Cfengine Help: Re: HP-UX 11.31 PA-RISC - openssl libraries not linking?
Forum: Cfengine Help Subject: Re: HP-UX 11.31 PA-RISC - openssl libraries not linking? Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,18011,18012#msg-18012 /var/cfengine is in good working order and the ppkeys dir exists or can be created by the user? What does cf-promises -x return? ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: HP-UX 11.31 PA-RISC - openssl libraries not linking?
Forum: Cfengine Help Subject: Re: HP-UX 11.31 PA-RISC - openssl libraries not linking? Author: bbomgardner Link to topic: https://cfengine.com/forum/read.php?3,18011,18013#msg-18013 Hi Neil, Here is the output of cf-promises -x: uxtst01:/var/cfengine/bin # ./cf-promises -x -- Cfengine - Level 1 self-diagnostic -- -> editfilesize ok (1/1) -> editbinaryfilesize ok (10/10) -> sensiblesize ok (1000/1000) -> sensiblecount ok (2/2) -> Internal consistency done -- Cfengine - Level 2 self-diagnostic -- 1. Test variable scanning 2. Testing internal function templates and knowledge 3. Testing promise duplication and expansion 4. Testing variable expansion 5. Testing regular expression engine -> Regex engine is the Perl Compatible Regular Expression library -> Regular expression compilation - ok -> Regular expression extraction - ok 15 - 31 -> Regular expression extraction - ok -> FullTextMatch - ok 2 -> BlockTextMatch - ok -> BlockTextMatch - ok 6. Testing promise attribute completeness (with no desired intention) !! files promise makes no intention about system state I: Promise is made internally by cfengine -> All non-listed items are accounted for I setup /var/cfengine/bin, inputs and outputs as root then ran cf-keys. ppkeys was created OK during cf-keys short lived run, however it is empty.This was compiled using gcc 4.2.3 so I'm going to try using the HP compiler later today to see if I have better luck. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: HP-UX 11.31 PA-RISC - openssl libraries not linking?
Forum: Cfengine Help Subject: Re: HP-UX 11.31 PA-RISC - openssl libraries not linking? Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,18011,18014#msg-18014 Perhaps use gdb and a backtrace to see what is happening. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: HP-UX 11.31 PA-RISC - openssl libraries not linking?
Forum: Cfengine Help Subject: Re: HP-UX 11.31 PA-RISC - openssl libraries not linking? Author: bbomgardner Link to topic: https://cfengine.com/forum/read.php?3,18011,18015#msg-18015 If I am understanding this correctly, cf-key fails while trying to call GenericInitialize(argc,argv,"keygenerator") on line 72 of cfkey.c. Any ideas? (gdb) run Starting program: /var/cfengine/bin/cf-key Program received signal SIGSEGV, Segmentation fault si_code: 0 - SEGV_UNKNOWN - Unknown Error. 0x77ede128 in __thread_main+0x38 () from /usr/lib/libc.2 (gdb) backtrace #0 0x77ede128 in __thread_main+0x38 () from /usr/lib/libc.2 #1 0x77e157e4 in _libnsl_lock_init+0x1c () from /usr/lib/libnsl.1 #2 0xc003a560 in shl_invoke_initfini+0x174 () from /usr/lib/dld.sl #3 0xc003331c in _shl_load_invoke_initializers+0x58 () from /usr/lib/dld.sl #4 0xc00332f4 in _shl_load_invoke_initializers+0x30 () from /usr/lib/dld.sl #5 0xc0033c64 in _shl_load+0x524 () from /usr/lib/dld.sl #6 0x77fe3e44 in __shl_load+0xf0 () from /usr/lib/libdld.2 #7 0x4681dc in SO_per_src_lookup+0xbc () #8 0x44f3cc in nss_get_backend_u+0x100 () #9 0x44fd30 in nss_search+0xf8 () #10 0x411e60 in getservbyname+0xe0 () #11 0x564dc in DetermineCfenginePort () at client_code.c:44 #12 0x29544 in InitializeGA (argc=1, argv=0x77ff0a7c) at generic_agent.c:487 #13 0x28210 in GenericInitialize (argc=1, argv=0x77ff0a7c, agents=0x4701d0 "keygenerator") at generic_agent.c:47 #14 0x27128 in main (argc=1, argv=0x77ff0a7c) at cfkey.c:72 (gdb) info frame 14 Stack frame at 0x77ff0bd0: pcoqh = 0x27128 in main (cfkey.c:72); saved pcoqh 0x40f1d4 caller of frame at 0x77ff0c10 source language c. Arglist at 0x77ff0bd0, args: argc=1, argv=0x77ff0a7c Locals at 0x77ff0bd0, Previous frame's sp is 0x77ff0bd0 Saved registers: rp at 0x77ff0bbc, r3 at 0x77ff0bd0, r25 at 0x77ff0ba8, r26 at 0x77ff0bac ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: HP-UX 11.31 PA-RISC - openssl libraries not linking?
