On 03/23/2012 03:19 AM, no-re...@cfengine.com wrote: > Forum: CFEngine Help > Subject: Client issues > Author: tjavo87 > Link to topic: https://cfengine.com/forum/read.php?3,25362,25362#msg-25362 > > Hi All, > > I encounter a strange behaviour of our cliënts. When I change a promise file > on the policy server, the cliënt > does not see the change. (the md5 is different on policy server and cliënt)
Can you post the policy you have for updating? If you are using the cf_promises_validated file as a checkpoint for clients to notice if they have updates or not it could be that your times are off between the servers. Since cf_promises_validated doesn't have any content right now it can really only be checked on time modification. (3.3.0 is bringing a timestamp to that file so you can use digest to determine more accurately if there is an update or not.) Also if you haven't done something that updates the cf_promises_validated file on the server then the client wont recognize an updated policy is available for it. > The policy server, which is a cliënt of itself is the only one who has the > correct version of the files in the inputs > directory. This is likely because the policy server should ALWAYS update its inputs from masterfiles, remote clients typically only update the policy if cf_promises_validated has been updated. The default bootstrap update policy does not have the policyhub check the cf_promises_validated file, since the policy hub must update the cf_promises_validated file when updated policy has been validated to not have syntax errors. This cf_promises_validated checking serves two purposes. First it helps limit the load on the policyhub from clients checking a bunch of policy files that don't need checked each time. Second it helps you from distributing broken policy to all of your clients, since if there is a syntax error in the policy the cf_promises_validated file wont be updated, and thus the clients wont attempt to update all of the policy files. > When looking in the log of the cliënt, there is nothing strange. It only > tells that cfengine is running. > Mar 23 08:05:23 test cf3[32021]: R: Fri Mar 23 08:05:22 2012 --> CFE is > running on test > > All the files are valid when checking with cf-promises > When running cf-agent in verbose mode there is no error. > > If I change a config file that will be copiëd to a cliënt that change take > place. The new file will be copied tot he cliënt. (strange?) This is likely because you are using copy_from on a specific file to be distributed. Each time the policy runs the client checks that file for changes (for simplicity I am ignoring locking in this explanation). The rest of the policy that you are looking for updates from probably rely on the encompassing update which relies on cf_promises_validated. This should be easy to check. Try removing cf_promises_validated on the client and then running the agent update (cf-agent -KIB). Since no cf_promises_validated file exists on the client it will copy the latest one from the server and it will go ahead and see what other policy files need updated. -- Nick Anderson <n...@cmdln.org> _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
