package_list_update_ifelapsed
What format has package_list_update_ifelapsed? Does it need commas ("") ? body package_method generic { package_list_update_ifelapsed => 240; ... ... } Produce following error: CheckParseInt(package_list_update_ifelapsed => 240/) SplitString([],,=44) Check ListLen Fatal cfengine error: INTERN: format specifier for int rvalues is not ok for lval package_list_update_ifelapsed - got 1 items Unappending Fatal cfengine error: INTERN: format specifier for int rvalues is not ok for lval package_list_update_ifelapsed - got 1 items -- Vasiliy G Tolstov Selfip.Ru ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: package_list_update_ifelapsed
Vasily, in general, every parameter except nested calls (functions, compound bodies, or edit_line bundles) must be enquoted (""). body package_method generic { package_list_update_ifelapsed => "240"; ... } 2010/6/7 Vasiliy G Tolstov : > What format has package_list_update_ifelapsed? Does it need commas > ("") ? > > body package_method generic { > package_list_update_ifelapsed => 240; > ... > ... > } > > Produce following error: > > CheckParseInt(package_list_update_ifelapsed => 240/) > SplitString([],,=44) > Check ListLen > Fatal cfengine error: INTERN: format specifier for int rvalues is not ok > for lval package_list_update_ifelapsed - got 1 items > Unappending Fatal cfengine error: INTERN: format specifier for int > rvalues is not ok for lval package_list_update_ifelapsed - got 1 items > > > -- > Vasiliy G Tolstov > Selfip.Ru > > ___ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine > -- SY, Seva Gluschenko. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: package_list_update_ifelapsed
В Пнд, 07/06/2010 в 13:57 +0400, Seva Gluschenko пишет: > Vasily, > > in general, every parameter except nested calls (functions, compound > bodies, or edit_line bundles) must be enquoted (""). > > body package_method generic { >package_list_update_ifelapsed => "240"; > >... > } I'm asked, because i'm already tried with/without quotes. This is not matter - error not disappeared. -- Vasiliy G Tolstov Selfip.Ru ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: package_list_update_ifelapsed
Well, it might mean that package_list_update_command haven't been defined, or this parameter is restricted to certain package managers list, or you've faced a bug. Cfengine developers must know better ) 2010/6/7 Vasiliy G Tolstov : > В Пнд, 07/06/2010 в 13:57 +0400, Seva Gluschenko пишет: >> Vasily, >> >> in general, every parameter except nested calls (functions, compound >> bodies, or edit_line bundles) must be enquoted (""). >> >> body package_method generic { >> package_list_update_ifelapsed => "240"; >> >> ... >> } > > I'm asked, because i'm already tried with/without quotes. > This is not matter - error not disappeared. > > -- > Vasiliy G Tolstov > Selfip.Ru > > -- SY, Seva Gluschenko. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: package_list_update_ifelapsed
В Пнд, 07/06/2010 в 14:19 +0400, Seva Gluschenko пишет: > Well, it might mean that package_list_update_command haven't been > defined, or this parameter is restricted to certain package managers > list, or you've faced a bug. Cfengine developers must know better ) Hm... Can anyone from developers helps me? -- Vasiliy G Tolstov Selfip.Ru ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: package_list_update_ifelapsed
I don't get any errors if I write: package_list_update_ifelapsed => "240";# 4 hours Check that there is no binary weirdness in your input file? Also check that you have PCRE and it is built with bison/flex. I have seen odd things happen with legacy tools. On 06/07/2010 01:44 PM, Vasiliy G Tolstov wrote: > В Пнд, 07/06/2010 в 14:19 +0400, Seva Gluschenko пишет: >> Well, it might mean that package_list_update_command haven't been >> defined, or this parameter is restricted to certain package managers >> list, or you've faced a bug. Cfengine developers must know better ) > > Hm... Can anyone from developers helps me? > ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: package_list_update_ifelapsed
I got an error on 3.0.4p2, but it seemed fine when I upgraded to 3.0.5a2. Cheers, --Nakarin On Jun 7, 2010, at 2:23 PM, Mark Burgess wrote: > > I don't get any errors if I write: > > package_list_update_ifelapsed => "240"; # 4 hours > > Check that there is no binary weirdness in your input file? Also check that > you have PCRE > and it is built with bison/flex. I have seen odd things happen with legacy > tools. > > On 06/07/2010 01:44 PM, Vasiliy G Tolstov wrote: >> В Пнд, 07/06/2010 в 14:19 +0400, Seva Gluschenko пишет: >>> Well, it might mean that package_list_update_command haven't been >>> defined, or this parameter is restricted to certain package managers >>> list, or you've faced a bug. Cfengine developers must know better ) >> >> Hm... Can anyone from developers helps me? >> > ___ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: package_list_update_ifelapsed
