On Fri, Sep 2, 2011 at 8:12 AM, <no-re...@cfengine.com> wrote:
> Forum: CFEngine Help
> Subject: warnings and promise compliance
> Author: neilhwatson
> Link to topic: https://cfengine.com/forum/read.php?3,23315,23315#msg-23315
>
> Today I wrote a files promise to keep a file's mode and ownership. The
> promise's action was 'warn_only'. I also have a commands promise that is warn
> only. What I noticed was that if either promise needed repairing the files
> promise was noted as promise kept while the commands promise was noted as
> promise repaired.
Dear Neil,
Here is what I observed with a warn_only files type promise:
If the file permissions are as promised, then "promise_kept" is true.
If the file permissions are not as promised, and warn_only is set,
then "promise_kept" is not true, and "promise_repaired" is not true.
(This differs from your observation above. Did I misunderstand you? If so,
perhaps you could post your policy?)
The behavior I observed matches my expectations. The promise (of
permissions 755, and owner "root") was neither kept (the file was
different, I made it mode 000 before running cf-agent) nor repaired
(due to warn_only action). This promise falls in that third category
of CFEngine's outcome report - a promise not repaired.
Here is an example of catching this case with a custom class:
{{{
body common control {
inputs => { "/var/cfengine/inputs/cfengine_stdlib.cf" };
bundlesequence => { "example" };
}
bundle agent example {
files:
"/tmp/test.txt"
perms => mo("755","root"),
action => warn_only,
classes => my_if_repaired_or_kept("repaired","kept");
reports:
repaired:: "repaired";
kept:: "kept";
(!repaired)&(!kept):: "not repaired";
}
body classes my_if_repaired_or_kept(x,y)
{
promise_repaired => { "$(x)" };
promise_kept => { "$(y)" };
}
}}}
Yours truly,
-at
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
