Forum: CFEngine Help
Subject: Controling Linux processes via chkconfig and service
Author: [email protected]
Link to topic: https://cfengine.com/forum/read.php?3,23577,23577#msg-23577
Thanks to Mark, a new function called getvalues() was introduced in 3.1.5.
Here's an example of a policy that uses this new function, and also
administrates services via the chkconfig / service commands.
Hope this helps someone trying to grasp service management on RHEL / CentOS /
Fedora.
There's two groups here. The first group is the "standard set of services"
that you want enabled / disabled everywhere. Then, I break out on enabling /
disabling specific one-off services via classes and calls to the method
usebundle to customize services running on specific groups of machines.
Thanks
Mike
bundle agent rhel6_services
{
vars:
redhat_6::
###################################### RUNNING SERVICES
#######################################################
# running_service is what the cmd output is in the output of ps
-ef in the process table.
# services we want running.
"running_service" slist => {
"ntpd",
"mdadm",
"crond",
"/usr/sbin/snmpd",
"/usr/sbin/sshd",
"udevd",
"/sbin/rsyslogd",
"kipmi0",
"automount",
"rpc.statd",
"splunkd",
"mcelog", };
# running_service_name is what the service is refered to via
the chkconfig or service command.
# every entry from running_service needs to have an entry here.
Its what gets referenced in chkconfig and service cmds.
# Setting a value to this array in here will chkconfig on the
service across all RHEL6 machines.
"running_service_name" string => "ntpd";
"running_service_name" string => "mdmonitor";
"running_service_name" string => "crond";
"running_service_name" string => "snmpd";
"running_service_name" string => "sshd";
"running_service_name" string => "udev-post";
"running_service_name" string => "rsyslog";
"running_service_name" string => "ipmi";
"running_service_name" string => "autofs";
"running_service_name" string => "nfslock";
"running_service_name" string => "splunk";
"running_service_name" string => "mcelogd";
"running_service_chkconfig" slist =>
getvalues("running_service_name");
###################################### RUNNING SERVICES
#######################################################
###################################### DISABLED SERVICES
#######################################################
# services we dont want running. this is what we would find in
the output of ps -ef in the process table.
"stop_service" slist => {
"/usr/sbin/atd",
"/usr/sbin/abrtd",
"cpuspeed",
"hald",
"kdump",
"dbus-daemon",
"rhnsd",
"rpc.gssd",
"rpc.idmapd", };
# stopped_service_name is what the service is refered to via
the chkconfig or service command.
# every entry from stop_service needs to have an entry here.
Its what gets referenced in chkconfig and service cmnds.
# Setting a value to this array in here will chkconfig off the
service across all RHEL6 machines.
"stopped_service_name" string => "atd";
"stopped_service_name" string => "abrtd";
"stopped_service_name" string => "cpuspeed";
"stopped_service_name" string => "haldaemon";
"stopped_service_name" string => "kdump";
"stopped_service_name" string => "messagebus";
"stopped_service_name" string => "rhnsd";
"stopped_service_name" string => "rpcgssd";
"stopped_service_name" string => "rpcidmapd";
"stopped_service_chkconfig" slist =>
getvalues("stopped_service_name");
###################################### DISABLED SERVICES
#######################################################
classes:
redhat_6::
"$(running_service_chkconfig)_turn_on" expression =>
returnszero("/sbin/chkconfig $(running_service_chkconfig) --list | cut -f5 |
grep off > /dev/null 2>&1","useshell");
redhat_6::
"$(stopped_service_chkconfig)_turn_off" expression =>
returnszero("/sbin/chkconfig $(stopped_service_chkconfig) --list | cut -f5 |
grep on > /dev/null 2>&1","useshell");
redhat_6::
"rhsmcertd_exists" expression =>
fileexists("/etc/init.d/rhsmcertd");
redhat_6::
"xinetd_enabled_hosts" or =>
{"hostname1_corp", "hostname2_prod", };
processes:
# running_service, an slist which expands to a single service
(implicent cfengine looping), is cchecked in the process table.
# If its not found, we raise the "restart" class. This class gets
executed upon in the commands section.
redhat_6::
"$(running_service)"
restart_class =>
canonify("$(running_service)_start");
# If we found a service in the process table that we dont want running,
then execute its stop function using service..
redhat_6::
"$(stop_service)"
process_stop => "/sbin/service
$(stopped_service_name[$(stop_service)]) stop";
files:
redhat_6::
"/var/log/service_management.log"
edit_line =>
append_if_no_line("$(sys.cdate):$(running_service) was found offline. Cfengine
starting process."),
ifvarclass =>
canonify("$(running_service)_start");
redhat_6::
"/var/log/service_management.log"
edit_line =>
append_if_no_line("$(sys.cdate):$(running_service_chkconfig) was found disabled
in chkconfig. Cfengine enabling."),
ifvarclass =>
canonify("$(running_service_chkconfig)_turn_on");
redhat_6::
"/var/log/service_management.log"
edit_line =>
append_if_no_line("$(sys.cdate):$(stopped_service_chkconfig) was found enabled
in chkconfig. Cfengine disabling."),
ifvarclass =>
canonify("$(stopped_service_chkconfig)_turn_off");
commands:
redhat_6::
# If we didn't discover the running process and raised
restart_class in the processes: section above,
# execute the service command to fire it up
"/sbin/service $(running_service_name[$(running_service)])
start"
ifvarclass =>
canonify("$(running_service)_start");
redhat_6::
# If we discovered that this service should be enabled on boot,
but chkconfig has it off, then flip the switch.
