Hey guys
I’m trying to define a “test class” where I will be performing changes on
before I push to everything. I think I’m making this overly complicated, but
I’m having issues creating a “group” or “class” of machines. Does anyone have
an example using Cfengine 3 syntax?
Here’s what I’m cu
Disregard! My question was answered here. I needed to canonify the hostname
to use underscores.
https://cfengine.com/forum/read.php?3,18006
Thanks
Mike
On 8/31/10 4:09 PM, "Mike Svoboda" wrote:
Hey guys
I’m trying to define a “test class” where I will be performing changes on
Is there a preferred way of stopping cf-serverd and cf-execd so they exit in a
graceful manor? Should I be sending a kill –15 to the daemons, or is there a
better way of letting them “clean up and finish” in a non-disruptive manor.
Thanks!
Mike
___
H
Ah. I noticed that performing a kill -15 on cf-serverd, a client was in
mid-transfer of some new configs.
I checked on the client that spewed some errors via cf-execd, and indeed,
there were files on the client that were in bad shape.
Maybe a feature request to have a "graceful shutdown" so cf-s
The machines I’m executing cf-agent on have multiple NICs online. I can’t
trust $(sys.ipv4) to return the “correct” address.
I can use $(sys.ipv4[interface_name]) to find the correct address, but with
Solaris using different names for the NIC based upon the driver, this becomes
messy.
I’ve be
Disregard. Execresult is the function I’m looking for.
Thanks
On 9/8/10 2:06 PM, "Mike Svoboda" wrote:
The machines I’m executing cf-agent on have multiple NICs online. I can’t
trust $(sys.ipv4) to return the “correct” address.
I can use $(sys.ipv4[interface_name]) to find t
Hey fellow cfengineers!
Have a question and hope that this helps some other folks out as well. In my
promises.cf, I define my inputs and bundlesequence as such:
$ more promises.cf
...
...
body common control
{
bundlesequence => { @(global.agent_sequence) };
inputs => {
Help? This is kind of critical as it will determine the methodology on our
execution of bundles from promises.cf...
Its kind of concerning that cf-agent will let it fly but cf-know barfs.
On 9/23/10 12:41 PM, "Mike Svoboda" wrote:
Hey fellow cfengineers!
Have a question and hope
This is an awful hack, but its how I am currently defining global classes from
a non-global scope...
bundle agent process_single_bundle(policy_name)
{
...
...
methods:
some_class_defined::
"any" usebundle=>
define_global_class("$(policy_name)_weapons_free");
I’m trying to define a variable if it matches a class. The below code doesn’t
work.
$ cat test.cf
body common control
{
bundlesequence => { testit };
}
bundle agent testit
{
vars:
class_to_test_on::
"testfile" string => "/var/tmp/testfile";
Why doesn’t this work? Classes are evaluated after variables?
The hostname of the box I’m running this on in canonical form is esv4_cfe_guppy.
$ cat test.cf
body common control
{
bundlesequence => { testit };
}
#
bundle common global
{
vars:
"test_boxes"slist =>
Thanks Neil. You are the man. I didn't realize that classes could be
combined this way. It would be cool if an example like this could be added
to the reference manual.
On 10/14/10 9:27 AM, "no-re...@cfengine.com" wrote:
> Forum: Cfengine Help
> Subject: Re: Populate a class using an slist
I’ve deployed Cfengine 3.0.5p1 across 800 hosts. I only have an issue with the
Cfengine daemons on 1 box where it appears I am hitting a bug. On this
machine, it spins a single core to 100% user space CPU utilization. Here are
the details.
$ /var/cfengine/bin/cf-agent -v
...
f3 ---
For what its worth, I originally had been running cf-execd as a daemon
managed by a Solaris 10 SMF service
This ended up being a bad idea. When cf-execd, cf-agent spawn child
processes -- all of these processes are inherited by the same Solaris
"contract id".
This means if you have a module that
Yeah, but whats the point of using SMF if you're just going to "set it and
forget it?"