Forum: Cfengine Help Subject: Re: HP-UX 11.31 PA-RISC - openssl libraries not linking? Author: Beto Link to topic: https://cfengine.com/forum/read.php?3,18011,18016#msg-18016 You can download cfengine 3.0.5p1 binaries for PA-RISC and ia64 from the HP-UX Porting and Archive Center at http://hpux.connect.org.uk/hppd/hpux/Sysadmin/cfengine-3.0.5p1/ Be sure to get all of the prerequisite packages including bison, flex, gettext, libiconv, m4, openldap, pcre, popt and termcap. If you want to compile your own you should compile with the HP C/C++ compiler (B9007AA) because the code will be optimized for PA-RISC. If you don't have it you can download a 60-day trial version. To successfully compile cfengine 3.0.5p1 add the following lines into the configure script. These can be added after the “Installation directory options” section: if [ "`uname -s`" = "HP-UX" ] then export prefix="/usr/local" export PATH="$prefix/bin:$PATH" if [ "`uname -m`" = "ia64" ] then export libdir="$prefix/lib/hpux32" fi export CC="cc" export CFLAGS="-O -I$prefix/include -I/usr/contrib/X11R6/include" export CXX="/opt/aCC/bin/aCC" export CPPFLAGS="$CFLAGS" export CXXFLAGS="$CFLAGS" export LDFLAGS="-Wl,+b -Wl,$libdir -L$libdir -L/usr/contrib/X11R6/lib" export F77="/bin/true" export RANLIB="/bin/true" export enable_shared="yes" export enable_static="yes" fi You will still need all of the prerequisites mentioned above from the Porting and Archive Center. I have successfully compiled cfengine3 on HP-UX 11i v3 using the above. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: HP-UX 11.31 PA-RISC - openssl libraries not linking?
Forum: Cfengine Help Subject: Re: HP-UX 11.31 PA-RISC - openssl libraries not linking? Author: bbomgardner Link to topic: https://cfengine.com/forum/read.php?3,18011,18017#msg-18017 Beto, Thank you! I'll give this a run. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: HP-UX 11.31 PA-RISC - openssl libraries not linking?
Forum: Cfengine Help Subject: Re: HP-UX 11.31 PA-RISC - openssl libraries not linking? Author: bbomgardner Link to topic: https://cfengine.com/forum/read.php?3,18011,18018#msg-18018 Thanks to all for your help - I was able to get this working. I needed gd and a new version of libpng to resolve the depot dependencies. I gave up on trying to statically compile. I'm sure it will work, but this will be ok for now. Kind regards, Ben ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Cfengine master HA?
Forum: Cfengine Help
Subject: Cfengine master HA?
Author: daveseff
Link to topic: https://cfengine.com/forum/read.php?3,18019,18019#msg-18019
This is directed more a Neil.
In your tutorial (http://watson-wilson.ca/blog/cf3-tutorial.html) You have
this in your promises.cf:
29 # for HA add more policy hosts
30 "phost" string => "192.168.0.1";
My question is, What is the proper way to add? is it
"phost" slist => { "192.168.0.1", "192.168.0.2", ... };
Or would it be
"phost" string => "192.168.0.1";
"phost" string => "192.168.0.2";
...
The adding in you example wasn't clear to me. Thanks Neil.
-Dave
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: Cfengine master HA?
Forum: Cfengine Help Subject: Re: Cfengine master HA? Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,18019,18020#msg-18020 The former. See http://www.cfengine.org/manuals/cf3-reference.html#copy_005ffrom-in-files "servers". ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: Cfengine master HA?
Forum: Cfengine Help Subject: Re: Cfengine master HA? Author: daveseff Link to topic: https://cfengine.com/forum/read.php?3,18019,18021#msg-18021 Much appreciated. Thanks. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Define a class from a group of machines
Hey guys
I’m trying to define a “test class” where I will be performing changes on
before I push to everything. I think I’m making this overly complicated, but
I’m having issues creating a “group” or “class” of machines. Does anyone have
an example using Cfengine 3 syntax?
Here’s what I’m currently doing...
classes:
# Create a class with our hostname
"local_hostname"expression =>
usemodule("module_local_hostname","");
# The guppies that policies are tested on first. test1 = x86 solaris, test2
= sparc solaris, test3 = linux
"guppies" xor => { classmatch("machine-test1.stg"),
classmatch("test2.corp"), classmatch("machine-test3.corp") };
This bombs out, saying that the “-” character is invalid.