В Пнд, 07/06/2010 в 14:23 +0200, Mark Burgess пишет: > I don't get any errors if I write: > > package_list_update_ifelapsed => "240"; # 4 hours > > Check that there is no binary weirdness in your input file? Also check that > you have PCRE > and it is built cf3 > Parsing file /var/cfengine/inputs/library/pm.cf cf3 Fatal cfengine error: INTERN: format specifier for int rvalues is not ok for lval package_list_update_ifelapsed - got 1 items cf3 Outcome of version 0.0.0.1: No checks were scheduled selfip library # cat /var/cfengine/inputs/library/pm.cf body package_method generic { package_list_update_ifelapsed => "240";# 4 hours suse:: package_changes => "bulk"; package_list_command => "/usr/bin/zypper packages"; package_patch_list_command => "/usr/bin/zypper patches"; package_installed_regex => "i.*"; package_list_name_regex=> "[^|]+\|[^|]+\|\s+([^\s]+).*"; package_list_version_regex => "[^|]+\|[^|]+\|[^|]+\|\s+([^\s]+).*"; package_list_arch_regex=> "[^|]+\|[^|]+\|[^|]+\|[^|]+\|\s+([^ \s]+).*"; package_list_update_command => "/usr/bin/zypper refresh"; package_patch_installed_regex => ".*Installed.*|.*Not Applicable.*"; package_patch_name_regex=> "[^|]+\|\s+([^\s]+).*"; package_patch_version_regex => "[^|]+\|[^|]+\|\s+([^\s]+).*"; package_name_convention => "$(name)"; package_add_command => "/usr/bin/zypper -non-interactive install"; package_delete_command => "/usr/bin/zypper -non-interactive remove --force-resolution"; package_update_command => "/usr/bin/zypper -non-interactive update"; package_patch_command => "/usr/bin/zypper -non-interactive patch$"; # $ means no args package_verify_command => "/usr/bin/zypper -non-interactive verify $"; redhat:: package_changes => "bulk"; package_list_command => "/usr/bin/yum -C list installed"; package_list_name_regex=> "([^.]+).*"; package_list_version_regex => "[^\s]\s+([^\s]+).*"; package_list_arch_regex=> "[^.]+\.([^\s]+).*"; package_list_update_command => "/usr/bin/yum -y update"; package_installed_regex => ".*installed.*"; package_name_convention => "$(name).$(arch)"; package_add_command => "/usr/bin/yum -y install"; package_delete_command => "/bin/rpm -e"; package_verify_command => "/bin/rpm -V"; debian:: package_changes => "bulk"; package_list_command => "/usr/bin/dpkg -l"; package_list_name_regex=> "ii\s+([^\s]+).*"; package_list_version_regex => "ii\s+[^\s]+\s+([^\s]+).*"; package_installed_regex => ".*"; # all reported are installed package_name_convention => "$(name)"; debian.have_aptitude:: package_add_command => "/usr/bin/aptitude --assume-yes -q install"; package_delete_command => "/usr/bin/aptitude --assume-yes -q remove"; package_update_command => "/usr/bin/aptitude --assume-yes -q install"; package_list_update_command => "/usr/bin/aptitude update"; debian.!have_aptitude:: package_add_command => "/usr/bin/apt-get --yes -q install"; package_delete_command => "/usr/bin/apt-get --yes -q remove"; package_update_command => "/usr/bin/apt-get --yes -q install"; package_list_update_command => "/usr/bin/apt update"; freebsd:: package_changes => "individual"; package_list_command => "/usr/sbin/pkg_info"; package_list_name_regex=> "([^-]+).*"; package_list_version_regex => "[^-]+-([^\s]+).*"; package_name_regex=> "([^-]+).*"; package_version_regex => "[^-]+-([^\s]+).*"; package_installed_regex => ".*"; package_name_convention => "$(name)"; package_add_command => "/usr/sbin/pkg_add -r"; package_delete_command => "/usr/sbin/pkg_delete -f"; package_list_update_command => "/usr/bin/csup -g -z -L 1 -h cvsup4.ru.freebsd.org /usr/share/examples/cvsup/ports-supfile"; gentoo:: package_add_command => "/usr/bin/emerge"; package_delete_command => "/usr/bin/emerge --unmerge"; package_update_command => "/usr/bin/emerge --update --deep"; package_list_update_command => "/usr/bin/emerge --sync"; } selfip library # ldd /var/cfengine/bin/cf-agent | grep pcre libpcre.so.0 => /lib/libpcre.so.0 (0x0036d000) -- Vasiliy G Tolstov Selfip.Ru ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: package_list_update_ifelapsed
В Пнд, 07/06/2010 в 14:33 +0200, Nakarin Phooripoom пишет: > I got an error on 3.0.4p2, but it seemed fine when I upgraded to 3.0.5a2. > > Cheers, > --Nakarin I'm use 3.0.4... When 3.0.5 get officially available on the myspace cfengine.org site? -- Vasiliy G Tolstov Selfip.Ru ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: package_list_update_ifelapsed
