building cfengine 3.0.2 on CentOS 5 (64-bit) - graphviz-devel is required
Just wanted to share my experience in building cfengine 3.0.2 on CentOS 5 (64-bit). I ran into 2 snags: 1. I had to remove db4-devel.i386 db4.i386 (leaving the 64-bit versions); 2. I had to install graphviz-devel.x86_64 or else I would get errors like: Making all in docs make[1]: Entering directory `/root/cfengine-3.0.2/docs' ../src/../src/cf-agent -M > `echo ../src/cf-agent.8 | sed s/src/docs/` ../src/../src/cf-agent: error while loading shared libraries: libgvc.so.4: cannot open shared object file: No such file or directory make[1]: *** [cf-agent.8] Error 127 make[1]: Leaving directory `/root/cfengine-3.0.2/docs' make: *** [all-recursive] Error 1 It would help if the INSTALL file mentioned the graphviz requirement. Truly, -at ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
examples of working cfengine3 config? sharing my experience in trying to get started with cfengine 3
Hi. I've used cfengine 2 for a couple of years. I am starting out
with cfengine 3.
I've built and installed cfengine 3.
Now I want to learn how to configure it.
I started at www.cfengine.org. I've gotten to
http://www.cfengine.org/pages/compare which is the first place with
cfengine configuration code snippets -- but none of them work.
For example:
promises.cf:
body agent control
{
bundlesequence => {
webserver("on"),
};
}
# cf-agent
cf3:/var/cfengine/inputs/promises.cf:5,19: syntax error, near token '}'
!!! No bundlesequence in the common control body
Summarizing promises as text to /var/cfengine/inputs/promises.cf.txt
Summarizing promises as html to /var/cfengine/inputs/promises.cf.html
cf-agent was not able to get confirmation of promises from
cf-promises, so going to failsafe
Can't stat file "/var/cfengine/inputs/failsafe.cf" for parsing
!!! System error for stat: "No such file or directory"
#
Then I turned to the cfengine 3 reference manual at
http://www.cfengine.org/manuals/cf3-reference.html
BTW, this manual references cfengine 3.0.3 and I have 3.0.2 as the
latest version. Why isn't 3.0.3 on the web site, please?
Following the manual, I found the example *.cf files shipped in the
"inputs" directory of the distribution tarball.
Ok, I am rolling now, but just wanted to share my experience.
It would help if the cfengine 3 reference manual was linked to from
www.cfengine.org Getting Started page and the FAQ page, please.
Yours truly,
-at
I tried the "Get Started" page,
http://www.cfengine.org/pages/getstarted, but also no working code
there.
This is starting to get frustrating.
Next, on the FAQ page, I find "What is the best way to learn
cfengine?", with a link to http://www.sage.org/pubs/16_cfengine/
Well, I have 16_cfengine, it's from 2007 and covers cfengine 2, not 3.
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: examples of working cfengine3 config? sharing my experience in trying to get started with cfengine 3
Thanks, Erlend. I just needed to vent, partly. :) I'll post on "getting started with cfengine 3" and provide some examples. Looking forward to Mark's Christmas gift as well, re Cfengine 3 standardization / cookbook library. I'd be glad to help any way I can. Cheers, -at ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
need simple examples of cfengine3
I am working on an article to introduce more sysadmins to cfengine 3, and I need help from the cfengine community putting together working standalone examples of the power and simplicity of cfengine 3. By standalone, I mean I should be able to run "cf-agent -f example1.cf" and have example1.cf be the only file in /var/cfengine/inputs, and have it work. Here is what I would like to see: 1. Make sure /proc/sys/vm/swappiness is set to 0 on Linux servers. 2. Make sure root crontab contains an entry for "0 0 * * * /sysadmin/nightly.sh" 3. Make sure ntpd and snmpd are running. 4. Alert an alert if any mounted filesystem exceeds 75% utilization. 5. Alert if there is any account with uid 0 other than root. That should be enough, I don't want to overwhelm my readers with too many examples. I am going to work on coding these up, but if you already have some working code that does this, please let me know. Thanks, Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: list substitution in cfe3
Dear Brendan,
I tried out your code below, expecting it to create
search example.com
nameserver 192.168.1.1
nameserver 192.168.1.2
but it only created:
search example.com
nameserver 192.168.1.1
I am using cfengine 3.0.2 community edition, and calling the code with
"cf-agent -f resolv.cf".
Does this work for you? If so, what am I doing wrong?
Thanks,
-at
On Sun, Dec 13, 2009 at 1:53 PM, Brendan Strejcek wrote:
> Currently there is no map() function, but you can get a similar result
> using iteration.
>
> body common control {
> bundlesequence => { 'example' };
> }
>
> bundle agent example {
> vars:
> any::
> 'nameserver' slist => { '192.168.1.1', '192.168.1.2' };
> 'search' string => 'example.com';
> 'resolv' string => '/tmp/resolv.conf';
> files:
> any::
> "${resolv}"
> create => 'true',
> edit_line => AppendIfNoSuchLine("search ${search}");
> "${resolv}"
> edit_line => AppendIfNoSuchLine("nameserver ${nameserver}");
> }
>
> bundle edit_line AppendIfNoSuchLine(line) {
> classes:
> 'line_absent' not => regline("^${line}$","${edit.filename}");
> insert_lines:
> line_absent::
> "${line}";
> }
>
> On Mon, Nov 30, 2009 at 6:53 AM, Matthias Teege
> wrote:
>> Moin,
>>
>> I have a question about list substition. I want to create a resolv.conf
>> from variables.
>>
>> "dom" string => "example.com";
>> "dns" slist => { "192.168.1.1", "192.168.1.2" };
>>
>> It would be nice if i can use a generic add_line macro like this one:
>>
>> bundle edit_line add_line(value) {
>> insert_lines:
>> "${value}";
>> }
>>
>> I can create a new list and use add_line:
>>
>> "resolv" slist => { "search $(dom)", @(dns) };
>>
>> "resolv.conf"
>>
>> edit_line => add_line (@(resolv));
>>
>> But this does not give me a usefull resolv.conf because I missing
>> "nameserver". Something like
>>
>> "resolv" slist => { "search $(dom)", "nameserver $(dns)" };
>>
>> does not work.
>>
>> Is it possible to "simulate" some kind of map function or list
>> comprehension in cfe3? In python I can write:
>>
>> [ "nameserver %s" % h for h in ('192.168.1.1', '192.168.1.2') ]
>>
>> which gives me a new list.
>>
>> ['nameserver 192.168.1.1', 'nameserver 192.168.1.2']
>>
>> Is there something simular in cfe?
>>
>> Many thanks
>> Matthias
>>
>> ___
>> Help-cfengine mailing list
>> Help-cfengine@cfengine.org
>> https://cfengine.org/mailman/listinfo/help-cfengine
>>
> ___
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
>
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: list substitution in cfe3
Well, alright. It's not making sense yet.
I am working my way through the tutorial now
(http://www.cfengine.org/manuals/cf3-tutorial.pdf). Perhaps I'll find
a working example of iteration there.
It's good you'll have something to make this clearer. I reckon it'll
help a lot.
Aleksey
On Tue, Dec 15, 2009 at 12:25 AM, Mark Burgess wrote:
>
> In the approach given, the file is edited twice - once to add each line.
> You have to think "sub-routines". Editing is a bundle of promises itself.
>
> My Christmas bundle will help to make this clearer.
>
> Aleksey Tsalolikhin wrote:
>> Dear Brendan,
>>
>> I tried out your code below, expecting it to create
>>
>> search example.com
>> nameserver 192.168.1.1
>> nameserver 192.168.1.2
>>
>> but it only created:
>>
>> search example.com
>> nameserver 192.168.1.1
>>
>> I am using cfengine 3.0.2 community edition, and calling the code with
>> "cf-agent -f resolv.cf".
>>
>> Does this work for you? If so, what am I doing wrong?
>>
>> Thanks,
>> -at
>>
>>
>> On Sun, Dec 13, 2009 at 1:53 PM, Brendan Strejcek wrote:
>>> Currently there is no map() function, but you can get a similar result
>>> using iteration.
>>>
>>> body common control {
>>> bundlesequence => { 'example' };
>>> }
>>>
>>> bundle agent example {
>>> vars:
>>> any::
>>> 'nameserver' slist => { '192.168.1.1', '192.168.1.2' };
>>> 'search' string => 'example.com';
>>> 'resolv' string => '/tmp/resolv.conf';
>>> files:
>>> any::
>>> "${resolv}"
>>> create => 'true',
>>> edit_line => AppendIfNoSuchLine("search ${search}");
>>> "${resolv}"
>>> edit_line => AppendIfNoSuchLine("nameserver ${nameserver}");
>>> }
>>>
>>> bundle edit_line AppendIfNoSuchLine(line) {
>>> classes:
>>> 'line_absent' not => regline("^${line}$","${edit.filename}");
>>> insert_lines:
>>> line_absent::
>>> "${line}";
>>> }
>>>
>>> On Mon, Nov 30, 2009 at 6:53 AM, Matthias Teege
>>> wrote:
>>>> Moin,
>>>>
>>>> I have a question about list substition. I want to create a resolv.conf
>>>> from variables.
>>>>
>>>> "dom" string => "example.com";
>>>> "dns" slist => { "192.168.1.1", "192.168.1.2" };
>>>>
>>>> It would be nice if i can use a generic add_line macro like this one:
>>>>
>>>> bundle edit_line add_line(value) {
>>>> insert_lines:
>>>> "${value}";
>>>> }
>>>>
>>>> I can create a new list and use add_line:
>>>>
>>>> "resolv" slist => { "search $(dom)", @(dns) };
>>>>
>>>> "resolv.conf"
>>>>
>>>> edit_line => add_line (@(resolv));
>>>>
>>>> But this does not give me a usefull resolv.conf because I missing
>>>> "nameserver". Something like
>>>>
>>>> "resolv" slist => { "search $(dom)", "nameserver $(dns)" };
>>>>
>>>> does not work.
>>>>
>>>> Is it possible to "simulate" some kind of map function or list
>>>> comprehension in cfe3? In python I can write:
>>>>
>>>> [ "nameserver %s" % h for h in ('192.168.1.1', '192.168.1.2') ]
>>>>
>>>> which gives me a new list.
>>>>
>>>> ['nameserver 192.168.1.1', 'nameserver 192.168.1.2']
>>>>
>>>> Is there something simular in cfe?
>>>>
>>>> Many thanks
>>>> Matthias
>>>>
>>>> ___
>>>> Help-cfengine mailing list
>>>> Help-cfengine@cfengine.org
>>>> https://cfengine.org/mailman/listinfo/help-cfengine
>>>>
>>> ___
>>> Help-cfengine mailing list
>>> Help-cfengine@cfengine.org
>>> https://cfengine.org/mailman/listinfo/help-cfengine
>>>
>> ___
>> Help-cfengine mailing list
>> Help-cfengine@cfengine.org
>> https://cfengine.org/mailman/listinfo/help-cfengine
>
> --
> Mark Burgess
>
> -
> Professor of Network and System Administration
> Oslo University College, Norway
>
> Personal Web: http://www.iu.hio.no/~mark
> Office Telf : +47 22453272
> -
>
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
What does "promiser" mean?
What does "promiser" mean, please? I am on PDF page 17 of the
cfengine 3 tutorial workbook,
http://www.cfengine.org/manuals/cf3-tutorial.pdf
Line 9, below.
1 body common control
2 {
3 bundlesequence => { "fileperms" };
4 }
5 bundle agent fileperms
6 {
7 files:
8 # This is a throw-away comment, below is a full-bodied promise
9 "/tmp/testfile" # promiser
10 comment => "This is for keeps...", # Live comment
11 create => "true", # Constraint 1
12 perms => p("612"); # Constraint 2, rw---x-w-
13 }
14 # This is a trivial body template, which makes parameterizing
15 # the promise body tidier and re-usable
16 body perms p(x)
17 {
18 mode => "$(x)";
19 }
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: list substitution in cfe3
On Tue, Dec 15, 2009 at 1:02 AM, Mark Burgess wrote:
>
> And I should have pointed out that the "bundle resolvconf" etc, belongs in
> the standard
> library.
Is this why the below does not work? What do I need to do?
myprompt# cf-agent -f ./resolver.cf
cf3:./resolver.cf:33,18: syntax error, near token '('
Undeclared promise bundle "resolvconf()" was referenced in a promise
Summarizing promises as text to ./resolver.cf.txt
Summarizing promises as html to ./resolver.cf.html
cf-agent was not able to get confirmation of promises from
cf-promises, so going to failsafe
myprompt# cat resolver.cf
body common control
{
version => "1.0";
bundlesequence => {
"checkresolver"
};
#inputs => {
# "site.cf",
# "library.cf"
# };
}
bundle agent checkresolver
{
vars:
"resolvers" slist => { "128.39.89.10", "158.36.85.10",
"129.241.1.99" };
files:
"$(sys.resolv)"
edit_line => resolvconf("iu.hio.no cfengine.com",@(resolvers));
}
bundle resolvconf(search,list)
{
delete_lines:
"search.*";
insert_lines:
"search $(search)";
"$(list)";
}
myprompt#
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
file copy in cfengine - need some help getting going
Hi, guys.
I am having trouble getting file copying going. I am sure it's
something simple, but I am having trouble spotting what it is.
The error message I get is:
$ cf-agent -f test_copy.cf
Not authorized to trust the server=127.0.0.1's public key (trustkey=false)
Authentication dialogue with 127.0.0.1 failed
$
The tutorial says,
If you are using secure copy, make sure that you
have created a key file and that you have distributed
and installed it to all participating hosts in your cluster.
I am not sure HOW to distribute and install it.
