Re: Cfengine on Facebook

We do have RSS feeds at http://www.cfengine.org/cftimes On Thu, Feb 4, 2010 at 12:26 AM, Zamboni, Diego wrote: > Cool, fan'ed. I checked @cfengine_nova on Twitter, is @cfengine also yours? > > One suggestion: As part of your social media experiment, you could try > putting an RSS feed on your bl

Re: cf-execd vs. cf-agent in crontab

That is an interesting problem. One possible workaround: write your cf-execd promise so that it searches for, and starts if necessary, ${sys.workdir}/bin/cf-execd, and have cron call cf-execd without using an absolute path, or using the OS package path (for example, /usr/sbin/cf-execd). The point

Re: beginner help again.

Where is the 'system' perms body definition? On Wed, Dec 23, 2009 at 6:42 PM, Ian Goldstein wrote: > > I have been playing around with remote copies and I got a small copy > working. Here is my specific question relating to perms. > I was looking at some examples and thought this may work.  I rea

Re: Access other hosts variables

On Wed, Dec 23, 2009 at 1:53 AM, Daniel Dehennin wrote: > Now I need to edit a file on revproxy and insert the IpAddress of > all the hosts which define the webapp class (just one for now). If you can centralize all the information, you can do something like this: vars: 'asdf[somehost]' str

Re: Use case question (moving directories and symlinking the old location)

I think you want this: http://www.cfengine.org/manuals/cf3-reference.html#move_005fobstructions-in-files On Mon, Dec 21, 2009 at 3:43 PM, Robert Markula wrote: > Hi again, > > Brendan Strejcek wrote: >> Set classes based on what kind of file /srv/www is. >> >> http

Re: How to install a versioned package?

Have you tried package_policy => 'update' ? http://www.cfengine.org/manuals/cf3-reference.html#package_005fpolicy-in-packages On Mon, Dec 21, 2009 at 5:56 AM, Patryk Lason wrote: > Hi, > > Please take a look and tell what is wrong on that picture ;-). > > In the system I have: > # /bin/rpm -qa -

Re: Is it possible to undefine an already class in cf-engine?

Doesn't look like it. I though there was a reverse of addclasses: http://www.cfengine.org/manuals/cf3-reference.html#addclasses-in-agent But, I can't find it. What exactly are you trying to do? Maybe we can suggest something else. On Fri, Dec 18, 2009 at 5:58 PM, Jean-Noël Rivasseau wrote: > P

Re: file copy in cfengine - need some help getting going

There are a number of complexities with your current setup. You should strip it down to the basics. First, it looks like trustkey is conditional upon 'special_class' being set, and I don't see any other reference to that. Also, in your server control body, do you have trustkeysfrom set to the appro

Re: Updating Solaris cfengine binaries

This is something that you will need to test on a spare box, but I think you are correct that the Solaris package manager would get in the way. You could use Cfengine to schedule an at or cron job to do the upgrade. On Thu, Dec 17, 2009 at 11:43 AM, Justin Lloyd wrote: > I have a theoretical que

Re: Problem recognizing existence of directory

This is reliable, but not very efficient. It requires at least 2N file checksum calculations (where N is the number of files in the tree being copied or verified) on every pass. You are also using 2N space, since you are storing a copy in ${sys.workdir} to compare against. Another suggestion: use

Re: Problem recognizing existence of directory

Regarding your original case, it would be more natural to use isdir() rather than fileexists() (though both should work). I can't replicate any problems with either isdir() or fileexists() though. I also tried interpolating a variable into the path checked for, because that seems like a likely plac

Re: Adding and removing packages with yum/rpm

Why don't you want to use package_version? I would try something like this (untested): vars: 'package_version[jdk.x86_64]' string => '2000:1.6.0_17-fcs'; 'package' slist => getindices('package_version'); packages: "${package}" package_policy => 'add', package_method

Re: state/cf_lock.db file?

I believe this file contains the state of ifelapsed for all promises. You probably should not delete it, unless you know what you are doing. You can always run cf-agent or cf-execd with -K if you want to avoid the locks on a particular run (such as to avoid the default one minute delay). On Tue,

Re: CFengine 3.0.3 FreeBSD 8.0 Install

DIR} \ BERKELEY_DB_LIB=-l${BDB_LIB_NAME} On Tue, Dec 15, 2009 at 3:42 PM, Brendan Strejcek wrote: > You also might want to try the official FreeBSD port: > > http://www.freebsd.org/cgi/cvsweb.cgi/ports/sysutils/cfengine3/ > > It looks like it is maintained by Jo Rhett, who is a longstandi