Hi, Remember to check if this has already been fixed in the bug tracker, as it has in your case. See https://cfengine.com/bugtracker/view.php?id=122 Going to bug.cfengine.com, clicking "View Issues" and searching for e.g. "Fatal cfengine error: INTERN" would have shown you this. Fix will be included in 3.0.5 which is ready for you very soon. -- Regards, Eystein On Mon, Jun 7, 2010 at 2:34 PM, Vasiliy G Tolstov wrote: > В Пнд, 07/06/2010 в 14:23 +0200, Mark Burgess пишет: >> I don't get any errors if I write: >> >> package_list_update_ifelapsed => "240"; # 4 hours >> >> Check that there is no binary weirdness in your input file? Also check that >> you have PCRE >> and it is built > > cf3 > Parsing file /var/cfengine/inputs/library/pm.cf > cf3 Fatal cfengine error: INTERN: format specifier for int rvalues is > not ok for lval package_list_update_ifelapsed - got 1 items > cf3 Outcome of version 0.0.0.1: No checks were scheduled > > > selfip library # cat /var/cfengine/inputs/library/pm.cf > > > body package_method generic { > package_list_update_ifelapsed => "240"; # 4 hours > suse:: > package_changes => "bulk"; > package_list_command => "/usr/bin/zypper packages"; > package_patch_list_command => "/usr/bin/zypper patches"; > package_installed_regex => "i.*"; > package_list_name_regex => "[^|]+\|[^|]+\|\s+([^\s]+).*"; > package_list_version_regex => "[^|]+\|[^|]+\|[^|]+\|\s+([^\s]+).*"; > package_list_arch_regex => "[^|]+\|[^|]+\|[^|]+\|[^|]+\|\s+([^ > \s]+).*"; > package_list_update_command => "/usr/bin/zypper refresh"; > package_patch_installed_regex => ".*Installed.*|.*Not Applicable.*"; > package_patch_name_regex => "[^|]+\|\s+([^\s]+).*"; > package_patch_version_regex => "[^|]+\|[^|]+\|\s+([^\s]+).*"; > package_name_convention => "$(name)"; > package_add_command => "/usr/bin/zypper -non-interactive install"; > package_delete_command => "/usr/bin/zypper -non-interactive remove > --force-resolution"; > package_update_command => "/usr/bin/zypper -non-interactive update"; > package_patch_command => "/usr/bin/zypper -non-interactive patch$"; > # $ means no args > package_verify_command => "/usr/bin/zypper -non-interactive verify > $"; > > redhat:: > package_changes => "bulk"; > package_list_command => "/usr/bin/yum -C list installed"; > package_list_name_regex => "([^.]+).*"; > package_list_version_regex => "[^\s]\s+([^\s]+).*"; > package_list_arch_regex => "[^.]+\.([^\s]+).*"; > package_list_update_command => "/usr/bin/yum -y update"; > package_installed_regex => ".*installed.*"; > package_name_convention => "$(name).$(arch)"; > package_add_command => "/usr/bin/yum -y install"; > package_delete_command => "/bin/rpm -e"; > package_verify_command => "/bin/rpm -V"; > > debian:: > package_changes => "bulk"; > package_list_command => "/usr/bin/dpkg -l"; > package_list_name_regex => "ii\s+([^\s]+).*"; > package_list_version_regex => "ii\s+[^\s]+\s+([^\s]+).*"; > package_installed_regex => ".*"; # all reported are installed > package_name_convention => "$(name)"; > > debian.have_aptitude:: > package_add_command => "/usr/bin/aptitude --assume-yes -q install"; > package_delete_command => "/usr/bin/aptitude --assume-yes -q > remove"; > package_update_command => "/usr/bin/aptitude --assume-yes -q > install"; > package_list_update_command => "/usr/bin/aptitude update"; > > debian.!have_aptitude:: > package_add_command => "/usr/bin/apt-get --yes -q install"; > package_delete_command => "/usr/bin/apt-get --yes -q remove"; > package_update_command => "/usr/bin/apt-get --yes -q install"; > package_list_update_command => "/usr/bin/apt update"; > > freebsd:: > package_changes => "individual"; > package_list_command => "/usr/sbin/pkg_info"; > package_list_name_regex => "([^-]+).*"; > package_list_version_regex => "[^-]+-([^\s]+).*"; > package_name_regex => "([^-]+).*"; > package_version_regex => "[^-]+-([^\s]+).*"; > package_installed_regex => ".*"; > package_name_convention => "$(name)"; > package_add_command => "/usr/sbin/pkg_add -r"; > package_delete_command => "/usr/sbin/pkg_delete -f"; > package_list_update_command => "/usr/bin/csup -g -z -L 1 -h > cvsup4.ru.freebsd.org /usr/share/examples/cvsup/ports-supfile"; > > gentoo:: > package_add_command => "/usr/bin/emerge"; > package_delete_command => "/usr/bin/emerge --unmerge"; > package_update_command => "/usr/bin/emerge --update --deep"; > package_list_update_command => "/usr/bin/emerge --sync"; > } > > > selfip library # ldd /var/cfengine/bin/cf-agent | grep pcre > libpcre.so.0 => /lib/libpcre.so.0 (0x0036d000) > > > -- > Vasiliy G Tolstov > Selfip.Ru > > ___ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine > ___
