Cfengine Help: Re: Literature on Cfengine3
Forum: Cfengine Help Subject: Re: Literature on Cfengine3 Author: d34m0nsi Link to topic: https://cfengine.com/forum/read.php?3,21598,21631#msg-21631 Thanks for the info, am looking forward to the book :) //Alfred ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
RE: Cfengine Help: Re: Avoiding "Duplicate selection of value"
Is there any chance of a change to the C code that implements "splayclass" to give me an easy way of selecting a random quarter-hour slot in each 6 hour shift? I too have had to up my schedule and reduce my default splay time to 5 minutes in cf-execd to allow the use of splayclass. Chris Ritson (Computing Officer and School Safety Officer) Room 707, Claremont Tower,EMAIL: c.r.rit...@ncl.ac.uk School of Computing Science, PHONE: +44 191 222 8175 Newcastle University, FAX : +44 191 222 8232 Newcastle upon Tyne, UK NE1 7RU. WEB : http://www.cs.ncl.ac.uk/ >-Original Message- >From: help-cfengine-boun...@cfengine.org [mailto:help-cfengine- >boun...@cfengine.org] On Behalf Of Mark >Sent: 27 April 2011 05:20 >To: Michael Stevens >Cc: help-cfengine@cfengine.org >Subject: Re: Cfengine Help: Re: Avoiding "Duplicate selection of value" > >No nothing is hardcoded, but the default exec time is 5 minutes. You are >not missing out. > > >Mark > > >On 27 Apr 2011, at 01:09, Michael Stevens wrote: > >> I wasn't aware of this. Correct me if I'm wrong, but from reading the >docs, the "on" interval is hard-coded to 5 minutes, eg, since we're >running cf3 every 15 minutes from cron, we'd miss 2/3 of the activations >unless we up our schedule to every 5 minutes. >> >> On Apr 26, 2011, at 11:19 AM, no-re...@cfengine.com wrote: >> >>> Have you looked a splayclass? It can randomize when promises are >kept without >>> the overhead of calling a shell. >>> http://www.cfengine.org/manuals/cf3-reference.html#Function- >splayclass >> ___ >> Help-cfengine mailing list >> Help-cfengine@cfengine.org >> https://cfengine.org/mailman/listinfo/help-cfengine >___ >Help-cfengine mailing list >Help-cfengine@cfengine.org >https://cfengine.org/mailman/listinfo/help-cfengine ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: How to modify a global list
Forum: Cfengine Help
Subject: Re: How to modify a global list
Author: jonb1987
Link to topic: https://cfengine.com/forum/read.php?3,21589,21633#msg-21633
neilhwatson Wrote:
---
> Jon,
>
> Where is this bundle?
> edit_line => upgrade_cfexecd,
(I hadn't included it in order to keep the posting short)
#--
bundle edit_line upgrade_cfexecd {
#--
classes:
"exec_fix" not=> regline(".*cf-execd.*","$(edit.filename)");
"exec_del" expression => regline(".*cfexecd.*", "$(edit.filename)");
delete_lines:
".*cfexecd.*";
insert_lines:
exec_fix::
"7 20 * * * /var/cfengine/bin/cf-execd -F";
reports:
exec_fix::
"Added a cf-execd schedule to $(edit.filename)";
exec_del::
"Deleted old cfengine2 entry in $(edit.filename)";
}
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
readstringlist and "Duplicate selection of value.. " error
Hi,
If readstringlist is used as shown here:
http://www.cfengine.org/manuals/cf3-reference.html#Function-readstringlist
it will give you an "Duplicate selection of value .." for the expected
list of string variable. Looks like the list enclosing brackets {} are not
needed, at least for 3.1.4 version.
mlz.
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
readfile function and newline
Hi, The readfile function adds a newline character ( not present in the file content ) into the string variable returned. This may lead to non-convergent behaviour when the variable is used in other file editing. Tested in version 3.1.4 only. http://www.cfengine.org/manuals/cf3-reference.html#Function-readfile regards, mlz. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: YP NIS netgroup
Forum: Cfengine Help Subject: YP NIS netgroup Author: jonb1987 Link to topic: https://cfengine.com/forum/read.php?3,21635,21635#msg-21635 In cfengine v2, you could directly use yp/nis netgroups, e.g. groups: my_hosts = ( +my_team_hosts ) I cannot find any reference to nis in the cfengine3 documentation. Is this genuinely missing? If so I guess I have to run a shell command to get this stuff and put it into a string list. Thanks in advance... ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
package_list_update_ifelapsed question/proposal
We have several software repositories at our site (debian, centos, ..)
where we maintain are own software. This software is updated frequently and
we are always in conflict with the package_list_update_ifelapsed
setting. I do not want to maintain our own package settings and the one in
the cfengine_stdlib.cf is fine for me.
