Re: simple return array from other "code"
I'm afraid you can't make functions (like a normal programming does) in
cfengine.
To get closed to your expectation, you might need to create global variables
(bundle common) of the outputs of your commands/scripts then you could call it
up in every bundle. For instance;
body common control
{
bundlesequence => { "def","foo","bar" };
}
bundle common def
{
vars:
"global_result" string => execresult("/bin/ls /","noshell");
"global_split" slist => splitstring("$(global_result)"," ","100");
}
bundle agent foo
{
reports:
Yr2010::
"Found: $(def.global_result)";
}
bundle agent bar
{
vars:
"local_split" slist => { @(def.global_split) };
reports:
Yr2010::
"Found: $(local_split)";
}
Note that, you can only iterate common slist variable over local variables so
you need to pass a global slist variable to a local one in your bundle.
Cheers,
--Nakarin
On Apr 27, 2010, at 4:24 PM, Jakub Viták wrote:
> Hi again.
>
> If anyone have a little free time, I will be very grateful if give few
> tips about functions.
>
> Thank you, Jakub V.
>
> Original Message
> Subject: Re: simple return array from other "code"
> Date: Mon, 26 Apr 2010 08:03:55 +0200
> From: Jakub Viták
> To: Nakarin Phooripoom
>
>
> Hello Nakarin.
>
> Thank you for quick response - it works :)
>
> On more question.
>
> Could I do same with agents? Or is it better to define var and let other
> part
> to work with it by global access.
>
> I am still little touched with normal programming :D
>
> Please see my example script - http://pastebin.intuxication.org/202
> (your - working way)
> and way I would like to have something like this -
> http://pastebin.intuxication.org/203
>
> Current error I have, with second example above
>
> [j...@dexter .cfagent]$ cf-agent -I -f ./fun2.cf
> cf3:./fun2.cf:18,27: Unknown built-in function gen(), near token ')'
> No such FnCall "gen()" in promise @ ./fun2.cf near line 18
>
>
> If I could summary my problem - I don't know howto make functions and
> call them
> on demand.
>
>
> Best regards, Jakub V.
>
>
> On 04/25/2010 11:58 PM, Nakarin Phooripoom wrote:
>> You could get a string from a shell command by execresult() then split the
>> string up to an slist by splitstring()
>>
>> ##
>> vars:
>> "result" string => execresult("/bin/ls /","noshell");
>> "split" slist => splitstring("$(result)"," ","100");
>>
>> reports:
>> Yr2010::
>> "Found: $(split)";
>> ##
>>
>> Cheers,
>> --Nakarin
>
>
> ___
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: simple return array from other "code"
Thank you Nakarin .. a lot! On 04/30/2010 11:54 AM, Nakarin Phooripoom wrote: > I'm afraid you can't make functions (like a normal programming does) in > cfengine. > > To get closed to your expectation, you might need to create global variables > (bundle common) of the outputs of your commands/scripts then you could call > it up in every bundle. For instance; > > ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Super-scaled cfengine server?
Has anybody out there ever tried scaling up a cfengine server (v2.1 or v2.2) on a really big, fast server? I'm thinking on the order of 4 sockets, 24 cores, and a 10Gbit NIC. This is to support a particularly massive (and temporary) flood of cfagent requests to synchronize their local policy. It's going to be a lot easier to scale the server up in this case rather than adjust the policy to distribute requests to multiple cfservd's. So what's the experience out there? Can cfservd scale up and keep 10Gbit of bandwidth busy? Can it utilize 24 cores? Will it fall over or thrash on internal locks trying to run that many threads? -- Paul Krizak 7171 Southwest Pkwy MS B200.3A MTS Systems EngineerAustin, TX 78735 Advanced Micro Devices Desk: (512) 602-8775 Linux/Unix Systems Engineering Cell: (512) 791-0686 Global IT InfrastructureFax: (512) 602-0468 ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Super-scaled cfengine server?
