package_list_update_ifelapsed

2010-06-07 Thread Vasiliy G Tolstov
What format has package_list_update_ifelapsed? Does it need commas
("") ?

body package_method generic { 
  package_list_update_ifelapsed => 240; 
...
...
}

Produce following error:

CheckParseInt(package_list_update_ifelapsed => 240/)
SplitString([],,=44)
Check ListLen
Fatal cfengine error: INTERN: format specifier for int rvalues is not ok
for lval package_list_update_ifelapsed - got 1 items
Unappending Fatal cfengine error: INTERN: format specifier for int
rvalues is not ok for lval package_list_update_ifelapsed - got 1 items


-- 
Vasiliy G Tolstov 
Selfip.Ru

___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Re: package_list_update_ifelapsed

2010-06-07 Thread Seva Gluschenko
Vasily,

in general, every parameter except nested calls (functions, compound
bodies, or edit_line bundles) must be enquoted ("").

 body package_method generic {
   package_list_update_ifelapsed => "240";

   ...
}

2010/6/7 Vasiliy G Tolstov :
> What format has package_list_update_ifelapsed? Does it need commas
> ("") ?
>
> body package_method generic {
>  package_list_update_ifelapsed => 240;
> ...
> ...
> }
>
> Produce following error:
>
> CheckParseInt(package_list_update_ifelapsed => 240/)
> SplitString([],,=44)
> Check ListLen
> Fatal cfengine error: INTERN: format specifier for int rvalues is not ok
> for lval package_list_update_ifelapsed - got 1 items
> Unappending Fatal cfengine error: INTERN: format specifier for int
> rvalues is not ok for lval package_list_update_ifelapsed - got 1 items
>
>
> --
> Vasiliy G Tolstov 
> Selfip.Ru
>
> ___
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
>



-- 
SY, Seva Gluschenko.
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Re: package_list_update_ifelapsed

2010-06-07 Thread Vasiliy G Tolstov
В Пнд, 07/06/2010 в 13:57 +0400, Seva Gluschenko пишет:
> Vasily,
> 
> in general, every parameter except nested calls (functions, compound
> bodies, or edit_line bundles) must be enquoted ("").
> 
>  body package_method generic {
>package_list_update_ifelapsed => "240";
> 
>...
> }

I'm asked, because i'm already tried with/without quotes.
This is not matter - error not disappeared.

-- 
Vasiliy G Tolstov 
Selfip.Ru

___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Re: package_list_update_ifelapsed

2010-06-07 Thread Seva Gluschenko
Well, it might mean that package_list_update_command haven't been
defined, or this parameter is restricted to certain package managers
list, or you've faced a bug. Cfengine developers must know better )

2010/6/7 Vasiliy G Tolstov :
> В Пнд, 07/06/2010 в 13:57 +0400, Seva Gluschenko пишет:
>> Vasily,
>>
>> in general, every parameter except nested calls (functions, compound
>> bodies, or edit_line bundles) must be enquoted ("").
>>
>>  body package_method generic {
>>    package_list_update_ifelapsed => "240";
>>
>>    ...
>> }
>
> I'm asked, because i'm already tried with/without quotes.
> This is not matter - error not disappeared.
>
> --
> Vasiliy G Tolstov 
> Selfip.Ru
>
>



-- 
SY, Seva Gluschenko.
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Re: package_list_update_ifelapsed

2010-06-07 Thread Vasiliy G Tolstov
В Пнд, 07/06/2010 в 14:19 +0400, Seva Gluschenko пишет:
> Well, it might mean that package_list_update_command haven't been
> defined, or this parameter is restricted to certain package managers
> list, or you've faced a bug. Cfengine developers must know better )

Hm... Can anyone from developers helps me?

-- 
Vasiliy G Tolstov 
Selfip.Ru

___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Re: package_list_update_ifelapsed

2010-06-07 Thread Mark Burgess

I don't get any errors if I write:

 package_list_update_ifelapsed => "240";# 4 hours

Check that there is no binary weirdness in your input file? Also check that you 
have PCRE
and it is built with bison/flex. I have seen odd things happen with legacy 
tools.

On 06/07/2010 01:44 PM, Vasiliy G Tolstov wrote:
> В Пнд, 07/06/2010 в 14:19 +0400, Seva Gluschenko пишет:
>> Well, it might mean that package_list_update_command haven't been
>> defined, or this parameter is restricted to certain package managers
>> list, or you've faced a bug. Cfengine developers must know better )
> 
> Hm... Can anyone from developers helps me?
> 
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Re: package_list_update_ifelapsed

2010-06-07 Thread Nakarin Phooripoom
I got an error on 3.0.4p2, but it seemed fine when I upgraded to 3.0.5a2.