"/sbin/chkconfig $(running_service_chkconfig) on"
ifvarclass =>
canonify("$(running_service_chkconfig)_turn_on");
redhat_6::
# If we discoverd that this service should be disabled on boot,
but chkconfig has it on, then flip the switch.
"/sbin/chkconfig $(stopped_service_chkconfig) off"
ifvarclass =>
canonify("$(stopped_service_chkconfig)_turn_off");
methods:
rhsmcertd_exists::
"any" usebundle =>
disable_single_service("rhsmcertd","rhsmcertd");
redhat_6.!xinetd_enabled_hosts::
"any" usebundle =>
disable_single_service("xinetd","xinetd");
xinetd_enabled_hosts::
"any" usebundle =>
enable_single_service("xinetd","xinetd");
reports:
redhat_6::
"cf3: RHEL6 service $(running_service_name[$(running_service)])
was restarted on $(sys.host)"
ifvarclass =>
canonify("$(running_service)_start");
redhat_6::
"cf3: RHEL6 service $(stopped_service_name[$(stop_service)])
was disabled on $(sys.host)"
ifvarclass =>
canonify("$(stop_service)_stop");
redhat_6::
"cf3: RHEL6 service $(running_service_chkconfig) was found off
when it should be on. Executing chkconfig to enable on $(sys.host)"
ifvarclass =>
canonify("$(running_service_chkconfig)_turn_on");
redhat_6::
"cf3: RHEL6 service $(stopped_service_chkconfig) was found on
when it should be off. Executing chkconfig to disable on $(sys.host)"
ifvarclass =>
canonify("$(stopped_service_chkconfig)_turn_off");
}
######################################################################################################
bundle agent disable_single_service(process_name, service_name)
{
classes:
redhat_6::
"$(service_name)_turn_off" expression =>
returnszero("/sbin/chkconfig $(service_name) --list | cut -f5 | grep on >
/dev/null 2>&1","useshell");
processes:
# If we found a service in the process table that we dont want running,
then execute its stop function using service..
redhat_6::
"$(process_name)"
process_stop => "/sbin/service $(service_name)
stop";
files:
redhat_6::
"/etc/cm.conf"
handle =>
"rhel6_insert_single_service_chkconfig_off_cm_conf",
edit_line =>
append_if_no_line("$(sys.cdate):$(service_name) was found enabled in chkconfig.
Cfengine disabling."),
ifvarclass =>
canonify("$(service_name)_turn_off");
commands:
redhat_6::
# If we discoverd that this service should be disabled on boot,
but chkconfig has it on, then flip the switch.
"/sbin/chkconfig $(service_name) off"
ifvarclass =>
canonify("$(service_name)_turn_off");
reports:
redhat_6::
"cf3: RHEL6 service $(service_name) was found on when it should
be off. Executing chkconfig to disable on $(sys.host)"
ifvarclass =>
canonify("$(service_name)_turn_off");
}
######################################################################################################
bundle agent enable_single_service(process_name, service_name)
{
classes:
redhat_6::
"$(service_name)_turn_on" expression =>
returnszero("/sbin/chkconfig $(service_name) --list | cut -f5 | grep off >
/dev/null 2>&1","useshell");
processes:
# If we didn't discover the running process and raised restart_class in
the processes: section above,
# execute the service command to fire it up
redhat_6::
"$(process_name)"
restart_class =>
canonify("$(process_name)_start");
files:
redhat_6::
"/etc/cm.conf"
handle =>
"rhel6_insert_single_service_chkconfig_on_cm_conf",
edit_line =>
append_if_no_line("$(sys.cdate):$(service_name) was found disabled in
chkconfig. Cfengine enabling."),
ifvarclass =>
canonify("$(service_name)_turn_on");
commands:
# If we didn't discover the running process and raised restart_class in
the processes: section above,
# execute the service command to fire it up
"/sbin/service $(service_name) start"
ifvarclass =>
canonify("$(process_name)_start");
redhat_6::
# If we discovered that this service should be enabled on boot,
but chkconfig has it off, then flip the switch.
"/sbin/chkconfig $(service_name) on"
ifvarclass =>
canonify("$(service_name)_turn_on");
reports:
redhat_6::
"cf3: RHEL6 service $(service_name) was found off when it
should be on. Executing chkconfig to enable on $(sys.host)"
ifvarclass =>
canonify("$(service_name)_turn_on");
}
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