On 30 Apr 2010, at 4:06 pm, Paul Krizak wrote: > Has anybody out there ever tried scaling up a cfengine server (v2.1 or > v2.2) on a really big, fast server? I'm thinking on the order of 4 > sockets, 24 cores, and a 10Gbit NIC. > > This is to support a particularly massive (and temporary) flood of > cfagent requests to synchronize their local policy. It's going to be a > lot easier to scale the server up in this case rather than adjust the > policy to distribute requests to multiple cfservd's. How many clients are you talking about? And how much policy? I have 2300 clients updating policy once an hour from a small 1GigE-connected, dual socket server (four cores total) which also runs Splunk and nagios, so is quite busy with other things, and it copes just fine, with a load average of 0.38. Total size of all policy files on my setup is 2.9 MB. cfengine version is 2.2.8. The SplayTime is also one hour, so the cfengine load on the server is more or less steady. Tim -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Super-scaled cfengine server?
I'm talking about 5,000 systems each updating about 50MB of policy data over a 1-2 hour span. Paul Krizak 7171 Southwest Pkwy MS B200.3A MTS Systems EngineerAustin, TX 78735 Advanced Micro Devices Desk: (512) 602-8775 Linux/Unix Systems Engineering Cell: (512) 791-0686 Global IT InfrastructureFax: (512) 602-0468 On 04/30/10 10:30, Tim Cutts wrote: > > On 30 Apr 2010, at 4:06 pm, Paul Krizak wrote: > >> Has anybody out there ever tried scaling up a cfengine server (v2.1 or >> v2.2) on a really big, fast server? I'm thinking on the order of 4 >> sockets, 24 cores, and a 10Gbit NIC. >> >> This is to support a particularly massive (and temporary) flood of >> cfagent requests to synchronize their local policy. It's going to be a >> lot easier to scale the server up in this case rather than adjust the >> policy to distribute requests to multiple cfservd's. > > How many clients are you talking about? And how much policy? I have 2300 > clients updating policy once an hour from a small 1GigE-connected, dual > socket server (four cores total) which also runs Splunk and nagios, so is > quite busy with other things, and it copes just fine, with a load average of > 0.38. Total size of all policy files on my setup is 2.9 MB. cfengine > version is 2.2.8. The SplayTime is also one hour, so the cfengine load on > the server is more or less steady. > > Tim > ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Super-scaled cfengine server?
I think the issue is where Linux can support this many cores. My understanding was that the Linux kernel was limited to 8 cores, but this is only hearsay. Paul Krizak wrote: > Has anybody out there ever tried scaling up a cfengine server (v2.1 or > v2.2) on a really big, fast server? I'm thinking on the order of 4 > sockets, 24 cores, and a 10Gbit NIC. > > This is to support a particularly massive (and temporary) flood of > cfagent requests to synchronize their local policy. It's going to be a > lot easier to scale the server up in this case rather than adjust the > policy to distribute requests to multiple cfservd's. > > So what's the experience out there? Can cfservd scale up and keep > 10Gbit of bandwidth busy? Can it utilize 24 cores? Will it fall over > or thrash on internal locks trying to run that many threads? > -- Mark Burgess - Professor of Network and System Administration Oslo University College, Norway Personal Web: http://www.iu.hio.no/~mark Office Telf : +47 22453272 - ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Super-scaled cfengine server?
On 4/30/10 8:30 AM, "Tim Cutts" wrote: > On 30 Apr 2010, at 4:06 pm, Paul Krizak wrote: > >> Has anybody out there ever tried scaling up a cfengine server (v2.1 or >> v2.2) on a really big, fast server? I'm thinking on the order of 4 >> sockets, 24 cores, and a 10Gbit NIC. >> >> This is to support a particularly massive (and temporary) flood of >> cfagent requests to synchronize their local policy. It's going to be a >> lot easier to scale the server up in this case rather than adjust the >> policy to distribute requests to multiple cfservd's. > > How many clients are you talking about? And how much policy? I have 2300 > clients updating policy once an hour from a small 1GigE-connected, dual socket > server (four cores total) which also runs Splunk and nagios, so is quite busy > with other things, and it copes just fine, with a load average of 0.38. Total > size of all policy files on my setup is 2.9 MB. cfengine version is 2.2.8. > The SplayTime is also one hour, so the cfengine load on the server is more or > less steady. If you've got a policy or a script that builds your cfengine servers (and you should), it's not hard to build more cfservds (well, technically, cfservd is usually running everywhere...and all our hosts are clients and servers...but you know what I mean). So... Why not stick a few of them behind a load balanced VIP? DSR would be best in this case, since it would off-load return traffic and scale the NETWORK INTERFACE, RAM, etc (not just add cores). This is generally how you scale throughput for any other server farm (youtube.com doesn't run on one massive server). I've said it before -- load balancers can be cheap and free. I've supported some very popular ecommerce sites using nothing but commodity hardware and OSS (I grumbled a lot, but it worked). ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Super-scaled cfengine server?
Agree 100% on what you're saying here. And if this was a permanent load, this would be the route I'm taking. But I'm talking about supporting this level of load for a very short period of time (we're merging a couple datacenters and having to reinstall every server all at once, minimizing the customer impact and downtime, so speed is king). So while setting up load balancers, scaling out the hosts, etc. are all a great idea for a long-term solution, it's too much work for a single weekend. That's why I'm going for a scale-up (we have the server and 10Gbit network already, not a load balancer). The main thing I'm asking is if anybody has had any experience scaling up a cfservd to this much work, and whether or not it fell over. Paul Krizak 7171 Southwest Pkwy MS B200.3A MTS Systems EngineerAustin, TX 78735 Advanced Micro Devices Desk: (512) 602-8775 Linux/Unix Systems Engineering Cell: (512) 791-0686 Global IT InfrastructureFax: (512) 602-0468 On 04/30/10 11:24, michoski wrote: > On 4/30/10 8:30 AM, "Tim Cutts" wrote: >> On 30 Apr 2010, at 4:06 pm, Paul Krizak wrote: >> >>> Has anybody out there ever tried scaling up a cfengine server (v2.1 or >>> v2.2) on a really big, fast server? I'm thinking on the order of 4 >>> sockets, 24 cores, and a 10Gbit NIC. >>> >>> This is to support a particularly massive (and temporary) flood of >>> cfagent requests to synchronize their local policy. It's going to be a >>> lot easier to scale the server up in this case rather than adjust the >>> policy to distribute requests to multiple cfservd's. >> >> How many clients are you talking about? And how much policy? I have 2300 >> clients updating policy once an hour from a small 1GigE-connected, dual >> socket >> server (four cores total) which also runs Splunk and nagios, so is quite busy >> with other things, and it copes just fine, with a load average of 0.38. >> Total >> size of all policy files on my setup is 2.9 MB. cfengine version is 2.2.8. >> The SplayTime is also one hour, so the cfengine load on the server is more or >> less steady. > > If you've got a policy or a script that builds your cfengine servers (and > you should), it's not hard to build more cfservds (well, technically, > cfservd is usually running everywhere...and all our hosts are clients and > servers...but you know what I mean). > > So... Why not stick a few of them behind a load balanced VIP? DSR would be > best in this case, since it would off-load return traffic and scale the > NETWORK INTERFACE, RAM, etc (not just add cores). > > This is generally how you scale throughput for any other server farm > (youtube.com doesn't run on one massive server). I've said it before -- > load balancers can be cheap and free. I've supported some very popular > ecommerce sites using nothing but commodity hardware and OSS (I grumbled a > lot, but it worked). > > ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Super-scaled cfengine server?
IIRC, it depends on architecture and a compile-time kernel option. The smallest supported maximum value (e.g. a "lowest highest point", so to speak) that I know of for x86/x86_64 systems is 32 CPUs. Furthermore, I think that Linux treats each core as full-blown CPU, without caring how many specific cores on a single die (at least, it doens't care for these purposes, scheduling is a different matter...) On RHEL5 boxes, I think the limits are 32 CPUs for 32bit systems, and 512 for 64bit systems.[1] However, you can tweak the CONFIG_NR_CPUS Kconfig option if you roll your own kernel, and the limit goes up to something around 4096 in later kernels. Linux should have no problems supporting the hardware originially mentioned (we routinly use CentOS on 32 core, 512GB RAM boxes). A more interesting question will be if cfservd and the IO system can make use of the rest of the hardware. :) [1] http://www.cyberciti.biz/tips/maximum-memory-and-cpu-limitations-for-linux-server.html On Fri, Apr 30, 2010 at 12:22:43PM -0400, Mark Burgess wrote: >I think the issue is where Linux can support this many cores. My understanding >was that >the Linux kernel was limited to 8 cores, but this is only hearsay. > >Paul Krizak wrote: >> Has anybody out there ever tried scaling up a cfengine server (v2.1 or >> v2.2) on a really big, fast server? I'm thinking on the order of 4 >> sockets, 24 cores, and a 10Gbit NIC. >> >> This is to support a particularly massive (and temporary) flood of >> cfagent requests to synchronize their local policy. It's going to be a >> lot easier to scale the server up in this case rather than adjust the >> policy to distribute requests to multiple cfservd's. >> >> So what's the experience out there? Can cfservd scale up and keep >> 10Gbit of bandwidth busy? Can it utilize 24 cores? Will it fall over >> or thrash on internal locks trying to run that many threads? >> > >-- >Mark Burgess > >- >Professor of Network and System Administration >Oslo University College, Norway > >Personal Web: http://www.iu.hio.no/~mark >Office Telf : +47 22453272 >- >___ >Help-cfengine mailing list >Help-cfengine@cfengine.org >https://cfengine.org/mailman/listinfo/help-cfengine -- Jesse Becker NHGRI Linux support (Digicon Contractor) ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Super-scaled cfengine server?