Cheers,
--Nakarin

On Jun 7, 2010, at 2:23 PM, Mark Burgess wrote:

> 
> I don't get any errors if I write:
> 
> package_list_update_ifelapsed => "240";   # 4 hours
> 
> Check that there is no binary weirdness in your input file? Also check that 
> you have PCRE
> and it is built with bison/flex. I have seen odd things happen with legacy 
> tools.
> 
> On 06/07/2010 01:44 PM, Vasiliy G Tolstov wrote:
>> В Пнд, 07/06/2010 в 14:19 +0400, Seva Gluschenko пишет:
>>> Well, it might mean that package_list_update_command haven't been
>>> defined, or this parameter is restricted to certain package managers
>>> list, or you've faced a bug. Cfengine developers must know better )
>> 
>> Hm... Can anyone from developers helps me?
>> 
> ___
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine

___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Re: package_list_update_ifelapsed

2010-06-07 Thread Vasiliy G Tolstov
В Пнд, 07/06/2010 в 14:23 +0200, Mark Burgess пишет:
> I don't get any errors if I write:
> 
>  package_list_update_ifelapsed => "240";  # 4 hours
> 
> Check that there is no binary weirdness in your input file? Also check that 
> you have PCRE
> and it is built

cf3   > Parsing file /var/cfengine/inputs/library/pm.cf
cf3 Fatal cfengine error: INTERN: format specifier for int rvalues is
not ok for lval package_list_update_ifelapsed - got 1 items
cf3 Outcome of version 0.0.0.1: No checks were scheduled


selfip library # cat /var/cfengine/inputs/library/pm.cf


body package_method generic {
  package_list_update_ifelapsed => "240";# 4 hours
  suse::
package_changes => "bulk";
package_list_command => "/usr/bin/zypper packages";
package_patch_list_command => "/usr/bin/zypper patches";
package_installed_regex => "i.*";
package_list_name_regex=> "[^|]+\|[^|]+\|\s+([^\s]+).*";
package_list_version_regex => "[^|]+\|[^|]+\|[^|]+\|\s+([^\s]+).*";
package_list_arch_regex=> "[^|]+\|[^|]+\|[^|]+\|[^|]+\|\s+([^
\s]+).*";
package_list_update_command => "/usr/bin/zypper refresh";
package_patch_installed_regex => ".*Installed.*|.*Not Applicable.*";
package_patch_name_regex=> "[^|]+\|\s+([^\s]+).*";
package_patch_version_regex => "[^|]+\|[^|]+\|\s+([^\s]+).*";
package_name_convention => "$(name)";
package_add_command => "/usr/bin/zypper -non-interactive install";
package_delete_command => "/usr/bin/zypper -non-interactive remove
--force-resolution";
package_update_command => "/usr/bin/zypper -non-interactive update";
package_patch_command => "/usr/bin/zypper -non-interactive patch$";
# $ means no args
package_verify_command => "/usr/bin/zypper -non-interactive verify
$";

  redhat::
package_changes => "bulk";
package_list_command => "/usr/bin/yum -C list installed";
package_list_name_regex=> "([^.]+).*";
package_list_version_regex => "[^\s]\s+([^\s]+).*";
package_list_arch_regex=> "[^.]+\.([^\s]+).*";
package_list_update_command => "/usr/bin/yum -y update";
package_installed_regex => ".*installed.*";
package_name_convention => "$(name).$(arch)";
package_add_command => "/usr/bin/yum  -y install";
package_delete_command => "/bin/rpm -e";
package_verify_command => "/bin/rpm -V";

  debian::
package_changes => "bulk";
package_list_command => "/usr/bin/dpkg -l";
package_list_name_regex=> "ii\s+([^\s]+).*";
package_list_version_regex => "ii\s+[^\s]+\s+([^\s]+).*";
package_installed_regex => ".*"; # all reported are installed
package_name_convention => "$(name)";

  debian.have_aptitude::
package_add_command => "/usr/bin/aptitude --assume-yes -q install";
package_delete_command => "/usr/bin/aptitude --assume-yes -q
remove";
package_update_command =>  "/usr/bin/aptitude --assume-yes -q
install";
package_list_update_command => "/usr/bin/aptitude update";

  debian.!have_aptitude::
package_add_command => "/usr/bin/apt-get --yes -q install";
package_delete_command => "/usr/bin/apt-get --yes -q remove";
package_update_command =>  "/usr/bin/apt-get --yes -q install";
package_list_update_command => "/usr/bin/apt update";

  freebsd::
package_changes => "individual";
package_list_command => "/usr/sbin/pkg_info";
package_list_name_regex=> "([^-]+).*";
package_list_version_regex => "[^-]+-([^\s]+).*";
package_name_regex=> "([^-]+).*";
package_version_regex => "[^-]+-([^\s]+).*";
package_installed_regex => ".*";
package_name_convention => "$(name)";
package_add_command => "/usr/sbin/pkg_add -r";
package_delete_command => "/usr/sbin/pkg_delete -f";
package_list_update_command => "/usr/bin/csup -g -z -L 1 -h
cvsup4.ru.freebsd.org /usr/share/examples/cvsup/ports-supfile";

  gentoo::
package_add_command => "/usr/bin/emerge";
package_delete_command => "/usr/bin/emerge --unmerge";
package_update_command =>  "/usr/bin/emerge --update --deep";
package_list_update_command => "/usr/bin/emerge --sync";
}


selfip library # ldd /var/cfengine/bin/cf-agent | grep pcre
libpcre.so.0 => /lib/libpcre.so.0 (0x0036d000)


-- 
Vasiliy G Tolstov 
Selfip.Ru

___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Re: package_list_update_ifelapsed

2010-06-07 Thread Vasiliy G Tolstov
В Пнд, 07/06/2010 в 14:33 +0200, Nakarin Phooripoom пишет:
> I got an error on 3.0.4p2, but it seemed fine when I upgraded to 3.0.5a2.
> 
> Cheers,
> --Nakarin

I'm use 3.0.4... When 3.0.5 get officially available on the myspace
cfengine.org site? 