But what i want is a setting alla 'refresh_processes'. So the update of the
package list is done once when requested and the other 'bundles' use the
cached one.
Here is the example setting for ps:
##
# To avoid a lot of ps commands, wait for cf 3.1.3
#
refresh_processes => { "none" };
--
* Bas van der Vliese-mail: b...@sara.nl *
* SARA - Academic Computing Services Amsterdam, The Netherlands *
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: List of copied files
Forum: Cfengine Help
Subject: List of copied files
Author: rosin
Link to topic: https://cfengine.com/forum/read.php?3,21638,21638#msg-21638
Hey there.
Im a newbee to cfengine - but impressed about the prospects it brings.
In my scenario i want to copy the files needed in a compact way. Therefore I
wrote something like that:
bundle agent copy{
"/"
comment => "specific configuration files for this system",
depth_search => b_recurse,
copy_from => digist_cp("${source}");
}
body copy_from digist_cp(from)
{
source => "$(from)";
compare => "digest";
verify => "true";
preserve=> "true";
}
body depth_search b_recurse
{
depth => "inf";
}
The ${source} point to a location where I build a directory structure similar
to the root-Filesystem (with paths like "/etc/", "/usr/", "/etc/ssh" and so
on).
Is it possible to check which files within this directory structure has been
replaced?
For example: I want to know if the sshd_config has been replaced to restart the
server.
How can I realize this? Or is this realisation completely on the wron track?
Thanks for your help,
Moritz
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: Package installation - trouble specifying environment variable
Forum: Cfengine Help
Subject: Re: Package installation - trouble specifying environment variable
Author: ticketo
Link to topic: https://cfengine.com/forum/read.php?3,21587,21639#msg-21639
Have you tried using environment in agent control?
It would seem that this could be appropriately
set here.
Thank you for the hint. At least it works now.
body agent control {
debian::
# debconf should never ask question while installing
# doing so would require user interaction to answer them!
environment => {
"DEBIAN_FRONTEND='noninteractive'"
};
}
I'm just not convinced this is the 'perfect' solution. Why? Everyone using the
standard library must remember to set this value or else package installation
may break some point in time. So it would be nice, if either the standard
library would already take care of this by itself or if this is not possible at
least warn the user, that some additionnal configuration is necessary.
Maybe some comment like
##
# Please remember to set the environment variable DEBIAN_FRONTEND to
# 'noninteractive' in body agent control or otherwise assure that debconf is not
# run during package installation
body package_method apt
{
[...]
body package_method generic
{
[...]
# Please remember to set the environment variable DEBIAN_FRONTEND to
# 'noninteractive' in body agent control or otherwise assure that debconf is
not
# run during package installation
debian::
would be helpful.
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: Package installation - trouble specifying environment variable
Forum: Cfengine Help Subject: Re: Package installation - trouble specifying environment variable Author: bbomgardner Link to topic: https://cfengine.com/forum/read.php?3,21587,21640#msg-21640 I agree. Perhaps you could request a feature to add a package_environment command so that this could be set directly in the body as you want. Although, I would venture a guess that the package managers aren't run within another shell so this maybe the best you can do right now. I suppose it would be nice if aptitude had similar functionality through switches, huh? =) ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: Literature on Cfengine3
Forum: Cfengine Help Subject: Re: Literature on Cfengine3 Author: msvob...@linkedin.com Link to topic: https://cfengine.com/forum/read.php?3,21598,21641#msg-21641 I was asked to review the book in the works, and from what I saw, I was very discouraged. =( I asked that the publishers look at a complete re-write. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: How to modify a global list
Forum: Cfengine Help Subject: Re: How to modify a global list Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,21589,21642#msg-21642 Does that work? I don't think I've seen classes and report promises in an edit line bundle. If it does you've shown me something new. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: YP NIS netgroup
Forum: Cfengine Help Subject: Re: YP NIS netgroup Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,21635,21643#msg-21643 If you run cf-promises in verbose mode you can see all of the classes the agent is a member of. Try that and see if an netgroups are listed. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: List of copied files
Forum: Cfengine Help Subject: Re: List of copied files Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,21638,21644#msg-21644 Welcome. Typically one would have a promise just for sshd_config and set a repair class should the promise repair the target file. Using that class you can restart SSH. It is not common to bulk promise a large group of unrelated files because it leads to a question like yours. The solutions guide has some good examples for you consider. http://www.cfengine.org/manuals/cf3-solutions.html http://www.cfengine.org/manuals/cf3-reference.html#classes-in-_002a ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: Literature on Cfengine3
Forum: Cfengine Help Subject: Re: Literature on Cfengine3 Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,21598,21645#msg-21645 I have been reviewing it. I've only seen a few chapters. It is my hope that the next drafts will improve. It is concerning. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: Literature on Cfengine3
> > I was asked to review the book in the works, and from what I saw, I was very > discouraged. =( I asked that the publishers look at a complete re-write. > I was also asked and i totally agree with you! -- * Bas van der Vliese-mail: b...@sara.nl * * SARA - Academic Computing Services Amsterdam, The Netherlands * ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: Literature on Cfengine3
Forum: Cfengine Help Subject: Re: Literature on Cfengine3 Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,21598,21647#msg-21647 I did pitch a book to O'reilly but was rejected. I suppose I might have gone elsewhere but I really wanted to have O'reilly on my CV. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: Literature on Cfengine3
Forum: Cfengine Help Subject: Re: Literature on Cfengine3 Author: mark Link to topic: https://cfengine.com/forum/read.php?3,21598,21648#msg-21648 Agreed about the draft ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: Updating Solaris Packages
Forum: Cfengine Help Subject: Re: Updating Solaris Packages Author: berntjernberg Link to topic: https://cfengine.com/forum/read.php?3,21617,21649#msg-21649 Hi, My solution installs/updates a packages to a specific version. https://cfengine.com/forum/read.php?3,20818,20832#msg-20832 Wrong version/no version (not installed) is equally wrong in my solution. I don't know if Cfengine's standard Solaris package management can handle the global/local zone lockfile issue. I check the PSTAMP variable but you could easily change that to VERSION. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: List of copied files
Forum: Cfengine Help Subject: Re: List of copied files Author: rosin Link to topic: https://cfengine.com/forum/read.php?3,21638,21650#msg-21650 Hm, I was afraid of this answer. This leads to an extreme expansion of my promise files Thanks for your help. Greetings, Moritz ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: List of copied files
Forum: Cfengine Help Subject: Re: List of copied files Author: mark Link to topic: https://cfengine.com/forum/read.php?3,21638,21651#msg-21651 Can you use a regular expression pattern to simplify your case? (Quick hint in passing) ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: List of copied files
Forum: Cfengine Help Subject: Re: List of copied files Author: rosin Link to topic: https://cfengine.com/forum/read.php?3,21638,21652#msg-21652 Sorry. What do you mean with "Quick hint in passing"? ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: List of copied files
Forum: Cfengine Help Subject: Re: List of copied files Author: mark Link to topic: https://cfengine.com/forum/read.php?3,21638,21653#msg-21653 I mean I don't really have time to say anything at length, as I am doing something else, but look up the possibility us using file patterns to match specific files. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: FW: Weird permissions with Cfengine.
Forum: Cfengine Help
Subject: Re: FW: Weird permissions with Cfengine.
Author: berntjernberg
Link to topic: https://cfengine.com/forum/read.php?3,21620,21654#msg-21654
Hi,
I don't know if this is the solution to my problem but Cfengine seem to
remove read permission on files in /var were a ZFS acl i set.
Via an acl an application user may read /var/cron/log, /var/adm/sulog
and /var/adm/loginlog.
I use this code. I run a similar bundle to remove write for other on all files
in /var/tmp and /tmp.
