CFEngine Help: Re: methods, usebundle and loops
Forum: CFEngine Help
Subject: Re: methods, usebundle and loops
Author: davidlee
Link to topic: https://cfengine.com/forum/read.php?3,24644,24648#msg-24648
Simon,
You say "And I need to check the whole namespace in my production promises for
collisions!"
It's worth adopting for yourself a set of conventions for naming. Alas, the
cfengine documentation doesn't seem to include such a recommendation. And the
standard library sets a very poor example in this respect; its bundle, body and
global-class names are arbitrary when one considers scaling up. But Diego's
example implicitly hints towards such local conventions:
bundle agent echoname(name) {
commands:
"/bin/echo $(name)"
ifvarclass => "!echo_run_$(name)",
classes => if_repaired("echo_run_$(name)");
}
See how his class names "echo..." reflect his bundle name? (Personally, I
would probably use something like "echoname_$(name)" as a naming pattern for
this set of global classes, then there's no risk of clash.)
When I say "no risk of clash", that's a white lie of course. I can immediately
think of two:
(a) You have another bundle of the same name, which would itself be an error.
But that's a different problem, and in solving that (and consistently keeping
with such a convention for your global classes) this particular class-name
clash would go away.
(b) Your name lands up on a name that coincides with one of cfengine's own.
There's no simple solution. But it would be helped if cfengine itself could
suggest a set of naming conventions which kept its own name patterns different
from those of users. (Even if cfengine themselves simply said "all our names
will be "CFE_*"
There are moves afoot to create a framework for users to share bundles. Whilst
this is a potentially good idea, it opens up a worrying nightmare set of
possibilities for name clashes left, right and centre, unless it also has a
clear set of naming conventions, coupled with a set of peer-review gatekeepers
who were alert to detecting and correcting such issues before such bundles went
public.
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
CFEngine Help: Re: Promises repaired in promise_summary
Forum: CFEngine Help Subject: Re: Promises repaired in promise_summary Author: barry35malone Link to topic: https://cfengine.com/forum/read.php?3,24595,24649#msg-24649 That's smart advice. So much of social discussion success really does come down to old-fashioned good manners. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
CFEngine Help: Re: maintaining /etc/security/limits.conf with cf3
Forum: CFEngine Help Subject: Re: maintaining /etc/security/limits.conf with cf3 Author: barry35malone Link to topic: https://cfengine.com/forum/read.php?3,21465,24650#msg-24650 WOW!!! awesome post, nice things to follow, thank you very much for this great piece of work!!! ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
CFEngine Help: Roofing Hollywood Services
Forum: CFEngine Help Subject: Roofing Hollywood Services Author: barry35malone Link to topic: https://cfengine.com/forum/read.php?3,24651,24651#msg-24651 Wonderful post. I would definitely try to incorporate the tips you have shared. I would be glad if you could refer me some more stuff of niche. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
CFEngine Help: Re: split user passwd array
Forum: CFEngine Help
Subject: Re: split user passwd array
Author: tuibelgium
Link to topic: https://cfengine.com/forum/read.php?3,24257,24652#msg-24652
I recently picked this up again. I've managed to get this working, but i've
noticed some strange behaviour.
Below you find an example with 2 bundles. Bundle test2 is a example from the
reference manual.
Bundel test1 is slighty modified.
The output of "$(users[$(index)][2])" in test1 is the same as
"$(users[$(keys_test_2)][2])" in test2.
I'm not able to use "$(users[$(keys_test_1)][2])" because the variable
$(keys_test_1) is not set or has no value.
How can it be explained that keys_test_1 gets no value in the test1?
bundle agent test_1
{
vars:
"pw" string => "user1:a:1";
"pw" string => "user2:b:2";
"pw" string => "user3:c:3";
"index" slist => getindices("pw");
"dim" int => parsestringarray(
"users",
"$(pw[$(index)])",
"\s*#[^\n]*",
":",
"1000",
"20"
);
"keys_test_1" slist => getindices("users");
reports:
cfengine_3::
"$(keys_test_1)";
"$(users[$(index)][2])";
}
bundle agent test_2
{
vars:
"test_2_array" string =>
"user1:a:1
user2:b:2
user3:c:3";
"dim" int => parsestringarray(
"users",
"$(test_2_array)",
"\s*#[^\n]*",
":",
"1000",
"20"
);
"keys_test_2" slist => getindices("users");
reports:
cfengine_3::
"$(keys_test_2)";
"$(users[$(keys_test_2)][2])";
}
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: CFEngine Help: Re: methods, usebundle and loops
Simon-
As stated, the class you're setting is global in scope. However, the test for
the existence of the class might not be redundant, depending on what exactly
you _really_ want to do.