-- 
Vasiliy G Tolstov 
Selfip.Ru

___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Re: package_list_update_ifelapsed

2010-06-07 Thread Eystein Måløy Stenberg
Hi,
Remember to check if this has already been fixed in the bug tracker,
as it has in your case.
See https://cfengine.com/bugtracker/view.php?id=122
Going to bug.cfengine.com, clicking "View Issues" and searching for
e.g. "Fatal cfengine error: INTERN" would have shown you this.
Fix will be included in 3.0.5 which is ready for you very soon.

--
Regards,
Eystein

On Mon, Jun 7, 2010 at 2:34 PM, Vasiliy G Tolstov  wrote:
> В Пнд, 07/06/2010 в 14:23 +0200, Mark Burgess пишет:
>> I don't get any errors if I write:
>>
>>      package_list_update_ifelapsed => "240";          # 4 hours
>>
>> Check that there is no binary weirdness in your input file? Also check that 
>> you have PCRE
>> and it is built
>
> cf3   > Parsing file /var/cfengine/inputs/library/pm.cf
> cf3 Fatal cfengine error: INTERN: format specifier for int rvalues is
> not ok for lval package_list_update_ifelapsed - got 1 items
> cf3 Outcome of version 0.0.0.1: No checks were scheduled
>
>
> selfip library # cat /var/cfengine/inputs/library/pm.cf
>
>
> body package_method generic {
>  package_list_update_ifelapsed => "240";            # 4 hours
>  suse::
>    package_changes => "bulk";
>    package_list_command => "/usr/bin/zypper packages";
>    package_patch_list_command => "/usr/bin/zypper patches";
>    package_installed_regex => "i.*";
>    package_list_name_regex    => "[^|]+\|[^|]+\|\s+([^\s]+).*";
>    package_list_version_regex => "[^|]+\|[^|]+\|[^|]+\|\s+([^\s]+).*";
>    package_list_arch_regex    => "[^|]+\|[^|]+\|[^|]+\|[^|]+\|\s+([^
> \s]+).*";
>    package_list_update_command => "/usr/bin/zypper refresh";
>    package_patch_installed_regex => ".*Installed.*|.*Not Applicable.*";
>    package_patch_name_regex    => "[^|]+\|\s+([^\s]+).*";
>    package_patch_version_regex => "[^|]+\|[^|]+\|\s+([^\s]+).*";
>    package_name_convention => "$(name)";
>    package_add_command => "/usr/bin/zypper -non-interactive install";
>    package_delete_command => "/usr/bin/zypper -non-interactive remove
> --force-resolution";
>    package_update_command => "/usr/bin/zypper -non-interactive update";
>    package_patch_command => "/usr/bin/zypper -non-interactive patch$";
> # $ means no args
>    package_verify_command => "/usr/bin/zypper -non-interactive verify
> $";
>
>  redhat::
>    package_changes => "bulk";
>    package_list_command => "/usr/bin/yum -C list installed";
>    package_list_name_regex    => "([^.]+).*";
>    package_list_version_regex => "[^\s]\s+([^\s]+).*";
>    package_list_arch_regex    => "[^.]+\.([^\s]+).*";
>    package_list_update_command => "/usr/bin/yum -y update";
>    package_installed_regex => ".*installed.*";
>    package_name_convention => "$(name).$(arch)";
>    package_add_command => "/usr/bin/yum  -y install";
>    package_delete_command => "/bin/rpm -e";
>    package_verify_command => "/bin/rpm -V";
>
>  debian::
>    package_changes => "bulk";
>    package_list_command => "/usr/bin/dpkg -l";
>    package_list_name_regex    => "ii\s+([^\s]+).*";
>    package_list_version_regex => "ii\s+[^\s]+\s+([^\s]+).*";
>    package_installed_regex => ".*"; # all reported are installed
>    package_name_convention => "$(name)";
>
>  debian.have_aptitude::
>    package_add_command => "/usr/bin/aptitude --assume-yes -q install";
>    package_delete_command => "/usr/bin/aptitude --assume-yes -q
> remove";
>    package_update_command =>  "/usr/bin/aptitude --assume-yes -q
> install";
>    package_list_update_command => "/usr/bin/aptitude update";
>
>  debian.!have_aptitude::
>    package_add_command => "/usr/bin/apt-get --yes -q install";
>    package_delete_command => "/usr/bin/apt-get --yes -q remove";
>    package_update_command =>  "/usr/bin/apt-get --yes -q install";
>    package_list_update_command => "/usr/bin/apt update";
>
>  freebsd::
>    package_changes => "individual";
>    package_list_command => "/usr/sbin/pkg_info";
>    package_list_name_regex    => "([^-]+).*";
>    package_list_version_regex => "[^-]+-([^\s]+).*";
>    package_name_regex    => "([^-]+).*";
>    package_version_regex => "[^-]+-([^\s]+).*";
>    package_installed_regex => ".*";
>    package_name_convention => "$(name)";
>    package_add_command => "/usr/sbin/pkg_add -r";
>    package_delete_command => "/usr/sbin/pkg_delete -f";
>    package_list_update_command => "/usr/bin/csup -g -z -L 1 -h
> cvsup4.ru.freebsd.org /usr/share/examples/cvsup/ports-supfile";
>
>  gentoo::
>    package_add_command => "/usr/bin/emerge";
>    package_delete_command => "/usr/bin/emerge --unmerge";
>    package_update_command =>  "/usr/bin/emerge --update --deep";
>    package_list_update_command => "/usr/bin/emerge --sync";
> }
>
>
> selfip library # ldd /var/cfengine/bin/cf-agent | grep pcre
>        libpcre.so.0 => /lib/libpcre.so.0 (0x0036d000)
>
>
> --
> Vasiliy G Tolstov 
> Selfip.Ru
>
> ___
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
>
___