The power of SMF is that you want it to restart things when they have
abnormal exit statuses. If you plan on using a transient SMF status that
doesn't monitor the health of the process, then you might as well j
Check out "bindtointerface" in the reference guide.
5.2.8 bindtointerface
Type: string Allowed input range: .* Synopsis: Use this interface for
outgoing connections Example:
bindtointerface => "192.168.1.1";
Notes: On multi-homed hosts, the server and client can bind to a specific
interface for se
Steve:
I put a entry into root's crontab to run cf-agent hourly. In promises.cf, I
have a policy that verifies cf-serverd is online. If its not, I start it
and report on it.
I would suggest from not using SMF or /etc/inittab.
On 12/9/10 3:09 PM, "no-re...@cfengine.com" wrote:
> Forum: Cfe
Hey Cfengine folks
I thought it would be a cool idea if we could add a flag to the various
Cfengine executables that would enable bug reporting and (possibly?) automatic
bug submission over https. When administrators end up with segfaulting
daemons, memory leaks, etc — I think there would be
Well, Cfengine is a mature product, but there is new code being introduced
that causes bugs.
Maybe since Linux seems to be the primary platform that the bits are
developed on, tested against, and packages provided for -- that seems to be
the most stable platform.
I've been running Cfengine on Sol
the test framework,
> and when you find a bug, create a test that demonstrates the bug by failing,
> but which will also pass if the bug is gone.
>
> -Dan
>
> On Jan 7, 2011, at 10:56 AM, Mike Svoboda wrote:
>
>> Well, Cfengine is a mature product, but there is
Per the documentation, lastseen is supposed to belong in body agent control if
you want to enable it.
http://www.cfengine.org/manuals/cf3-reference.html#lastseen-in-reports
So, I did. In my promises.cf, I’ve got the following:
body agent control
{
...
lastseen=>
I’ve enabled my Cfengine infrastructure to perform 2 way data transfers. My
clients are configured to run cf-serverd, so my Master Policy Server can login
to pull some files off of each machine. To accomplish this, I execute two
policies.
* policy 1 extracts all the clients the MPS has s
atermark. Since
> such model would require too much efforts to implement, more
> straightforward solution is to create feature request about some sort
> of keepalive => "false"; option in body copy_from.
>
> 2011/1/19 Mike Svoboda :
>> I¹ve enabled my Cfengine infrast
Here is a Solaris x64 host
$ /var/cfengine/bin/cf-agent --version
This comprises cf-agent core community version 3.1.2 - Copyright Copyright (C)
Cfengine AS 2008,2010-
$ ldd /var/cfengine/bin/cf-monitord
libpromises.so.1 => /var/cfengine/lib/libpromises.so.1
libpthread.so.1
I'll have to recompile to give it a shot. My real focus is trying to
upgrade the production infrastructure to 3.1.3..
On 1/21/11 10:57 AM, "no-re...@cfengine.com" wrote:
> Forum: Cfengine Help
> Subject: Re: Cfengine Help: Re: FYI, you should check RAM usage of your
> Cfengine daemons
> Au
Hey folks
I was trying to get an idea / might be cool to include in the release notes the
versions of dependencies that people have had success running 3.1.3 on. (pcre,
openssl, berkeleydb, flex, etc.)
I’m running into a weird issue where my x86 hosts aren’t having any issue with
3.1.3 runnin
IMHO, stick with the provided RPM. Its nice that Cfengine delivers this to the
Linux folks, and I wish more pre-built packages for other Unix O/S’s are
available.
If you use the provided bits, it provides a known baseline for submitting bug
reports. When we have to compile, we’re building aga
I’m using a SVN hook on post-commit to send a email to a bunch of important
folks with the SVN diff / files changed when I make a merge into my production
Cfengine branch.
What cool tricks are other folks using on pre-commit / post-commit. Anyone
checking / creating JIRA tickets, validating th
I’d like to learn how to use dist to create classes. Really, I want to look at
a text file, and select a random entry from it. I’ve heard this is possible
using dist.
Does anyone have any good examples of using dist to pick entries from a file?