$ /var/cfengine/bin/cf-agent -I -K
Module protocol contained an illegal character (-) in class/variable identifier
machine-test1.stg.
Module protocol contained an illegal character (-) in class/variable identifier
machine-test1.stg.
Is there an easier way to define a class by just referring to the hostnames of
the machines I want to include?
Thanks
Mike
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: Define a class from a group of machines
Disregard! My question was answered here. I needed to canonify the hostname
to use underscores.
https://cfengine.com/forum/read.php?3,18006
Thanks
Mike
On 8/31/10 4:09 PM, "Mike Svoboda" wrote:
Hey guys
I’m trying to define a “test class” where I will be performing changes on
before I push to everything. I think I’m making this overly complicated, but
I’m having issues creating a “group” or “class” of machines. Does anyone have
an example using Cfengine 3 syntax?
Here’s what I’m currently doing...
classes:
# Create a class with our hostname
"local_hostname"expression =>
usemodule("module_local_hostname","");
# The guppies that policies are tested on first. test1 = x86 solaris, test2
= sparc solaris, test3 = linux
"guppies" xor => { classmatch("machine-test1.stg"),
classmatch("test2.corp"), classmatch("machine-test3.corp") };
This bombs out, saying that the “-” character is invalid.
$ /var/cfengine/bin/cf-agent -I -K
Module protocol contained an illegal character (-) in class/variable identifier
machine-test1.stg.
Module protocol contained an illegal character (-) in class/variable identifier
machine-test1.stg.
Is there an easier way to define a class by just referring to the hostnames of
the machines I want to include?
Thanks
Mike
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Linux CPU speed
Here's an interesting question for Nova users and/or Linux experts. I
have a number of measurements promises that extract information about a
system and store that data in our asset database. However, if dynamic
CPU throttling is enabled on (mainly RHEL) Linux (e.g. cpuspeed), that
value will change and we end up seeing toggling of that value in our
asset database (via a report that tracks changes made to it by
Cfengine).
Currently I'm looking at /proc/cpuinfo:
measurements:
linux::
"/proc/cpuinfo"
handle => "linux_cpu_speed",
stream_type => "file",
data_type => "int",
history_type => "scalar",
units => "MHz",
match_value => extract_line_value("cpu MHz.*", "cpu
MHz\s+:\s+(\d+\.\d+)");
This is the value that changes. One person here suggested looking at the
"model name" entry in /proc/cpuinfo, to which newer systems statically
add the default CPU speed, but unfortunately we have a lot of systems
that don't do that.
So does anyone have any other thoughts on how to reliably retrieve RHEL
systems' CPU speeds via Cfengine measurements promises?
Justin C. Lloyd
Senior Unix Infrastructure Engineer
Office: 303.684.4166
www.digitalglobe.com
Re: Linux CPU speed
You could try disabling cpuspeed before taking the measurement, then
re-enabling it... kind of kludgey, but it would work...
Paul Krizak 7171 Southwest Pkwy MS B200.3A
MTS Systems EngineerAustin, TX 78735
Advanced Micro Devices Desk: (512) 602-8775
Linux/Unix Systems Engineering Cell: (512) 791-0686
Global IT InfrastructureFax: (512) 602-0468
On 08/31/10 16:23, Justin Lloyd wrote:
> Here’s an interesting question for Nova users and/or Linux experts. I
> have a number of measurements promises that extract information about a
> system and store that data in our asset database. However, if dynamic
> CPU throttling is enabled on (mainly RHEL) Linux (e.g. cpuspeed), that
> value will change and we end up seeing toggling of that value in our
> asset database (via a report that tracks changes made to it by Cfengine).
>
> Currently I’m looking at /proc/cpuinfo:
>
> measurements:
>
> linux::
>
> "/proc/cpuinfo"
>
> handle => "linux_cpu_speed",
>
> stream_type => "file",
>
> data_type => "int",
>
> history_type => "scalar",
>
> units => "MHz",
>
> match_value => extract_line_value("cpu MHz.*", "cpu MHz\s+:\s+(\d+\.\d+)");
>
> This is the value that changes. One person here suggested looking at the
> “model name” entry in /proc/cpuinfo, to which newer systems statically
> add the default CPU speed, but unfortunately we have a lot of systems
> that don’t do that.
>
> So does anyone have any other thoughts on how to reliably retrieve RHEL
> systems’ CPU speeds via Cfengine measurements promises?
>
> *Justin C. Lloyd*
>
> Senior Unix Infrastructure Engineer
>
> *Office*: 303.684.4166
>
>
> Description: Description: cid:image001.gif@01CB11F3.8C8CBD70
> www.digitalglobe.com
Cfengine Help: Re: Cfengine master HA?
Forum: Cfengine Help
Subject: Re: Cfengine master HA?
