On Thu, 13 Nov 2014, Leon Towns-von Stauber wrote:
As someone else suggested in this thread, start with one file.
Choose something simple, that's probably the same or similar on all
your hosts, and won't completely break the system if you mess up.
For example, ntp.conf. Set up a simple config that looks something
like:
copy:
any::
$(cfroot)/etc/ntp.conf
dest=/etc/ntp.conf
type=checksum
m=444 o=root g=root
server=$(policyhost)
I'll note that Leon's wonderful example is in cfengine v2 syntax. The
v3 equivalent (plus some bits about what to do when ntp.conf is
updated) would be something like
files:
any::
"/etc/ntp.conf"
comment => "site-wide NTP client file",
copy_from =>
secure_cp( "$(cfroot)/etc/ntp.conf", "$(policyhost)" ),
perms => mog( "444", "root", "root" ),
classes => if_repaired( "ntpd_restart" );
commands:
ntpd_restart.(centos_5|centos_6)::
"/sbin/service" args => "ntpd restart";
ntpd_restart.centos_7::
"/bin/systemctl" args => "reload-or-restart ntpd.service";
ntpd_restart.debian_6::
"/etc/init.d/ntp" args => "restart"
There are a few key differences, but the main one is that it's
clearer that the operation is more about "/etc/ntp.conf" than it is
about the source file the $(cfroot) tree.
--
Paul Heinlein
heinl...@madboa.com
45°38' N, 122°6' W
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
