RE: 'singlecopy' oddities in 2.0.5

[Wheeler, John]

Good example. It looks like there is an assumption that the source file
will always exist, and a more specific file may overlay the more general
copy. I was wrestling with this problem earlier and came up with a
different solution. I propose an additional parameter for the copy
directive that would work in conjunction with the single copy feature.
This additional directive would be a CVS tag or label. 

The initial design would be to simply have cfservd access CVS through a
local copy of the client. This could be further integrated if desired to
support the full capabilities of CVS. Some variables would need to be
defined that indicate how cfservd would contact CVS, and then a few
command strings would need to be defined. Some thinks get a bit tricky
that I haven't put to much thought into like type=checksum.  If the CVS
repository is local as well then some of these may become easier. 


> -----Original Message-----
> From: Eric Sorenson [mailto:eric@explosive.net]
> Sent: Friday, May 02, 2003 4:42 PM
> To: 
> Subject: 'singlecopy' oddities in 2.0.5
> 
> Hi, I'm setting up a configuration distribution system with cfengine
> using the new 'singlecopy' behavior.  This is described in the HTML
> reference docs (but isn't in the current PDF version, for some
reason!) as
> follows:
> 
>  [ http://www.cfengine.org/docs/cfengine-Reference.html#singlecopy ]
> 
>     If singlecopy is defined the behavior of copy: is modified so that
a
> file will
>     only be copied once, helping to achieve hierarchical or "most
> specific" file
>     copy overrides, provided that the most specific file occurs first.
> With the
>     following file structure on a host running cfservd:
> 
>     /dist/hosts/loghost1.example.com/etc/syslog.conf
>     /dist/solaris/etc/syslog.conf
>     /dist/all/etc/syslog.conf
> 
>     The configuration:
> 
>        control:
>           singlecopy = ( on )
> 
>        copy:
>         /dist/${fqhost}       dest=/ inform=true syslog=true r=inf
> server=disthost
>         /dist/${ostype}       dest=/ inform=true syslog=true r=inf
> server=disthost
>         /dist/all             dest=/ inform=true syslog=true r=inf
> server=disthost
> 
>     Would result in:
> 
>        /dist/hosts/loghost1.example.com/etc/syslog.conf being copied
to
> loghost1.example.com
>        /dist/solaris/etc/syslog.conf being copied to Solaris systems
>        /dist/all/etc/syslog.conf being copied to all other systems
> 
> Apologies for the long paste, but I think it'll be useful for
comparison.
> My configuration repository is set up such that, instead of having
> different
> filesystem structures to get verious levels of specificity, there is a
> single
> directory tree and the source files have extensions that match either
the
> hostname or a more general $(role) variable that's set earlier on.
> 
> This has the advantage over a directory-based structure that you can
look
> in one place and determine which file to edit to affect a particular
host.
> You can also mix-and-match specificities without having to create a
wholly
> populated tree for only one changed file. However, it does mean you
have
> to list out each file under configuration management in "copy:"
instead
> of simply recursing down the repository and copying whatever's there.
> 
> So, the host (sinistar) running cfservd has:
> 
>     [root@sinistar /export/home/local/cfengine2/dist/etc]# ls motd*
>     motd.default  motd.dmz  motd.farmsys  motd.homesys  motd.mis
> motd.sinistar
> 
> The client configuration has (in part)
> 
>     control:
>           singlecopy = ( on )
>           # fileserver setup, some short two-letter variables copy:
uses
>           fs  = ( sinistar )          # fileserver
>           dr  = ( /export/home/local/cfengine2/dist ) # distribution
root
> 
>     copy:
>           $(dr)/etc/motd.$(host)  server=$(fs) dest=/etc/motd mode=444
>               owner=root group=root backup=false type=sum
>           $(dr)/etc/motd.$(role)  server=$(fs) dest=/etc/motd mode=444
>               owner=root group=root backup=false type=sum
> 
> So far so good. This even seems to work as advertised. :) I've
observed
> some
> strange behavior during the copy, though.  For instance when a client
> tries to
> download 'motd.$(host)' where there isn't one on the server, it throws
> this set
> of errors:
> 
>     cfengine:xylin: Strong authentication of server=sinistar
connection
> confirmed
>     cfengine:xylin: Server returned error:  Host authentication
failed.
> Did you forget the domain name?
>     cfengine:xylin: Can't stat
> /export/home/local/cfengine2/dist/etc/motd.xylin in copy
> 
> and the server says:
> 
>     cfservd: Strongly authentication of client
> xylin.domain.com/10.10.27.10
>     cfservd: Couldn't stat filename
> /export/home/local/cfengine2/dist/etc/motd.xylin from host
> xylin.domain.com
>     cfservd: lstatcfservd: Host authorization/authentication failed or
> access denied
> 
> Ignoring for a moment the extra '-ly' in the first line...
> this "authentication failed" error is throwing me for something of a
loop
> --
> is it just a catch-all message for "couldn't stat file" or is there
really
> an authentication problem here? If it's a catch-all, could I request
that
> some less-misleading message be substituted instead?
> 
> Additionally, there's a confusing message logged during the control:
> section
> parsing to this effect:
> 
>     Patterns to exclude from copies: = (Root Repository Entries CVS )
>     Patterns to copy one time: = (on )
> 
> Based on a quick look at the code (image.c:834) it looks like it's not
> actually trying to pattern-match but just determining on/off; while
> debugging a related problem (turned out to be my fault) I tried "*",
> a list of files, etc here, which didn't work.
> 
> Aside from these admittedly nit-picky gripes, this is a pretty nice
> feature.
> I didn't seen any discussion about it in the archives though, so  I'm
> wondering:
> are other people are using 'singlecopy' in this manner? If so, is this
> layout pretty close to what you're doing?  Have you run into any
'gotchas'
> as you expanded to hundreds of files/hosts?
> 
> --
>     Eric Sorenson - EXPLOSIVE Networking - http://explosive.net
> 
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine