Forum: Cfengine Help
Subject: Re: Does cfagent download the policy even if it hasn't changed?
Author: mark
Link to topic: https://cfengine.com/forum/read.php?3,19689,19735#msg-19735
Nakarin is correct, and there is one further caveat as on 3.1.2 -- When
cf-promises parses the configuration without error, it keeps a timestamp in
/var/cfengine/masterfiles/cf_promises_validated which can be used to check for
updates without checking very single file. This can save a huge amount of
server communication time, as then you can do this (checking just for one
object instead of many)
vars:
"inputs_dir" string => translatepath("$(sys.workdir)/inputs"),
comment => "Directory containing Cfengine policies",
handle => "update_vars_inputs_dir";
"master_location" string => "/var/cfengine/masterfiles",
comment => "The master cfengine policy directory on the
policy host",
handle => "update_vars_master_location";
files:
"$(inputs_dir)/cf_promises_validated"
comment => "Check whether a validation stamp is available for a new
policy update to reduce the distributed load",
handle => "check_valid_update",
copy_from =>
u_dcp("$(master_location)/cf_promises_validated","$(sys.policy_hub)"),
action => u_immediate,
classes => u_if_repaired("validated_updates_ready");
am_policy_hub|validated_updates_ready:: # policy hub should always put
masterfiles in inputs in order to check new policy
"$(inputs_dir)"
comment => "Copy policy updates from master source on policy server if
a new validation was acquired",
handle => "update_files_inputs_dir",
copy_from => u_rcp("$(master_location)","$(sys.policy_hub)"),
depth_search => u_recurse("inf"),
file_select => u_input_files,
depends_on => { "grant_access_policy", "check_valid_update" },
action => u_immediate,
classes => u_if_repaired("update_report");
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
