On Sat, May 21, 2011 at 3:56 PM, <no-re...@cfengine.com> wrote: > Forum: Cfengine Help > Subject: Re: Hostname based classes and virtual machines in Cfengine 3 > Author: dnaeon > Link to topic: https://cfengine.com/forum/read.php?3,22131,22147#msg-22147
> I've tried manually to negate a class, but it's not possible as I guess > Cfengine recognizes this as a hard class. > > > # cf-agent -v -N ipv4_10_1_17_20 > Fatal cfengine error: Cannot negate the reserved class > > > So it seems that doing it in Cfengine's way won't help much... > > _______________________________________________ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine > Hello guys, I've spent some time today looking into Cfengine 3 code (3.1.5 tarball), trying to patch the code to skip virtual network interfaces for jails under a FreeBSD system in order to fix the problem I have with my jails and hosts... and I made some progress :) Now, I'm turning to you for some help and code review.. Here you will see the jails running on the host system: - http://unix-heaven.org/FreeBSD/cfengine-freebsd/cfengine3-running-jails.out Here you can see the verbose output of cf-agent(8) running on the host with the above listed jails: - http://unix-heaven.org/FreeBSD/cfengine-freebsd/cfengine3-skip-jail-interfaces-before-patched.out As you can see from the output, the host system inherits the jail's interfaces and thus creates classes for them, which actually belong to the jails, and not the host. I've spent some time looking into the code, and created a patch which actually fixes this, and skips the virtual interfaces, which belong to the jails, so that classes are not messed up... well it works partially, that's why I need your help to see what I've missed :) The patch can be found here: - http://unix-heaven.org/FreeBSD/cfengine-freebsd/cfengine3-freebsd-skip-jail-interfaces.patch It compiles and works fine.. but not for every interface. Seems that Cfengine 3 is missing some of the interfaces, and I have no idea why. Here's the verbose output of cf-agent(8) after patching: - http://unix-heaven.org/FreeBSD/cfengine-freebsd/1st-run-cf-agent-verbose.out As you can see the virtual interfaces, which are identified to belong to jails are found and skipped, so hard classes are not created for them on the host as well, but there are 2 interfaces, which does not match, and I have no idea why. The code has been tested on a FreeBSD machine and works fine, but when patched Cfengine3 it behavious strange, so I guess there's something else to be patched in Cfengine 3, but I don't know what exactly.. Here's the debug output after the code has been patched: - http://unix-heaven.org/FreeBSD/cfengine-freebsd/2nd-run-cf-agent-debug.out Could someone more familiar with Cfengine 3 than me please review the patch and let me know what/where to look further? Thanks and regards, Marin -- Marin Atanasov Nikolov dnaeon AT gmail DOT com daemon AT unix-heaven DOT org http://www.unix-heaven.org/ _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