Re: package_list_update_ifelapsed
Right noW! :) On 06/07/2010 02:35 PM, Vasiliy G Tolstov wrote: > В Пнд, 07/06/2010 в 14:33 +0200, Nakarin Phooripoom пишет: >> I got an error on 3.0.4p2, but it seemed fine when I upgraded to 3.0.5a2. >> >> Cheers, >> --Nakarin > > I'm use 3.0.4... When 3.0.5 get officially available on the myspace > cfengine.org site? > > ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
3.0.5 source code released
Version 3.0.5 of the Cfengine 3 community edition source code is released -- To download, please go to: http://www.cfengine.org/pages/source_code cfengine-3.0.5.tar.gz MD5 41a76533251709c6a261430c1e1b5762 SHA1 3d014c410ad0479040b33f82d85fd737a28372bd Date: June 07 2010 14:40:18 MET (Community packages will follow) This is principally a patch release. Change notes include: - 3.0.5 Encryption problems fixed - client key buffer was uninitialized. Classes-promisers are now automatically canonified when class strings are defined, to simplifying the use of variables in classes. New scalars sys.cf_version and sys.nova_version that hold Cfengine version information. Attribute package_delete_convention added, to allow customizable package name in delete command during update. package_list_update_ifelapsed limit added Private variable $(firstrepo) is available in package_name_convention and package_delete_convention in order to expand the full path to a package, which is required by some managers. Some of the threading code is rewritten and made more robust. This includes synchronizing access to the lastseen database from the server. Bad initialization of BSD flags fixed Multiple variable expansion issues in control fixed for server and agent Allow ignore_missing_bundles to affect methods: bundles too Run agent trust dialogue fixed Bug in CPU monitoring, increasing time scale caused linear decay of CPU measurement. Bug in Setuid log storage, fix. Hooks added for new Nova virtualization promises. Multithreading mutex failed to collide during cfservd leading to dropped authentication under heavy load. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: 3.0.5 source code released
В Пнд, 07/06/2010 в 14:49 +0200, Mark Burgess пишет: > Version 3.0.5 of the Cfengine 3 community edition source code is released > -- > > To download, please go to: > > http://www.cfengine.org/pages/source_code > cfengine-3.0.5.tar.gz > > MD5 41a76533251709c6a261430c1e1b5762 > SHA1 3d014c410ad0479040b33f82d85fd737a28372bd > > Date: June 07 2010 14:40:18 MET > > (Community packages will follow) > > > This is principally a patch release. Change notes include: Hm... My work-around for * in inputs now "fixed" ?:) -- Vasiliy G Tolstov Selfip.Ru ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: package_list_update_ifelapsed
В Пнд, 07/06/2010 в 14:44 +0200, Mark Burgess пишет: > Right noW! :) > > On 06/07/2010 02:35 PM, Vasiliy G Tolstov wrote: > > В Пнд, 07/06/2010 в 14:33 +0200, Nakarin Phooripoom пишет: > >> I got an error on 3.0.4p2, but it seemed fine when I upgraded to 3.0.5a2. > >> > >> Cheers, > >> --Nakarin > > > > I'm use 3.0.4... When 3.0.5 get officially available on the myspace > > cfengine.org site? > > > > When packages is available on https://cfengine.com/inside/myspace ? (mostly i'm work on gentoo system, but controlled servers under different OSes...) There any plans to add freebsd packages to site? -- Vasiliy G Tolstov Selfip.Ru ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: 3.0.5 source code released
В Пнд, 07/06/2010 в 14:49 +0200, Mark Burgess пишет: > Version 3.0.5 of the Cfengine 3 community edition source code is released > -- > After upgrade server to 3.0.5 , my client servers can't connect with it: client: f3 Loaded /var/cfengine/ppkeys/root-77.221.141.148.pub cf3 BAD: Unspecified server refusal (see verbose server output) cf3 !! Authentication dialogue with 77.221.141.148 failed cf3 Unable to establish connection with 77.221.141.148 cf3 No suitable server responded to hail cf3 Promise (version not specified) belongs to bundle 'update' in file '/var/cfengine/inputs/update.cf' near line 23 cf3 cf3 . cf3 Promise handle: cf3 Promise made by: /var/cfengine/modules cf3 . cf3 cf3 -> Handling file existence constraints on /var/cfengine/modules cf3 -> Promise to skip base directory /var/cfengine/modules cf3 -> Handling file existence constraints on /var/cfengine/modules/has_pkg cf3 -> File permissions on /var/cfengine/modules/has_pkg as promised cf3 -> Copy file /var/cfengine/modules from /var/cfengine/modules check cf3 No existing connection to 77.221.141.148 is established... cf3 Set cfengine port number to 5308 = 5308 cf3 Connect to 77.221.141.148 = 77.221.141.148 on port 5308 cf3 LastSaw host 77.221.141.148 now cf3 Loaded /var/cfengine/ppkeys/root-77.221.141.148.pub server: cf3 -> Accepting a connection cf3 Accepting connection from "217.170.84.182" cf3 New connection...