Re: CFengine 3.0.3 FreeBSD 8.0 Install

You also might want to try the official FreeBSD port: http://www.freebsd.org/cgi/cvsweb.cgi/ports/sysutils/cfengine3/ It looks like it is maintained by Jo Rhett, who is a longstanding member of the Cfengine community. If I am reading the port page correctly, it is at version 3.0.1, but it should

Re: cf3: getfields with a null field

Hmm, edit_field has this: 7.6.1 edit_field (compound body) Type: (ext body) "allow_blank_fields" It seems like getfields needs a similar knob, if one doesn't already exist. On Tue, Dec 15, 2009 at 10:47 AM, Matt Richards wrote: > I am looking at getfields and it seems that if you have a null

Re: bundles in library.cf

Oh, I was trying in Community Edition. Yeah, that sounds like an overly verbose Nova warning. 2009/12/14 : > Using community I do not get these warnings.  Have you tried my example in > community or Nova? > > Sincerely, > -- > Neil Watson > 416-673-3465 > > help-cfengine-boun...@cfengine.org wrot

Re: Use case question (moving directories and symlinking the old location)

Set classes based on what kind of file /srv/www is. http://www.cfengine.org/manuals/cf3-reference.html#Function-islink http://www.cfengine.org/manuals/cf3-reference.html#Function-isplain http://www.cfengine.org/manuals/cf3-reference.html#Function-isdir Conditionals should allow you to avoid any r

Re: Runtime order ?

I second Mark's recommendation to try Cfengine 3; ordering is much easier to understand. If you really need to understand ordering for Cfengine 2, check out this blog post I wrote a while back: http://euvethker.blogspot.com/2005/12/cfengine-best-practices.html On Fri, Nov 27, 2009 at 1:09 AM, Ma

Re: help inserting multiple lines

This should be possible, but it's going to be messy to do it all with edit_line bundles. I think this is better handled with templates or pulling the entire file into cfengine for distribution. 2009/11/27 : > I'm experimenting with inserting a block of lines and need some guidance. > Found in my

Re: bundles in library.cf

I do this all the time and never get any warnings. On Fri, Nov 27, 2009 at 8:47 PM, Neil Watson wrote: > Can one keep bundles in library.cf to be called when needed but not in > the bundle sequence?  I have done so but cf-promises is giving me > warnings. > > nova>  ?? Analysing promise dependenc

Re: list substitution in cfe3

Currently there is no map() function, but you can get a similar result using iteration. body common control { bundlesequence => { 'example' }; } bundle agent example { vars: any:: 'nameserver' slist => { '192.168.1.1', '192.168.1.2' }; 'search' string => 'example.com';

Re: populating a string variable.

You could also use getfields() if you don't want to fork; it is also more powerful. On Sun, Dec 13, 2009 at 4:15 PM, Brendan Strejcek wrote: > execresult() > > 2009/11/30  : >> Consider this shell construct >> STR=$(grep HISTSIZE= /etc/profile) >> >> How wo

Re: populating a string variable.

execresult() 2009/11/30 : > Consider this shell construct > STR=$(grep HISTSIZE= /etc/profile) > > How would I do this in CF without needing an external module? > > Sincerely, > -- > Neil Watson > 416-673-3465 > > > > CONFIDENTIALITY WARNING > This communication, including any attachments, is for

Re: Change detection and differentiation

Thinking about this slightly on a slightly higher-level: If you are implementing organizational processes similar to the Visible Ops recommendations, you might want to think setting up a modeful policy; that is, support Cfengine running in 'change window' mode, and in a validation mode (which woul

Re: question on file creation (V2)

t name. > On every host I want to create a separate file from this input file, but it > only contains the lines that need to be present on that host. somthing like > grep $hostname inputfile.txt > outputfile.txt > > Regards, > Tom > > > --- On Fri, 12/11/09, Brendan Strej

Re: Beginner Help

I think you want something like: vars: any:: 'crontab' string => 'foo'; # Set default redhat:: 'crontab' string => 'bar'; suse:: 'crontab' string => 'baz'; I don't think you need to bother with negation at all to deal with this sort of OS-specific data. You ma

Re: cf3 svn(646-648) Berkeley DB_NOTFOUND

SQLite would be another option to consider. It has quite a bit of traction now and is actually a pleasure to use. I believe it is also what the iPhone uses for backend storage. And, it is public domain. On Tue, Dec 1, 2009 at 2:54 PM, Mark Burgess wrote: > > > Christopher Browne wrote: >> Mark Bu

Re: classes in cfengine 2.2.10

There is a cfengine3 package in sid, and you could probably build that from source (I have not tried recently though). What versions of Debian do you need to support? I have packages for Lenny (though they are not official Debian). On Mon, Dec 7, 2009 at 10:13 PM, Daniel Bidwell wrote: > I have

