Cfengine Help: Re: Running a command just once.

Mon, 09 May 2011 03:10:56 -0700 

Forum: Cfengine Help
Subject: Re: Running a command just once.
Author: ro
Link to topic: https://cfengine.com/forum/read.php?3,21797,21846#msg-21846

Hi Chad,
I'm facing this issue as well. I'm a strong supporter of idempotency, but at 
the same time I have requirements that the community version of Cfengine just 
can't satisfy because it can't check the states that the various services are 
in (i.e. setting up an initial LDAP DIT, creating certain basic Kerberos users 
that reside in LDAP, setting up MySQL and PostgreSQL databases 
andsoonandsoforth).

So what I'm using are "firstrun" classes. Since the above services are just 
specific to very few servers, I take the burden and append the various firstrun 
classes by hand upon first install:


cf-agent -D FIRSTRUN_LDAP_INITIALIZE



In my Cfengine config I then have:


bundle agent LDAPBaseFirstrun {
vars:
        FIRSTRUN_LDAP_INITIALIZE::
                "cmd_ldap_schema_cosine" string => "/usr/bin/ldapadd -Y 
EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif";
commands:
        FIRSTRUN_LDAP_INITIALIZE::
                "$(cmd_ldap_schema_cosine)",
                        contain         => setuid_sh("root"),
                        classes         => 
if_repaired("repaired_LDAPBaseFirstrun");
reports:
        repaired_LDAPBaseFirstrun::     "Repaired promise LDAPBaseFirstrun";
}



In your case, this would take the logic of 'when' the script is to be run out 
of the script itself and put it in Cfengine.

Another possibility would be to let Cfengine create a flag file and check upon 
it on every execution:


bundle agent LDAPBaseFirstrun {
vars:
        LDAP::
                "flag_file" string              => 
"/root/LDAPBaseFirstrun.executed";
                "cmd_ldap_schema_cosine" string => "/usr/bin/ldapadd -Y 
EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif";
classes:
        LDAP::
                "flag_file_exists"
                        expression      => fileexists("$(flag_file)");
files:
        repaired_LDAPBaseFirstrun::
                "$(flag_file)"
                        create          => true;
commands:
        !flag_file_exists::
                "$(cmd_ldap_schema_cosine)",
                        contain         => setuid_sh("root"),
                        classes         => 
if_repaired("repaired_LDAPBaseFirstrun");
reports:
        repaired_LDAPBaseFirstrun::     "Repaired promise LDAPBaseFirstrun";
}



Or, as mark suggests, deleting the script itself, which isn't possible, if the 
command is executed by Cfengine itself, as in the above example.

_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine

Reply via email to