(from 217.170.84.182/4) cf3 Spawning new thread... cf3 -> No new promises found cf3 -> Waiting at incoming select... cf3 Received: [CAUTH 10.0.1.66 cf-server.virt root 0] on socket 4 cf3 IP address mismatch between client's assertion (10.0.1.66) and socket (217.170.84.182) - untrustworthy connection cf3 ID not verified cf3 From (host=?,user=?,ip=217.170.84.182) cf3 REFUSAL of request from connecting host: (CAUTH 10.0.1.66 cf-server.virt root 0) cf3 -> Accepting a connection cf3 Accepting connection from "217.170.84.182" -- Vasiliy G Tolstov Selfip.Ru ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: 3.0.5 source code released
Seems like your client changed its IP address after cf-key run. Mark, it seems like IP assertion check must be moved back beyond skipverify check, otherwise troubles may happen for multihomed hosts and/or when a host changes its IP (i.e. it would need key regeneration). 2010/6/7 Vasiliy G Tolstov : > В Пнд, 07/06/2010 в 14:49 +0200, Mark Burgess пишет: >> Version 3.0.5 of the Cfengine 3 community edition source code is released >> -- >> > > After upgrade server to 3.0.5 , my client servers can't connect with it: > > > client: > > f3 Loaded /var/cfengine/ppkeys/root-77.221.141.148.pub > cf3 BAD: Unspecified server refusal (see verbose server output) > cf3 !! Authentication dialogue with 77.221.141.148 failed > cf3 Unable to establish connection with 77.221.141.148 > cf3 No suitable server responded to hail > cf3 Promise (version not specified) belongs to bundle 'update' in file > '/var/cfengine/inputs/update.cf' near line 23 > cf3 > cf3 . > cf3 Promise handle: > cf3 Promise made by: /var/cfengine/modules > cf3 . > cf3 > cf3 -> Handling file existence constraints on /var/cfengine/modules > cf3 -> Promise to skip base directory /var/cfengine/modules > cf3 -> Handling file existence constraints > on /var/cfengine/modules/has_pkg > cf3 -> File permissions on /var/cfengine/modules/has_pkg as promised > cf3 -> Copy file /var/cfengine/modules from /var/cfengine/modules check > cf3 No existing connection to 77.221.141.148 is established... > cf3 Set cfengine port number to 5308 = 5308 > cf3 Connect to 77.221.141.148 = 77.221.141.148 on port 5308 > cf3 LastSaw host 77.221.141.148 now > cf3 Loaded /var/cfengine/ppkeys/root-77.221.141.148.pub > > > > server: > cf3 -> Accepting a connection > cf3 Accepting connection from "217.170.84.182" > cf3 New connection...(from 217.170.84.182/4) > cf3 Spawning new thread... > cf3 -> No new promises found > cf3 -> Waiting at incoming select... > cf3 Received: [CAUTH 10.0.1.66 cf-server.virt root 0] on socket 4 > cf3 IP address mismatch between client's assertion (10.0.1.66) and > socket (217.170.84.182) - untrustworthy connection > cf3 ID not verified > cf3 From (host=?,user=?,ip=217.170.84.182) > cf3 REFUSAL of request from connecting host: (CAUTH 10.0.1.66 > cf-server.virt root 0) > cf3 -> Accepting a connection > cf3 Accepting connection from "217.170.84.182" > > > > -- > Vasiliy G Tolstov > Selfip.Ru > > ___ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine > -- SY, Seva Gluschenko. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: 3.0.5 source code released
В Пнд, 07/06/2010 в 17:52 +0400, Seva Gluschenko пишет: > Seems like your client changed its IP address after cf-key run. > Not thinking. Because i'm delete all keys and re-create it. > Mark, it seems like IP assertion check must be moved back beyond > skipverify check, otherwise troubles may happen for multihomed hosts > and/or when a host changes its IP (i.e. it would need key > regeneration). Hm.. -- Vasiliy G Tolstov Selfip.Ru ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: cfengine3 questions and suggestion