Re: package_list_update_ifelapsed

2010-06-07 Thread Mark Burgess

Right noW! :)

On 06/07/2010 02:35 PM, Vasiliy G Tolstov wrote:
> В Пнд, 07/06/2010 в 14:33 +0200, Nakarin Phooripoom пишет:
>> I got an error on 3.0.4p2, but it seemed fine when I upgraded to 3.0.5a2.
>>
>> Cheers,
>> --Nakarin
> 
> I'm use 3.0.4... When 3.0.5 get officially available on the myspace
> cfengine.org site? 
> 
> 
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


3.0.5 source code released

2010-06-07 Thread Mark Burgess

Version 3.0.5 of the Cfengine 3 community edition source code is released
--

To download, please go to:

 http://www.cfengine.org/pages/source_code
 cfengine-3.0.5.tar.gz

MD5 41a76533251709c6a261430c1e1b5762
SHA1 3d014c410ad0479040b33f82d85fd737a28372bd

Date: June 07 2010 14:40:18 MET

(Community packages will follow)


This is principally a patch release. Change notes include:
-
3.0.5
Encryption problems fixed - client key buffer was uninitialized.

Classes-promisers are now automatically canonified when class
strings are defined, to simplifying the use of variables in classes.

New scalars sys.cf_version and sys.nova_version that hold Cfengine 
version
information.

Attribute package_delete_convention added, to allow customizable
package name in delete command during update.

package_list_update_ifelapsed limit added

Private variable $(firstrepo) is available in package_name_convention
and package_delete_convention in order to expand the full path to
a package, which is required by some managers.

Some of the threading code is rewritten and made more robust. This 
includes
synchronizing access to the lastseen database from the server.

Bad initialization of BSD flags fixed
Multiple variable expansion issues in control fixed for server and agent
Allow ignore_missing_bundles to affect methods: bundles too
Run agent trust dialogue fixed

Bug in CPU monitoring, increasing time scale caused linear decay
of CPU measurement.

Bug in Setuid log storage, fix.

Hooks added for new Nova virtualization promises.

Multithreading mutex failed to collide during cfservd leading to dropped
authentication under heavy load.

___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Re: 3.0.5 source code released

2010-06-07 Thread Vasiliy G Tolstov
В Пнд, 07/06/2010 в 14:49 +0200, Mark Burgess пишет:
> Version 3.0.5 of the Cfengine 3 community edition source code is released
> --
> 
> To download, please go to:
> 
>  http://www.cfengine.org/pages/source_code
>  cfengine-3.0.5.tar.gz
> 
> MD5 41a76533251709c6a261430c1e1b5762
> SHA1 3d014c410ad0479040b33f82d85fd737a28372bd
> 
> Date: June 07 2010 14:40:18 MET
> 
> (Community packages will follow)
> 
> 
> This is principally a patch release. Change notes include:


Hm... My work-around for * in inputs now "fixed" ?:)

-- 
Vasiliy G Tolstov 
Selfip.Ru

___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Re: package_list_update_ifelapsed

2010-06-07 Thread Vasiliy G Tolstov
В Пнд, 07/06/2010 в 14:44 +0200, Mark Burgess пишет:
> Right noW! :)
> 
> On 06/07/2010 02:35 PM, Vasiliy G Tolstov wrote:
> > В Пнд, 07/06/2010 в 14:33 +0200, Nakarin Phooripoom пишет:
> >> I got an error on 3.0.4p2, but it seemed fine when I upgraded to 3.0.5a2.
> >>
> >> Cheers,
> >> --Nakarin
> > 
> > I'm use 3.0.4... When 3.0.5 get officially available on the myspace
> > cfengine.org site? 
> > 
> > 

When packages is available on https://cfengine.com/inside/myspace ?
(mostly i'm work on gentoo system, but controlled servers under
different OSes...)

There any plans to add freebsd packages to site?

-- 
Vasiliy G Tolstov 
Selfip.Ru

___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Re: 3.0.5 source code released

2010-06-07 Thread Vasiliy G Tolstov
В Пнд, 07/06/2010 в 14:49 +0200, Mark Burgess пишет:
> Version 3.0.5 of the Cfengine 3 community edition source code is released
> --
> 