I use Community 3.1.4.
body file_select by_umf(user,mode,files)
{
search_owners => { "$(user)" };
search_mode => { "$(mode)" };
path_name => { @(files) };
file_types => { "reg" };
file_result => "!path_name.mode.owner.file_types";
}
#
# Remove all but whitelisted suid root files.
#
bundle agent manage_root_suid_files
{
vars:
!suid_files_lockfile|(Hr01_Q3|Hr05_Q3|Hr09_Q3|Hr13_Q3|Hr17_Q3|Hr21_Q3)::
"dir_list" slist => { @(g.suid_dir_list) };
"exclude_dirs" slist => { @(g.suid_excl_dir_list) };
"allow_files" slist => { @(g.suid_allow_list) };
classes:
"suid_files_lockfile" expression =>
isplain("/var/run/cfe_suid_files.lck");
files:
!suid_files_lockfile|(Hr01_Q3|Hr05_Q3|Hr09_Q3|Hr13_Q3|Hr17_Q3|Hr21_Q3)::
"$(dir_list)"
file_select => by_umf("root","u+s","@(allow_files)"),
depth_search => recurse_ignore("inf","@(exclude_dirs)"),
action => policy("fix"),
comment => "Allow only whitelisted setuid root files",
transformer => "$(g.chmod) u-s $(this.promiser)";
methods:
!suid_files_lockfile::
"Create lockfile" usebundle => touch("/var/run/cfe_suid_files.lck");
}
bundle common g
{
#
# Directories to search for suid root files.
#
"suid_dir_list" slist => {
"/usr/bin",
"/usr/sbin",
"/sbin",
"/var"
};
#
# Directories to exclude while searching for suid root files.
#
"suid_excl_dir_list" slist => {
"/opt/OV",
"/opt/oracle",
"/var/opt/OV",
"/var/sadm/pkg",
"/var/sadm/patch",
"/var/sun",
"/var/run"
};
#
# Allowed suid files.
#
"suid_allow_list" slist => {
"/usr/bin/at",
"/usr/bin/atq",
"/usr/bin/atrm",
"/usr/bin/crontab",
"/usr/bin/pfexec",
"/usr/sbin/ping",
"/usr/lib/pt_chmod"
};
}
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: cf-serverd seem to leak memory in 3.1.4.
Forum: Cfengine Help
Subject: cf-serverd seem to leak memory in 3.1.4.
Author: berntjernberg
Link to topic: https://cfengine.com/forum/read.php?3,21655,21655#msg-21655
Hi,
My policy server runs RHEL 5.6 and the Cfengine 3.1.4 rpm. I have have 141
Solaris 10 clients connecting.
I deployed an upgrade of a software containing about 10 Solaris packages
contained in a tar-file of 47MB.
When the bundle decides the software needs updating the software is removed via
en external wrapper.
The 47MB-tar-file is downloaded and the wrapper unpacks it and install the
packages.
The memory usage of the cf-serverd quickly increased to about 96% and lot of
swap was used as well.
I noticed that I had a bug (me bad) which led to Cfengine removing/downloading
tar-file/installing every fifteen
minute. When my bug was corrected the memory usage leveled out on 90% and
overnight it dropped to
80% but never below. If I restart the cf-serverd now when this "big" upgrade is
done the memory usage is
0.1%.
I have iptables protecting the policy server so I have to investigate if this
disturbs normal operation.
I just wanted to raise a flag on this as 3.1.5 is in the making.
I have 4GB of RAM and two CPU's on the policy-server.
This is cf-serverd code.
#
# Common accesslist.
#
bundle common s
{
vars:
# List here that we grant access to on the server.
"connect_acl" slist => {
"10..*",
};
# Which keys should we trust.
"trustkeysfrom_acl" slist => {
"10..*",
};
}
#
# Server settings.
#
body server control
{
denybadclocks => "true";
allowconnects => { "127.0.0.1", "::1", @(s.connect_acl) };
allowusers=> { "root","cfengine" };
maxconnections=> "1000";
logallconnections => "true";
# Uncomment this when you intend to install new hosts.
#trustkeysfrom => { "127.0.0.1" , "::1", @(s.trustkeysfrom_acl) };
# Uncomment to disable DNS-verify.
#skipverify=> { @(s.connect_acl), "127.0.0.1" , "::1" };
}
#
# Assign access to local directories on policy host.
#
bundle server access_rules()
{
access:
policy_host::
"$(g.dir_repository)"
handle => "grant_access_repository",
comment => "Grant access to the repository",
admit => { ".*$(g.domain)", @(s.acl) };
}
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: package_list_update_ifelapsed question/proposal
On Apr 27, 2011, at 11:36, Bas van der Vlies wrote: > We have several software repositories at our site (debian, centos, ..) > where we maintain are own software. This software is updated frequently and > we are always in conflict with the package_list_update_ifelapsed > setting. I do not want to maintain our own package settings and the one in > the cfengine_stdlib.cf is fine for me. Hi Bas, I found another flaw in the package list in cfengine: it should be updated as soon as cfengine installs/removes/updates a package. The package list works like a cache, and a cache has to be invalidated as soon as it is known dirty. This issue has bitten me a couple of times, where you ask cfengine to install a package, it is installed, and 15 minutes later cfengine tries to install it again only to be bitten by the package manager telling it that package is already installed. Regards, Erik -- Erik Mouw -- erik.m...@snow.nl Snow B.V. -- http://snow.nl/ ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: YP NIS netgroup
Forum: Cfengine Help Subject: Re: YP NIS netgroup Author: davidlee Link to topic: https://cfengine.com/forum/read.php?3,21635,21656#msg-21656 A note of caution. At my previous workplace, we successfully ran cfengine v2, and had been using such NIS/YP from the hosts aspects of "netgroup" maps to determine group/class membership. But we then suffered a nasty little incident in which an important machine (Linux, I think) somehow lost its NIS/YP binding, resulting in the host-based class membership changing (as cfengine v2 continued to work even though the binding had gone) resulting in an unwanted change to a vital part of that host's system configuration. Not nice. So we adjusted our cfengine policy from that point onwards. Despite the apparent ideal of using NIS/YP to steer cfengine (and so not having to replicate NIS/YP information within cfengine) we ended up taking the more pragmatic approach of avoiding this mechanism, and we instead replicated that netgroup information in cfengine. (In our case the overall size of the host/netgroup data was small enough to make the awkwardness of such repetition manageable.) ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: path_name fails in file_select
Forum: Cfengine Help
Subject: path_name fails in file_select
Author: jonb1987
Link to topic: https://cfengine.com/forum/read.php?3,21658,21658#msg-21658
I'd be grateful for some help with the use of "path_name" in the "file_select"
bundle...
I'm trying to limit the select of files to everything except some directories
and some files.
So I have this...
#--
bundle agent main {
#--
files:
"/"
file_select => default_file_select,
depth_search => recurse("inf"),
copy_from=> default_copy_from;
}
#--
body file_select default_file_select {
#--
# Things NOT to match
leaf_name => { "yp.conf",
"rsnapshot_primary.conf"
};
path_name => { "/etc/cron.d/.*",
"/etc/cups/.*"
};
file_result => "(!path_name).(!leaf_name)";
}
What happens is the leaf_name part is honoured (i.e. yp.conf,
rsnapshot_primary.conf are NOT copied),
but the path_name part is NOT honoured - i.e. files in directories /etc/cron.d/
ARE copied.
So any ideas as to what am doing wrong?
Thanks in advance
Jon B
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: YP NIS netgroup
Forum: Cfengine Help Subject: Re: YP NIS netgroup Author: jonb1987 Link to topic: https://cfengine.com/forum/read.php?3,21635,21659#msg-21659 davidlee Wrote: --- > A note of caution. At my previous workplace, we > successfully ran cfengine v2, and had been using > such NIS/YP from the hosts aspects of "netgroup" > maps to determine group/class membership. > > But we then suffered a nasty little incident in > which an important machine (Linux, I think) > somehow lost its NIS/YP binding, resulting in the > host-based class membership changing (as cfengine > v2 continued to work even though the binding had > gone) resulting in an unwanted change to a vital > part of that host's system configuration. Not > nice. > > So we adjusted our cfengine policy from that point > onwards. Despite the apparent ideal of using > NIS/YP to steer cfengine (and so not having to > replicate NIS/YP information within cfengine) we > ended up taking the more pragmatic approach of > avoiding this mechanism, and we instead replicated > that netgroup information in cfengine. (In our > case the overall size of the host/netgroup data > was small enough to make the awkwardness of such > repetition manageable.) Interesting point. I guess the right solution is for the nis database on the nis server to be updated via cfengine also! ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: How to modify a global list
Forum: Cfengine Help Subject: Re: How to modify a global list Author: jonb1987 Link to topic: https://cfengine.com/forum/read.php?3,21589,21660#msg-21660 neilhwatson Wrote: --- > Does that work? I don't think I've seen classes > and report promises in an edit line bundle. If it > does you've shown me something new. Yes it works. But I cannot claim credit - it was merely in there from the original cfengine example files! ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Hostname change and keys
Forum: Cfengine Help Subject: Hostname change and keys Author: debheller Link to topic: https://cfengine.com/forum/read.php?3,21661,21661#msg-21661 Hello All, Just a short question today: When the hostname of a monitored system changes, all pertinent promises are updated on the policy server are updated to reflect that change. In the case of a Nova implementation, is it necessary to use cf-key to generate new keys and then re-bootstrap the system? We have found that the system with the new hostname seems to be functioning properly, but I may be overlooking something... What say you? deb ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: cf-serverd seem to leak memory in 3.1.4.
Forum: Cfengine Help Subject: Re: cf-serverd seem to leak memory in 3.1.4. Author: bbomgardner Link to topic: https://cfengine.com/forum/read.php?3,21655,21662#msg-21662 Have you been able to test the 3.1.5 beta releases? There was a memory leak with cf-serverd that was fixed. (I have also seen this issue with 3.1.4) ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: path_name fails in file_select
Forum: Cfengine Help Subject: Re: path_name fails in file_select Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,21658,21663#msg-21663 Do you mean to 'and' that result or should it be an 'or'? What are you expecting? ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: Avoiding "Duplicate selection of value"
How would I go about having splayclass work with our current */15 run interval? On Apr 26, 2011, at 9:20 PM, Mark wrote: > No nothing is hardcoded, but the default exec time is 5 minutes. You are not > missing out. > > > Mark > > > On 27 Apr 2011, at 01:09, Michael Stevens wrote: > >> I wasn't aware of this. Correct me if I'm wrong, but from reading the docs, >> the "on" interval is hard-coded to 5 minutes, eg, since we're running cf3 >> every 15 minutes from cron, we'd miss 2/3 of the activations unless we up >> our schedule to every 5 minutes. >> >> On Apr 26, 2011, at 11:19 AM, no-re...@cfengine.com wrote: >> >>> Have you looked a splayclass? It can randomize when promises are kept >>> without >>> the overhead of calling a shell. >>> http://www.cfengine.org/manuals/cf3-reference.html#Function-splayclass >> ___ >> Help-cfengine mailing list >> Help-cfengine@cfengine.org >> https://cfengine.org/mailman/listinfo/help-cfengine ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: Avoiding "Duplicate selection of value"
Ah, I see what you mean. Sorry. You're right, one has to assume a resolution to do the hashing. Any reason why you can't up to 5 min resolution? On 27/04/11 19:48, Michael Stevens wrote: > How would I go about having splayclass work with our current */15 run > interval? > > On Apr 26, 2011, at 9:20 PM, Mark wrote: > >> No nothing is hardcoded, but the default exec time is 5 minutes. You are not >> missing out. >> >> >> Mark >> >> >> On 27 Apr 2011, at 01:09, Michael Stevens wrote: >> >>> I wasn't aware of this. Correct me if I'm wrong, but from reading the docs, >>> the "on" interval is hard-coded to 5 minutes, eg, since we're running cf3 >>> every 15 minutes from cron, we'd miss 2/3 of the activations unless we up >>> our schedule to every 5 minutes. >>> >>> On Apr 26, 2011, at 11:19 AM, no-re...@cfengine.com wrote: >>> Have you looked a splayclass? It can randomize when promises are kept without the overhead of calling a shell. http://www.cfengine.org/manuals/cf3-reference.html#Function-splayclass >>> ___ >>> Help-cfengine mailing list >>> Help-cfengine@cfengine.org >>> https://cfengine.org/mailman/listinfo/help-cfengine > ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: Package installation - trouble specifying environment variable
Forum: Cfengine Help Subject: Re: Package installation - trouble specifying environment variable Author: sauer Link to topic: https://cfengine.com/forum/read.php?3,21587,21666#msg-21666 Seems like a potentially more appropriate option would be to just use apt-get instead of aptitude. The aptitude binary isn't installed on every Debian-esque system (I don't usually install it), and apt-get has the "-o configoption=value" command line argument which lets you specify arbitrary config options. The same --assume-yes and --quiet options work with apt-get. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: Avoiding "Duplicate selection of value"