Nah, Linux supports up to 1024 cores, depending on the distro. And with TCP offload technology and memory-mapped I/O in modern 10Gbit NICs, you can saturate a 10Gbit link without even pegging a CPU. The linux scheduler has no trouble at all keeping that many processes busy (we have 48-core 512GB boxes that we peg at 100% on a regular basis). So Linux isn't going to be the scaling issue. The main thing I'm concerned with is what cfservd will do when it is asked to fork 1000+ copies of itself to accept the flood of incoming connections. Linux will diligently schedule the processes to available CPUs, and the NIC will definitely keep up, but will cfservd hit some internal sub-process limit, run out of ports, hit some issue with lock contention, or otherwise not scale up to this level? The most load I've ever put on cfservd has been about simultaneous 500 processes on a single server saturating a 2Gbit link. It worked fine. What happens when I kick up all of the variables by 2-5x? Paul Krizak 7171 Southwest Pkwy MS B200.3A MTS Systems EngineerAustin, TX 78735 Advanced Micro Devices Desk: (512) 602-8775 Linux/Unix Systems Engineering Cell: (512) 791-0686 Global IT InfrastructureFax: (512) 602-0468 On 04/30/10 11:22, Mark Burgess wrote: > > I think the issue is where Linux can support this many cores. My > understanding was that > the Linux kernel was limited to 8 cores, but this is only hearsay. > > Paul Krizak wrote: >> Has anybody out there ever tried scaling up a cfengine server (v2.1 or >> v2.2) on a really big, fast server? I'm thinking on the order of 4 >> sockets, 24 cores, and a 10Gbit NIC. >> >> This is to support a particularly massive (and temporary) flood of >> cfagent requests to synchronize their local policy. It's going to be a >> lot easier to scale the server up in this case rather than adjust the >> policy to distribute requests to multiple cfservd's. >> >> So what's the experience out there? Can cfservd scale up and keep >> 10Gbit of bandwidth busy? Can it utilize 24 cores? Will it fall over >> or thrash on internal locks trying to run that many threads? >> > ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Super-scaled cfengine server?
On 30 Apr 2010, at 5:22 pm, Mark Burgess wrote: > > I think the issue is where Linux can support this many cores. My > understanding was that > the Linux kernel was limited to 8 cores, but this is only hearsay. As others have said, Linux supports many many more cores than that, and has done for some time. SGI did a lot of work on the Linux kernel for their Altix systems, which have supported hundreds of CPUs for years, and most of SGI's work was put into the mainline kernel; they didn't keep it to themselves. I don't currently have any systems with more than 16 cores (although one of those is a small SGI Altix) Tim -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: Super-scaled cfengine server?
Forum: Cfengine Help Subject: Re: Super-scaled cfengine server? Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,17053,17061#msg-17061 You would seem to be the first to try this ;) I hope you write a paper. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Super-scaled cfengine server?