My ppkeys directory contains:
$ ls -l ~/.cfagent/ppkeys/
total 24
-rw--- 1 tsalolia tsalolia 1743 Dec 14 22:24 localhost.priv
-rw--- 1 tsalolia tsalolia 426 Dec 14 22:24 localhost.pub
-rw--- 1 tsalolia tsalolia 426 Dec 16 12:41 tsalolia-127.0.0.1.pub
$
My cf-serverd configuration:
body server control
{
allowconnects => { "127.0.0.1" , "::1" };
allowallconnects => { "127.0.0.1" , "::1" };
trustkeysfrom => { "127.0.0.1" , "::1" };
# Make updates and runs happen in one
cfruncommand => "$(sys.workdir)/bin/cf-agent -f
failsafe.cf && $(sys.workdir)/bin/cf-agent";
allowusers=> { "root" , "tsalolia" };
}
(I am running cf-serverd and cf-agent as "tsalolia".)
I tried adding
trustkey => "true" ;
to the "body server control" body, but that earned me a
Q: "...cf-serverd": Unknown lval trustkey in server control body
I did add
trustkey => "true" ;
to my copy_from example body. (see below).
Please advise?
Here is my test_copy.cf:
--- start of test_copy.cf ---
body common control
{
bundlesequence => { "testcopy" };
version => "1.2.3";
inputs => { "library.cf" };
}
bundle agent testcopy
{
files:
"/tmp/testcopy1"
copy_from => my_copy_body_with_options("/tmp/testcopy2","127.0.0.1");
}
body copy_from my_copy_body_with_options(sourcefile,sourceserver)
{
source => "$(sourcefile)";
servers => { "$(sourceserver)" };
copy_backup => "true";
special_class:: purge => "true";
trustkey=> "true";
compare => "digest";
encrypt => "true";
verify => "true";
force_ipv4 => "false";
collapse_destination_dir => "false";
copy_size => irange("0","5");
# etc. etc.
}
--- end of test_copy.cf ---
Thanks,
Aleksey
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: file copy in cfengine - need some help getting going
Thanks, Brendan and Neil for your replies. I've removed that special_class::, changed 127.0.0.1 to the primary IP address, and got this far: Trusting server identity, promise to accept key from 10.1.2.3=10.1.2.3 However the file transfer was still not happening, getting message like "server denied access to /home/tsalolia/test_copy2" (my source file). I tried changing the user from myself to root, and now I am getting BAD: Unspecified server refusal (see verbose server output) Authentication dialogue with 10.1.2.3 failed from the client, and the server says: cf3 New connection...(from 10.1.2.3/4) cf3 Spawning new thread... cf3 Received: [CAUTH 10.1.2.3 myhostname tsalolia 0] on socket 4 cf3 Allowing 10.1.2.3 to connect without (re)checking ID cf3 Non-verified Host ID is myhostname (Using skipverify) cf3 Non-verified User ID seems to be tsalolia (Using skipverify) cf3 LastSaw host myhostname now cf3 Received: [SAUTH y 256 37] on socket 4 cf3 Private decrypt failed = padding check failed cf3 From (host=myhostname,user=tsalolia,ip=10.1.2.3) cf3 ID from connecting host: (SAUTH y 256 37) Why did the padding check fail and what I can I do about it? Or how can I get cf-serverd to read my source file? Thanks, Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: file copy in cfengine - need some help getting going
I am back to running this as a mortal user, since I got further along this way.
With "-d 1" on cf-serverd, I see:
AccessControl(/home/tsalolia/testcopy2)
AccessControl, match(/home/tsalolia/testcopy2,hwd-ddc-app-prod01)
encrypt request=1
Examining rule in access list (/home/tsalolia/testcopy2,/home/mark/LapTop)?
Examining rule in access list
(/home/tsalolia/testcopy2,/home/mark/.cfagent/bin/cf-agent)?
cf3 Host hwd-ddc-app-prod01 denied access to /home/tsalolia/testcopy2
where does /home/mark come from?
Ok, I found it in site.cf :
###
# Server configuration
###
bundle server access_rules()
{
access:
"/home/mark/LapTop"
admit => { "127.0.0.1" };
"/home/mark/.cfagent/bin/cf-agent"
admit => { "127.0.0.1" };
roles:
".*" authorize => { "mark" };
}
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: file copy in cfengine - need some help getting going
this was it! it worked after I updated the access_rules
Thanks!!
Aleksey
On Fri, Dec 18, 2009 at 5:29 PM, Aleksey Tsalolikhin
wrote:
> Ok, I found it in site.cf :
>
> ###
> # Server configuration
> ###
>
> bundle server access_rules()
> {
> access:
>
> "/home/mark/LapTop"
>
> admit => { "127.0.0.1" };
>
> "/home/mark/.cfagent/bin/cf-agent"
>
> admit => { "127.0.0.1" };
>
> roles:
>
> ".*" authorize => { "mark" };
> }
>
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Fwd: [lopsa-discuss] Configuration Management
Paul on a sys admin discussion list asked about a "do it now" button in cfengine. I remember reading about something like this in cfengine3 docs, a way to tell the cfengine clients that a policy update is available. A quick search failed to turn this up. Could someone refresh my memory, please? I want to let Paul know that Cfengine 3 CAN do this. Thanks, Aleksey -- Forwarded message -- From: Paul DiSciasio Date: Mon, Feb 22, 2010 at 4:16 AM Subject: [lopsa-discuss] Configuration Management To: disc...@lopsa.org Greetings everyone. I have a question about everyone's favorite topic: configuration management. I hope this has not been posted before (i did check the archives). I apologize if it has. I'm trying to figure out how to implement something with a sort of "hybrid no-op" mechanism. I've been doing a great deal of research to try to find the best tool for the job. Of the most popular configuration management tools, each one has a dry-run or no-op mode. I especially like bcfg2's feature that lets you step through your configuration and pick and choose which things to change; however, bcfg2 doesn't seem to have a good way to "kick" the clients to force an update at a given time. Puppet has this, so I'm leaning in that direction right now. Additionally, I work in an environment where production changes have to be carefully controlled and documented and can only occur during certain time windows. So what I'm looking for is something that allows my clients to run in dry-run mode most of the time (reporting back to me which things need to be changed, but not taking any action), and then let me send a message to them when it's time to actually execute the changes. It seems that the best I might be able to do is leave my regular agent running in dry-run mode all the time, but then ssh into the servers in question one by one and execute the agent in active mode when I want to make the changes, but that is obviously cumbersome and has a number of drawbacks. Does anyone know of a cleaner way to accomplish this? I've looked specifically at bcfg2, puppet, cfengine, and chef. Everyone seems to assume you want things very automatic or not at all. Thanks, Paul ___ Discuss mailing list disc...@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/ ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Fwd: [lopsa-discuss] Configuration Management
Yes, cf-runagent is what I was looking for. Thanks, all! Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
How to run Cfengine 3 with Cfengine 2 policies? I get syntax errors.
Hi. I understood that Cfengine 3 could read and run Cfengine 2 policies. How to get a Cfengine 3 promises.cf to import a Cfengine 2 cfagent.conf, please? I get syntax errors if I try to import it using "inputs". Best, -at ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: How to run Cfengine 3 with Cfengine 2 policies? I get syntax errors.
Thanks, Nicolas. I understand Cfengine 3 CAN read Cfengine 2 policies - the feature is "Auto-encapsulation of Cfengine 2 for incremental upgrade", see at the bottom of http://cfengine.com/pages/cfengine3 I just want to find out HOW to do it. :) I am ready for an incremental upgrade of a production system consisting of about a dozen nodes; this will be my first upgrade of Cfengine 2 to 3. Help? Best, -at ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: How to run Cfengine 3 with Cfengine 2 policies? I get syntax errors.
Thanks, Mark. What is meant by "auto-encapsulation", please? Is it that I can I run cf-execd and cfexecd out of crontab and they'll happily share the /var/cfengine work directory? Thanks! Aleksey On Fri, Mar 5, 2010 at 10:34 AM, Mark Burgess wrote: > > Aleksey, Cfengine 3 provides the possibility for cfengine 3 and cfengine 2 > to coexist > during an upgrade phase. It cannot *read* Cfengine 2 policies. Cfengine (the > company) can > help transform a configuration. > > Aleksey Tsalolikhin wrote: >> Thanks, Nicolas. I understand Cfengine 3 CAN read Cfengine 2 policies >> - the feature is "Auto-encapsulation of Cfengine 2 for incremental >> upgrade", see at the bottom of http://cfengine.com/pages/cfengine3 >> >> I just want to find out HOW to do it. :) I am ready for an >> incremental upgrade of a production system consisting of about a dozen >> nodes; this will be my first upgrade of Cfengine 2 to 3. >> >> Help? >> >> Best, >> -at >> ___ >> Help-cfengine mailing list >> Help-cfengine@cfengine.org >> https://cfengine.org/mailman/listinfo/help-cfengine > > -- > Mark Burgess > > - > Professor of Network and System Administration > Oslo University College, Norway > > Personal Web: http://www.iu.hio.no/~mark > Office Telf : +47 22453272 > - > ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: How to run Cfengine 3 with Cfengine 2 policies? I get syntax errors.
I found the answer in the Cfengine reference manual -- thank you, Mark. cf-execd runs cfagent to handle the Cfengine 2 policies. (and cf-agent to handle Cfengine 3 policies.)There is a policy example for the encapsulation. Thanks! Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: tcpread help
Dear Neil,
I ran into this a couple of days ago.
The HTTP protocol requires a blank line at the end of the request.
Here is an example using Cfengine 2 syntax:
ReadTCP(www.google.com,80,"GET /cfengine_probe HTTP/1.0${n}${n}",1024)
Best,
-at
On Sat, Mar 13, 2010 at 12:25 PM, Mark Burgess wrote:
>
> You need to read about the HTTP protocol. Your short GET string is not a
> valid protocol
> statement.
>
> Neil Watson wrote:
>> On Sat, Mar 13, 2010 at 06:42:07PM +0100, Mark Burgess wrote:
>>
>>> See the example in the cfengine source unit_readtcp.cf -- the problem
>>> is that you have not completed the protocol properly.
>>
>> This is the same as what is in the reference guide. The long GET string
>> is not explained. Care to explain?
>>
>
> --
> Mark Burgess
>
> -
> Professor of Network and System Administration
> Oslo University College, Norway
>
> Personal Web: http://www.iu.hio.no/~mark
> Office Telf : +47 22453272
> -
> ___
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
>
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: tcpread help
Hi, Deb. You are most welcome. I copied it out of one of Mark's
Cfengine2, I imagine. So thanks to Mark!
Truly,
-at
2010/3/16 Deb Heller-Evans :
> Elegant! Thanks for sharing!
>
>
> Kind Regards,
> deb ツ
>
> Deb Heller-Evans 1 Cyclotron Road
> Computer Systems Engineer Berkeley, CA 94720
> ESnet http://www.es.net/ Desk: 510/495-2243
>
>
>
> On Mon, 15 Mar 2010 14:26:24 -0700, Aleksey Tsalolikhin wrote:
>> Dear Neil,
>>
>> I ran into this a couple of days ago.
>>
>> The HTTP protocol requires a blank line at the end of the request.
>>
>> Here is an example using Cfengine 2 syntax:
>>
>> ReadTCP(www.google.com,80,"GET /cfengine_probe HTTP/1.0${n}${n}",1024)
>>
>> Best,
>> -at
>>
>>
>> On Sat, Mar 13, 2010 at 12:25 PM, Mark Burgess
>> wrote:
>>>
>>> You need to read about the HTTP protocol. Your short GET string is not a
>>> valid protocol
>>> statement.
>>>
>>> Neil Watson wrote:
>>>> On Sat, Mar 13, 2010 at 06:42:07PM +0100, Mark Burgess wrote:
>>>>
>>>>> See the example in the cfengine source unit_readtcp.cf -- the problem
>>>>> is that you have not completed the protocol properly.
>>>>
>>>> This is the same as what is in the reference guide. The long GET string
>>>> is not explained. Care to explain?
>>>>
>>>
>>> --
>>> Mark Burgess
>>>
>>> -
>>> Professor of Network and System Administration
>>> Oslo University College, Norway
>>>
>>> Personal Web: http://www.iu.hio.no/~mark
>>> Office Telf : +47 22453272
>>> -
>>> ___
>>> Help-cfengine mailing list
>>> Help-cfengine@cfengine.org
>>> https://cfengine.org/mailman/listinfo/help-cfengine
>>>
>> ___
>> Help-cfengine mailing list
>> Help-cfengine@cfengine.org
>> https://cfengine.org/mailman/listinfo/help-cfengine
>
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: tcpread help
I meant to say, out of one of Mark's Cfengine 2 documents.
On Tue, Mar 16, 2010 at 7:06 PM, Aleksey Tsalolikhin
wrote:
> Hi, Deb. You are most welcome. I copied it out of one of Mark's
> Cfengine2, I imagine. So thanks to Mark!
>
> Truly,
> -at
>
> 2010/3/16 Deb Heller-Evans :
>> Elegant! Thanks for sharing!
>>
>>
>> Kind Regards,
>> deb ツ
>>
>> Deb Heller-Evans 1 Cyclotron Road
>> Computer Systems Engineer Berkeley, CA 94720
>> ESnet http://www.es.net/ Desk: 510/495-2243
>>
>>
>>
>> On Mon, 15 Mar 2010 14:26:24 -0700, Aleksey Tsalolikhin wrote:
>>> Dear Neil,
>>>
>>> I ran into this a couple of days ago.
>>>
>>> The HTTP protocol requires a blank line at the end of the request.
>>>
>>> Here is an example using Cfengine 2 syntax:
>>>
>>> ReadTCP(www.google.com,80,"GET /cfengine_probe HTTP/1.0${n}${n}",1024)
>>>
>>> Best,
>>> -at
>>>
>>>
>>> On Sat, Mar 13, 2010 at 12:25 PM, Mark Burgess
>>> wrote:
>>>>
>>>> You need to read about the HTTP protocol. Your short GET string is not a
>>>> valid protocol
>>>> statement.
>>>>
>>>> Neil Watson wrote:
>>>>> On Sat, Mar 13, 2010 at 06:42:07PM +0100, Mark Burgess wrote:
>>>>>
>>>>>> See the example in the cfengine source unit_readtcp.cf -- the problem
>>>>>> is that you have not completed the protocol properly.
>>>>>
>>>>> This is the same as what is in the reference guide. The long GET string
>>>>> is not explained. Care to explain?
