On 12/22/2010 03:48 PM, [email protected] wrote:
> This doc:
> http://www.cfengine.org/manuals/cf3-tutorial.html#The-policy-decision-flow
> Says this:"Every client machine contacts the policy server and downloads
> these updates."
> Can anyone help me find in the docs any step by step instructions with
> examples on how to configure a client machine to contact the policy server
> and download updates?
You have to have a configuration that tells the agent what to do in
failsafe mode. This is what I have (I am just playing around, cant vouch
for the correctness of this as far as best practice goes).
Essentially my configuration is this. I have a git repo of my
configuration at /var/cfengine/masterfiles and my policy host is
configured to share out that directory with hosts on the network.
On the client node I install cfengine, run cf-key and place failsafe.cf
and update.cf in /var/cfengine/inputs and then bootstrap the
configuration by running "cf-agent -B"
I have attached my failsafe.cf and update.cf for your enjoyment. My
update configuration might be slightly more than the best practice
recommends but I thought it would be nice to have my /etc/motd updated
with the time of the last successful policy update. (this will not work
on a bootstrap as the motd template is not available to expand)
Criticisms welcome.
--
Nick Anderson <[email protected]>
#
# Failsafe file
#
body common control{
bundlesequence => { "update" };
inputs => { "update.cf" };
}
############################################
body depth_search recurse(d){
depth => "$(d)";
}
body edit_defaults empty{
empty_file_before_editing => "true";
edit_backup => "false";
max_file_size => "300000";
}
bundle edit_line expand_template(templatefile){
# Read in the named text file and expand $(var)
# inside the file
insert_lines:
"$(templatefile)"
insert_type => "file",
comment => "Expand variables in the template file",
expand_scalars => "true";
}
bundle agent update {
vars:
"policyhost" string => "MyPolicyServerHostname";
files:
any::
"/var/cfengine/inputs/"
#perms => m("600"),
copy_from =>
update_policy("/var/cfengine/masterfiles","$(policyhost)"),
classes => policy_updated("policy_updated"),
depth_search => recurse("inf");
policy_updated::
"/etc/motd"
comment => "Update /etc/motd with last policy update
time",
create => "true",
edit_defaults => empty,
edit_line =>
expand_template("/var/cfengine/inputs/templates/motd.tpl");
}
body copy_from update_policy(from,server){
servers => { "$(server)" };
source => "$(from)";
purge => "true";
preserve => "true";
compare => "digest";
# exclude .svn and .git revision control files
exclude_dirs => { "\.svn", "\.git" };
}
body classes policy_updated(new_class){
promise_kept => { "$(new_class)" };
promise_repaired => { "$(new_class)" };
}
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
