On Sun, Apr 10, 2011 at 2:42 PM, Jesse Becker <becker...@mail.nih.gov> wrote:
> Here's a question: how does one detect a *new* IP address getting added
> to a system?
>
> For example, if there's some mecahnism for bringing up a new interface
> (such as failover/heartbeat mechanism), is there a way to detect this?
> I suppose that some sort of log-processing mechanism could do this, but
> that won't help in the case of manual intervention.
You'd need to do something to capture the current set of IP addresses
each time you run cfengine, so that there's something to compare to.
That feels very much NOT like a built-in thing... I can think of ways
to capture IP addresses within a cfengine script, to write them out,
and then to compare what's written to current state, and that feels
"wrong" to me in two ways:
a) It's going to take some rip-roaring ugly cfengine scripting to do this.
b) It's going to be exceedingly non-portable, and seems fragile.
What I'd suggest doing instead is to split this into two logical pieces:
1. Evaluating the "have we switched interfaces" part, which is
horribly nonportable, and
2. So, what do we do if we *have* switched interfaces? And cfengine
certainly is a "policy engine" that ought to be good at determining
what to do.
I'd be inclined to do 1 as some not-in-cfengine script, which
encapsulates the ugliness, and then creates some nice clean symbols to
pass in to cfengine.
With version 2, I did not-perfectly-analogous things where I wanted to
know what Unix user cfengine was running under. So, we'd run cfengine
with parms like:
UNIXUSER=`whoami`
cfagent -D "unixuser_${UNIXUSER}" -f /somewhere/my/script.cfengine
For your case, I'd be inclined to create some extra symbols to
indicate things like:
- failover_just_occurred
- fail_from_192_168_0_1
- fail_to_192_168_0_2
and pass these in.
If you wanted more generality, it might be interesting to toss in
subnets, thus fail_from_192_168_0, fail_from_192_168, fail_from_192,
and the equivalents for fail_to, perhaps along with fail_from_ends_1,
fail_from_ends_0_1, fail_from_ends_168_0_1, which would allow doing
some useful groupings.
You probably haven't got so many failover targets that they're not
pretty reasonably enumerable, though! It's actually redundant to have
"failover_just_occurred" - that may be derived readily from the fact
that you had a fail_from_* or a fail_to_*.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