>>>>>
>>>>
>>>> --
>>>> Mark Burgess
>>>>
>>>> -
>>>> Professor of Network and System Administration
>>>> Oslo University College, Norway
>>>>
>>>> Personal Web: http://www.iu.hio.no/~mark
>>>> Office Telf : +47 22453272
>>>> -
>>>> ___
>>>> Help-cfengine mailing list
>>>> Help-cfengine@cfengine.org
>>>> https://cfengine.org/mailman/listinfo/help-cfengine
>>>>
>>> ___
>>> Help-cfengine mailing list
>>> Help-cfengine@cfengine.org
>>> https://cfengine.org/mailman/listinfo/help-cfengine
>>
>
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Is it possible to suppress error messages from ReadTCP in cfengine 2?
Hi. Is it possible to selectively suppress error messages with cfengine 2?
For example, I have the following working config which sets a class indicating
the machine's physical location.
I deal with two locations, and each location has it's own Web proxy server.
I try to connect to both, and set a class based on which one succeeds.
--- start of cfengine 2.2.10 config file file ---
#!/var/cfengine/bin/cfagent -qKf
control:
probehttphwd = ( ReadTCP(webproxy.hollywood.example.com,8008,"GET
/cfengine_probe HTTP/1.0${n}${n}",1024) )
probehttpnyc = ( ReadTCP(webproxy.newyork.example.com,8008,"GET
/cfengine_probe HTTP/1.0${n}${n}",1024) )
classes:
we_are_in_hollywood = ( RegCmp(".*HTTP.*","${probehttphwd}") )
we_are_in_newyork = ( RegCmp(".*HTTP.*","${probehttpmmb}") )
--- start of cfengine 2.2.10 policy file ---
However this results in error messages for the other proxy:
Couldn't open a tcp socket
Connection timed out
Is there any way to suppress just that error message? I searched the
Cfengine 2 reference manual and did not find anything so I suspect
the answer is "no", but maybe I missed something?
I am trying to determine location. I can't use network addresses,
as these are separate entities each using private address space
and there is some overlap in the address space they use.
Thanks,
Aleksey
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Dear Mark, will you teach a Cfengine 3 class at LISA?
Dear Mark, Are you going to teach a Cfengine 3 class at LISA in November? (I may not make it to USENIX this year, so asking about LISA.) Kind regards, Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Intro article on Cfengine 3 published in Linux-Mag.com
Neil Watson and I have an intro on Cfengine 3 article in Linux-Mag.com web site: http://www.linux-mag.com/cache/7802/1.html Best, Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Article on the Configuration Management Summit 2010 now online at www.linux-mag.com
http://www.linux-mag.com/id/7841 "The State of Open Source System Automation" A report on bcfg2, cfengine, chef and puppet by, Yours truly, Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
need help with restart_class; the example from the manual does not work (3.0.5p1)
Reference:
http://www.cfengine.org/manuals/cf3-reference.html#restart_005fclass-in-processes
Example - ntpd is down, cf-agent should start it. It does not.
[r...@localhost inputs]# /etc/init.d/ntpd status
ntpd is stopped
[r...@localhost inputs]# ps auwx|grep ntpd
root 11788 0.0 0.0 3996 684 pts/0R+ 23:26 0:00 grep ntpd
[r...@localhost inputs]# cat example1_service_running_ntpd.cf
body common control
{
bundlesequence => { "check_ntpd_running" };
}
bundle agent check_ntpd_running {
processes:
"ntpd"
restart_class => "start_ntpd";
commands:
start_ntpd::
"/etc/init.d/ntpd start";
}
[r...@localhost inputs]# cf-agent -f ./example1_service_running_ntpd.cf
[r...@localhost inputs]# Wed Sep 8 23:26:51 2010:Lock removed
normally
:pid=11805:lock.check_ntpd_running.processes.restart_class..proc_ntpd_start_ntpd_2679_MD5=56cd7091cb7b8906d0171aa0b2c846a9:
Wed Sep 8 23:26:49 2010 -> Wed Sep 8 23:26:51 2010: Outcome of
version (not specified) (agent-0): Promises observed to be kept 100%,
Promises repaired 0%, Promises not repaired 0%
[r...@localhost inputs]# /etc/init.d/ntpd status
ntpd is stopped
[r...@localhost inputs]#
No, I suspect it's something to do with the regex check, because if I
change the string to
"nosuchstringatalliamversure"
then it works, ntpd is started.
This is with cfengine 3.0.5p1 community edition.
Thanks,
-at
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: need help with restart_class; the example from the manual does not work (3.0.5p1)
Here is what cf-agent -v tells me:
cf3 Observe process table with /bin/ps auxw
cf3 XX Nothing promised here [lock.check_ntpd_running.proces] (0/1
minutes elapsed)
cf3
I appreciate your suggestion to use process_select (thank you), but
I'd like to make this example work - it's in the reference manual
after all.
I'll report it as a bug to the bug list.
Best,
-at
On Thu, Sep 9, 2010 at 1:29 AM, Seva Gluschenko
wrote:
> Aleksey,
>
> running cf-agent in verbose mode (cf-agent -v) can make you known of
> reasons your process promise was erroneously matched. Also, take a
> look at process_select compound body to implement better matching.
>
> 2010/9/9 Aleksey Tsalolikhin :
>> Reference:
>> http://www.cfengine.org/manuals/cf3-reference.html#restart_005fclass-in-processes
>>
>> Example - ntpd is down, cf-agent should start it. It does not.
>>
>> [r...@localhost inputs]# /etc/init.d/ntpd status
>> ntpd is stopped
>> [r...@localhost inputs]# ps auwx|grep ntpd
>> root 11788 0.0 0.0 3996 684 pts/0 R+ 23:26 0:00 grep ntpd
>> [r...@localhost inputs]# cat example1_service_running_ntpd.cf
>> body common control
>>
>> {
>> bundlesequence => { "check_ntpd_running" };
>> }
>>
>>
>> bundle agent check_ntpd_running {
>>
>>
>> processes:
>>
>> "ntpd"
>>
>> restart_class => "start_ntpd";
>>
>> commands:
>>
>> start_ntpd::
>>
>> "/etc/init.d/ntpd start";
>>
>> }
>> [r...@localhost inputs]# cf-agent -f ./example1_service_running_ntpd.cf
>> [r...@localhost inputs]# Wed Sep 8 23:26:51 2010:Lock removed
>> normally
>> :pid=11805:lock.check_ntpd_running.processes.restart_class..proc_ntpd_start_ntpd_2679_MD5=56cd7091cb7b8906d0171aa0b2c846a9:
>> Wed Sep 8 23:26:49 2010 -> Wed Sep 8 23:26:51 2010: Outcome of
>> version (not specified) (agent-0): Promises observed to be kept 100%,
>> Promises repaired 0%, Promises not repaired 0%
>>
>> [r...@localhost inputs]# /etc/init.d/ntpd status
>> ntpd is stopped
>> [r...@localhost inputs]#
>>
>> No, I suspect it's something to do with the regex check, because if I
>> change the string to
>>
>> "nosuchstringatalliamversure"
>>
>> then it works, ntpd is started.
>>
>> This is with cfengine 3.0.5p1 community edition.
>>
>> Thanks,
>> -at
>> ___
>> Help-cfengine mailing list
>> Help-cfengine@cfengine.org
>> https://cfengine.org/mailman/listinfo/help-cfengine
>>
>
>
>
> --
> SY, Seva Gluschenko.
>
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: need help with restart_class; the example from the manual does not work (3.0.5p1)
@Seva: -K did not help. lock is not an issue in this case; regex is. thanks anyway! @neil watson: thanks, Neil! anchoring the regex helped (i.e. the example works now) I don't understand why regex "^ntpd" sets the restart_class, and regex "ntpd" does not. "ps auwx" output does not contain ntpd at all, so I don't understand why it would matter if it's ntpd or ^ntpd. Is this a bug in cfengine or am I missing some subtlety? In any case, the example currently in the reference manual does not work, it's missing the leading carat. cc'ing the bugs list to fix either cfengine or the reference manual, please. Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: need help with restart_class; the example from the manual does not work (3.0.5p1)
On Thu, Sep 9, 2010 at 11:12 PM, Seva Gluschenko wrote: > Aleksey, > > I told you about regex and suggested looking into process_select > compound body. Unfortunately, you didn't hear. Seva, you were right, it is a regex issue. Thank you. And I see why you suggested -K, because of the 0/1 minute elapsed message Thanks again, I appreciate the help. Best, -at ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: need help with restart_class; the example from the manual does not work (3.0.5p1)
Great idea, thanks, Neil, I'll definitely try that! Aleksey On Fri, Sep 10, 2010 at 5:06 AM, wrote: > Forum: Cfengine Help > Subject: Re: need help with restart_class; the example from the manual does > not work (3.0.5p1) > Author: neilhwatson > Link to topic: https://cfengine.com/forum/read.php?3,18140,18164#msg-18164 > > Aleksey, you might get a better understanding of the process table during the > run if you can get Cf to report all processes. I don't know if there is a > built it way to do so but it should be easy enough to make your own promise. > Generally it is a good idea to be as specific as possible with regexes to > avoid any unwanted greedy matches. > > ___ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine > ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
What does ... mean? (literally, ...) in quoted command output
What does ... mean in the output from the example cfengine config? commands: "/bin/echo Hello world!"; [r...@localhost inputs]# cf-agent -Kf ./example000_helloworld.cf Q: ".../bin/echo Hello": Hello world! I: Last 1 QUOTed lines were generated by promiser "/bin/echo Hello world!" [r...@localhost inputs]# ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: What does ... mean? (literally, ...) in quoted command output
On Fri, Sep 10, 2010 at 11:42 AM, Mark Burgess wrote: > Cfengine tries to extract the most relevant portion of the text so that you > can see what > it is ... that is usually that final part of the path, not the beginning. If > it wrote > > "/usr/bin/..." you wouldn't be much wiser :) Very pratical. I get it. Thank you! Best, -at ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
I've written an article about how Cfengine relates to Chef and Puppet in terms of origin; and its new capabilities
I noticed some people using Chef have no idea of the history involvedso I've put together a little piece detailing the lineage and how Cfengine 3 is a next-generation tool, it's improvements over Cfengine 2 and completely new capabilities: http://verticalsysadmin.com/blog/uncategorized/relative-origins-of-cfengine-chef-and-puppet It also details what's new in Chef. Best, -at ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: I've written an article about how Cfengine relates to Chef and Puppet in terms of origin; and its new capabilities
They ought to come to Mark's Cfengine 3 class at LISA 2010. I bet they don't even know what Cfengine 3 is and are going off 2's reputation. Tell them about Mark's Cfengine 3 class if you can, please, Neil. Cheers, -at On Wed, Sep 15, 2010 at 10:33 AM, wrote: > Forum: Cfengine Help > Subject: Re: I've written an article about how Cfengine relates to Chef and > Puppet in terms of origin; and its new capabilities > Author: neilhwatson > Link to topic: https://cfengine.com/forum/read.php?3,18264,18265#msg-18265 > > I can't be specific but there is a large Linux centric organization who is > looking into configuration management products. Currently I am told that the > technical folks at this organization are favouring Puppet over Cfengine. I > don't have any practical experience with Puppet to say anything good or bad > about it. I am compiling a list of good things about Cfengine that these > people might not be aware of. If anyone has some Puppet information they can > share I'd appreciate it. > > ___ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine > ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
cfengine.com is very slow for me right now... took 5 minutes to login. Now "my cache" is slow to come up. EOM
___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
3.0.5p1: library.cf conflicts with cfengine_stdlib.cf. Trouble getting started.
Hi. So I've installed 3.0.5p1, and copied the following to
/var/cfengine/inputs:
/usr/local/share/doc/cfengine/inputs/*cf
/usr/local/share/doc/cfengine/cfengine_stdlib.cf
Now I run cf-agent and get errors:
cf3:/var/cfengine/inputs/cfengine_stdlib.cf:304,1: Redefinition of
body start for location is a broken promise, near token '{'
cf3:/var/cfengine/inputs/cfengine_stdlib.cf:371,1: Redefinition of
body immediate for action is a broken promise, near token '{'
cf3:/var/cfengine/inputs/cfengine_stdlib.cf:603,1: Redefinition of
body recurse for depth_search is a broken promise, near token '{'
cf3:/var/cfengine/inputs/cfengine_stdlib.cf:630,1: Redefinition of
body tidy for delete is a broken promise, near token '{'
cf3:/var/cfengine/inputs/cfengine_stdlib.cf:672,1: Redefinition of
body days_old for file_select is a broken promise, near token '{'
So what is library.cf? I know cfengine_stdlib.cfg is the COPBL.
Here is what I actually did:
1. cp /usr/local/share/doc/cfengine/inputs/*cf /var/cfengine/inputs
2. run cf-agent and confirm it works fine, it even finds my cfengine2
files and runs cfagent. Great!!
3. Now I want to add some cfengine 3 promises, so I include
cfengine_stdlib.cf and this is where things break.
Please advise.
Thanks,
-at
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: cfengine.com is very slow for me right now... took 5 minutes to login. Now "my cache" is slow to come up. EOM
I am in Los Angeles. The main cfengine.com site pages come up reasonably fast but when I go to login, it starts getting into minutes... I just submitted username and password and the browser busy doohicky is just spinning... about a minute now and still going. On Wed, Sep 15, 2010 at 4:29 PM, Nakarin Phooripoom wrote: > Where are you located? I'm in NY, using a free Wifi at Times square right > now. It took me only 2 seconds to login. ^^" ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: 3.0.5p1: library.cf conflicts with cfengine_stdlib.cf. Trouble getting started.
Thanks, Nakarin, I really appreciate your reply, but I don't like to
guess - let's see
what the Cfengine developers say about what is library.cf and
cfengine_stdlib.cf?
How to reconcile this conflict?
Wouldn't anybody that downloads and starts to use cfengine run into this issue?
Or am I doing something wrong to bootstrap my configuration?
Best,
-at
On Wed, Sep 15, 2010 at 5:31 PM, Nakarin Phooripoom
wrote:
> I guess, library.cf might be an earlier version of cfengine_stdlib.cf. From
> the error messages, you might want to rename/delete the duplicate bodies in
> library.cf
>
> Cheers,
> --Nakarin
>
> On Sep 16, 2010, at 2:12 AM, Aleksey Tsalolikhin wrote:
>
>> Hi. So I've installed 3.0.5p1, and copied the following to
>> /var/cfengine/inputs:
>>
>>
>> /usr/local/share/doc/cfengine/inputs/*cf
>> /usr/local/share/doc/cfengine/cfengine_stdlib.cf
>>
>> Now I run cf-agent and get errors:
>>
>> cf3:/var/cfengine/inputs/cfengine_stdlib.cf:304,1: Redefinition of
>> body start for location is a broken promise, near token '{'
>> cf3:/var/cfengine/inputs/cfengine_stdlib.cf:371,1: Redefinition of
>> body immediate for action is a broken promise, near token '{'
>> cf3:/var/cfengine/inputs/cfengine_stdlib.cf:603,1: Redefinition of
>> body recurse for depth_search is a broken promise, near token '{'
>> cf3:/var/cfengine/inputs/cfengine_stdlib.cf:630,1: Redefinition of
>> body tidy for delete is a broken promise, near token '{'
>> cf3:/var/cfengine/inputs/cfengine_stdlib.cf:672,1: Redefinition of
>> body days_old for file_select is a broken promise, near token '{'
>>
>> So what is library.cf? I know cfengine_stdlib.cfg is the COPBL.
>>
>> Here is what I actually did:
>>
>> 1. cp /usr/local/share/doc/cfengine/inputs/*cf /var/cfengine/inputs
>> 2. run cf-agent and confirm it works fine, it even finds my cfengine2
>> files and runs cfagent. Great!!
>> 3. Now I want to add some cfengine 3 promises, so I include
>> cfengine_stdlib.cf and this is where things break.
>>
>> Please advise.
>>
>> Thanks,
>> -at
>> ___
>> Help-cfengine mailing list
>> Help-cfengine@cfengine.org
>> https://cfengine.org/mailman/listinfo/help-cfengine
>
>
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
BTW, it's really cool that cfengine3 automatically detects cfengine2 config files and runs cfagent! :) Thank you for this. EOM
___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: 3.0.5p1: library.cf conflicts with cfengine_stdlib.cf. Trouble getting started.
Dear Seva,
library.cf came from cfengine 3.0.5p1 package (RPM):
Still looking for an answer about what is library.cf, please...
Here is what I did in trying to get started with 3.0.5p1 package:
1. cp /usr/local/share/doc/cfengine/inputs/*cf /var/cfengine/inputs
2. run cf-agent and confirm it works fine, it even finds my cfengine2
files and runs cfagent. Great!!
3. Now I want to add some cfengine 3 promises, so I include
cfengine_stdlib.cf and this is where things break:
cf3:/var/cfengine/inputs/cfengine_stdlib.cf:304,1: Redefinition of
body start for location is a broken promise, near token '{'
cf3:/var/cfengine/inputs/cfengine_stdlib.cf:371,1: Redefinition of
body immediate for action is a broken promise, near token '{'
cf3:/var/cfengine/inputs/cfengine_stdlib.cf:603,1: Redefinition of
body recurse for depth_search is a broken promise, near token '{'
cf3:/var/cfengine/inputs/cfengine_stdlib.cf:630,1: Redefinition of
body tidy for delete is a broken promise, near token '{'
cf3:/var/cfengine/inputs/cfengine_stdlib.cf:672,1: Redefinition of
body days_old for file_select is a broken promise, near token '{'
It looks like a conflict between library.cf and cfengine_stdlib.cf, no?
Truly,
Aleksey
On Wed, Sep 15, 2010 at 11:08 PM, Seva Gluschenko
wrote:
> Before calling for developer's attention, I would suggest tryin' to
> remember where that library.cf came into your setup. I've started
> evaluating Cfengine since 3.0.4p2 and it hadn't library.cf at that
> moment already. Perhaps, you or someone in your company made that
> local library.cf and forgot about it?
>
> For example, I have library.cf in my setup, but that's because I
> didn't use cfengine_stdlib.cf at whole, I'd just copied certain bodies
> and bundles from there.
>
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: Quickstart guide?
On Sat, Sep 18, 2010 at 4:27 PM, Francisco Reyes wrote: > Trying to setup cfengnie. > So far have found: > ... > > http://www.verticalsysadmin.com/cfengine3/ > This one seems somewhat promissing. Still trying to go over it and try to > see how to apply it. Hi, Francisco . Let me know if you have any questions. (I wrote that piece.) I am happy to discuss in real-time; I want to make sure you get started OK. We could talk on IRC or Skype. My own experience with getting started with Cfengine 3 has been: I really struggled to understand it from the online documentation, even with help from this forum; but once I took Mark's Cfengine 3 course at USENIX 2010 everything just clicked into place and made sense. I highly recommend you take Mark's Cfengine 3 course at LISA 2010 in San Jose in November if you can. Also - with Mark's kind encouragement and support, I taught an intro course at Ohio Linux Fest this month, with good reviews from the students, and will be doing another course in Los Angeles next month. My course is very example-oriented, it's all based on runnable (working) examples that you can tinker with, and it's arranged on a gradient, from very simple basic building blocks to more complex combinations. Maybe I should put together a recording of this course to place online... I'll see if I can record my course in L.A. in October. In the meantime, let me know if you have any questions on my write-up specifically; and I've found the community here to be VERY helpful, so if you have any question after checking out the Cfengine 3 Concept Guide, please ask And thank you for your feedback!!! Truly, Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: 3.0.5p1: library.cf conflicts with cfengine_stdlib.cf. Trouble getting started.
On Sun, Sep 19, 2010 at 11:23 PM, Mark Burgess wrote:
>
> library.cf is an old version of stdlib, you don't need both, so I would take
> out the
> librart.cf which probably has some dual definitions.
>
> M
Dear Mark,
Thank you. I tried taking out library.cf and putting
cfengine_stlib.cf in its stead. No go.
cf3:/var/cfengine/inputs/cfengine_stdlib.cf:371,1: Redefinition of
body immediate for action is a broken promise, near token '{'
Undeclared promise body "def()" was referenced in a promise
Undeclared promise bundle "upgrade_cfexecd()" was referenced in a promise
Undeclared promise bundle "DeleteLinesMatching()" was referenced in a promise
body "longjob()" was undeclared, but used in a promise near line 68 of
/var/cfengine/inputs/site.cf
body "WarnOnly()" was undeclared, but used in a promise near line 76
of /var/cfengine/inputs/site.cf
body "upgrade_cfexecd()" was undeclared, but used in a promise near
line 84 of /var/cfengine/inputs/site.cf
body "def()" was undeclared, but used in a promise near line 113 of
/var/cfengine/inputs/site.cf
...
cf-agent was not able to get confirmation of promises from
cf-promises, so going to failsafe
My promises.cf came straight from
/usr/local/share/doc/cfengine/inputs/promises.cf
Here it is, with the edit:
body common control
{
bundlesequence => {
"update",
"garbage_collection",
"main",
"cfengine",
};
inputs => {
"update.cf",
"site.cf",
"cfengine_stdlib.cf", # this was library.cf
};
}
The product I am trying to get is: cfengine 3 running cfagent and
cf-agent; keep running my cfengine 2 policies and allow me to
gradually migrate cfengine 2 policies to cfengine 3 promises (and I
need COPBL for cfengine 3 promises).
Truly,
-at
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: cfengine.com is very slow for me right now... took 5 minutes to login. Now "my cache" is slow to come up. EOM
THANK YOU, Nicolas. I just tried providing wrong username and then wrong password, but it came back quickly. Tried both Chrome and Firefox. Can't duplicate it now, but thank you, Nicolas, for also seeing this, so I am not crazy. :-) cheers, -at On Thu, Sep 16, 2010 at 5:03 AM, Nicolas Charles wrote: > I sometimes have this kind of issue. Usually, it happens when I use the > wrong password or username to login (which is quite common). Afterward > it's just impossible to log in, and I have to use another browser > > Nicolas > ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Quickstart guide?
On Mon, Sep 20, 2010 at 9:46 AM, Francisco Reyes wrote:
> )
>
> Towards the bottom where you have:
> cf-agent -v test_copy.cf -K
>
> Shouldn't it be:
> cf-agent -v -f test_copy.cf -K
You're right! Fixed. Thank you.
Glad you got some help on IRC.
> Personally I think the concepts make total sense. It is just the way much of
> the information is organized.
I agree, and there is a lot to take in.
> I did not see any mention of the key exchange part for the client. Later I
> discovered that trustkey => "true";
>
> Does the magic in the client, but would be nice if you mentioned in the
> text.
Good point - fixed.
> Also this part was a little confusing:
> {
> files:
> "/home/aleksey/testcopy1"
> copy_from =>
> my_copy_body_with_options("/home/aleksey/testcopy2","192.168.1.10");
> }
>
> Why the different names testcopy1 and testcopy2?
> Is testcopy1 the source name and testcopy2 the target name?
> Is testcopy a file or a directory?
testcopy1 is the promiser - it's the system resource that the promise concerns,
or that will be affected by the promise. testcopy1 promises to be a copy of
testcopy2, or a copy from testcopy2. Try it now and see what you make of it.
I've also updated the article text. Thanks!!
Best,
-at
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: 3.0.5p1: library.cf conflicts with cfengine_stdlib.cf. Trouble getting started.
On Mon, Sep 20, 2010 at 4:25 AM, Mark Burgess wrote: > > Sounds like maybe there is some version mixup. Do you have all the files from > the same > place? There should not be any duplicate definitions. > Dear Mark, I got all the files from the 3.0.5p1 Linux 64-bit RPM from the Engine Room on cfengine.com. Yes, it sounds like there is some version mixup. Please observe that cfengine-community 3.0.5p1 RPM ships with library.cf and cfengine_stlib.cf: # rpm -q --filesbypkg cfengine-community|grep lib|grep \.cf$ cfengine-community/usr/local/share/doc/cfengine/cfengine_stdlib.cf cfengine-community/usr/local/share/doc/cfengine/inputs/library.cf # Please observe that I have exact copies in /var/cfengine/inputs: # diff /var/cfengine/inputs/library.cf /usr/local/share/doc/cfengine/inputs/library.cf # diff /var/cfengine/inputs/cfengine_stdlib.cf /usr/local/share/doc/cfengine/cfengine_stdlib.cf # Details of my package: # rpm -q -i cfengine-community Name: cfengine-community Relocations: (not relocatable) Version : 3.0.5p1 Vendor: (none) Release : 1.centos5 Build Date: Fri 09 Jul 2010 06:33:14 AM PDT Install Date: Wed 15 Sep 2010 03:59:39 PM PDT Build Host: localhost.localdomain Group : Applications/System Source RPM: cfengine-community-3.0.5p1-1.centos5.src.rpm Size: 24158162 License: Cfengine COBL Signature : (none) Packager: Cfengine AS (cont...@cfengine.com) URL : http://www.cfengine.org/ Summary : The Cfengine Configuration System Description : Cfengine is the standalone, open-source datacenter management platform run by leading enterprises since 1993. Customize your IT systems, align to network, business and regulatory needs, monitor problems, automatically repair and maintain systems. # Please fix? :) Thanks, Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Quickstart guide? [learning more about Cfengine classes]
Dear Francisco, I would recommend the Concept Guide (aka Tutorial), the section called "Decisions" http://www.cfengine.org/manuals/cf3-tutorial.html Let me know how that goes for you. And thanks for the tip about "cf-promise -v", that's a good one and one I use in my classes. Best, -at ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Using the Engine Room website is still VERY slow for me. Can't download Special Topic Guides... EOM
___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Using the Engine Room website is still VERY slow for me.
Correction: I was able to download the Special Topic Guides - it just took a long time. Truly, Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
"irreconcilable constraints" error when trying to set a role class based on a hostname. (Was Re: Machine types)
Problem: How to determine machine role from the hostname using Cfengine?
Data: My server hostnames contain location code, department code,
type (web/db/etc.) and environment (stage/prod/dev).
For example: "lax-it-web01-prod01".
Location: Los Angeles
Department: IT
Primary role: Web (first server)
Environment: Production (first production environment)
This model falls short when roles move from host to host, or additional
roles are added to to an existing server.
I don't have a host inventory database in my current environment. How to
document which machine does what? Preferably in a way native to Cfengine.
Solution 0.Setting classes based on hostnames is elementary functionality
of Cfengine.So let's set a role class based on the hostname:
# set a "webserver" class if hostname is lax-it-web01-prod01
classes: lax-it-web01-prod01::"webserver";
Error! "Irreconcilable constraints in classes for webserver (broken promise)".
I don't know what irreconcilable constraints are, in fact, there are
no constraints
here besides the class. Mark, is there something semantically wrong with the
shorter version? It embodies my intention with nothing extra added.
So then I added:
# set a "webserver" class if hostname is lax-it-web01-prod01
classes: lax-it-web01-prod01::"webserver" expression => "any";
and that worked, but now I've got "noise" in my config due to the added text.
Is it possible to do without the mandatory explicit constraint, please?
Let's continue with this example:
Let me put my "who does what" config data in the Cfengine config:
classes: lax-it-web01-prod01::"webserver" expression => "any";
classes: lax-it-web01-prod01::"nagios" expression => "any";
classes: lax-it-web02-prod01::"webserver" expression => "any";
classes: lax-it-db01-prod01:: "postgres" expression => "any";
classes: lax-it-db01-prod01:: "zenoss" expression => "any";
If I want to do something on all nagios servers, I use the nagios:: class.
If I want to identify all the roles on lax-it-web01-prod01 (for knowledge
management), I would run a shell command like:
grep '^classes: lax-it-web01-prod01::' who_does_what.cf | awk '{print $3}'
Comments?
Alternatives - store the config data OUTSIDE Cfengine:
1. My current method, with Cfengine 2, is to seed the role name into
the hostname
line in /etc/hosts -- this way it'll be set as a hard class when
cfengine starts.
