Forum: CFEngine Help
Subject: Normal ordering, files and commands
Author: stchesmeli
Link to topic: https://cfengine.com/forum/read.php?3,27135,27135#msg-27135
Hi all :)
I'm writing a bundle to manage chrooted bind9 configuration.
I need to create null and random device inside the chroot, with 666 permission.
If I am not mistaken, there is no file directive for creating device, so i must
use commands directive to execute "mknod".
But i want to ensure that permission are always right, so i use a file
directive instead of use "-m 666" option with mknod
So, here is my code:
bundle agent config_bind9
{
vars:
"cbind_dir" string => "/DATA/chroot_named";
"cbind_user" string => "bind";
"mknod" string => "/bin/mknod";
"chmod" string => "/bin/chmod";
classes:
"cdev_null" not => fileexists ("${cbind_dir}/dev/null"); #
Test if null device exist
"cdev_random" not => fileexists ("${cbind_dir}/dev/random"); # Test if
random device exist
files:
"${cbind_dir}/dev/null"
comment => "Fix null device permission",
perms => mog("666", "root", "root"),
create => "false";
"${cbind_dir}/dev/random"
comment => "Fix random device permission",
perms => mog("666", "root", "root"),
create => "false";
commands:
"${mknod} ${cbind_dir}/dev/null c 1 3"
classes => if_repaired("cbind9_devs_null_repaired"),
ifvarclass => "cdev_null";
"${mknod} ${cbind_dir}/dev/random c 1 8"
classes => if_repaired("cbind9_devs_random_repaired"),
ifvarclass => "cdev_random";
What i was thinking:
With normal ordering and the 3 passes:
1 pass:
files don't exist, cdev_* classes are true, files permission are not fixed
(because of create => "false") and commands are executed (mknod ....) because
cdev_* classes are true
2 pass:
files now exist (first pass has created them with mknod commands), classes
cdev_* are false, permission are fixed by file directive, commands are not
executed because cdev_* classes are false
3 pass:
files still exist, classes cdev_* are still false, permission are not fixed
because 2and pass has already fixed them, commands are not executed because
cdev_* classes are false
But i fact that doesn't work.
what is really done is:
1 pass:
files don't exist, cdev_* classes are true, files permission are not fixed
(because of create => "false") and commands are executed (mknod ....) because
cdev_* classes are true
2 pass: nothing
3 pass: nothing
I don't understand why files permission are not corrected at the second pass ?
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