Re: question on file creation (V2)

Can you try to restate the problem? I don't see exactly what you are getting at. If you want to insert the hostname into a file, editfiles should be able to do that. On Wed, Dec 9, 2009 at 2:46 AM, Tom Van de Velde wrote: > Hi, > > I'm facing a problem where i need to construct a file with conten

Re: Compounding classes with paragraphs

No, you can't specify class hierarchies like your pseudocode example. However, you do have access to boolean operators. I think you might want something like: specialclass.(foo|bar):: See: http://www.cfengine.org/manuals/cf2-Reference.html#Cfengine-classes On Thu, Dec 10, 2009 at 11:37 AM, Mar

Re: tidy fails - "can't stat [some file]"

Are any of the files in question larger than 2 gb? I have had that same problem with older versions of cfengine and large files. Also, I have noticed similar problems with corrupted filesystems. An fsck may reveal more info. Best, Brendan -- Senior System Administrator The University of Chicago D

Re: cfengine server

Digant C Kasundra wrote: > I need to order a dedicated cfengine server. How should I spec it? RAM > heavy? Proc heavy? Etc. Any modern machine should work fine, unless you have thousands of clients or some other ungodly requirement, in which case you would need to provide more info about expected

Re: Collect public keys from all hosts?

H?kan Olsson wrote: > Now, if only the copy keyword could copy *to* the server instead > of only from it then I wouldn't have had to use a common > NFS-(auto)mounted directory for the copy. There are serious security implications to this. At the very least, you would need to prevent a client from

Re: Collect public keys from all hosts?

Chris St. Pierre wrote: > No, I'm not dealing with Cfengine keys. I'm dealing with host public > keys, e.g., /etc/ssh/ssh_known_keys. I'd like to aggregate and > distribute those keys without maintaining a list of hosts. This a common example of a more general configuration management problem*: a

Re: How to choose policyhost based on class?

Jason Edgecombe wrote: > I'm not sure if the different domain names would cause a problem, > though. If it does cause a problem, you can set the domain variable in a similar way: !192_168:: domain = ( mydomain.com ) 192_168:: domain = ( int.mydomain.com ) You may also need that in

Re: cfengine and NAT

Brendan Strejcek wrote: > Jason Edgecombe wrote: > > > What problems will I face when having cfengine clients behind NAT > > talk to a cfengine server on the public network. > > http://www.cfengine.org/docs/cfengine-Reference.html#SkipVerify You might also

Re: Collect public keys from all hosts?

Chris St. Pierre wrote: > I'd like to set up a ruleset in cfengine so that, when I add a new > machine to the network (and to cfengine), its public key gets > automatically propagated through the other hosts. You are dealing with cfengine keys, right? When I am building a new machine, I make sure

Re: cfengine and NAT

Jason Edgecombe wrote: > What problems will I face when having cfengine clients behind NAT talk > to a cfengine server on the public network. http://www.cfengine.org/docs/cfengine-Reference.html#SkipVerify Best, Brendan -- Senior System Administrator The University of Chicago Department of Com

Re: rehash of ReturnsZero and redirecting output

Mark Burgess wrote: > [EMAIL PROTECTED] wrote: > > > sorry to rehash an issue, but i'm still not able to get this to work in > > spite of trying things suggested in previous threads. i've read these > > threads: > > Looks like you need to sort out your quoting. See changelog 2.1.17 for > a exam

Re: there is no stupid question (so they say ;)

ADNET Ghislain wrote: > I have lot of little servers that are limited in their number of > process. What do you mean by "limited in their number of process"? cfengine uses a client-initiated (pull-based) architecture. For a good summary of that concept, see: http://www.infrastructures.org/bo

Re: question regarding process directive

Andrew Hall wrote: > How do I say kill the mount process and only the process named "mount" > and not mountd, etc? Something like "mount$" or "mount $" will work. Try something like ps auxw | cat -vet to determine what the process listing on your system will look like to cfagent. Personally

Re: class definition by script problem

Michael Grubb wrote: > I want to define a class based on the exit value of a script. I want > to be able to do variable substitution in the command Check out ReturnsZero in the reference. That might allow the variable interpolation. I would recommend using a module though. The interface is more s

Re: Why list iteration and copy doesn't work

Ed Brown wrote: > But even in context main, it doesn't work in my tests just now to > define a list variable for 'server' in an imported file, for a copy > action in the importing file. I think this is the standard "imports happen after everything else" problem. More here: http://praksys.blogspo

Re: tidy question

Wolf, Mark W. wrote: > I would still like to find a copy of the documentation for version > 2.1.9. Try this: ftp://ftp.iu.hio.no/pub/cfengine/cfengine-2.1.9.tar.gz $ wget -qO - ftp://ftp.iu.hio.no/pub/cfengine/cfengine-2.1.9.tar.gz | > tar tzf - | grep -i Reference.html cfengine-2.1.