After upgrade server to 3.0.5 , my client servers can't connect with it:


client:

f3 Loaded /var/cfengine/ppkeys/root-77.221.141.148.pub
cf3 BAD: Unspecified server refusal (see verbose server output)
cf3  !! Authentication dialogue with 77.221.141.148 failed
cf3 Unable to establish connection with 77.221.141.148
cf3 No suitable server responded to hail
cf3 Promise (version not specified) belongs to bundle 'update' in file
'/var/cfengine/inputs/update.cf' near line 23
cf3 
cf3 .
cf3 Promise handle: 
cf3 Promise made by: /var/cfengine/modules
cf3 .
cf3 
cf3  -> Handling file existence constraints on /var/cfengine/modules
cf3  -> Promise to skip base directory /var/cfengine/modules
cf3  -> Handling file existence constraints
on /var/cfengine/modules/has_pkg
cf3  -> File permissions on /var/cfengine/modules/has_pkg as promised
cf3  -> Copy file /var/cfengine/modules from /var/cfengine/modules check
cf3 No existing connection to 77.221.141.148 is established...
cf3 Set cfengine port number to 5308 = 5308
cf3 Connect to 77.221.141.148 = 77.221.141.148 on port 5308
cf3 LastSaw host 77.221.141.148 now
cf3 Loaded /var/cfengine/ppkeys/root-77.221.141.148.pub



server:
cf3  -> Accepting a connection
cf3 Accepting connection from "217.170.84.182"
cf3 New connection...(from 217.170.84.182/4)
cf3 Spawning new thread...
cf3  -> No new promises found
cf3  -> Waiting at incoming select...
cf3 Received: [CAUTH 10.0.1.66 cf-server.virt root 0] on socket 4
cf3 IP address mismatch between client's assertion (10.0.1.66) and
socket (217.170.84.182) - untrustworthy connection
cf3 ID not verified
cf3 From (host=?,user=?,ip=217.170.84.182)
cf3 REFUSAL of request from connecting host: (CAUTH 10.0.1.66
cf-server.virt root 0)
cf3  -> Accepting a connection
cf3 Accepting connection from "217.170.84.182"



-- 
Vasiliy G Tolstov 
Selfip.Ru

___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Re: 3.0.5 source code released

2010-06-07 Thread Seva Gluschenko
Seems like your client changed its IP address after cf-key run.

Mark, it seems like IP assertion check must be moved back beyond
skipverify check, otherwise troubles may happen for multihomed hosts
and/or when a host changes its IP (i.e. it would need key
regeneration).

2010/6/7 Vasiliy G Tolstov :
> В Пнд, 07/06/2010 в 14:49 +0200, Mark Burgess пишет:
>> Version 3.0.5 of the Cfengine 3 community edition source code is released
>> --
>>
>
> After upgrade server to 3.0.5 , my client servers can't connect with it:
>
>
> client:
>
> f3 Loaded /var/cfengine/ppkeys/root-77.221.141.148.pub
> cf3 BAD: Unspecified server refusal (see verbose server output)
> cf3  !! Authentication dialogue with 77.221.141.148 failed
> cf3 Unable to establish connection with 77.221.141.148
> cf3 No suitable server responded to hail
> cf3 Promise (version not specified) belongs to bundle 'update' in file
> '/var/cfengine/inputs/update.cf' near line 23
> cf3
> cf3     .
> cf3     Promise handle:
> cf3     Promise made by: /var/cfengine/modules
> cf3     .
> cf3
> cf3  -> Handling file existence constraints on /var/cfengine/modules
> cf3  -> Promise to skip base directory /var/cfengine/modules
> cf3  -> Handling file existence constraints
> on /var/cfengine/modules/has_pkg
> cf3  -> File permissions on /var/cfengine/modules/has_pkg as promised
> cf3  -> Copy file /var/cfengine/modules from /var/cfengine/modules check
> cf3 No existing connection to 77.221.141.148 is established...
> cf3 Set cfengine port number to 5308 = 5308
> cf3 Connect to 77.221.141.148 = 77.221.141.148 on port 5308
> cf3 LastSaw host 77.221.141.148 now
> cf3 Loaded /var/cfengine/ppkeys/root-77.221.141.148.pub
>
>
>
> server:
> cf3  -> Accepting a connection
> cf3 Accepting connection from "217.170.84.182"
> cf3 New connection...(from 217.170.84.182/4)
> cf3 Spawning new thread...
> cf3  -> No new promises found
> cf3  -> Waiting at incoming select...
> cf3 Received: [CAUTH 10.0.1.66 cf-server.virt root 0] on socket 4
> cf3 IP address mismatch between client's assertion (10.0.1.66) and
> socket (217.170.84.182) - untrustworthy connection
> cf3 ID not verified
> cf3 From (host=?,user=?,ip=217.170.84.182)
> cf3 REFUSAL of request from connecting host: (CAUTH 10.0.1.66
> cf-server.virt root 0)
> cf3  -> Accepting a connection
> cf3 Accepting connection from "217.170.84.182"
>
>
>
> --
> Vasiliy G Tolstov 
> Selfip.Ru
>
> ___
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
>



-- 
SY, Seva Gluschenko.
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Re: 3.0.5 source code released

2010-06-07 Thread Vasiliy G Tolstov
В Пнд, 07/06/2010 в 17:52 +0400, Seva Gluschenko пишет:
> Seems like your client changed its IP address after cf-key run.
> 

Not thinking. Because i'm delete all keys and re-create it.

> Mark, it seems like IP assertion check must be moved back beyond
> skipverify check, otherwise troubles may happen for multihomed hosts
> and/or when a host changes its IP (i.e. it would need key
> regeneration).

Hm..

