Forum: Cfengine Help
Subject: Re: Why is insert_lines not convergant?
Author: msvob...@linkedin.com
Link to topic: https://cfengine.com/forum/read.php?3,21682,21704#msg-21704
For some reason, and I'm not really sure why, this seems to be a workaround to
this issue....
(linux|sunos_5_10).all_tools::
"/etc/sudo.d/sudoers-MACHINE_GROUP-final"
edit_line => add_sudoers_entry("Host_Alias
TOOLS_MACHINES = $(sys.host)");
(linux|sunos_5_10)::
"/etc/sudo.d/sudoers-MACHINE_GROUP"
handle =>
"land_etc_sudo_sudoers_MACHINE_GROUP",
create => "true",
perms => mog("0440","root","root"),
copy_from =>
backup_cp_md5_compare("/etc/sudo.d/sudoers-MACHINE_GROUP-final"),
classes =>
if_repaired("etc_sudoers_modified");
So, I am inserting lines into /etc/sudo.d/sudoers-MACHINE_GROUP-final based off
of classes. When I am done, at the bottom of my policy, I copy
/etc/sudo.d/sudoers-MACHINE_GROUP-final to /etc/sudo.d/sudoers-MACHINE_GROUP.
I'm not sure why exactly this fixed my problem. I'm guessing there might be
some sort of internal file system cache within Cfengine that wasn't being
flushed on 1% of my hosts? By doing the copy from -final to the "real file" it
somehow is flushing all of the expected output out. The "real file" ends up
getting the data I really want.
This also gave me the added benefit of leaving an audit trail of this file as
MD5 sums changed, instead of just the ".cf-before-edit" file.
Anyways, hope this helps someone else out who tries to dynamically populate
some sort of file with classes / variable expansion. I guess use a scratch
file, and once you're done, copy it into place.
Thanks
Mike
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