My suggestion is to use classes whose names are also base on the parameter
variable, i.e., if_repaired("echo_$(name)_run"). This means that you will no
longer be able to use the prefix-class notation, but you can still use an
ifvarclass => "echo_$(name)_run" attribute instead.
-Dan
On Jan 25, 2012, at 1:51 AM, no-re...@cfengine.com wrote:
> Forum: CFEngine Help
> Subject: Re: methods, usebundle and loops
> Author: toddnni
> Link to topic: https://cfengine.com/forum/read.php?3,24644,24645#msg-24645
>
> Hi Simon,
>
> only problem that I see is here
>
> commands:
> !echo_run::
>"/usr/bin/echo $(name)"
>classes => if_repaired("echo_run");
>
> because classes => if_repaired() defines global class, which will be already
> defined when the another bundle runs. Local classes and variables are (to my
> understanding) always cleared when the bundle is ran second time.
>
> PS. I addition I think that !echo_run:: is redundant, because cfengine
> doesn't run the same promise twice.
>
> ___
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
CFEngine Help: question of product quota
Forum: CFEngine Help Subject: question of product quota Author: roadtest Link to topic: https://cfengine.com/forum/read.php?3,24653,24653#msg-24653 This is not technical question. As we have mixture environment(window 70%, unix 30%), we are looking into commercial edition - Nova. I submitted a request for quota via http://info.cfengine.com/ContactUs.html? Is it the right way? Thanks, carl ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: methods, usebundle and loops
PS: Stuck on cfengine 3.0.4 / 3.0.5p1 for this exercise, due to a slew of QA requirements. I'm afraid that's your problem. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
CFEngine Help: Re: split user passwd array
Forum: CFEngine Help Subject: Re: split user passwd array Author: sauer Link to topic: https://cfengine.com/forum/read.php?3,24257,24656#msg-24656 My approach is to have CFEngine manage the whole passwd file, and then any user changes happen directly in the CFEngine policy. That makes this whole problem more simple. Well, it's more simple if you ignore the complexity of writing a tool to programmatically edit the existing CFEngine policy, anyway. ;) But to answer your question, the variable problably isn't being set because of the werid pre-parsing that determines when variables will exist and whatnot. The array probably doesn't exist until the second pass through the policy, and the report has laready been generated by then. Presuming that's the case, you can usually solve that by setting some of the variables in a separate bundle, and then using methods to sequence the "set vars" bundle before the "do stuff with the vars" bundle. I've started just doing that as standard practice if I'm doing anything moderately complicated with vars (particularly when using modules or when using functions which define extra vars through side effects), as it completely removes a lot of "why isn't this var set yet" issues. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
CFEngine Help: Re: Load Balancing CFengine Server
Forum: CFEngine Help Subject: Re: Load Balancing CFengine Server Author: sauer Link to topic: https://cfengine.com/forum/read.php?3,24624,24657#msg-24657 I just use a single DNS name (cfmaster) which resolves to several IPs, and then let the local resolver handle things. If you store keys based on IP rather than name, you don't even have to sync the keys up across the servers. Most DNS servers can just do round-robin "balancing". If one host's down, cf-agent should get a port-unreachable or host-unreachable and move on to the next IP in the list, so that's going to be good enough availability balancing for a lot of situations, with really no special setup. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
CFEngine Help: extraneous key storage
Forum: CFEngine Help Subject: extraneous key storage Author: werkt Link to topic: https://cfengine.com/forum/read.php?3,24658,24658#msg-24658 I've noticed that some extraneous public keys have started appearing in my cf clients after an upgrade to 3.2.3 from 3.0. One is hazardous to a non-root client, the other seems benign but non-useful. Benign: The final SavePublicKey section in AuthenticateAgent in a cf-agent client writes a key whose filename based on digest does not match a public key used earlier to establish a connection between the server and client - this was verified through strace, where the file is only created if it does not exist and never opened for read. This key recreates itself on every connection to the server. Hazardous: The LinkOrCopy of localhost.pub to a root-identified public key creates a key which will match an assumed root connection on the same host, resulting in the overwrite of the pubkey with the root pubkey, and since the key is the same inode as the localhost.pub (in my case at least), will destroy the rsa pubkey for future handshaking. I have modified this code to use username, and have also modified ServerConnection to use root as the remote instead of using the current user. Have patch, will travel. I know using cfengine as non-root is not a high priority, but this seems to be precarious at best. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
CFEngine Help: How does cfengine identify OS/release?