For example, let's say the name is "lax-it-web01-prod01". /etc/hosts
would read:
xxx.xxx.xxx.xxx lax-it-web01-prod01 webserver nagios
"webserver" and "nagios" are the roles.
When I bring up a new instance, I have to edit /etc/hosts to add the
role, and then
Cfengine takes care of the rest of the configuration (based on the role).
2. Make a text file with hostnames and roles in them, and set up
cfengine classes
by running grep and parsing the output with regex.
3. Set up a database: make a table of hostnames and whether each host has
(yes or no) each of all the possible roles. Read it from inside
cfengine with a
command-line database client and set up classes based on regex parsing
of the output.
4. Put an /etc/roles file on each machine, and put roles into that
file, one role per line,
plain text, when roles are added to the server. Or make an
/etc/roles/ directory, and
touch /etc/roles/webserver, /etc/roles/nagios, etc.
I am inclined to go with option 0, native to Cfengine, I just don't
like the noise of
'expression => "any";' Could we please get rid of it?
Best,
-at
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Machine types and auto-provisioning
Dear Mark and Nicolas,
Thank you for your reply. Dashes used to be illegal in class names, but as
of 3.0.5p1 that is no longer the case. I found this out yesterday:
cf-promise -v
listed both "lax-it-web01-prod01" and "lax_it_web01_prod01"; so I tried using
the "lax-it-web01-prod01" class and it worked fine!
Nicolas, I really like your rewrite, thank you and well done, sir.
It gets rid of the
'expression ="any";' which did not contribute to making my intention clear,
and fits well with the idea that roles are senior to hostnames.
classes: "webserver" or => {"lax_it_web01_prod01",
"lax_it_web02_prod01" };
classes: "nagios" or => {"lax_it_web01_prod01" };
classes: "postgress" or => {"lax_it_db01_prod01" };
classes: "zenoss" or => {"lax_it_db01_prod01" };
classes: "provisioning" or => {"lax_it_admin01_prod01" };
Let's take this a step further.
Let's say I want to add a new server. to an existing role. I have a
provisioning role
that can create new server instances non-interactively (so suitable
for automation) with
cloud API command line tools. I want cfengine on the provisioning
server it to notice
there is a server in the role list that has not yet been provisioned,
and to provision
it.
You could not accomplish that with the above class promises. So
let's try a list:
vars: "server_list" slist => {
"lax-it-web01-prod01",
"lax-it-web02-prod01", # web02 is the new server
"lax-it-db01-prod01",
"lax-it-admin01-prod01",
}
How would cfengine know which servers have already been provisioned
and which ones
need to be created?
(Maybe every time it creates a server, it also touches a file on the
local filesystem or
makes an entry in a host inventory database. But that's part of what
I am trying to figure
out, how to implement a host inventory database in Cfengine, or if
it's better to interface
with an external one.)
Just to let you know where I am going with this - the next step would
be to say "I should
have 2 web servers and 1 db server and 1 admin server, and I don't
care about the
hostnames" (I don't, actually, I care about the roles and the
service.) But I want to work
out the provisioning question first before I look at abstracting the
host names.
Some clouds assign hostnames dynamically.
Please let me know your thoughts about handling host/role inventory.
Truly,
Aleksey
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: Quickstart guide? [learning more about Cfengine classes]
Well done, Francisco, you're helping others already. Continue! Classes provide an implicit if/then test. There is no else. But you can negate a class: if not class, then x. Negate with !, like this: !class:: promise HTH, -at ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: Quickstart guide? [learning more about Cfengine classes]
2010/9/24 Jakub Viták : > OK. > > And is there any method how to find out (debug) that I have > exceed this number, or could I alter it by command option or with config > definiton? > > J. I am pretty sure three passes is hard-wired into cfengine and you can't change it. You can run cf-agent in verbose mode (-v) and have it print informational messages (-I), and you'll see how many passes it does. Have fun! -at ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Host inventory (Was: Machine types)
On Fri, Sep 24, 2010 at 5:52 AM, wrote: > > I'm going to go off on a rant here. DNS names should not be used as an > inventory system. DNS is used to make host names easier to remember than IP > addresses. If a host name is harder to remember than an IP address then the > naming convention has failed. > http://watson-wilson.ca/blog/name-conv.html > > There is no substitute for a proper inventory system. > > When you make class names you need a-zA-Z0-9_ only. The underscore is the > only allowable punctuation. > When in doubt classify or canonify. That's a pretty good rant. Totally spot on, of course. Thank you. Since I don't have an inventory system now, I am considering if I can do it Cfengine or if I need to use an external data store. Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Machine types and auto-provisioning
On Fri, Sep 24, 2010 at 11:24 AM, Mark wrote: > This is not strictly true. Cfengine converts the dashes to underscore now. > It does not allow them. Oh, I see. That explains why my code worked, cfengine converted my dashes to underscores before running my code. Thank you. I am very glad I can now put my hostnames (with dashes) into Cfengine config files without having to convert to underscores, that was an added step that bugged me about Cfengine 2. (Any added step would bug me.) Thank you. Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Linux.conf.au 2011 soliciting presentations on configuration management
Hi. I am sure we have some Australian users on this list. In case somebody is interested in presenting to Linux.conf.au 2011: --- start quote --- Call for Presentations Linux.conf.au 2011 Systems Administration Miniconf As part of the linux.conf.au conference in Brisbane, Australia in January 2011 we will be holding a one day mini conference oriented to Linux Systems Administration. The organisers of the Systems Administration Miniconf would like to invite proposals for presentations to be delivered at the Miniconf. Topics for presentations could include ... configuration management ... --- end quote --- Deadline is October 1st. http://sysadmin.miniconf.org/cfp11.html ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
I've reserved a room at LISA 2010 conference for a Cfengine BoF
Hello, I've reserved a room at LISA 2010 conference for a Cfengine BoF: Tuesday, Nov 10, 7 pm - 8 pm, Almaden room http://www.usenix.org/events/lisa10/bofs.html#cfengine I would like to organize a demo of multi-node orchestration; but just wanted to provide a forum for Cfengine users and keep the Cfengine name out there. Anybody else on this list coming to LISA? (Besides Mark - his name is all over the schedule.) Best, Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine BoF at LISA 2010 moved to a bigger room
New location; Salon III room (100 seats) on Wednesday from 9-10pm. http://www.usenix.org/events/lisa10/bofs.html Best, Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
FYI, LISA 2010 Cfengine BoF has been moved to Blossom Hill room (60 seats) on Tuesday, 7 P.M. - 8 P.M. EOM
___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Chef/Puppet/CFengine administrator - full time job
I've been minding jobs that have "cfengine" in the title for about a year now -- for the first time, I see not a Unix sys admin job listing with cfengine mentioned briefly somewhere in the job description, but a pure open source configuration management administrator role! Configuration management is definitely making inrouds. Mark my words, you'll see more like this. Role : Puppet / Chef Engine Administrator Exp : 6+ yrs Must Have Skills: 1. Experience with system administration using Puppet/and or Chef scripting tools or equivalent tool like CFEngine. 2. Experience in writing scripts to manage production like environment. 3. Experience with cloud management scripts using Puppet will be ideal. 4. Experience in UNIX a must Job Roles / Responsibilities: 1. Must be very hands-on 2. Need to work independently without any oversight 3. Must provide strong design and development support 4. Must mentor the existing resources http://reqroute.catsone.com/careers/index.php?m=portal&a=details&jobOrderID=269866%29 ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Who's going to promise this - Forums Fubar
On Wed, Sep 1, 2010 at 12:59 PM, Diego Zamboni wrote: > >> CFengine needs a promise that receives email replys to forum postings and >> puts them into the proper subject. >> >> why bother contributing to "no-reply"? >> > As far as I can tell (and this message is a test, I'm replying by > email), if you reply to help-cfengine@cfengine.org it will incorporate > the replies into the forum (it seems a "reply all" or "reply to list", > e.g. as available in Thunderbird, will achieve this). > > Having said that, I agree that it's less than perfect. It mangles the > subject line by adding "Cfengine Help:" at the beginning, and adds other > cruft to the message. Personally, I'd much rather have a proper email > list with good archives than an online forum. Me too! Why the move to an online forum? Did it gain some advantage? I find the broken threading due to mangled subject lines inconvenient as it makes harder to follow conversations. Best, -at ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
3.1.0b2 - library.cf still conflicts with cfengine_stdlib.cf
Hi. This is still broken in 3.1.0b2. Instructions to replicate the problem:
1. install from the cfengine 3.1.0b2 tarball
2. cp -rp /usr/local/share/doc/cfengine/inputs/ /var/cfengine/inputs
3. cp /usr/local/share/doc/cfengine/cfengine_stdlib.cf /var/cfengine/inputs
4. edit /var/cfengine/inputs/promises.cf to append the
cfengine_stdlib.cf promise library
5. Run cf-agent:
# cf-agent
cf3:/var/cfengine/inputs/cfengine_stdlib.cf:383,1: Redefinition of
body start for location is a broken promise, near token '{'
cf3:/var/cfengine/inputs/cfengine_stdlib.cf:466,1: Redefinition of
body immediate for action is a broken promise, near token '{'
cf3:/var/cfengine/inputs/cfengine_stdlib.cf:785,1: Redefinition of
body recurse for depth_search is a broken promise, near token '{'
cf3:/var/cfengine/inputs/cfengine_stdlib.cf:804,1: Redefinition of
body tidy for delete is a broken promise, near token '{'
cf3:/var/cfengine/inputs/cfengine_stdlib.cf:846,1: Redefinition of
body days_old for file_select is a broken promise, near token '{'
cf-agent was not able to get confirmation of promises from
cf-promises, so going to failsafe
#
Here is my edit to promises.cf:
# rcsdiff promises.cf
===
RCS file: RCS/promises.cf,v
retrieving revision 1.1
diff -r1.1 promises.cf
42c42,43
<"library.cf"
---
>"library.cf",
>"cfengine_stdlib.cf"
#
Could you please fix this in 3.1.0?
Best,
-at
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: 3.1.0b2 - library.cf still conflicts with cfengine_stdlib.cf
Dear Dan,
The cfengine 3.1.0b2 source distribution tar ball includes both
library.cf and cfengine_stdlib.cf.
Please start with a clean slate and follow "Instructions to
replicate the problem" below, you'll see the problem.
Yours truly,
-at
On Thu, Oct 14, 2010 at 9:55 AM, Daniel V. Klein wrote:
> As far as I know, library.cf is no longer part of the Cfengine distribution.
> Th only file that you should have is cfengine_stdlib.cf - if there are any
> conflicts, you should just change your private version of library.cf.
>
> -Dan
>
> On Oct 13, 2010, at 7:09 PM, Aleksey Tsalolikhin wrote:
>
>> Hi. This is still broken in 3.1.0b2. Instructions to replicate the problem:
>>
>> 1. install from the cfengine 3.1.0b2 tarball
>>
>> 2. cp -rp /usr/local/share/doc/cfengine/inputs/ /var/cfengine/inputs
>>
>> 3. cp /usr/local/share/doc/cfengine/cfengine_stdlib.cf /var/cfengine/inputs
>>
>> 4. edit /var/cfengine/inputs/promises.cf to append the
>> cfengine_stdlib.cf promise library
>>
>> 5. Run cf-agent:
>>
>> # cf-agent
>> cf3:/var/cfengine/inputs/cfengine_stdlib.cf:383,1: Redefinition of
>> body start for location is a broken promise, near token '{'
>> cf3:/var/cfengine/inputs/cfengine_stdlib.cf:466,1: Redefinition of
>> body immediate for action is a broken promise, near token '{'
>> cf3:/var/cfengine/inputs/cfengine_stdlib.cf:785,1: Redefinition of
>> body recurse for depth_search is a broken promise, near token '{'
>> cf3:/var/cfengine/inputs/cfengine_stdlib.cf:804,1: Redefinition of
>> body tidy for delete is a broken promise, near token '{'
>> cf3:/var/cfengine/inputs/cfengine_stdlib.cf:846,1: Redefinition of
>> body days_old for file_select is a broken promise, near token '{'
>> cf-agent was not able to get confirmation of promises from
>> cf-promises, so going to failsafe
>> #
>>
>> Here is my edit to promises.cf:
>>
>>
>> # rcsdiff promises.cf
>> ===
>> RCS file: RCS/promises.cf,v
>> retrieving revision 1.1
>> diff -r1.1 promises.cf
>> 42c42,43
>> < "library.cf"
>> ---
>>> "library.cf",
>>> "cfengine_stdlib.cf"
>> #
>>
>> Could you please fix this in 3.1.0?
>>
>> Best,
>> -at
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: Cfengine minimal configuraton example
Hi, Sakis. I also have an introduction at http://www.verticalsysadmin.com/cfengine3/ Good luck getting started and welcome to the Cfengine community. Best, -at ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: 3.1.0b2 - library.cf still conflicts with cfengine_stdlib.cf
Thank you, Mark. Should I expect to see the fix in 3.1.0b3 or in 3.1.0 final, please? I don't usually run code straight out of SVN mid-version -- don't want to get cut on the "cutting edge" of technology... On Fri, Oct 15, 2010 at 3:10 AM, Mark Burgess wrote: > > Resolved this > ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
feedback on 3.1.0b2: bootstrap into root crontab fails on CentOS: "File /var/spool/cron/crontabs/root was marked for editing but could not be opened"
Hi. I am on CentOS 5.5. When I run cf-agent for the first time, it
complains:
"File /var/spool/cron/crontabs/root was marked for editing but could
not be opened"
and is not able to insert the 5 minute schedule to root crontab.
