> Best,
> -at
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
>
--
SY, Seva Gluschenko.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