We conceivably could, there's not really a reason other than it doesn't seem necessary to update that often. I may well change it just to get splayclass working. Any chance of getting the splayclass interval as a settable parameter? On Apr 27, 2011, at 11:54 AM, Mark Burgess wrote: > Ah, I see what you mean. Sorry. You're right, one has to assume a resolution > to do the hashing. Any reason why you can't up to 5 min resolution? > > On 27/04/11 19:48, Michael Stevens wrote: >> How would I go about having splayclass work with our current */15 run >> interval? >> >> On Apr 26, 2011, at 9:20 PM, Mark wrote: >> >>> No nothing is hardcoded, but the default exec time is 5 minutes. You are >>> not missing out. >>> >>> >>> Mark >>> >>> >>> On 27 Apr 2011, at 01:09, Michael Stevens wrote: >>> I wasn't aware of this. Correct me if I'm wrong, but from reading the docs, the "on" interval is hard-coded to 5 minutes, eg, since we're running cf3 every 15 minutes from cron, we'd miss 2/3 of the activations unless we up our schedule to every 5 minutes. On Apr 26, 2011, at 11:19 AM, no-re...@cfengine.com wrote: > Have you looked a splayclass? It can randomize when promises are kept > without > the overhead of calling a shell. > http://www.cfengine.org/manuals/cf3-reference.html#Function-splayclass ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine >> ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: Avoiding "Duplicate selection of value"
We can look into it if you file a feature request, but I'm not sure it's desirable. You can still do your updates every 15 mins even though the agent wakes up every 5 if you set the ifelapsed default to 15 mins or more. On 27/04/11 23:32, Michael Stevens wrote: > We conceivably could, there's not really a reason other than it doesn't seem > necessary to update that often. I may well change it just to get splayclass > working. Any chance of getting the splayclass interval as a settable > parameter? > > On Apr 27, 2011, at 11:54 AM, Mark Burgess wrote: > >> Ah, I see what you mean. Sorry. You're right, one has to assume a resolution >> to do the hashing. Any reason why you can't up to 5 min resolution? >> >> On 27/04/11 19:48, Michael Stevens wrote: >>> How would I go about having splayclass work with our current */15 run >>> interval? >>> >>> On Apr 26, 2011, at 9:20 PM, Mark wrote: >>> No nothing is hardcoded, but the default exec time is 5 minutes. You are not missing out. Mark On 27 Apr 2011, at 01:09, Michael Stevens wrote: > I wasn't aware of this. Correct me if I'm wrong, but from reading the > docs, the "on" interval is hard-coded to 5 minutes, eg, since we're > running cf3 every 15 minutes from cron, we'd miss 2/3 of the activations > unless we up our schedule to every 5 minutes. > > On Apr 26, 2011, at 11:19 AM, no-re...@cfengine.com wrote: > >> Have you looked a splayclass? It can randomize when promises are kept >> without >> the overhead of calling a shell. >> http://www.cfengine.org/manuals/cf3-reference.html#Function-splayclass > ___ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine >>> > ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine Help: Re: cf-serverd seem to leak memory in 3.1.4.
Forum: Cfengine Help Subject: Re: cf-serverd seem to leak memory in 3.1.4. Author: berntjernberg Link to topic: https://cfengine.com/forum/read.php?3,21655,21669#msg-21669 bbomgardner Wrote: --- > Have you been able to test the 3.1.5 beta releases? No I haven't. > There was a memory leak with cf-serverd that was fixed. > (I have also seen this issue with 3.1.4 Ok, I must be better checking already filed bugs. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: YP NIS netgroup
See http://www.cfengine.org/manuals/cf3-reference.html#Function-hostinnetgroup On 27/04/11 11:25, no-re...@cfengine.com wrote: > Forum: Cfengine Help > Subject: YP NIS netgroup > Author: jonb1987 > Link to topic: https://cfengine.com/forum/read.php?3,21635,21635#msg-21635 > > In cfengine v2, you could directly use yp/nis netgroups, e.g. > > groups: >my_hosts = ( +my_team_hosts ) > > > I cannot find any reference to nis in the cfengine3 documentation. > Is this genuinely missing? If so I guess I have to run a shell command to get > this stuff and > put it into a string list. > > Thanks in advance... > > ___ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