-- 
Vasiliy G Tolstov 
Selfip.Ru

___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Re: cfengine3 questions and suggestion

2010-06-07 Thread Bas van der Vlies
On 07-06-10 16:57, Bas van der Vlies wrote:
>>> I am using cfengine community edition 3.0.4 and i get this error/warning.
>>> But the class can not be true, because the environent variable is set.
>>> {{{
>>> !! Redefinition of a constant variable "CLUSTER"
>>> Promise (version 1.0.1) belongs to bundle 'g' in file
>>> '/var/lib/cfengine3/inputs/promises.cf' near line 51
>>> !! Redefinition of a constant variable "cluster_file"
>>> Promise (version 1.0.1) belongs to bundle 'g' in file
>>> '/var/lib/cfengine3/inputs/promises.cf' near line 52
>>> }}}
>>>
>>> the promises.cf file:
>>> {{{
>>> bundle common g
>>> {
>>> vars:
>>> "lisa" string =>   getenv("LISA_CLUSTER","1");
>>>
>>> LISA_CLUSTER::
>>>"CLUSTER" string =>   "LISA";
>>>"cluster_file" string =>   "lisa.cf";
>>>!LISA_CLUSTER::
>>>"CLUSTER" string =>   "NOT LISA";
>>>"cluster_file" string =>   "common.cf";
>>>
>>>
>>> classes:
>>> "LISA_CLUSTER" expression =>   strcmp("$(lisa)","1");
>>> }
>>>
>>> This is due the fact that vars is evaluated sooner the class is set. What i
>>> want is to import files based on a class that is not known. Or is there a
>>> better syntax for cf3 that i did not find.
>>>
>>
>> This should sort itself out. Make sure you are using a recent version, or 
>> wait for the
>> 3.0.5 release next week.
>>

I just upgraded to 3.0.5 and still receive these messages.



-- 

*  Bas van der Vliese-mail: b...@sara.nl   *
*  SARA - Academic Computing Services   Amsterdam, The Netherlands *

___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Re: 3.0.5 source code released

2010-06-07 Thread Mark Burgess

Pity you didn't suggest this an hour earlier. But ok.

Seva Gluschenko wrote:
> Seems like your client changed its IP address after cf-key run.
> 
> Mark, it seems like IP assertion check must be moved back beyond
> skipverify check, otherwise troubles may happen for multihomed hosts
> and/or when a host changes its IP (i.e. it would need key
> regeneration).
> 
> 2010/6/7 Vasiliy G Tolstov :
>> В Пнд, 07/06/2010 в 14:49 +0200, Mark Burgess пишет:
>>> Version 3.0.5 of the Cfengine 3 community edition source code is released
>>> --
>>>
>> After upgrade server to 3.0.5 , my client servers can't connect with it:
>>
>>
>> client:
>>
>> f3 Loaded /var/cfengine/ppkeys/root-77.221.141.148.pub
>> cf3 BAD: Unspecified server refusal (see verbose server output)
>> cf3  !! Authentication dialogue with 77.221.141.148 failed
>> cf3 Unable to establish connection with 77.221.141.148
>> cf3 No suitable server responded to hail
>> cf3 Promise (version not specified) belongs to bundle 'update' in file
>> '/var/cfengine/inputs/update.cf' near line 23
>> cf3
>> cf3 .
>> cf3 Promise handle:
>> cf3 Promise made by: /var/cfengine/modules
>> cf3 .
>> cf3
>> cf3  -> Handling file existence constraints on /var/cfengine/modules
>> cf3  -> Promise to skip base directory /var/cfengine/modules
>> cf3  -> Handling file existence constraints
>> on /var/cfengine/modules/has_pkg
>> cf3  -> File permissions on /var/cfengine/modules/has_pkg as promised
>> cf3  -> Copy file /var/cfengine/modules from /var/cfengine/modules check
>> cf3 No existing connection to 77.221.141.148 is established...
>> cf3 Set cfengine port number to 5308 = 5308
>> cf3 Connect to 77.221.141.148 = 77.221.141.148 on port 5308
>> cf3 LastSaw host 77.221.141.148 now
>> cf3 Loaded /var/cfengine/ppkeys/root-77.221.141.148.pub
>>
>>
>>
>> server:
>> cf3  -> Accepting a connection
>> cf3 Accepting connection from "217.170.84.182"
>> cf3 New connection...(from 217.170.84.182/4)
>> cf3 Spawning new thread...
>> cf3  -> No new promises found
>> cf3  -> Waiting at incoming select...
>> cf3 Received: [CAUTH 10.0.1.66 cf-server.virt root 0] on socket 4
>> cf3 IP address mismatch between client's assertion (10.0.1.66) and
>> socket (217.170.84.182) - untrustworthy connection
>> cf3 ID not verified
>> cf3 From (host=?,user=?,ip=217.170.84.182)
>> cf3 REFUSAL of request from connecting host: (CAUTH 10.0.1.66
>> cf-server.virt root 0)
>> cf3  -> Accepting a connection
>> cf3 Accepting connection from "217.170.84.182"
>>
>>
>>
>> --
>> Vasiliy G Tolstov 
>> Selfip.Ru
>>
>> ___
>> Help-cfengine mailing list
>> Help-cfengine@cfengine.org
>> https://cfengine.org/mailman/listinfo/help-cfengine
>>
> 
> 
> 

-- 
Mark Burgess

-
Professor of Network and System Administration
Oslo University College, Norway

Personal Web: http://www.iu.hio.no/~mark
Office Telf : +47 22453272
-
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Array of slist

2010-06-07 Thread Daniel Dehennin
Hello,

In the reference manual I found that array can be of type scalar or
list, but I did not manage to use list iteration:

--8<---cut here---start->8---
body common control
{
bundlesequence => { "test" };
version => "0.0.2";
}

bundle agent test
{

vars:

any::