Then I'm not sure what my friend was talking about. As long as you increase the max connections to allow threads, it's up the libraries. Cfengine doesn't care how many connections you have, only pthreads. Paul Krizak wrote: > Nah, Linux supports up to 1024 cores, depending on the distro. And with > TCP offload technology and memory-mapped I/O in modern 10Gbit NICs, you > can saturate a 10Gbit link without even pegging a CPU. The linux > scheduler has no trouble at all keeping that many processes busy (we > have 48-core 512GB boxes that we peg at 100% on a regular basis). > > So Linux isn't going to be the scaling issue. The main thing I'm > concerned with is what cfservd will do when it is asked to fork 1000+ > copies of itself to accept the flood of incoming connections. Linux > will diligently schedule the processes to available CPUs, and the NIC > will definitely keep up, but will cfservd hit some internal sub-process > limit, run out of ports, hit some issue with lock contention, or > otherwise not scale up to this level? > > The most load I've ever put on cfservd has been about simultaneous 500 > processes on a single server saturating a 2Gbit link. It worked fine. > What happens when I kick up all of the variables by 2-5x? > > Paul Krizak 7171 Southwest Pkwy MS B200.3A > MTS Systems EngineerAustin, TX 78735 > Advanced Micro Devices Desk: (512) 602-8775 > Linux/Unix Systems Engineering Cell: (512) 791-0686 > Global IT InfrastructureFax: (512) 602-0468 > > On 04/30/10 11:22, Mark Burgess wrote: >> >> I think the issue is where Linux can support this many cores. My >> understanding was that >> the Linux kernel was limited to 8 cores, but this is only hearsay. >> >> Paul Krizak wrote: >>> Has anybody out there ever tried scaling up a cfengine server (v2.1 or >>> v2.2) on a really big, fast server? I'm thinking on the order of 4 >>> sockets, 24 cores, and a 10Gbit NIC. >>> >>> This is to support a particularly massive (and temporary) flood of >>> cfagent requests to synchronize their local policy. It's going to be a >>> lot easier to scale the server up in this case rather than adjust the >>> policy to distribute requests to multiple cfservd's. >>> >>> So what's the experience out there? Can cfservd scale up and keep >>> 10Gbit of bandwidth busy? Can it utilize 24 cores? Will it fall over >>> or thrash on internal locks trying to run that many threads? >>> >> > -- Mark Burgess - Professor of Network and System Administration Oslo University College, Norway Personal Web: http://www.iu.hio.no/~mark Office Telf : +47 22453272 - ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Restarting a daemon on all hosts
I'm running Cfengine Nova and I'm now going back to some measurements promises I worked on a while back. I've now recalled that whenever measurements promises change, cf-monitord needs to be restarted. So I'm trying to determine how I can restart all of my hosts' cf-monitord processes. One thought I had is to create an empty file on the policy server that clients will pull down when they see it. Then, when a client detects the local copy of the file, it restarts cf-monitord. Does that seem like a reasonable approach? Does anyone have alternate suggestions? Or am I missing something? Thanks, Justin -- Justin C. Lloyd Unix Infrastructure Engineer DigitalGlobe, An Imaging and Information Company This electronic communication and any attachments may contain confidential and proprietary information of DigitalGlobe, Inc. If you are not the intended recipient, or an agent or employee responsible for delivering this communication to the intended recipient, or if you have received this communication in error, please do not print, copy, retransmit, disseminate or otherwise use the information. Please indicate to the sender that you have received this communication in error, and delete the copy you received. DigitalGlobe reserves the right to monitor any electronic communication sent or received by its employees, agents or representatives. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
RE: Cfengine Help: Re: Monitoring Cfengine processes
Thanks for the responses everyone. I'm going to discuss the options with my colleagues and our operations center that manages our Zenoss configuration. Justin -Original Message- From: help-cfengine-boun...@cfengine.org [mailto:help-cfengine-boun...@cfengine.org] On Behalf Of fo...@cfengine.com Sent: Wednesday, April 28, 2010 10:53 AM To: help-cfengine@cfengine.org Subject: Cfengine Help: Re: Monitoring Cfengine processes Forum: Cfengine Help Subject: Re: Monitoring Cfengine processes Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,17005,17021#msg-17021 If the host is up and the CF policy is sufficiently robust then no serious monitoring should be needed. A simple TCP port check would be a nice to have but make sure that its threshold allows for Cfengine to recover before alarms go off. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine This electronic communication and any attachments may contain confidential and proprietary information of DigitalGlobe, Inc. If you are not the intended recipient, or an agent or employee responsible for delivering this communication to the intended recipient, or if you have received this communication in error, please do not print, copy, retransmit, disseminate or otherwise use the information. Please indicate to the sender that you have received this communication in error, and delete the copy you received. DigitalGlobe reserves the right to monitor any electronic communication sent or received by its employees, agents or representatives. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Restarting a daemon on all hosts
The normal thing is to use cfengine to restart the pieces when the policy changes by seeing when a copy occurs from the policy server. Justin Lloyd wrote: > I'm running Cfengine Nova and I'm now going back to some measurements > promises I worked on a while back. I've now recalled that whenever > measurements promises change, cf-monitord needs to be restarted. So I'm > trying to determine how I can restart all of my hosts' cf-monitord > processes. > > One thought I had is to create an empty file on the policy server that > clients will pull down when they see it. Then, when a client detects the > local copy of the file, it restarts cf-monitord. > > Does that seem like a reasonable approach? Does anyone have alternate > suggestions? Or am I missing something? > > Thanks, > Justin > -- Mark Burgess - Professor of Network and System Administration Oslo University College, Norway Personal Web: http://www.iu.hio.no/~mark Office Telf : +47 22453272 - ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
RE: Restarting a daemon on all hosts
Thanks, Mark. I actually thought about doing that and that's one of the things led me to notice that Cfengine restarts itself at 5 AM in process_matching.cf. However, since by default the process_matching bundle is evaluated before any of my custom bundles and in general it's not a good idea to mess with update.cf, I'd need to implement my own bundle. So would it make sense just to essentially duplicate the cf_components variable and restart_cf processes promise from process_matching.cf? And is there a reason this "normal thing" wasn't included in update.cf? I just want to make sure I am not missing something in the logic. Justin -Original Message- From: Mark Burgess [mailto:mark.burg...@iu.hio.no] Sent: Friday, April 30, 2010 12:51 PM To: Justin Lloyd Cc: help-cfengine@cfengine.org Subject: Re: Restarting a daemon on all hosts The normal thing is to use cfengine to restart the pieces when the policy changes by seeing when a copy occurs from the policy server. Justin Lloyd wrote: > I'm running Cfengine Nova and I'm now going back to some measurements > promises I worked on a while back. I've now recalled that whenever > measurements promises change, cf-monitord needs to be restarted. So I'm > trying to determine how I can restart all of my hosts' cf-monitord > processes. > > One thought I had is to create an empty file on the policy server that > clients will pull down when they see it. Then, when a client detects the > local copy of the file, it restarts cf-monitord. > > Does that seem like a reasonable approach? Does anyone have alternate > suggestions? Or am I missing something? > > Thanks, > Justin > -- Mark Burgess - Professor of Network and System Administration Oslo University College, Norway Personal Web: http://www.iu.hio.no/~mark Office Telf : +47 22453272 - This electronic communication and any attachments may contain confidential and proprietary information of DigitalGlobe, Inc. If you are not the intended recipient, or an agent or employee responsible for delivering this communication to the intended recipient, or if you have received this communication in error, please do not print, copy, retransmit, disseminate or otherwise use the information. Please indicate to the sender that you have received this communication in error, and delete the copy you received. DigitalGlobe reserves the right to monitor any electronic communication sent or received by its employees, agents or representatives. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Restarting a daemon on all hosts
I am not completely up to date on the latest update.cf, there has been a lot of development there for Nova. If you think something is missing there, I would report to to support so it gets into the next release. M Justin Lloyd wrote: > Thanks, Mark. I actually thought about doing that and that's one of the > things led me to notice that Cfengine restarts itself at 5 AM in > process_matching.cf. However, since by default the process_matching > bundle is evaluated before any of my custom bundles and in general it's > not a good idea to mess with update.cf, I'd need to implement my own > bundle. > > So would it make sense just to essentially duplicate the cf_components > variable and restart_cf processes promise from process_matching.cf? And > is there a reason this "normal thing" wasn't included in update.cf? I > just want to make sure I am not missing something in the logic. > > Justin > > -Original Message- > From: Mark Burgess [mailto:mark.burg...@iu.hio.no] > Sent: Friday, April 30, 2010 12:51 PM > To: Justin Lloyd > Cc: help-cfengine@cfengine.org > Subject: Re: Restarting a daemon on all hosts > > > The normal thing is to use cfengine to restart the pieces when the > policy changes > by seeing when a copy occurs from the policy server. > > Justin Lloyd wrote: >> I'm running Cfengine Nova and I'm now going back to some measurements >> promises I worked on a while back. I've now recalled that whenever >> measurements promises change, cf-monitord needs to be restarted. So > I'm >> trying to determine how I can restart all of my hosts' cf-monitord >> processes. >> >> One thought I had is to create an empty file on the policy server that >> clients will pull down when they see it. Then, when a client detects > the >> local copy of the file, it restarts cf-monitord. >> >> Does that seem like a reasonable approach? Does anyone have alternate >> suggestions? Or am I missing something? >> >> Thanks, >> Justin >> > -- Mark Burgess - Professor of Network and System Administration Oslo University College, Norway Personal Web: http://www.iu.hio.no/~mark Office Telf : +47 22453272 - ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
RE: Restarting a daemon on all hosts
Ah, gotcha. Thanks, Mark. I'll open a ticket on this. Justin -Original Message- From: Mark Burgess [mailto:mark.burg...@iu.hio.no] Sent: Friday, April 30, 2010 1:03 PM To: Justin Lloyd Cc: help-cfengine@cfengine.org Subject: Re: Restarting a daemon on all hosts I am not completely up to date on the latest update.cf, there has been a lot of development there for Nova. If you think something is missing there, I would report to to support so it gets into the next release. M Justin Lloyd wrote: > Thanks, Mark. I actually thought about doing that and that's one of the > things led me to notice that Cfengine restarts itself at 5 AM in > process_matching.cf. However, since by default the process_matching > bundle is evaluated before any of my custom bundles and in general it's > not a good idea to mess with update.cf, I'd need to implement my own > bundle. > > So would it make sense just to essentially duplicate the cf_components > variable and restart_cf processes promise from process_matching.cf? And > is there a reason this "normal thing" wasn't included in update.cf? I > just want to make sure I am not missing something in the logic. > > Justin > > -Original Message- > From: Mark Burgess [mailto:mark.burg...@iu.hio.no] > Sent: Friday, April 30, 2010 12:51 PM > To: Justin Lloyd > Cc: help-cfengine@cfengine.org > Subject: Re: Restarting a daemon on all hosts > > > The normal thing is to use cfengine to restart the pieces when the > policy changes > by seeing when a copy occurs from the policy server. > > Justin Lloyd wrote: >> I'm running Cfengine Nova and I'm now going back to some measurements >> promises I worked on a while back. I've now recalled that whenever >> measurements promises change, cf-monitord needs to be restarted. So > I'm >> trying to determine how I can restart all of my hosts' cf-monitord >> processes. >> >> One thought I had is to create an empty file on the policy server that >> clients will pull down when they see it. Then, when a client detects > the >> local copy of the file, it restarts cf-monitord. >> >> Does that seem like a reasonable approach? Does anyone have alternate >> suggestions? Or am I missing something? >> >> Thanks, >> Justin >> > -- Mark Burgess - Professor of Network and System Administration Oslo University College, Norway Personal Web: http://www.iu.hio.no/~mark Office Telf : +47 22453272 - This electronic communication and any attachments may contain confidential and proprietary information of DigitalGlobe, Inc. If you are not the intended recipient, or an agent or employee responsible for delivering this communication to the intended recipient, or if you have received this communication in error, please do not print, copy, retransmit, disseminate or otherwise use the information. Please indicate to the sender that you have received this communication in error, and delete the copy you received. DigitalGlobe reserves the right to monitor any electronic communication sent or received by its employees, agents or representatives. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: cfengine.org mailing list memberships reminder
Forum: Cfengine Help Subject: Re: cfengine.org mailing list memberships reminder Author: Authority Link to topic: https://cfengine.com/forum/read.php?3,17070,17071#msg-17071 That's probably not something you want to post for everyone to see. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Needless/wrong SETUID reporting and logging
Forum: Cfengine Help
Subject: Needless/wrong SETUID reporting and logging
Author: Authority
Link to topic: https://cfengine.com/forum/read.php?3,17072,17072#msg-17072
I have a promise that sets the permissions on an binary to be SETUID root.
"/usr/X11R6/bin/xscreensaver"
comment => "SetUID so root can break user lock" ,
create => "false" ,
perms => mog("4755" , "root" , "root");
Obviously that opens up the potential for exploit so Cfengine gives a very
obvious report that it occurred, which is nice. But now, every time I run
cf-agent, I get the message:
NEW SETUID root PROGRAM /usr/X11R6/bin/xscreensaver
Edited file /var/cache/cfengine3/cfagent.hostname.log
This occurs if the promise is repaired or kept. So even if the binary was
already SETUID, it reports it as "NEW" and adds a line to the aforementioned
log file. That's not particularly helpful and could potentially end up wasting
a lot of disk space, but is it also a bug?
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
