Forum: CFEngine Help
Subject: Re: avoiding double-runs to converge when using template operations
Author: jgreer
Link to topic: https://cfengine.com/forum/read.php?3,27428,27455#msg-27455
Hi Neil,
I think you're right that this is a matter of logic for us. We're hoping you
can help.
We hold CFEngine policy and CFEngine-managed files in a single subversion
repository. Our changesets, then, consist of both updates to policy and
managed files, applied atomically at the master. That's a pretty firm
requirement to our team, related (I think) to the problem Nick's describing.
We want to able to view related changes to policy and backing files as a
logical unit, since we mutually review each other's commits to version control.
The way we had CFEngine 2 set up, updates to policy must have occurred prior to
execution of policy within a single agent run, because if I made a change to
policy on the server, the agents would act on that policy at the next run.
The way we have CFEngine 3 set up, the agent seems to execute on what's in
/var/cfengine/inputs at the time the agent run starts, regardless of whether
"recent" policy changes (that is, updates made within the last window of agent
runs) are available at the master. I make a change to policy in Cfengine 3,
that change is realized after two agent runs, not one.
I would have guessed that reordering of bundles in the bundlesequence would be
the solution here, but here's what we've currently got:
bundlesequence => {
"group", # sets Yale suborganization-specific variables, allowing us to
federate shared code to other units
"classes", # defines soft classes
"update", # updates policy in /var/cfengine/inputs
"main" # starting point for real CFEngine logic; from here, we daisy-chain
invocation of all other bundles by way of 'methods' promises
};
Unfortunately, even though our copy statements for fetching new policy appear
in the bundlesequence prior to any real 'meat,' CFEngine appears only to act on
the policy it drew into memory when the agent began to execute.
This has been a minor nuisance for us for awhile, but lately it's becoming
really problematic as we make use of templatization. Our template files are
tightly coupled with policy now, since they rely on variables declared in
policy. Therefore, having the agent execute on policy from SVN revision N and
content from revision N+1 gets us into trouble in a way it didn't before.
I'm wondering if the right thing to do here is configure execd to explicitly
run just the 'update' bundle (or 'failsafe', which for us, is basically the
same thing) prior to promises.cf.
We have now:
exec_command =>
"$(sys.workdir)/bin/cf-agent; $(sys.workdir)/bin/cf-agent -f
/var/cfengine/inputs/failsafe.cf";
So I'd propose switching to:
exec_command =>
"$(sys.workdir)/bin/cf-agent -f /var/cfengine/inputs/failsafe.cf;
$(sys.workdir)/bin/cf-agent; $(sys.workdir)/bin/cf-agent -f
/var/cfengine/inputs/failsafe.cf";
I think this would work, but it's somewhat unsightly. Does this seem like a
reasonable solution to the problem to you? Do you have other ideas?
Thanks,
-Jessica
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