I’d like to see an example of picking one entry
I’ve upgraded all my clients to run version 3.1.4. My MPS have been chilling
on 3.0.5p1. This setup works, although, I have to bounce cf-serverd daily
because of memory leaks.
When I upgrade my MPS to 3.1.4, I start running into OpenSSL errors. Here’s a
client trying to pull down new configs
Hey Jake
I think you're missing the point here. If you are trying to figure out what
Cfengine is doing, by looking at the output of cf-agent -I, then you're going
too deep.
Here's an example of what Neil was suggesting
"/root/.ssh/authorized_keys"
perms=>mog("0
So, I can use getindexes() to extract the indexes of an array into an slist. I
need to do the opposite, and extract just the values. Anyone have a working
solution?
I just need to be able to create an slist with all of the values of the array.
Thanks
Mike
_
Rock on! Thanks Mark!
On 3/17/11 6:08 AM, "no-re...@cfengine.com" wrote:
> Forum: Cfengine Help
> Subject: Re: How to extract values (not keys) from an array to slist?
> Author: mark
> Link to topic: https://cfengine.com/forum/read.php?3,21174,21178#msg-21178
>
> I just comitted to svn a new
Anyone? =(
The only other solution I can think of, and this is dumb, would be to insert
this into root's crontab.
0,15,30,45 * * * /var/cfengine/bin/cf-agent -b lay_etc_tripwire_detection
I really don't want to do that, because cf-execd is firing splaytime, and
clients could have multiple inst
Yeah I tried that. It didn't work.
I guess because we're using "body changes", its entering a special place in
the code where if_repaired doesn't take effect.
On 4/21/11 11:44 AM, "no-re...@cfengine.com" wrote:
> Forum: Cfengine Help
> Subject: Re: laying a tripwire and firing the checksum_al
I noticed on that page, the banner up top that said "Become a Cfengine
Certified Engineer."
Is there a public certification exam that is offered that folks could take
at a testing place like Prometric, or is this just offered from the Cfengine
corporation itself?
I'd like to put another certifica
In update.cf on my clients the promise that I use to copy data around, I set
verify = true.
http://www.cfengine.org/manuals/cf3-reference.html#copy_005ffrom-in-files
The reference guide says that there is a resource / performance penalty from
using verify = true.
Synopsis: true/false verify t
That's actually really creative. =) Bonus points to you sir!
On 6/29/11 8:54 PM, "Aleksey Tsalolikhin" wrote:
> On Tue, Jun 28, 2011 at 7:04 AM, wrote:
>> Forum: Cfengine Help
>> Subject: Re: Client config examples (update.cf / failsafe.cf) for multiple
>> Master Policy Servers
>> Author: m
Yes, this was on Solaris.
On 7/4/11 11:13 AM, "Mikhail Gusarov" wrote:
> On 07/04/2011 05:05 PM, no-re...@cfengine.com wrote:
>
>> Trying to compile against BerkeleyDB, I'm receiving the below.
>
> Is it on Solaris?
>
> I have just fixed similar problem in r2545
This might help... I execute a command and wrap it up with the canonify
function.
vars:
"linux_machine_model" string =>
canonify(execresult("/usr/sbin/dmidecode -s system-product-name","noshell"));
Canonify is a function that will “sanitize” the input to make i
My master policy servers have multiple VLAN interfaces. I want to be able to
grab data off of clients, so my clients also run cf-serverd. I lock down which
machines they’ll accept connections from by IP address. So, I define a single
address that my clients will accept connections from.
Thi
I reviewed a few chapters, and ask that they look at rewriting it months
ago. It just posted a lot of config, without describing the design
choices behind what they were doing. I also asked to have my name removed
from the list of reviewers. I didn't want to be associated with it.
Looking forwa
+1 Mark. This was awesome.
On 12/16/11 3:49 AM, "Mark Burgess" wrote:
>On 12/16/2011 09:15 AM, Erlend Leganger wrote:
>> I wasn't talking about the JSON support (but I can see why you thought
>> I did), I just think the following is a good idea:
>>
>> Instead of writing this:
>>
>> ...
>>
Hey Mark
The most difficult time I had with Cfengine was going from nothing, to having
network transfers working. Once I understood the concepts of failsafe.cf /
promises.cf, things started to make sense and building upon that base
configuration was pretty straightforward. I know that you gu
Congrats on the release! The included features below look awesome. Is
this going to be considered the final/table 3.3.0 release or is this just
an alpha?
Thanks!
Mike
On 2/10/12 9:24 AM, "Mikhail Gusarov" wrote:
>Good day.
>
>CFEngine Community 3.3.0alpha1 is now available for testing.
>
>N
Can a single promise work like this?
Maybe you need to use "/tmp/etc"
And then use a "file_select" body to set the name containing ".*.conf"
Alternatively, you could build a slist of the files in this directory and
then loop over the slist.
On 4/2/12 1:10 PM, "Aleksey Tsalolikhin" wrote:
>H
In my upgrade script, I'm actually doing a rm -Rf /var/cfengine and
starting completely clean.. I didn't want any residue from previous
databases or whatnot to hang around.
On 4/20/12 8:58 AM, "Nick Anderson" wrote:
>On 04/20/2012 07:47 AM, Bas van der Vlies wrote:
>> On 04/20/2012 02:35 PM,
Hey Roland
Yes, I have built both Tokyocabinet and Cfengine 3.3 on Solaris 10 SPARC and
x86/64. You need to use a more recent compiler. The compiler in
/usr/sfw/bin/gcc doesn't support the c99 compile environment, so, tokyocabinet
wont build. You can build QDBM using the compiler Sun provid
Process supervision? What are you trying to use? Runit?
You should be able to spawn a process and verify the pid still is online.
I personally execute cf-exced -F out of cron hourly so I don¹t have to
deal with long running daemons.
On 5/11/12 6:26 PM, "Taj Khattra" wrote:
>i'm attempting
route of using Cfengine to fire up
/ maintain daemons.
On 5/11/12 11:37 PM, "Taj Khattra" wrote:
>On Fri, May 11, 2012 at 7:31 PM, Mike Svoboda
>wrote:
>> Process supervision? What are you trying to use? Runit?
>
>s6, a close cousin of runit (http://www.skarnet.org/so
Hey Ron
I have the following in a promise. You may want to adjust the values of
"ago" there. I execute cf-agent once an hour. If I see a cf-agent
process older than 2 hours old, I have the current execution kill that
process and I raise a class that I report on. You could use this same
thing
If LinkedIn uses Cfengine which is then used to help fill Cfengine jobs
for companies requiring Cfengine talent.. Ow. My brain hurts.
=)
On 8/30/12 10:20 AM, "Marco Marongiu" wrote:
>> We are looking for a full-time CFEngine engineer in New York:
>> http://percolate.com/jobs#devops
>> Anybody
Ted, this is awesome and really should make it into the main trunk.
Having JSON support would rock. YAML would also rock. Both data formats
are used all over the place, and we would have a ton of use cases for this.
Please target this for inclusion in the next version of the community
version.
I'm writing a policy that will test network firewall rules to make sure
basic pieces of infrastructure work. Here's an example of something I
have written in policy.
vars:
"ntp_service_hosts" slist => {"box1-linkedin.com",
"box2-linkedin.com," };
classes:
"ntp_udp_failure_$(ntp
Aleksey, you are the BOMB!
Thank you my friend. We should meet up for beers in the near future. I
hear its good for "social networking." ;-)
Cheers! (no pun intended)
Mike
On 10/5/12 5:20 AM, "Aleksey Tsalolikhin" wrote:
>On Thu, Oct 4, 2012 at 4:19 PM, Mike
Can you use a methods promise to pass the slist as an argument down into a
lower bundle?
Kind of a hack, but I think it would do what you want.. The first
variable expansion in your primary policy would extract the slist out of
the array. Once you were in the "sub bundle" via the method promise,
56 matches
Mail list logo