Re: support for --without-berkeleydb

John van Zantvoort wrote: > Although I'm not a C-coder, maybe making the DB-API a seperate part > in the code and allowing people to chose their own database would > be an option. So one can chose between Berkeley and (e.g. flattext, > sqlite,gdbm,etc.). This way lies madness. I agree that it wo

Re: Cfengine capability

Atom Powers wrote: > Edward F. Brown <[EMAIL PROTECTED]> wrote: > > > Have any other tools addressed 'undo'? > > I think I head that puppet is working on this, but frankly I haven't > even looked at it yet. http://madstop.com/articles/tag/transactions http://reductivelabs.com/projects/puppet/r

Re: Cfengine capability

Mark Burgess wrote: > Undo is rather ambiguous unless you snapshot the entire system (as Ed > alluded to), since there can be unseen consequences of changes. And even then, the problem can't be solved generally because the state of the network is important as well. However, I think there is plen

Re: Cfengine capability

Digant C Kasundra wrote: > Or does any output of the shell command get automatically sent to the > sys admin specified? Yes, that is exactly what happens. Best, Brendan -- Senior System Administrator The University of Chicago Department of Computer Science http://www.cs.uchicago.edu/people/bre

Re: Cfengine capability

Digant C Kasundra wrote: > I was wondering how you would address the following in Cfengine: > > * Undo last set of actions cfengine does not support a general rollback operation. > * Can Cfengine determine if a config file on a server is different than > expected and report a diff? How would

Re: cfengine configure error

Tim Holliefield wrote: > I've only used sunfreeware but have heard good things about > blastwave's packaging. I'll second that. I have had better experience with blastwave.org than with sunfreeware.com. Speaking of which, why not just install their cfengine package, rather than compiling from sou

Re: program structuring

Roy Marantz wrote: > I find that I can > cat cf.common cf.stuff | cfagent -f - > but that seems wrong too. Why? How about something like this: #!/bin/sh cat

Re: Configuration and Compilation Question

Brian E. Seppanen wrote: > Somewhat of an offtopic question, but I ask this because I'm trying to > create a debian package for distributing out a cfengine upgrade from > 2.1.13 to 2.1.19p1. > > I've compiled cfengine with the following > > ./configure --bindir=/root/debs/cfengine/var/cfengine

Re: Setting variables based on classes in an imported file

Josh Smith wrote: > PK == Paul Krizak <[EMAIL PROTECTED]> > > PK> As far as I know, cfengine does imports *last*. That means that despite > PK> your import statement being at the top of your file, cfgroups.conf isn't > PK> actually imported until after the containing file is parsed. > PK> > PK

Re: bug(?) in parsing code?

Kurt Lieber wrote: > The fine manual doesn't mention anything about hyphens being verboten > in class names Yeah, you need to use "_" in place of "-" characters. I just scanned the reference and tutorial, and I did not find a statement of that rule either, but it is not a bug. "-" is also an ope

Re: cfexecd question

Jason Edgecombe wrote: > Brian E. Seppanen wrote: > > > When cfexecd -F is run from cron does it first execute update.conf > > and then run cfagent.conf after that? > > Yes. > > In fact, it's almost always the case, even when running straight > cfagent. More specifically, cfexecd runs cfagent and

Re: copy function creates mode 600 by default ?

This topic has been covered on the list numerous times before. Try search queries with terms like "templating," "copy," and "editfiles" in various combinations. Here are a few links to posts you might be interested in: http://tinyurl.com/zxgzg http://tinyurl.com/edvse Best, Brendan -- Senior Sy

Re: ReturnsZero and redirecting output

Atom Powers wrote: > On 3/21/06, Jim Wight <[EMAIL PROTECTED]> wrote: > > > > How about > > usera = ( ReturnsZero(/bin/sh -c ${quote}/usr/bin/getent passwd usera > > >/dev/null${quote}) ) > > > > Add to trap errors for truely silent operation: " ... >/dev/null 2>&1 ..." I would recommend not us

Re: ReturnsZero and redirecting output

Ed Brown wrote: > On Tue, 2006-03-21 at 10:10 -0500, Brian E. Seppanen wrote: > > > Does someone know of an easier way of testing for the existence of a > > user that wouldn't require a call to getent? Just wondering if there > > is a better solution out there. > > Don't know if this is better, bu