On 07-06-10 16:57, Bas van der Vlies wrote: >>> I am using cfengine community edition 3.0.4 and i get this error/warning. >>> But the class can not be true, because the environent variable is set. >>> {{{ >>> !! Redefinition of a constant variable "CLUSTER" >>> Promise (version 1.0.1) belongs to bundle 'g' in file >>> '/var/lib/cfengine3/inputs/promises.cf' near line 51 >>> !! Redefinition of a constant variable "cluster_file" >>> Promise (version 1.0.1) belongs to bundle 'g' in file >>> '/var/lib/cfengine3/inputs/promises.cf' near line 52 >>> }}} >>> >>> the promises.cf file: >>> {{{ >>> bundle common g >>> { >>> vars: >>> "lisa" string => getenv("LISA_CLUSTER","1"); >>> >>> LISA_CLUSTER:: >>>"CLUSTER" string => "LISA"; >>>"cluster_file" string => "lisa.cf"; >>>!LISA_CLUSTER:: >>>"CLUSTER" string => "NOT LISA"; >>>"cluster_file" string => "common.cf"; >>> >>> >>> classes: >>> "LISA_CLUSTER" expression => strcmp("$(lisa)","1"); >>> } >>> >>> This is due the fact that vars is evaluated sooner the class is set. What i >>> want is to import files based on a class that is not known. Or is there a >>> better syntax for cf3 that i did not find. >>> >> >> This should sort itself out. Make sure you are using a recent version, or >> wait for the >> 3.0.5 release next week. >> I just upgraded to 3.0.5 and still receive these messages. -- * Bas van der Vliese-mail: b...@sara.nl * * SARA - Academic Computing Services Amsterdam, The Netherlands * ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: 3.0.5 source code released
Pity you didn't suggest this an hour earlier. But ok. Seva Gluschenko wrote: > Seems like your client changed its IP address after cf-key run. > > Mark, it seems like IP assertion check must be moved back beyond > skipverify check, otherwise troubles may happen for multihomed hosts > and/or when a host changes its IP (i.e. it would need key > regeneration). > > 2010/6/7 Vasiliy G Tolstov : >> В Пнд, 07/06/2010 в 14:49 +0200, Mark Burgess пишет: >>> Version 3.0.5 of the Cfengine 3 community edition source code is released >>> -- >>> >> After upgrade server to 3.0.5 , my client servers can't connect with it: >> >> >> client: >> >> f3 Loaded /var/cfengine/ppkeys/root-77.221.141.148.pub >> cf3 BAD: Unspecified server refusal (see verbose server output) >> cf3 !! Authentication dialogue with 77.221.141.148 failed >> cf3 Unable to establish connection with 77.221.141.148 >> cf3 No suitable server responded to hail >> cf3 Promise (version not specified) belongs to bundle 'update' in file >> '/var/cfengine/inputs/update.cf' near line 23 >> cf3 >> cf3 . >> cf3 Promise handle: >> cf3 Promise made by: /var/cfengine/modules >> cf3 . >> cf3 >> cf3 -> Handling file existence constraints on /var/cfengine/modules >> cf3 -> Promise to skip base directory /var/cfengine/modules >> cf3 -> Handling file existence constraints >> on /var/cfengine/modules/has_pkg >> cf3 -> File permissions on /var/cfengine/modules/has_pkg as promised >> cf3 -> Copy file /var/cfengine/modules from /var/cfengine/modules check >> cf3 No existing connection to 77.221.141.148 is established... >> cf3 Set cfengine port number to 5308 = 5308 >> cf3 Connect to 77.221.141.148 = 77.221.141.148 on port 5308 >> cf3 LastSaw host 77.221.141.148 now >> cf3 Loaded /var/cfengine/ppkeys/root-77.221.141.148.pub >> >> >> >> server: >> cf3 -> Accepting a connection >> cf3 Accepting connection from "217.170.84.182" >> cf3 New connection...(from 217.170.84.182/4) >> cf3 Spawning new thread... >> cf3 -> No new promises found >> cf3 -> Waiting at incoming select... >> cf3 Received: [CAUTH 10.0.1.66 cf-server.virt root 0] on socket 4 >> cf3 IP address mismatch between client's assertion (10.0.1.66) and >> socket (217.170.84.182) - untrustworthy connection >> cf3 ID not verified >> cf3 From (host=?,user=?,ip=217.170.84.182) >> cf3 REFUSAL of request from connecting host: (CAUTH 10.0.1.66 >> cf-server.virt root 0) >> cf3 -> Accepting a connection >> cf3 Accepting connection from "217.170.84.182" >> >> >> >> -- >> Vasiliy G Tolstov >> Selfip.Ru >> >> ___ >> Help-cfengine mailing list >> Help-cfengine@cfengine.org >> https://cfengine.org/mailman/listinfo/help-cfengine >> > > > -- Mark Burgess - Professor of Network and System Administration Oslo University College, Norway Personal Web: http://www.iu.hio.no/~mark Office Telf : +47 22453272 - ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Array of slist
Hello, In the reference manual I found that array can be of type scalar or list, but I did not manage to use list iteration: --8<---cut here---start->8--- body common control { bundlesequence => { "test" }; version => "0.0.2"; } bundle agent test { vars: any:: "array[key1]" slist => {"val1"}; "array[key2]" slist => {"val2.1", "val2.2"}; "array[key3]" slist => {"val3"}; "keys" slist => getindices("array"); commands: "/bin/echo $(keys) " args => "$(array[$(keys)])"; } --8<---cut here---end--->8--- Results in: --8<---cut here---start->8--- /usr/sbin/cf-agent -K Q: ".../bin/echo key1 ": key1 $(array[key1]) I: Last 1 QUOTEed lines were generated by promiser "/bin/echo key1 $(array[key1])" I: Made in version '0.0.2' of '/home/dad/.cfagent/inputs/promises.cf' near line 23 Q: ".../bin/echo key2 ": key2 $(array[key2]) I: Last 1 QUOTEed lines were generated by promiser "/bin/echo key2 $(array[key2])" I: Made in version '0.0.2' of '/home/dad/.cfagent/inputs/promises.cf' near line 23 Q: ".../bin/echo key3 ": key3 $(array[key3]) I: Last 1 QUOTEed lines were generated by promiser "/bin/echo key3 $(array[key3])" I: Made in version '0.0.2' of '/home/dad/.cfagent/inputs/promises.cf' near line 23 --8<---cut here---end--->8--- I found no example, in tutorial, reference manual, solution guide or policy starter kit. Any hints? Thanks. -- Daniel Dehennin Récupérer ma clef GPG: gpg --keyserver pgp.mit.edu --recv-keys 0x6A2540D1 pgpxk2PxosMBE.pgp Description: PGP signature ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Centralized report of repairs