To fix this, change in site.cf, from:
bundle common g
{
vars:
SuSE::
"crontab" string => "/var/spool/cron/tabs/root";
!SuSE::
"crontab" string => "/var/spool/cron/crontabs/root";
}
to:
bundle common g
{
vars:
SuSE::
"crontab" string => "/var/spool/cron/tabs/root";
redhat::
"crontab" string => "/var/spool/cron/root";
(!SuSE).(!redhat)::
"crontab" string => "/var/spool/cron/crontabs/root";
}
Best,
-at
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: feedback on 3.1.0b2: bootstrap into root crontab fails on CentOS: "File /var/spool/cron/crontabs/root was marked for editing but could not be opened"
Dear Neil, Thanks for your reply. Yes, the root crontab did exist (in my case). The problem is that Cfengine didn't know about Red Hat systems and was using an invalid (for Red Hat) path to the root crontab: /var/spool/cron/crontabs/root -- the correct path (on Red Hat) is /var/spool/cron/root (no "crontabs" subdirectory under "/var/spool/cron"). Just needs a tweak to site.cf to make it work out of the box on Red Hat and Fedora and CentOS systems. Maybe this fix could make it into 3.1.0 final. Best, -at On Fri, Oct 15, 2010 at 4:19 PM, wrote: > Forum: Cfengine Help > Subject: Re: feedback on 3.1.0b2: bootstrap into root crontab fails on > CentOS: "File /var/spool/cron/crontabs/root was marked for editing but could > not be opened" > Author: neilhwatson > Link to topic: https://cfengine.com/forum/read.php?3,18770,18772#msg-18772 > > Does the file /var/spool/cron/root exist? Cf will not create a new file > unless told to do so. > > ___ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine > ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: feedback on 3.1.0b2: bootstrap into root crontab fails on CentOS: "File /var/spool/cron/crontabs/root was marked for editing but could not be opened" - needs to be /var/spool/cr
Hi. Didn't hear back from anybody at Cfengine... ACK, please? Cheers, Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: feedback on 3.1.0b2: bootstrap into root crontab fails on CentOS: "File /var/spool/cron/crontabs/root was marked for editing but could not be opened"
The latest cfengine 3.1.0b2 in SVN knows where redhat systems keep the root crontab, thanks! The advice to take it a task at a time is a good one, thank you. library.cf is no longer part of the distribution, but site.cf still is: # ls -1 /usr/local/share/doc/cfengine/inputs/*cf /usr/local/share/doc/cfengine/inputs/cfengine_stdlib.cf /usr/local/share/doc/cfengine/inputs/failsafe.cf /usr/local/share/doc/cfengine/inputs/promises.cf /usr/local/share/doc/cfengine/inputs/site.cf /usr/local/share/doc/cfengine/inputs/update.cf # Best, Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Is it possible to turn off informational reporting associated with commands type promises?
Hi. Is there any way to turn off information reporting associated
with commands promises? (3.1.0b2)
bundle agent hello
{
commands:
"/bin/echo Hello world!";
}
Q: ".../bin/echo Hello": Hello world!
I: Last 1 QUOTed lines were generated by promiser "/bin/echo Hello world!"
I only want to see "I" stuff if I run cf-agent with -I switch.
Truly,
-at
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Could you please teach Cfengine that RHEL 5 systems use YUM as the package manager?
Problem: cfengine does not know that modern red hat systems use YUM
package manager:
bundle agent packages
{
packages:
"httpd"
package_policy => "delete";
}
Results in error "!! You must supply a method for determining the
version of existing packages"
Could you please teach cfengine that Red Hat Enterprise Linux 5 based
systems (in my case,
centos_5) use YUM as the package manager? I don't mind being able to
override package_method
if I want, but I don't want to have to specify it every time.
Sensible defaults = less CM code =
intention shines through. Please?
Truly,
Aleksey
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: Is it possible to turn off informational reporting associated with commands type promises?
Hi, Franz. Thanks for your reply. I don't see "silent" on the
cf3-reference page you sited, but I do see "no_output".
Synopsis: true/false discard all output from the command
Default value: false
However, I don't want to discard the command output, I want to discard
the informational message from cfengine.
I don't want to see Informational messages unless I've explicitly set
the -I switch.
Maybe it's a bug that I get "I" messages when -I switch is not set.
I opened https://cfengine.com/bugtracker/view.php?id=317
Best,
Aleksey
On Tue, Oct 19, 2010 at 8:42 PM, Frans Lawaetz wrote:
> I think you probably want the "contain" option to that command.
>
> restartssh::
> "/sbin/service sshd restart",
> contain => "silent";
>
> http://www.cfengine.org/manuals/cf3-reference.html#contain-in-commands
> "This is equivalent to piping standard output and error to /dev/null. "
>
> On 10/19/2010 10:51 PM, Aleksey Tsalolikhin wrote:
>
> Hi. Is there any way to turn off information reporting associated
> with commands promises? (3.1.0b2)
>
> bundle agent hello
> {
>
> commands:
>
>"/bin/echo Hello world!";
>
> }
>
> Q: ".../bin/echo Hello": Hello world!
> I: Last 1 QUOTed lines were generated by promiser "/bin/echo Hello world!"
>
> I only want to see "I" stuff if I run cf-agent with -I switch.
>
> Truly,
> -at
> ___
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
>
> ___
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
>
>
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: Could you please teach Cfengine that RHEL 5 systems use YUM as the package manager?
On Wed, Oct 20, 2010 at 5:09 AM, wrote: > > I am also using RHEL5. It works for me by using this line: > > > package_method => yum, Thanks, same here, I was just suggesting an enhancement to cfengine, for it to know what OS's use what package managers, and run with that; of course allowing sysadmin to override the default. Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: Is it possible to turn off informational reporting associated with commands type promises?
On Wed, Oct 20, 2010 at 5:04 AM, wrote:
> Forum: Cfengine Help
> Subject: Re: Is it possible to turn off informational reporting associated
> with commands type promises?
> Author: bbomgardner
> Link to topic: https://cfengine.com/forum/read.php?3,18797,18800#msg-18800
>
> Check out the contain compound body which has an option 'no_output'.
I'm having trouble, how to connect the agent bundle with the contain
body, please?
I.e., I have:
bundle agent hello
{
commands:
"/bin/echo Hello world!";
}
and
body contain example
{
no_output => "true";
}
How do I connect the two?
Thanks,
-at
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: Is it possible to turn off informational reporting associated with commands type promises?
OK, that helps, thanks, Neil! And I now know that body contain
silent is part of cfengine_stdlib.cf. I'll have to study that stdlib
top to bottom as soon as I can.
OK, so I've learned how to silence output, but that silenced
everything, I wanted to see just the "Q"uoted output, but not the
"I"nformational output. :)
Aleksey
On Wed, Oct 20, 2010 at 12:50 PM, wrote:
> Forum: Cfengine Help
> Subject: Re: Is it possible to turn off informational reporting associated
> with commands type promises?
> Author: neilhwatson
> Link to topic: https://cfengine.com/forum/read.php?3,18797,18812#msg-18812
>
> The same way you do any other body
>
> "/bin/command"
> contain => silent;
> }
>
> body contain silent
> {
> no_output => "true";
> }
>
> http://www.cfengine.org/manuals/CfengineStdLibrary.html#body-contain-silent
>
> ___
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
>
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
cfengine config for installing wordpress blog
for your review: cfengine 3.1.0b2 config for installing wordpress blog http://www.verticalsysadmin.com/cfengine/example100_wordpress.cf this is a first draft -- I know I need to add comments comments welcome i'm going to be using this tonight for my cfengine class (http://lopsala.eventbrite.com) in LA ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
WordPress one-click installer in Cfengine
Current version of the WordPress installer is at http://www.verticalsysadmin.com/cfengine/cfengine3_examples_from_class_at_SoCalCodecamp.com_at_USC_on_24-Oct-2010/example100_wordpress.cf thank you to Neil Watson for the fast review on Thursday! Very helpful. Current version does work but can use some polishing (as noted at the bottom in ToDo section) Cheers, Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Cfengine 3 classes in Los Angeles - a quick report: thursday 23 attendees, sunday 4 attendees
Hi. I did a 3 hour class at Media Temple (web hosting company) on thursday night under the auspices of LOPSA Los Angeles and that was well attended, 23 people. I demo'ed the one-click word press installer, the Media Temple guys were quite impressed as that's exactly the sort of thing they deal with. I just wrapped up another 1.5 hour class at SoCalCodeCamp.com, I had 4 students, 2 of them exclusively Windows folks. at the end, 3 said they would try cfengine. Best, -at ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
reports: linux:: " $(sys.interface) and $(sys.ipv4)"; returns 50% success rate - why not 100% ?
The following promise registers a 50% success rate. Why not 100%? Is
there something I don't understand or is this a bug?
Thanks,
-at
#!/var/cfengine/bin/cf-agent -Kf
body common control
{
bundlesequence => { "test" };
}
bundle agent test
{
reports:
linux::
"My default interface and ip4 address is $(sys.interface) and $(sys.ipv4)";
}
[r...@ve beginning_examples]# ./varnet.cf
R: My default interface and ip4 address is venet0 and 127.0.0.1
[r...@ve beginning_examples]#
[r...@ve beginning_examples]# cf-agent -K -v -f ./varnet.cf
cf3 Cfengine - autonomous configuration engine - commence
self-diagnostic prelude
cf3
cf3 Work directory is /var/cfengine
cf3 Making sure that locks are private...
cf3 Checking integrity of the state database
cf3 Checking integrity of the module directory
cf3 Checking integrity of the PKI directory
cf3 Looking for a source of entropy in /var/cfengine/state/cf_observations.db
cf3 Couldn't find a private key (/var/cfengine/ppkeys/localhost.priv)
- use cf-key to get one
cf3 !!! System error for fopen: "No such file or directory"
cf3 Setting cfengine default port to 5308 = 5308
cf3 Reference time set to Wed Oct 27 21:40:49 2010
cf3 Cfengine - 3.1.0b3 Copyright (C) Cfengine AS 2008,2010-
cf3
cf3 Host name is: ve.cfengine.com
cf3 Operating System Type is linux
cf3 Operating System Release is 2.6.18-028stab070.4
cf3 Architecture = x86_64
cf3 Using internal soft-class linux for host ve.cfengine.com
cf3 The time is now Wed Oct 27 21:40:49 2010
cf3
cf3 # Extended system discovery is only available in version Nova and above
cf3 Additional hard class defined as: 64_bit
cf3 Additional hard class defined as: linux_2_6_18_028stab070_4
cf3 Additional hard class defined as: linux_x86_64
cf3 Additional hard class defined as: linux_x86_64_2_6_18_028stab070_4
cf3 GNU autoconf class from compile time: compiled_on_linux_gnu
cf3 Address given by nameserver: 205.186.156.208
cf3 Interface 1: lo
cf3 Interface 2: venet0
cf3 Adding alias localhost..
cf3 Skipping apparent virtual interface 3: venet0:0
cf3 Trying to locate my IPv6 address
cf3 Looking for environment from cf-monitor...
cf3 Loading environment...
cf3 Environment data loaded
cf3 This appears to be a redhat system.
cf3 Looking for redhat linux info in "CentOS release 5.5 (Final)
"
cf3 ***
cf3 Loading persistent classes
cf3 ***
cf3 ***
cf3 Loaded persistent memory
cf3 ***
cf3 -> No policy server (hub) watch yet registered
cf3 Setting policy server requires version Nova or above
cf3 > Verifying the syntax of the inputs...
cf3 > Parsing file ./varnet.cf
cf3 Initiate variable convergence...
cf3 Initiate variable convergence...
cf3 # Knowledge map reporting feature is only available in version
Nova and above
cf3 -> Defined classes = { 127_0_0_1 64_bit Day27 Evening GMT_Hr4
Hr21 Hr21_Q3 Lcycle_0 Min40 Min40_45 October Q3 Wednesday Yr2010 agent
any centos centos_5 centos_5_5 cfengine_3 cfengine_3_1
cfengine_3_1_0b3 cfengine_com com community_edition
compiled_on_linux_gnu entropy_cfengine_in_low entropy_cfengine_out_low
entropy_dns_in_low entropy_dns_out_low entropy_ftp_in_low
entropy_ftp_out_low entropy_icmp_in_low entropy_icmp_out_low
entropy_irc_in_low entropy_irc_out_low entropy_misc_in_low
entropy_misc_out_low entropy_netbiosdgm_in_low
entropy_netbiosdgm_out_low entropy_netbiosns_in_low
entropy_netbiosns_out_low entropy_netbiosssn_in_low
entropy_netbiosssn_out_low entropy_nfsd_in_low entropy_nfsd_out_low
entropy_smtp_in_low entropy_smtp_out_low entropy_ssh_in_low
entropy_ssh_out_low entropy_tcpack_in_low entropy_tcpack_out_low
entropy_tcpfin_in_low entropy_tcpfin_out_low entropy_tcpsyn_in_low
entropy_tcpsyn_out_low entropy_udp_in_low entropy_udp_out_low
entropy_www_in_low entropy_www_out_low entropy_wwws_in_low
entropy_wwws_out_low ipv4_127 ipv4_127_0 ipv4_127_0_0 ipv4_127_0_0_1
linux linux_2_6_18_028stab070_4 linux_x86_64
linux_x86_64_2_6_18_028stab070_4
linux_x86_64_2_6_18_028stab070_4__1_SMP_Tue_Aug_17_18_32_47_MSD_2010
localhost localhost_localdomain messages_high_normal net_iface_venet0
redhat rootprocs_high_normal ve ve_cfengine_com verbose_mode x86_64 }
cf3 -> Negated Classes = { }
cf3 Initiate variable convergence...
cf3 -> Immunizing against parental death
cf3 -> Bundlesequence => {'test'}
cf3
cf3 *
cf3 BUNDLE test
cf3 *
cf3
cf3
cf3 + Private classes augmented:
cf3
cf3 - Private classes diminished:
cf3
cf3
cf3
cf3
How to remove packages not explicity whitelisted?
Does anybody have a recipe for, or would like to make one, for removing packages not explicitly whitelisted? In other words, if we provide a variable of type slist that contains a list of packages we expect to be present on the system, do the following: a) make sure all packages listed are installed, and b) remove any packages that are installed but not listed. I'm asking about (b). Best, -at ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: reports: linux:: " $(sys.interface) and $(sys.ipv4)"; returns 50% success rate - why not 100% ?