"array[key1]" slist => {"val1"};
"array[key2]" slist => {"val2.1", "val2.2"};
"array[key3]" slist => {"val3"};

"keys" slist => getindices("array");

commands:

"/bin/echo $(keys) "
args => "$(array[$(keys)])";
}
--8<---cut here---end--->8---

Results in:

--8<---cut here---start->8---
/usr/sbin/cf-agent -K 
Q: ".../bin/echo key1 ": key1 $(array[key1])
I: Last 1 QUOTEed lines were generated by promiser "/bin/echo key1  
$(array[key1])"
I: Made in version '0.0.2' of '/home/dad/.cfagent/inputs/promises.cf' near line 
23
Q: ".../bin/echo key2 ": key2 $(array[key2])
I: Last 1 QUOTEed lines were generated by promiser "/bin/echo key2  
$(array[key2])"
I: Made in version '0.0.2' of '/home/dad/.cfagent/inputs/promises.cf' near line 
23
Q: ".../bin/echo key3 ": key3 $(array[key3])
I: Last 1 QUOTEed lines were generated by promiser "/bin/echo key3  
$(array[key3])"
I: Made in version '0.0.2' of '/home/dad/.cfagent/inputs/promises.cf' near line 
23
--8<---cut here---end--->8---

I found no example, in tutorial, reference manual, solution guide or
policy starter kit.

Any hints?

Thanks.
-- 
Daniel Dehennin
Récupérer ma clef GPG:
gpg --keyserver pgp.mit.edu --recv-keys 0x6A2540D1


pgpxk2PxosMBE.pgp
Description: PGP signature
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Centralized report of repairs

2010-06-07 Thread Justin Lloyd
Hi all,

I'd like to generate a report of all* changes Cfengine makes on systems
for auditing and awareness purposes. If, for example, the same change is
being made a lot on a system (e.g. fixing /etc/passwd permissions), then
we would know something is wrong and could investigate it more deeply.

Cfengine Nova (I don't know about community) logs local promise repairs
to /var/cfengine/nova_repair.log, which is rotated weekly. Here are a
couple of example lines: 

Thu Jun  3 21:32:21
2010,fix_resolver_configuration_file,fix_resolver_configuration_file,Ens
ure /etc/resolv.conf file exists and is
correct,/var/cfengine/inputs/dg.bundles.cf,262
Thu Jun  3 21:34:16
2010,_fetch_public_ssh_key,ensure_authorized_ssh_key_exists,Ensure
user's authorized_keys file contains remote user's public
key,/var/cfengine/inputs/dg.ssh_keys.cf,98 

I was thinking of having each policy server fetch the nova_repair.log
from all of its hosts each day prior to rotation and generating a
summary report that is easily skimmable by humans. However, before I
start really diving into such an approach, I was wondering if anyone has
been wanting or doing something similar.

Thanks,
Justin 

*By "all" I would filter out a lot of standard changes, like those done
by Nova's generate_reports.cf.

-- 
Justin C. Lloyd 
Unix Infrastructure Engineer 
DigitalGlobe, An Imaging and Information Company



This electronic communication and any attachments may contain confidential and 
proprietary 
information of DigitalGlobe, Inc. If you are not the intended recipient, or an 
agent or employee 
responsible for delivering this communication to the intended recipient, or if 
you have received 
this communication in error, please do not print, copy, retransmit, disseminate 
or 
otherwise use the information. Please indicate to the sender that you have 
received this 
communication in error, and delete the copy you received. DigitalGlobe reserves 
the 
right to monitor any electronic communication sent or received by its 
employees, agents 
or representatives.

___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Re: Centralized report of repairs

2010-06-07 Thread Nicolas Charles
Hi Justin,

I considered also this approach, but instead I've set up a webdav server 
on a policy_server, and each client sending the reports on this webdav 
entry point. Hence the client can send it when he knows it is suitable, 
and the promises are much more easy to write

Nicolas

Justin Lloyd wrote:
> Hi all,
>
> I'd like to generate a report of all* changes Cfengine makes on systems
> for auditing and awareness purposes. If, for example, the same change is
> being made a lot on a system (e.g. fixing /etc/passwd permissions), then
> we would know something is wrong and could investigate it more deeply.
>
> Cfengine Nova (I don't know about community) logs local promise repairs
> to /var/cfengine/nova_repair.log, which is rotated weekly. Here are a
> couple of example lines: 
>
> Thu Jun  3 21:32:21
> 2010,fix_resolver_configuration_file,fix_resolver_configuration_file,Ens
> ure /etc/resolv.conf file exists and is
> correct,/var/cfengine/inputs/dg.bundles.cf,262
> Thu Jun  3 21:34:16
> 2010,_fetch_public_ssh_key,ensure_authorized_ssh_key_exists,Ensure
> user's authorized_keys file contains remote user's public
> key,/var/cfengine/inputs/dg.ssh_keys.cf,98 
>
> I was thinking of having each policy server fetch the nova_repair.log
> from all of its hosts each day prior to rotation and generating a
> summary report that is easily skimmable by humans. However, before I
> start really diving into such an approach, I was wondering if anyone has
> been wanting or doing something similar.
>
> Thanks,
> Justin 
>
> *By "all" I would filter out a lot of standard changes, like those done
> by Nova's generate_reports.cf.
>
>   

___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Re: Centralized report of repairs

2010-06-07 Thread Mark Burgess

Careful, such a `push' approach is unlikely to scale to more than a couple of 
hundred
machines.

FYI, Nova 1.2 (scheduled for October) will take a delta approach to report 
collection and
generation that will scale much better under pull for the full spectrum of 
reports.

M

Nicolas Charles wrote:
> Hi Justin,
> 
> I considered also this approach, but instead I've set up a webdav server 
> on a policy_server, and each client sending the reports on this webdav 
> entry point. Hence the client can send it when he knows it is suitable, 
> and the promises are much more easy to write
> 
> Nicolas
> 
> Justin Lloyd wrote:
>> Hi all,
>>
>> I'd like to generate a report of all* changes Cfengine makes on systems
>> for auditing and awareness purposes. If, for example, the same change is
>> being made a lot on a system (e.g. fixing /etc/passwd permissions), then
>> we would know something is wrong and could investigate it more deeply.
>>
>> Cfengine Nova (I don't know about community) logs local promise repairs
>> to /var/cfengine/nova_repair.log, which is rotated weekly. Here are a
>> couple of example lines: 
>>
>> Thu Jun  3 21:32:21
>> 2010,fix_resolver_configuration_file,fix_resolver_configuration_file,Ens
>> ure /etc/resolv.conf file exists and is
>> correct,/var/cfengine/inputs/dg.bundles.cf,262
>> Thu Jun  3 21:34:16
>> 2010,_fetch_public_ssh_key,ensure_authorized_ssh_key_exists,Ensure
>> user's authorized_keys file contains remote user's public
>> key,/var/cfengine/inputs/dg.ssh_keys.cf,98 
>>
>> I was thinking of having each policy server fetch the nova_repair.log
>> from all of its hosts each day prior to rotation and generating a
>> summary report that is easily skimmable by humans. However, before I
>> start really diving into such an approach, I was wondering if anyone has
>> been wanting or doing something similar.
>>
>> Thanks,
>> Justin 
>>
>> *By "all" I would filter out a lot of standard changes, like those done
>> by Nova's generate_reports.cf.
>>
>>   
> 
> ___
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine

-- 
Mark Burgess

-
Professor of Network and System Administration
Oslo University College, Norway

Personal Web: http://www.iu.hio.no/~mark
Office Telf : +47 22453272
-
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine


Re: Array of slist

2010-06-07 Thread Seva Gluschenko
It is known that the iteration depth of variables is limited in
Cfengine. As of 3.0.4p2 the following test.cf

body common control
{
bundlesequence => { "outer", "inner" };
}

bundle agent outer
{
 vars:
"arr[idx1]" string => "this is an array element";
"arr[idx2]" slist  => { "This", "is", "an", "array", "element", "too" };

"choice"string => "idx2";

 reports:
   Yr2010::
 "outer: $(arr[$(choice)])";
}

bundle agent inner
{
 vars:
 "idx" slist => getindices("outer.arr");

 reports:
   Yr2010::
 "inner: $(outer.arr[$(idx)])";
}

produced the following output:

R: outer: This
R: outer: is
R: outer: an
R: outer: array
R: outer: element
R: outer: too
R: inner: this is an array element
R: inner: $(outer.arr[idx2])

and 3.0.4 wasn't even capable to iterate over an slist in an array in
the outer bundle, so you're using some version earlier than 3.0.4p2, I
guess.

2010/6/7 Daniel Dehennin :
> Hello,
>
> In the reference manual I found that array can be of type scalar or
> list, but I did not manage to use list iteration:
>
> --8<---cut here---start->8---
> body common control
> {
>    bundlesequence => { "test" };
>    version => "0.0.2";
> }
>
> bundle agent test
> {
>
> vars:
>
>    any::
>
>        "array[key1]" slist => {"val1"};
>        "array[key2]" slist => {"val2.1", "val2.2"};
>        "array[key3]" slist => {"val3"};
>
>        "keys" slist => getindices("array");
>
> commands:
>
>    "/bin/echo $(keys) "
>        args => "$(array[$(keys)])";
> }
> --8<---cut here---end--->8---
>
> Results in:
>
> --8<---cut here---start->8---
> /usr/sbin/cf-agent -K
> Q: ".../bin/echo key1 ": key1 $(array[key1])
> I: Last 1 QUOTEed lines were generated by promiser "/bin/echo key1  
> $(array[key1])"
> I: Made in version '0.0.2' of '/home/dad/.cfagent/inputs/promises.cf' near 
> line 23
> Q: ".../bin/echo key2 ": key2 $(array[key2])
> I: Last 1 QUOTEed lines were generated by promiser "/bin/echo key2  
> $(array[key2])"
> I: Made in version '0.0.2' of '/home/dad/.cfagent/inputs/promises.cf' near 
> line 23
> Q: ".../bin/echo key3 ": key3 $(array[key3])
> I: Last 1 QUOTEed lines were generated by promiser "/bin/echo key3  
> $(array[key3])"
> I: Made in version '0.0.2' of '/home/dad/.cfagent/inputs/promises.cf' near 
> line 23
> --8<---cut here---end--->8---
>
> I found no example, in tutorial, reference manual, solution guide or
> policy starter kit.
>
> Any hints?
>
> Thanks.
> --
> Daniel Dehennin
> Récupérer ma clef GPG:
> gpg --keyserver pgp.mit.edu --recv-keys 0x6A2540D1
>
> ___
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
>
>



-- 
SY, Seva Gluschenko.
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine