Forum: Cfengine Help
Subject: Why is insert_lines not convergant?
Author: [email protected]
Link to topic: https://cfengine.com/forum/read.php?3,21682,21682#msg-21682
I am using Cfengine to manage my sudoers infrastructure. /etc/sudoers imports
a file called /etc/sudo.d/sudoers-MACHINE_GROUP. This file is generated by
Cfengine by classes.
I've gotten reports from several users that sudo wasn't working.
Investigating, I'm finding that this action isn't convergent. For example,
this is how I insert lines into this file. I define classes, and if those
classes take effect, then I insert an entry.
files:
(linux|sunos_5_10).APP_SERVER::
"/etc/sudo.d/sudoers-MACHINE_GROUP"
edit_line => add_sudoers_entry("Host_Alias
APP_SERVER = $(sys.host)");
(linux|sunos_5_10).all_tools::
"/etc/sudo.d/sudoers-MACHINE_GROUP"
edit_line => add_sudoers_entry("Host_Alias
TOOLS_MACHINES = $(sys.host)");
##########################
bundle edit_line add_sudoers_entry(line)
{
insert_lines:
"$(line)"
expand_scalars => "true";
}
So for this specific machine, there should be two entries in this file. One
for APP_SERVER and another for TOOLS_SERVER.
Looking at the file, this isn't the case.
# cat sudoers-MACHINE_GROUP
Host_Alias APP_SERVER = tools02.corp
This machine is missing an entry for TOOLS_SERVER.
Running cf-agent manually, it does work correctly.
# /var/cfengine/bin/cf-agent -I -K -b manage_etc_sudoers
>> Using command line specified bundlesequence
-> Edited file /etc/sudo.d/sudoers-MACHINE_GROUP
-> Edited file /etc/sudo.d/sudoers-MACHINE_GROUP
# /var/cfengine/bin/cf-agent -I -K -b manage_etc_sudoers
>> Using command line specified bundlesequence
-> Edited file /etc/sudo.d/sudoers-MACHINE_GROUP
-> Edited file /etc/sudo.d/sudoers-MACHINE_GROUP
# /var/cfengine/bin/cf-agent -I -K -b manage_etc_sudoers
>> Using command line specified bundlesequence
-> Edited file /etc/sudo.d/sudoers-MACHINE_GROUP
-> Edited file /etc/sudo.d/sudoers-MACHINE_GROUP
# /var/cfengine/bin/cf-agent -I -K -b manage_etc_sudoers
>> Using command line specified bundlesequence
-> Edited file /etc/sudo.d/sudoers-MACHINE_GROUP
-> Edited file /etc/sudo.d/sudoers-MACHINE_GROUP
# /var/cfengine/bin/cf-agent -I -K -b manage_etc_sudoers
>> Using command line specified bundlesequence
-> Edited file /etc/sudo.d/sudoers-MACHINE_GROUP
-> Edited file /etc/sudo.d/sudoers-MACHINE_GROUP
# /var/cfengine/bin/cf-agent -I -K -b manage_etc_sudoers
>> Using command line specified bundlesequence
-> Edited file /etc/sudo.d/sudoers-MACHINE_GROUP
-> Edited file /etc/sudo.d/sudoers-MACHINE_GROUP
# cat sudoers-MACHINE_GROUP
Host_Alias APP_SERVER = tools02.corp
Host_Alias TOOLS_MACHINES = tools02.corp
Why is this not a convergent action? And why does it seem to work if I execute
this manually? I am just inserting lines into a file based upon classes.
If anyone has a suggestion on how I could make this convergent, I would really
appreciate it.
Thanks
Mike
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