Hi all, I'd like to generate a report of all* changes Cfengine makes on systems for auditing and awareness purposes. If, for example, the same change is being made a lot on a system (e.g. fixing /etc/passwd permissions), then we would know something is wrong and could investigate it more deeply. Cfengine Nova (I don't know about community) logs local promise repairs to /var/cfengine/nova_repair.log, which is rotated weekly. Here are a couple of example lines: Thu Jun 3 21:32:21 2010,fix_resolver_configuration_file,fix_resolver_configuration_file,Ens ure /etc/resolv.conf file exists and is correct,/var/cfengine/inputs/dg.bundles.cf,262 Thu Jun 3 21:34:16 2010,_fetch_public_ssh_key,ensure_authorized_ssh_key_exists,Ensure user's authorized_keys file contains remote user's public key,/var/cfengine/inputs/dg.ssh_keys.cf,98 I was thinking of having each policy server fetch the nova_repair.log from all of its hosts each day prior to rotation and generating a summary report that is easily skimmable by humans. However, before I start really diving into such an approach, I was wondering if anyone has been wanting or doing something similar. Thanks, Justin *By "all" I would filter out a lot of standard changes, like those done by Nova's generate_reports.cf. -- Justin C. Lloyd Unix Infrastructure Engineer DigitalGlobe, An Imaging and Information Company This electronic communication and any attachments may contain confidential and proprietary information of DigitalGlobe, Inc. If you are not the intended recipient, or an agent or employee responsible for delivering this communication to the intended recipient, or if you have received this communication in error, please do not print, copy, retransmit, disseminate or otherwise use the information. Please indicate to the sender that you have received this communication in error, and delete the copy you received. DigitalGlobe reserves the right to monitor any electronic communication sent or received by its employees, agents or representatives. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Centralized report of repairs
Hi Justin, I considered also this approach, but instead I've set up a webdav server on a policy_server, and each client sending the reports on this webdav entry point. Hence the client can send it when he knows it is suitable, and the promises are much more easy to write Nicolas Justin Lloyd wrote: > Hi all, > > I'd like to generate a report of all* changes Cfengine makes on systems > for auditing and awareness purposes. If, for example, the same change is > being made a lot on a system (e.g. fixing /etc/passwd permissions), then > we would know something is wrong and could investigate it more deeply. > > Cfengine Nova (I don't know about community) logs local promise repairs > to /var/cfengine/nova_repair.log, which is rotated weekly. Here are a > couple of example lines: > > Thu Jun 3 21:32:21 > 2010,fix_resolver_configuration_file,fix_resolver_configuration_file,Ens > ure /etc/resolv.conf file exists and is > correct,/var/cfengine/inputs/dg.bundles.cf,262 > Thu Jun 3 21:34:16 > 2010,_fetch_public_ssh_key,ensure_authorized_ssh_key_exists,Ensure > user's authorized_keys file contains remote user's public > key,/var/cfengine/inputs/dg.ssh_keys.cf,98 > > I was thinking of having each policy server fetch the nova_repair.log > from all of its hosts each day prior to rotation and generating a > summary report that is easily skimmable by humans. However, before I > start really diving into such an approach, I was wondering if anyone has > been wanting or doing something similar. > > Thanks, > Justin > > *By "all" I would filter out a lot of standard changes, like those done > by Nova's generate_reports.cf. > > ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Centralized report of repairs
Careful, such a `push' approach is unlikely to scale to more than a couple of hundred machines. FYI, Nova 1.2 (scheduled for October) will take a delta approach to report collection and generation that will scale much better under pull for the full spectrum of reports. M Nicolas Charles wrote: > Hi Justin, > > I considered also this approach, but instead I've set up a webdav server > on a policy_server, and each client sending the reports on this webdav > entry point. Hence the client can send it when he knows it is suitable, > and the promises are much more easy to write > > Nicolas > > Justin Lloyd wrote: >> Hi all, >> >> I'd like to generate a report of all* changes Cfengine makes on systems >> for auditing and awareness purposes. If, for example, the same change is >> being made a lot on a system (e.g. fixing /etc/passwd permissions), then >> we would know something is wrong and could investigate it more deeply. >> >> Cfengine Nova (I don't know about community) logs local promise repairs >> to /var/cfengine/nova_repair.log, which is rotated weekly. Here are a >> couple of example lines: >> >> Thu Jun 3 21:32:21 >> 2010,fix_resolver_configuration_file,fix_resolver_configuration_file,Ens >> ure /etc/resolv.conf file exists and is >> correct,/var/cfengine/inputs/dg.bundles.cf,262 >> Thu Jun 3 21:34:16 >> 2010,_fetch_public_ssh_key,ensure_authorized_ssh_key_exists,Ensure >> user's authorized_keys file contains remote user's public >> key,/var/cfengine/inputs/dg.ssh_keys.cf,98 >> >> I was thinking of having each policy server fetch the nova_repair.log >> from all of its hosts each day prior to rotation and generating a >> summary report that is easily skimmable by humans. However, before I >> start really diving into such an approach, I was wondering if anyone has >> been wanting or doing something similar. >> >> Thanks, >> Justin >> >> *By "all" I would filter out a lot of standard changes, like those done >> by Nova's generate_reports.cf. >> >> > > ___ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine -- Mark Burgess - Professor of Network and System Administration Oslo University College, Norway Personal Web: http://www.iu.hio.no/~mark Office Telf : +47 22453272 - ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Array of slist
It is known that the iteration depth of variables is limited in Cfengine. As of 3.0.4p2 the following test.cf body common control { bundlesequence => { "outer", "inner" }; } bundle agent outer { vars: "arr[idx1]" string => "this is an array element"; "arr[idx2]" slist => { "This", "is", "an", "array", "element", "too" }; "choice"string => "idx2"; reports: Yr2010:: "outer: $(arr[$(choice)])"; } bundle agent inner { vars: "idx" slist => getindices("outer.arr"); reports: Yr2010:: "inner: $(outer.arr[$(idx)])"; } produced the following output: R: outer: This R: outer: is R: outer: an R: outer: array R: outer: element R: outer: too R: inner: this is an array element R: inner: $(outer.arr[idx2]) and 3.0.4 wasn't even capable to iterate over an slist in an array in the outer bundle, so you're using some version earlier than 3.0.4p2, I guess. 2010/6/7 Daniel Dehennin : > Hello, > > In the reference manual I found that array can be of type scalar or > list, but I did not manage to use list iteration: > > --8<---cut here---start->8--- > body common control > { > bundlesequence => { "test" }; > version => "0.0.2"; > } > > bundle agent test > { > > vars: > > any:: > > "array[key1]" slist => {"val1"}; > "array[key2]" slist => {"val2.1", "val2.2"}; > "array[key3]" slist => {"val3"}; > > "keys" slist => getindices("array"); > > commands: > > "/bin/echo $(keys) " > args => "$(array[$(keys)])"; > } > --8<---cut here---end--->8--- > > Results in: > > --8<---cut here---start->8--- > /usr/sbin/cf-agent -K > Q: ".../bin/echo key1 ": key1 $(array[key1]) > I: Last 1 QUOTEed lines were generated by promiser "/bin/echo key1 > $(array[key1])" > I: Made in version '0.0.2' of '/home/dad/.cfagent/inputs/promises.cf' near > line 23 > Q: ".../bin/echo key2 ": key2 $(array[key2]) > I: Last 1 QUOTEed lines were generated by promiser "/bin/echo key2 > $(array[key2])" > I: Made in version '0.0.2' of '/home/dad/.cfagent/inputs/promises.cf' near > line 23 > Q: ".../bin/echo key3 ": key3 $(array[key3]) > I: Last 1 QUOTEed lines were generated by promiser "/bin/echo key3 > $(array[key3])" > I: Made in version '0.0.2' of '/home/dad/.cfagent/inputs/promises.cf' near > line 23 > --8<---cut here---end--->8--- > > I found no example, in tutorial, reference manual, solution guide or > policy starter kit. > > Any hints? > > Thanks. > -- > Daniel Dehennin > Récupérer ma clef GPG: > gpg --keyserver pgp.mit.edu --recv-keys 0x6A2540D1 > > ___ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine > > -- SY, Seva Gluschenko. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine