Forum: Cfengine Help
Subject: Redhat / Fedora / CentOS processes, services, and chkconfig nirvana
Author: msvob...@linkedin.com
Link to topic: https://cfengine.com/forum/read.php?3,21202,21202#msg-21202
I spent a few hours working on this, but I finally have this policy in the
state where processes in the process run table are in sync with their
associated service.
Once 3.1.5 is released, and Mark's getvalues() function makes its way in, it
wont be necessary to maintain the running_service_chkconfig and
stopped_service_chkconfig slist variables manually.
Let me know if you guys could see / make any improvements to this. Here it is
in action.
atd should be disabled in chkconfig / should not have a running process id.
ntpd should be enabled in chkconfig / should have a running process id.
# chkconfig atd on
# /var/cfengine/bin/cf-agent -I -K -b rhel6_services
>> Using command line specified bundlesequence
-> Executing '/sbin/chkconfig atd off' ...(timeout=-678,owner=-1,group=-1)
-> Completed execution of /sbin/chkconfig atd off
R: cf3: RHEL6 service atd was found on when it should be off. Executing
chkconfig to disable on esv4-linux-test04.linkedin.com
# chkconfig --list | grep atd
atd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
# chkconfig ntpd off
# /var/cfengine/bin/cf-agent -I -K -b rhel6_services
>> Using command line specified bundlesequence
-> Executing '/sbin/chkconfig ntpd on' ...(timeout=-678,owner=-1,group=-1)
-> Completed execution of /sbin/chkconfig ntpd on
R: cf3: RHEL6 service ntpd was found off when it should be on. Executing
chkconfig to enable on esv4-linux-test04.linkedin.com
# chkconfig --list | grep ntpd
ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# service ntpd stop
Shutting down ntpd: [ OK ]
# /var/cfengine/bin/cf-agent -I -K -b rhel6_services
>> Using command line specified bundlesequence
-> Making a one-time restart promise for ntpd
-> Executing '/sbin/service ntpd start' ...(timeout=-678,owner=-1,group=-1)
Q: "...in/service ntpd": Starting ntpd: [ OK ]
I: Last 1 quoted lines were generated by promiser "/sbin/service ntpd start"
-> Completed execution of /sbin/service ntpd start
R: cf3: RHEL6 service ntpd was restarted on esv4-linux-test04.linkedin.com
# service atd start
Starting atd: [ OK ]
# /var/cfengine/bin/cf-agent -I -K -b rhel6_services
>> Using command line specified bundlesequence
Stopping atd: [ OK ]
And here's the policy.
5 bundle agent rhel6_services
6 {
7 vars:
8 redhat_6::
9 ###################################### RUNNING SERVICES
#######################################################
10 # running_service is what the cmd output is in the
output of ps -ef in the process table.
11 # services we want running.
12 "running_service" slist =>
{ "ntpd",
13
"mdadm", };
14
15 # running_service_name is what the service is refered
to via the chkconfig or service command.
16 # every entry from running_service needs to have an
entry here. Its what gets referenced in chkconfig and service cmds.
17 "running_service_name" string => "ntpd";
18 "running_service_name" string =>
"mdmonitor";
19
20 # This is stupid, but, a new function is being
introduced in 3.1.5 to mirror getindicies() to obtain just the values
21 # of the array. This repeated list will dissapear once
this comes out. https://cfengine.com/forum/read.php?3,21174
22 # If it looks like this is exactly repeated from the
array above, you would be correct. Its just an slist instead.
23 "running_service_chkconfig" slist =>
{"ntpd",
24
"mdmonitor", };
25 ###################################### RUNNING SERVICES
#######################################################
26
27
28 ###################################### DISABLED
SERVICES #######################################################
29 # services we dont want running. this is what we would
find in the output of ps -ef in the process table.
30 "stop_service" slist =>
{ "/usr/sbin/atd",
31
"/usr/sbin/abrtd",};
32
33 # stopped_service_name is what the service is refered
to via the chkconfig or service command.
34 # every entry from stop_service needs to have an entry
here. Its what gets referenced in chkconfig and service cmnds.
35 "stopped_service_name" string => "atd";
36 "stopped_service_name" string => "abrtd";
37
38 # This is stupid, but, a new function is being
introduced in 3.1.5 to mirror getindicies() to obtain just the values
39 # of the array. This repeated list will dissapear once
this comes out. https://cfengine.com/forum/read.php?3,21174
40 # If it looks like this is exactly repeated from the
array above, you would be correct. Its just an slist instead.
41 "stopped_service_chkconfig" slist =>
{"atd",
42
"abrtd", };
43 ###################################### DISABLED
SERVICES #######################################################
44 classes:
45 redhat_6::
46 "$(running_service_chkconfig)_turn_on" expression =>
returnszero("/sbin/chkconfig $(running_service_chkconfig) --list | cut -f5 |
grep off > /dev/null 2>&1","useshell");
47
48 redhat_6::
49 "$(stopped_service_chkconfig)_turn_off" expression =>
returnszero("/sbin/chkconfig $(stopped_service_chkconfig) --list | cut -f5 |
grep on > /dev/null 2>&1","useshell");
50
51 processes:
52 # running_service, an slist which expands to a single service
(implicent cfengine looping), is cchecked in the process table.
53 # If its not found, we raise the "restart" class. This class
gets executed upon in the commands section.
54 redhat_6::
55 "$(running_service)"
56 restart_class =>
canonify("$(running_service)_start");
57
58 # If we found a service in the process table that we dont want
running, then execute its stop function using service..
59 redhat_6::
60 "$(stop_service)"
61 process_stop => "/sbin/service
$(stopped_service_name[$(stop_service)]) stop";
62
63 commands:
64 # If we didn't discover the running process and raised
restart_class in the processes: section above,
65 # execute the service command to fire it up
66 "/sbin/service
$(running_service_name[$(running_service)]) start"
67 ifvarclass =>
canonify("$(running_service)_start");
68
69
70 # If we discovered that this service should be enabled
on boot, but chkconfig has it off, then flip the switch.
71 "/sbin/chkconfig $(running_service_chkconfig) on"
72 ifvarclass =>
canonify("$(running_service_chkconfig)_turn_on");
73
74 # If we discoverd that this service should be disabled
on boot, but chkconfig has it on, then flip the switch.
75 "/sbin/chkconfig $(stopped_service_chkconfig) off"
76 ifvarclass =>
canonify("$(stopped_service_chkconfig)_turn_off");
77
78
79 reports:
80 redhat_6::
81 "cf3: RHEL6 service
$(running_service_name[$(running_service)]) was restarted on $(sys.host)"
82 ifvarclass =>
canonify("$(running_service)_start");
83
84 redhat_6::
85 "cf3: RHEL6 service
$(stopped_service_name[$(stop_service)]) was disabled on $(sys.host)"
86 ifvarclass =>
canonify("$(stop_service)_stop");
87
88 "cf3: RHEL6 service $(running_service_chkconfig) was found off
when it should be on. Executing chkconfig to enable on $(sys.host)"
89 ifvarclass =>
canonify("$(running_service_chkconfig)_turn_on");
90
91 "cf3: RHEL6 service $(stopped_service_chkconfig) was found on
when it should be off. Executing chkconfig to disable on $(sys.host)"
92 ifvarclass =>
canonify("$(stopped_service_chkconfig)_turn_off");
93 }
The only improvements I could see to this would be lines 59 - 61. I don't
think I am able to raise a class when I have to use the process_stop statement,
so I can't set a report on it.
I guess I could possibly use a returnszero() function in the classes section,
but it seems like shooting a dead horse. If you guys have any comments /
suggestions, please throw them my way.
Thanks
Mike
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