Forum: CFEngine Help Subject: How does cfengine identify OS/release? Author: mikesphar Link to topic: https://cfengine.com/forum/read.php?3,24659,24659#msg-24659 I'm running into a weird problem I can't figure out. This is on cfengine 2.2.10 so I know we're talking ancient history here. Someone recently built an OpenSuse server in a VM, and for some reason cfagent is not picking up the SuSE, suse, suse_11, suse_11_4 classes I normally expect. I can't figure out why though, and I've been searching around and haven't found any documentation reference as to how cfagent does (or did) the OS detection that might point me at what's wrong with the server config. Running cfagent in debug mode hasn't provided any insight so far, unless I'm missing something. If anyone has any suggestions or pointers to the right documentation I would appreciate it. All the usual OS info items look pretty much the same as on my other openSuse servers that are being detected correctly. uname -a: Linux OBSCURED 2.6.37.6-vm.1 #1 SMP PREEMPT Tue Jan 24 11:04:14 CST 2012 x86_64 x86_64 x86_64 GNU/Linux /proc/version: Linux version 2.6.37.6-vm.1 (geeko@buildhost) (gcc version 4.5.1 20101208 (SUSE Linux) ) #1 SMP PREEMPT Tue Jan 24 11:04:14 CST 2012 /etc/SuSe-release: openSUSE 11.4 (x86_64) VERSION = 11.4 CODENAME = Celadon ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: CFEngine Help: extraneous key storage
On 25.01.2012 18:42, no-re...@cfengine.com wrote: > Have patch, will travel. I know using cfengine as non-root is not a high > priority, but this seems to be precarious at best. Please open a bug ASAP. -- Mikhail Gusarov ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
CFEngine Help: Re: How does cfengine identify OS/release?
Forum: CFEngine Help Subject: Re: How does cfengine identify OS/release? Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,24659,24660#msg-24660 Try running the agent via strace to see what files get looked at. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: CFEngine Help: Re: How does cfengine identify OS/release?
On 25.01.2012 19:54, no-re...@cfengine.com wrote: > Try running the agent via strace to see what files get looked at. Either that, or reading the source code (somewhere inside sysinfo.c) -- Mikhail Gusarov ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: CFEngine Help: How does cfengine identify OS/release?
On Wed, Jan 25, 2012 at 01:41:09PM -0500, no-re...@cfengine.com wrote: >Forum: CFEngine Help >Subject: How does cfengine identify OS/release? >Author: mikesphar >Link to topic: https://cfengine.com/forum/read.php?3,24659,24659#msg-24659 > >I'm running into a weird problem I can't figure out. This is on cfengine >2.2.10 so I know we're talking ancient history here. > >Someone recently built an OpenSuse server in a VM, and for some reason cfagent >is not picking up the SuSE, suse, suse_11, suse_11_4 classes I normally >expect. I can't figure out why though, and I've been searching around and >haven't found any documentation reference as to how cfagent does (or did) the >OS detection that might point me at what's wrong with the server config. >Running cfagent in debug mode hasn't provided any insight so far, unless I'm >missing something. A lot of it comes from running /usr/bin/lsb_release, specifically: /usr/bin/lsb_release --codename /usr/bin/lsb_release --id /usr/bin/lsb_release --release On non-linux systems, I'm not sure. -- Jesse Becker NHGRI Linux support (Digicon Contractor) ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
CFEngine Help: Re: How does cfengine identify OS/release?
Forum: CFEngine Help Subject: Re: How does cfengine identify OS/release? Author: mikesphar Link to topic: https://cfengine.com/forum/read.php?3,24659,24661#msg-24661 And typically, when I finally cave in and post a question I then somehow stumble across an answer. I'm still not entirely sure what the exact fix was, but I noticed the lsb and lsb-release packages weren't installed. To install them I had to remove patterns-openSUSE-minimal_base and then installing the lsb packages required installing over 100 other dependency packages. But after that now cfagent is defining the expected OS release classes. Are the lsb packages perhaps a requirement for cfagent's OS detection? ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