Dear Mark,
Sorry, I had misread the report. The report said:
cf3 Outcome of version (not specified) (agent-0): Promises observed to
be kept 50%, Promises repaired 50%, Promises not repaired 0%
Therefore, promises kept at the end of the run is 100%, and this makes
sense.
However I still don't understand where the 50% comes from, could you
please elaborate? And I am not sure what you mean by "they" in
your reply below. The promises, or the fulfillment of them?
My promise was:
>> reports:
>> linux::
>> "My default interface and ip4 address is $(sys.interface) and
>> $(sys.ipv4)";
Why didn't the report say,
cf3 Outcome of version (not specified) (agent-0): Promises observed to
be kept 0%, Promises repaired 100%, Promises not repaired 0% ?
Sincerely,
Aleksey
On Wed, Oct 27, 2010 at 11:42 PM, Mark Burgess wrote:
>
> Where do you see this value? When promises are always repaired
> (commands/reports) it counts as 50% compliant since they were not there
> before, but they were after.
>
> On 10/28/2010 06:44 AM, Aleksey Tsalolikhin wrote:
>> The following promise registers a 50% success rate. Why not 100%? Is
>> there something I don't understand or is this a bug?
>>
>> Thanks,
>> -at
>>
>>
>> #!/var/cfengine/bin/cf-agent -Kf
>>
>> body common control
>> {
>> bundlesequence => { "test" };
>> }
>>
>> bundle agent test
>> {
>>
>> reports:
>> linux::
>> "My default interface and ip4 address is $(sys.interface) and
>> $(sys.ipv4)";
>> }
>> [r...@ve beginning_examples]# ./varnet.cf
>> R: My default interface and ip4 address is venet0 and 127.0.0.1
>> [r...@ve beginning_examples]#
>>
>>
>>
>>
>> [r...@ve beginning_examples]# cf-agent -K -v -f ./varnet.cf
>> cf3 Cfengine - autonomous configuration engine - commence
>> self-diagnostic prelude
>> cf3
>> cf3 Work directory is /var/cfengine
>> cf3 Making sure that locks are private...
>> cf3 Checking integrity of the state database
>> cf3 Checking integrity of the module directory
>> cf3 Checking integrity of the PKI directory
>> cf3 Looking for a source of entropy in /var/cfengine/state/cf_observations.db
>> cf3 Couldn't find a private key (/var/cfengine/ppkeys/localhost.priv)
>> - use cf-key to get one
>> cf3 !!! System error for fopen: "No such file or directory"
>> cf3 Setting cfengine default port to 5308 = 5308
>> cf3 Reference time set to Wed Oct 27 21:40:49 2010
>> cf3 Cfengine - 3.1.0b3 Copyright (C) Cfengine AS 2008,2010-
>> cf3
>> cf3 Host name is: ve.cfengine.com
>> cf3 Operating System Type is linux
>> cf3 Operating System Release is 2.6.18-028stab070.4
>> cf3 Architecture = x86_64
>> cf3 Using internal soft-class linux for host ve.cfengine.com
>> cf3 The time is now Wed Oct 27 21:40:49 2010
>> cf3
>> cf3 # Extended system discovery is only available in version Nova and above
>> cf3 Additional hard class defined as: 64_bit
>> cf3 Additional hard class defined as: linux_2_6_18_028stab070_4
>> cf3 Additional hard class defined as: linux_x86_64
>> cf3 Additional hard class defined as: linux_x86_64_2_6_18_028stab070_4
>> cf3 GNU autoconf class from compile time: compiled_on_linux_gnu
>> cf3 Address given by nameserver: 205.186.156.208
>> cf3 Interface 1: lo
>> cf3 Interface 2: venet0
>> cf3 Adding alias localhost..
>> cf3 Skipping apparent virtual interface 3: venet0:0
>> cf3 Trying to locate my IPv6 address
>> cf3 Looking for environment from cf-monitor...
>> cf3 Loading environment...
>> cf3 Environment data loaded
>> cf3 This appears to be a redhat system.
>> cf3 Looking for redhat linux info in "CentOS release 5.5 (Final)
>> "
>> cf3 ***
>> cf3 Loading persistent classes
>> cf3 ***
>> cf3 ***
>> cf3 Loaded persistent memory
>> cf3 ***
>> cf3 -> No policy server (hub) watch yet registered
>> cf3 Setting policy server requires version Nova or above
>> cf3 > Verifying the syntax of the inputs...
>> cf3 > Parsing file ./varnet.cf
>> cf3 Initiate variable convergence...
Re: Cfengine Help: Re: compiling cfengine on AIX 6.1
This list is awesome!! true help! Aleksey On Thu, Oct 28, 2010 at 10:35 AM, wrote: > Forum: Cfengine Help > Subject: Re: compiling cfengine on AIX 6.1 > Author: dan5261415 > Link to topic: https://cfengine.com/forum/read.php?3,18917,18952#msg-18952 > > I'm all set now. I compiled each of the pre-req's with the latest version and > all compiled without a problem on cfengine3! Thanks for all the suggestions, > help and turnaround on this. So many lists out there have lost their > effectiveness because of the lack of these qualities! Thanks again! > > ___ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine > ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: How to remove packages not explicity whitelisted?
Hi, Mike. Thanks for your reply. I agree that keeping this promise could be expensive.The purpose is to increase control over the system - to know what packages are added, either automatically (by OS updates) or by other users or admins. I don't think any change in Cfengine is required to implement this, it could be coded using the Cfengine language. Truly, Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: How to remove packages not explicity whitelisted?
On Tue, Nov 2, 2010 at 5:00 AM, wrote: > Forum: Cfengine Help > Subject: Re: How to remove packages not explicity whitelisted? > Author: neilhwatson > Link to topic: https://cfengine.com/forum/read.php?3,18929,19028#msg-19028 > > Beyond the difficulty in maintaining I think that this would be risky. The > white list could back fire and uninstall something it shouldn't resulting in > an outage. Dear Neil, I agree, this is definitely one to be careful with and to test thoroughly and for a while, first. BTW, this was one of the questions from my recent Cfengine class. Best, Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: How to remove packages not explicity whitelisted?
On Tue, Nov 2, 2010 at 11:52 AM, wrote: > Forum: Cfengine Help > Subject: Re: How to remove packages not explicity whitelisted? > Author: neilhwatson > Link to topic: https://cfengine.com/forum/read.php?3,18929,19039#msg-19039 > > To such a question I might reply how do you white list packages now? The > task if very large and offers little return. I do understand. I've had enough on this for now, thank you, we can close the thread. :) Yours fondly, -at ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: How to remove packages not explicity whitelisted?
On Tue, Nov 2, 2010 at 4:52 PM, Aleksey Tsalolikhin wrote: > On Tue, Nov 2, 2010 at 11:52 AM, wrote: >> Forum: Cfengine Help >> Subject: Re: How to remove packages not explicity whitelisted? >> Author: neilhwatson >> Link to topic: https://cfengine.com/forum/read.php?3,18929,19039#msg-19039 >> >> To such a question I might reply how do you white list packages now? The >> task if very large and offers little return. > > I do understand. I've had enough on this for now, thank you, we can > close the thread. :) Just to elaborate on my answer, I think it's questionable/arguable whether there is enough of a worthwhile return; it's not clear-cut to me that it's worthless, I think if you want to run a very tight config, this might enable you to do so, but, as you said, it may be impractical. I don't want to go any deeper into it than that at the moment, but thank you for the discussion! I always appreciate your viewpoint. Truly, -at ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: package management with yum: handling stuck processes
This is useful. Thanks, Seva!
Mark, could you please add this to the Cfengine website to make it available
to other Cfengine users?
Truly,
-at
On Sun, Oct 31, 2010 at 1:19 AM, wrote:
> Forum: Cfengine Help
> Subject: package management with yum: handling stuck processes
> Author: Seva Gluschenko
> Link to topic: https://cfengine.com/forum/read.php?3,18978,18978#msg-18978
>
> Hello folks,
>
> I've discovered recently that yum package manager under Cfengine occasionally
> becomes stuck, so that subsequential invocations of cf-agent try to run "yum
> list installed" over and over again, waiting for the lock from the stalled
> process. By unknown reason, Cfengine does not terminate stalled yum
> processes, so we have to do it ourselves. Below is my way of handling this
> issue:
>
> bundle agent install_packages(pkg)
> {
> ...
> processes:
> centos::
> "yum"
> comment => "handle stuck yum processes",
> process_select => bored_yum,
> signals => { "term" };
> }
>
> body process_select bored_yum
> {
> ppid => irange("1", "1"); # parent is dead, init-owned
> tty => "pts/.*"; # do not touch user processes
> stime_range => irange(ago(0,0,0,0,20,0),now); # minutes
> process_result => "ppid|!(tty|stime_range)";
> }
>
>
> ___
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
>
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: Looking for ideas on people's config
Dear Neil,
Could you please demonstrate with a running example? I couldn't get
this to work...
Thanks,
Aleksey
On Wed, Sep 15, 2010 at 5:36 AM, wrote:
> Forum: Cfengine Help
> Subject: Re: Looking for ideas on people's config
> Author: neilhwatson
> Link to topic: https://cfengine.com/forum/read.php?3,18245,18249#msg-18249
>
> In promises.cf I define classes in a common bundle at the top of the file.
> Then I can use this classes in common control.
> bundle common gclasses {
> classes:
> webhosts or => {
> "perl",
> "diamond",
> "ruby",
> "topaz"
> };
>
> dnshosts or => {
> "granite",
> "sand",
> "lime"
> };
> }
>
> bundle common control {
>
> webhosts::
> bundlesequence => {
> "update",
> "classes",
> "cfengine",
> "security",
> "apache",
> "php",
> "tidy",
> "backup"
> };
>
> dnshosts::
> bundlesequence => {
> "update",
> "classes",
> "cfengine",
> "security",
> "bind",
> "tidy",
> "backup"
> };
> }
>
>
> You can alter this to suit your needs. You can add variables in the top
> common bundle if you like.
>
> ___
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
>
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: verify service running
On Wed, Nov 10, 2010 at 3:53 PM, Sandra Wittenbrock
wrote:
> Hi,
>
> What would be the command to make sure a service (sysctl, firewall, etc)
> is running, and/or restart it when cfengine updates the config files?
Here is what I use on a Linux server - if somebody has a better way, I would
love to hear it:
a) how to make sure a service is running:
check that CUPS (printer service) is running by checking the "ps" output, and
if regex match for "cups" fails, restarting cups:
--- start cfengine config
body common control
{
bundlesequence => { "check_cups_running" };
}
bundle agent check_cups_running {
processes:
"cupsd"
restart_class => "start_cups";
# restart_class sets up a class if the regex match FAILS
commands:
start_cups::
"/etc/init.d/cups start";
}
--- end cfengine config file ---
It just occurred to me that a more reliable test would be to pretend
to be a client for that service and to try to connect to it, and if it
fails then to try to restart. (more reliable because if there is
another process in the process table, let's say a program called
mycupsarefull, but cups is not running, cfengine will not proceed to
restart CUPS)
but anyway, the above does work and should help you start, Sandra
now, question b: how to restart a service if it's config file was
recently updated
correct me if I'm mistaken, but there is presently no way in cfengine
to natively test if a file modification time is less than 10 minutes,
let's say. there is function isnewerthan() but it can only compare
two files, not a file and a time period.
Hence, I use:
(the following is an example for restarting haproxy if
/etc/haproxy.conf was recently updated. )
--- start cfengine config
body common control
{
bundlesequence => {
"restart_load_balancer_if_load_balancer_config_recently_updated" };
inputs => { "cfengine_stdlib.cf" };
}
bundle agent restart_load_balancer_if_load_balancer_config_recently_updated
{
commands:
load_balancer_hosts::
"/usr/bin/find /etc/haproxy.conf -mmin -10 | /bin/grep haproxy.conf
>/dev/null && /usr/bin/pkill
haproxy && /usr/local/sbin/haproxy -f /etc/haproxy.conf || exit 0"
contain => in_shell;
}
--- end cfengine config
note: i tried using "pkill -HUP haproxy" orriginally but this didn't
seem to work... I have to
research what haproxy does when it gets SIGHUP. in this example, I
stop and start
the proxy. normally, I'd expect pkill -HUP to be sufficient to reload
the config.
Hope this helps!
Best,
-at
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: verify service running
On Wed, Nov 10, 2010 at 10:40 PM, Seva Gluschenko
wrote:
> Alexey, take it easier
>
> Usually if you're restarting a service upon its configuration file(s)
> change, you put those files under Cfengine management as well, so that
> Sandra's question about files is being solved pretty easy like
>
> files:
> "/etc/ssh/sshd_config"
> copy_from => my_scp("$(sys.workdir)/conf/sshd"),
> classes => if_repaired("sshd_reconfigured");
>
> processes:
> sshd_reconfigured::
> "sshd"
> signals => { "hup" },
> process_select => listening_sshd,
> restart_class => restart_sshd;
Yeah, that's much better, Mike C was filling me in on if_repaired()
tonight too, over sushi at LISA 2010. I invite you to join us next
year in Boston in December... let me know if you need any help
getting there.
I'd much rather do it natively in Cfengine, so thanks, Seva! And good
advice to take it easier. :-)
Yours fondly,
-at
___
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine 3.0.5p1 daemons spinning CPU to 100% on 1 host out of 800
Hi, Mike. Is it workable to suggest upgrading to 3.1.0? Yours, -at On Fri, Nov 19, 2010 at 4:33 PM, Mike Svoboda wrote: > I’ve deployed Cfengine 3.0.5p1 across 800 hosts. I only have an issue with > the Cfengine daemons on 1 box where it appears I am hitting a bug. On this > machine, it spins a single core to 100% user space CPU utilization. Here > are the details. > > > $ /var/cfengine/bin/cf-agent -v > > ... > f3 > cf3 # Extended system discovery is only available in version Nova and above > cf3 Additional hard class defined as: 32_bit > cf3 Additional hard class defined as: sunos_5_10 > cf3 Additional hard class defined as: sunos_i86pc > cf3 Additional hard class defined as: sunos_i86pc_5_10 > cf3 Additional hard class defined as: i386 > cf3 Additional hard class defined as: i86pc > cf3 GNU autoconf class from compile time: compiled_on_solaris2_10 > cf3 Address given by nameserver: 172.17.134.80 > cf3 Interface 1: lo0 > cf3 Interface 2: e1000g0 > cf3 Adding alias loghost.. > cf3 !! Cannot discover hardware IP, using DNS value > ^C > > > So at the “cannot discover hardware IP” point, it hangs and spins the CPU to > 100%. Looking at prstat –Lm output below: > > > $ prstat -Lm > PID USERNAME USR SYS TRP TFL DFL LCK SLP LAT VCX ICX SCL SIG > PROCESS/LWPID > 16398 root 100 0.0 0.0 0.0 0.0 0.0 0.0 0.3 0 190 0 0 cf-agent/1 > > > Putting cf-agent into super debug mode, I see this > > Broken host: > $ /var/cfengine/bin/cf-agent –ddd > > > GetVariable(sys,ipv4_1[172_17_134_80]) type=(to be determined) > IsExpandable(ipv4_1[172_17_134_80]) - syntax verify > Found 0 variables in (ipv4_1[172_17_134_80]) > Looking for sys.ipv4_1[172_17_134_80] > Searching for scope context sys > Found scope reference sys > GetVariable(sys,ipv4_1[172_17_134_80]): using scope 'sys' for variable > 'ipv4_1[172_17_134_80]' > > > > At which point, cf-agent hangs. Comparing this to a working host, this is > what I see. > > Working host: > GetVariable(sys,ipv4_1[172_17_134_81]) type=(to be determined) > IsExpandable(ipv4_1[172_17_134_81]) - syntax verify > Found 0 variables in (ipv4_1[172_17_134_81]) > Looking for sys.ipv4_1[172_17_134_81] > Searching for scope context sys > Found scope reference sys > GetVariable(sys,ipv4_1[172_17_134_81]): using scope 'sys' for variable > 'ipv4_1[172_17_134_81]' > No such variable found sys.ipv4_1[172_17_134_81] > AddVariableHash(sys.ipv4_1[172_17_134_81]=172 (string) rtype=s) > Searching for scope context sys > Found scope reference sys > CopyRvalItem(s) > ScanScalar([172]) > DeleteRvalItem(l) > DeleteRval NULL > DeleteRvalItem(l) > DeleteRval NULL > Added Variable ipv4_1[172_17_134_81] at hash address 60 in scope sys with > value (omitted) > Trying to locate my IPv6 address > Unappending Trying to locate my IPv6 address > Unix_cf_popen(/sbin/ifconfig -a) > Unix_cf_pclose(pp) > cf_pwait - Waiting for process 12411 > Looking for environment from cf-monitor... > Unappending Looking for environment from cf-monitor... > Searching for scope context mon > Found scope reference mon > No variable matched > NewScalar(mon,env_time,Sat Nov 20 00:28:23 2010) > > > So the broken host never gets to the “No such variable found > sys.ipv4_1[172_17_134_80]” statement. > > So, I know this is a problem with Cfengine parsing the network interfaces. > The only thing, is I can not see a difference at all between the working > and non-working machines. > > > Broken machine’s ifconfig output: > $ ifconfig -a > lo0: flags=2001000849 mtu 8232 > index 1 > inet 127.0.0.1 netmask ff00 > e1000g0: flags=1040843 mtu > 1500 index 2 > inet 172.17.134.80 netmask ff00 broadcast 172.17.134.255 > groupname primary > ether 0:14:4f:9e:cf:fe > e1000g0:1: flags=1000843 mtu 1500 index > 2 > inet 0.0.0.0 netmask ff00 broadcast 0.255.255.255 > e1000g1: > flags=69000842 > mtu 0 index 3 > inet 0.0.0.0 netmask 0 > groupname primary > ether 0:14:4f:9e:cf:ff > > > > Working machine’s ifconfig output > $ ifconfig -a > lo0: flags=2001000849 mtu 8232 > index 1 > inet 127.0.0.1 netmask ff00 > e1000g0: flags=1040843 mtu > 1500 index 2 > inet 172.17.134.81 netmask ff00 broadcast 172.17.134.255 > groupname primary > ether 0:14:4f:83:31:ac > e1000g0:1: flags=1000843 mtu 1500 index > 2 > inet 0.0.0.0 netmask ff00 broadcast 0.255.255.255 > e1000g1: > flags=69000842 > mtu 0 index 3 > inet 0.0.0.0 netmask 0 > groupname primary > ether 0:14:4f:83:31:ad > > > > So other than the inet address of e1000g0 and the ethernet addresses, the > output is exactly the same. If I unplumb the interfaces e1000g0:1 and > e1000g1 on the broken machine, the Cfengine daemons operate again. > > > Has anyone run into this bug before, or can help suggest anything? > > Thanks! > Mike > > > >
Re: Cfengine Help: Update /etc/motd with timestamp of policy update
Thanks, Nick! Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: Extended solutions guide and YOUR HELP!
I saw the Solutions Guide on cfengine.org over the weekend and am really looking forward to going through it; I just haven't had the time yet. I think sharing recipes on the forum is OK as an immediately workable solution; I'd be happy to post my example of multi-node orchestration demo'ed at the CFengine BoF at LISA 2010, to start. Another channel that might be useful is github.com or similar, as it would give us revision history. I'm really excited about the increase in sharing recipies I've been seeing lately just on the Cfengine mailing list, and look forward to more to come! Cheers, Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: Extended solutions guide and YOUR HELP!
I'd be willing to administer an "index" page of Cfengine configs, pointing to people's wiki's, github or SVN repos, or websites/blogs. This would be more useful/accessible to the community if hosted on or at least linked from cfengine.org. This would give a (practical) mix of centralization and decentralization. I'd differentiate "official" Cfengine policies (posted on cfengine.org/.com) from "contrib" ones. On Thu, Dec 2, 2010 at 1:01 AM, wrote: > Author: mario > > What I think could be really helpful is linking CFengine functions used in > the wiki (or whatever knowledge collection) with the reference guide. This > way, a quick overview of the function's syntax is always nearby. That's a great idea. I think Cfengine does that already; when you view source code through the Cfengine GUI. Or is that Nova only? If so, I'm sure that be automated if you were interested, mario: Input: cfengine policy file (in text format). Output: cfengine policy file in HTML with the Cfengine built-in functions linked to in the reference guide. ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: Extended solutions guide and YOUR HELP!
What's this? I couldn't figure it out from looking at the site, Jarle. On Thu, Dec 2, 2010 at 7:35 AM, wrote: > Forum: Cfengine Help > Subject: Re: Extended solutions guide and YOUR HELP! > Author: JarleB > Link to topic: https://cfengine.com/forum/read.php?3,19429,19587#msg-19587 > > How about using an existing service like http://snippler.com ? ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
I've created a github cfengine site for sharing configs.
Dear fellow Cfengineers, To facilitate sharing configs I've created a git repo at https://github.com/cfengine/contrib You'll see I've posted a promise bundle demonstrating poking holes in RHEL host firewall (iptables) for NTP (a files edit_lines promise). I used git because it is designed for collaborative distributed work. I was guided by Chef - they have an excellent reputation for config sharing and re-use, and they use github.com (see http://wiki.opscode.com/display/chef/Cookbooks). I hope this is useful. If Mark ever wants to claim control of the github.com "cfengine" account, I'll hand it right over; in the meantime, I'll post your configs -- just send me a git pull request. Yours truly, Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: I've created a github cfengine site for sharing configs.
Thank you, Jessica. I don't disagree with anything you said. Consider it a demonstration or prototype. We certainly have to give it some thought. Have you had a look at http://wiki.opscode.com/display/chef/Cookbooks ? And thanks for pointing out the gist plugin on Diego's blog, I will add it to mine. Would somebody like to try downloading my config from github.com? I want to test if the code snippet is truly sharable. Cheers, Aleksey On Fri, Dec 3, 2010 at 6:55 PM, wrote: > Forum: Cfengine Help > Subject: Re: I've created a github cfengine site for sharing configs. > Author: jgreer > Link to topic: https://cfengine.com/forum/read.php?3,19620,19621#msg-19621 > > All, > > Want to take a moment, as a member of this community, to encourage some > solidarity here. Code sharing is an opportunity for us to contribute real > value to each other. Getting it right requires the right medium and, most > importantly, a concerted effort. > > Aleksey, I think GitHub would be a fine choice for us and appreciate your > enthusiasm. Diego Zamboni also suggested the GitHub solution for code > sharing, and yesterday I came across his blog, which uses a Gist plugin - a > nice example of what we can do with GitHub. > > But let's take a step back and support a mature decisionmaking process, > rather than jumping straight to implementation. Let's say what we want and > why. Point to examples from other code sharing and configuration management > sites. We may very well land at GitHub anyway - but let's land there > together. > > It's my perception that our community is growing in number and in > contributors' time commitment to the forums. That's exciting to me, and I > think it means, if we stick together, that we'll be able to create something > impressive. I look forward to seeing what we can do. > > -Jessica > > ___ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine > ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Cfengine Help: Re: I've created a github cfengine site for sharing configs.
Good point, thanks, Nicolas! I've added an index page.https://github.com/cfengine and https://github.com/cfengine/contrib both link to an index of shared Cfengine 3 configs. If you have a config you'd like to share, I'm happy to link to it. Let me know. Best, -at On Mon, Dec 6, 2010 at 12:27 PM, Diego Zamboni wrote: > Nicolas, > > Each of the projects you listed has radically different content and > objectives. I don't see a problem with many cfengine-related projects > existing on github, as long as each of them has it's contents and purpose > clearly described (as is the case so far). Of course, having a page somewhere > with pointers to them would make it easier for people to know about them. > > --Diego > > > On Dec 6, 2010, at 12:01 PM, Nicolas Charles > wrote: > >> If I'm right, there are already two github project mentionned earlier on >> this mailing list : >> - https://github.com/megamic/cfengine3-boilerplate >> - https://github.com/zzamboni/cfengine-copbl >> >> If new projects keep appearing, we'll need a page with the list of all >> of them, and an explaination of what they do. >> >> >> Nicolas CHARLES >> Normation SAS - http://www.normation.com >> 44 rue Cauchy – 94110 ARCUEIL >> +33 (0)1 83 62 26 96 - +33 (0)6 14 63 25 18 >> >> >> On 04/12/2010 17:39, Aleksey Tsalolikhin wrote: >>> Thank you, Jessica. I don't disagree with anything you said. Consider it >>> a demonstration or prototype. We certainly have to give it some thought. >>> >>> Have you had a look at http://wiki.opscode.com/display/chef/Cookbooks ? >>> >>> And thanks for pointing out the gist plugin on Diego's blog, I will add it >>> to >>> mine. >>> >>> Would somebody like to try downloading my config from github.com? >>> I want to test if the code snippet is truly sharable. >>> >>> Cheers, >>> Aleksey >>> >>> >>> On Fri, Dec 3, 2010 at 6:55 PM, wrote: >>>> Forum: Cfengine Help >>>> Subject: Re: I've created a github cfengine site for sharing configs. >>>> Author: jgreer >>>> Link to topic: https://cfengine.com/forum/read.php?3,19620,19621#msg-19621 >>>> >>>> All, >>>> >>>> Want to take a moment, as a member of this community, to encourage some >>>> solidarity here. Code sharing is an opportunity for us to contribute real >>>> value to each other. Getting it right requires the right medium and, most >>>> importantly, a concerted effort. >>>> >>>> Aleksey, I think GitHub would be a fine choice for us and appreciate your >>>> enthusiasm. Diego Zamboni also suggested the GitHub solution for code >>>> sharing, and yesterday I came across his blog, which uses a Gist plugin - >>>> a nice example of what we can do with GitHub. >>>> >>>> But let's take a step back and support a mature decisionmaking process, >>>> rather than jumping straight to implementation. Let's say what we want >>>> and why. Point to examples from other code sharing and configuration >>>> management sites. We may very well land at GitHub anyway - but let's land >>>> there together. >>>> >>>> It's my perception that our community is growing in number and in >>>> contributors' time commitment to the forums. That's exciting to me, and I >>>> think it means, if we stick together, that we'll be able to create >>>> something impressive. I look forward to seeing what we can do. >>>> >>>> -Jessica >>>> >>>> ___ >>>> Help-cfengine mailing list >>>> Help-cfengine@cfengine.org >>>> https://cfengine.org/mailman/listinfo/help-cfengine >>>> >>> ___ >>> Help-cfengine mailing list >>> Help-cfengine@cfengine.org >>> https://cfengine.org/mailman/listinfo/help-cfengine >> ___ >> Help-cfengine mailing list >> Help-cfengine@cfengine.org >> https://cfengine.org/mailman/listinfo/help-cfengine > ___ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine > ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Does cfagent download the policy even if it hasn't changed?
Does cfagent download the policy even if it hasn't changed? If not, how does it know the policy hasn't changed compared to what it has in its cache in /var/cfengine/inputs? Thanks, Aleksey ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
WordPress Installer posted on github
https://github.com/cfengine/contrib/blob/master/wordpress_installer.cf ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
Re: Does cfagent download the policy even if it hasn't changed?
Brilliant, thank you! Aleksey On Wed, Dec 8, 2010 at 11:13 PM, Seva Gluschenko wrote: > Aleksey, > > the decision to copy a file is made based on copy_from body parameters > of files promises, just like for any other thing ). So, if your > copy_from body relies on md5 digest, a file will be copied (i.e. a > policy will be downloaded) whenever the md5 digest of the local copy > differs from remote. > > 2010/12/9 Aleksey Tsalolikhin : >> Does cfagent download the policy even if it hasn't changed? If not, >> how does it know the policy hasn't changed compared to what it has in >> its cache in /var/cfengine/inputs? >> >> Thanks, >> Aleksey >> ___ >> Help-cfengine mailing list >> Help-cfengine@cfengine.org >> https://cfengine.org/mailman/listinfo/help-cfengine >> > > > > -- > SY, Seva Gluschenko. > ___ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