Author: daveseff
Link to topic: https://cfengine.com/forum/read.php?3,18019,18025#msg-18025
But Now it seems that I have broken everything.
Unable to lookup hostname ($(g.phost)) or cfengine service: Name or service not
known
!! Unable to find host or service: ($(g.phost)/5308) Name or service not known
!! No server is responding on this port
!!! System error for socket: "No such file or directory"
Unable to establish connection with $(g.phost)
Unable to lookup hostname ($(g.phost)) or cfengine service: Name or service not
known
-> No suitable server responded to hail
My promises.cf:
bundle common g{
vars:
"repo" string => "/var/cfengine3/master";
"inputs" string => "/var/cfengine3/inputs";
"binaries" string => "/var/cfengine3/sbin";
"libraries" string => "/var/cfengine3/lib";
"rh4bin" string => "/var/cfengine3/RHEL4/sbin";
"rh4lib" string => "/var/cfengine3/RHEL4/lib";
"workdir" string => "/var/cfengine3";
# for HA add more policy hosts
"phost" slist => { "192.168.0.1", "192.168.0.1" };
}
One of my copies:
/etc/cron.daily/tmpwatch"
perms => mog("755","root","root"),
copy_from => secure_cp("$(g.repo)/bond_studio/tmpwatch","$(g.phost)"),
action => if_elapsed("30");
secure_cp is from the std library.
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: Cfengine master HA?
Forum: Cfengine Help
Subject: Re: Cfengine master HA?
Author: Seva Gluschenko
Link to topic: https://cfengine.com/forum/read.php?3,18019,18027#msg-18027
You'd rather pass a list there, i.e.
copy_from => secure_cp("$(g.repo)/bond_studio/tmpwatch","@(g.phost)")
Lists can't be accessed indirectly, so you might need to make a local copy
first, like follows:
vars:
"servers" slist => { @(g.phost) };
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
task recieves SIGINT
Hi Using 3.0.5p1 on Solaris10/SPARC. I have noticed cfengine emitted these kind of messages, 2-3 time a day: Received signal 2 (SIGINT) while doing [lock.rtcontrol.files.handle.comment.touch.perms.owners.._export_rt_rtsystem_var_rtcontrol_cron_off_2573_MD5=f4ca9ba1e72e0739e1c840e70b934aad] Logical start time Wed Sep 1 01:32:28 2010 This sub-task started really at Wed Sep 1 01:39:33 2010 I have noticed any particular side-effects, bad or otherwise, and am not sure if I should be worried about this occurrence. I am fairly sure the signal is being sent from within the process tree (either by cf-execd or cf-agent itself), as the service manager (SMF) would report any externally received signals. Cheers ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: File ownership for AD users
Forum: Cfengine Help
Subject: File ownership for AD users
Author: Remi
Link to topic: https://cfengine.com/forum/read.php?3,18029,18029#msg-18029
Hey guys:
I'm using AD auth on our linux servers through winbind.
I'm using cfengine 3 to distribute authorized key files for certain users,
however it appears that cfengine is having problems finding AD users.
Promise:
bundle agent sshkeys {
files:
"/home/DOMAIN/USER/.ssh/authorized_keys"
create => "true",
perms => system("0400", "DOMAIN+USER", "sysmgt"),
copy_from =>
umycopy("/var/cfengine/masterfiles/test/misc/USER_authorized_keys");
}
body perms system(p,u,g) {
mode => "${p}";
owners => { "${u}" };
groups => { "${g}" };
}
cf-agent in debug shows me:
Validation: Scalar item in owners => { DOMAIN+USER } in rvalue is out of bounds
(value should match pattern +)
Any way around this?
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
action_policy => "warn" ignored?
Hi,
I think I'm misunderstanding how action_policy => "warn" is supposed to
work. Consider the following example:
bundle agent test {
files:
"/foo/."
create => "true",
action => warn_only;
}
body action warn_only
{
action_policy => "warn";
}
When I run this, the directory is created despite the setting of
action_policy (I have also tried "nop").
My understanding of the documentation is that action_policy => "warn"
should disable the actual fixing of the promise, and just warn about it.
Is this wrong?
Thanks,
--Diego
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: File ownership for AD users
Forum: Cfengine Help
Subject: Re: File ownership for AD users
Author: Seva Gluschenko
Link to topic: https://cfengine.com/forum/read.php?3,18029,18031#msg-18031
The Cfengine's output itself is not about finding domain users, it's about
syntax. The user field is treated as the broken regular expression, this is
what the warning is about. So, basically you can try to escape a plus sign like
follows:
perms => system("0400", "DOMAIN\+USER", "sysmgt")
the truth is, problems with domain users still may arise, but you wouldn't know
until you try.
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
