From: Mike Hoskins [mailto:micho...@cisco.com]
Sent: Tuesday, February 02, 2010 2:00 PM
To: Justin Lloyd; Tim Cutts
Cc: help-cfengine@cfengine.org
Subject: Re: Team-based Cfengine Management
On 2/2/10 12:27 PM, "Justin Lloyd" wrote:
> I've not thought it through completely, but I re
On 2/2/10 12:27 PM, "Justin Lloyd" wrote:
> I've not thought it through completely, but I really like the
> /etc/classes directory idea. I had an idea of using an
> /etc/digitalglobe.conf shell-style file that could be parsed or sourced
> by Cfengine, shell scripts, etc. and could contain comments
-
From: Mike Hoskins [mailto:micho...@cisco.com]
Sent: Tuesday, February 02, 2010 11:59 AM
To: Tim Cutts; Justin Lloyd
Cc: help-cfengine@cfengine.org
Subject: Re: Team-based Cfengine Management
On 2/2/10 12:08 AM, "Tim Cutts" wrote:
> Finally, if there really are some machines whic
On 2/2/10 12:08 AM, "Tim Cutts" wrote:
> Finally, if there really are some machines which need to be configured
> by hand (something I resist strongly) we have a minimal_cfe class
> where the vast majority of our cfengine policy is skipped, and only
> the bare essentials are checked.
We do the sa
On 1 Feb 2010, at 5:47 pm, Justin Lloyd wrote:
> Hi all,
>
>
>
> For those of you who are part of a team that manage a Cfengine-based
> environment, how do you prevent people from making local changes to
> things that are managed by Cfengine, thus causing local changes to get
> wiped out? For exa
On 1 Feb 2010, at 5:47 pm, Justin Lloyd wrote:
> * Change Control - well-defined dept/company procedures for
> change approval, and all changes to systems should be done only
> through
> Cfengine policy, never locally on any system
Change approval, if made an absolute blanket rule, can
To: help-cfengine@cfengine.org
Subject: RE: Team-based Cfengine Management
Well, a simple hack would be to create a file with a list of all the
files managed by cfengine (e.g. /etc/cfengine_files). It would be
somewhat of a pain to make sure your cfengine rules always add to this
file, or that you pr
gt; Justin
>
>
> -Original Message-
> From: Mark Burgess [mailto:mark.burg...@iu.hio.no]
> Sent: Monday, February 01, 2010 12:20 PM
> To: Justin Lloyd
> Cc: help-cfengine@cfengine.org
> Subject: Re: Team-based Cfengine Management
>
>
> To paraphrase Mr Kri
> Sometimes I have Cf comment in a file that it maintains "maintained by
> Cfengine do not edit by hand".
This is a great point. I do the same thing -- any time cfengine
modifies a file, I always try to make sure that I toss in a comment
indicating not only that it's a cfengine-maintained fil
, Justin Lloyd wrote:
> Date: Mon, 1 Feb 2010 12:42:42 -0700
> From: Justin Lloyd
> To: nwat...@symcor.com
> Cc: help-cfengine@cfengine.org, help-cfengine-boun...@cfengine.org
> Subject: RE: Team-based Cfengine Management
>
> Neil,
>
> Absolutely, that's my pri
I suspect the knowledge map might be helpful here. One could query for a
certain file or process and find what promises are related, if any.
Sometimes I have Cf comment in a file that it maintains "maintained by
Cfengine do not edit by hand". I think that a combination of all the
things we di
ustin
>
>
> -Original Message-
> From: nwat...@symcor.com [mailto:nwat...@symcor.com]
> Sent: Monday, February 01, 2010 12:08 PM
> To: Justin Lloyd
> Cc: help-cfengine@cfengine.org; help-cfengine-boun...@cfengine.org
> Subject: Re: Team-based Cfengine Management
>
>
7;t happen. Realistically...
Thanks,
Justin
-Original Message-
From: nwat...@symcor.com [mailto:nwat...@symcor.com]
Sent: Monday, February 01, 2010 12:08 PM
To: Justin Lloyd
Cc: help-cfengine@cfengine.org; help-cfengine-boun...@cfengine.org
Subject: Re: Team-based Cfengine Management
I&#x
etc/fstab and automounter files (or netgroups in /etc/passwd, etc.)
but we certainly may need to give more latitude in such configurations.
Thanks,
Justin
-Original Message-
From: Mark Burgess [mailto:mark.burg...@iu.hio.no]
Sent: Monday, February 01, 2010 12:20 PM
To: Justin Lloy
To paraphrase Mr Krizak on a different occasion, "think voluntary cooperation".
It works
for politics as well as technical work. This is how cfengine began the notion
of autonomy
in the first place -- at a university where everyone wanted to control their
own box.
When you have people who need
I've found that this is often an education process. Folks need to be
aware that Cfengine is the authority for certain services and files. Once
I had to combine a Cfengine deployment with a hostmaster who maintained
DNS records through Bind. I wrote a Cfengine policy to watch over Bind
files
This has been an ongoing problem in our environment. Local admins need
to make a change to a system (for example, start httpd) and cfengine
goes in and blows away the changes. Traditionally, the local
administrator had no choice at that point but to disable cfengine on the
box to allow their
Hi all,
For those of you who are part of a team that manage a Cfengine-based
environment, how do you prevent people from making local changes to
things that are managed by Cfengine, thus causing local changes to get
wiped out? For example, if Cfengine manages all NFS mounts in /etc/fstab
on Lin
18 matches
Mail list logo
