help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Other possible cfengine weak areas?

From: Jamie Wilkinson
Subject: Re: Other possible cfengine weak areas?
Date: Mon, 2 Feb 2004 17:08:53 +1100
User-agent: Mutt/1.5.5.1+cvs20040105i 
This one time, at band camp, Tim Nelson wrote:
>On Fri, 23 Jan 2004 Mark.Burgess@iu.hio.no wrote:
>
>> You are right -- the code to change the IP address was removed some time
>> ago. I had forgotten. It happened when the various Unix kernels started
>> to diverge and the "standard" way of doing this evaporated.
>>
>> We should rewrite this part of cfengine to palm this off the
>> ifconfig/ipconfig. That means we need to compile a list of
>> ifconfig syntaxes for different systems. We could then deal with
>> ipv6 at the same time.
>
>       Ok.  Hmm.  I guess the only thing is, the "proper" way to eg.
>create virtual interfaces on a Redhat box is to create a file called eg.
>/etc/sysconfig/network-scripts/ifcfg-eth0-range0 and add the appropriate
>contents, and then restart the network service.  Is there some way to also
>incorporate this idea?

So I have this hideous editfiles thing that does this:

  { /etc/sysconfig/network-scripts/ifcfg-eth0:00
      # don't confuse ifupdown with backup files
      Backup 'off'
      AutoCreate
      BeginGroupIfNoLineMatching '^DEVICE=.*'
        Append 'DEVICE='
      EndGroup
      ResetSearch 1
      LocateLineMatching '^DEVICE=.*'
      BeginGroupIfNoMatch '^DEVICE=eth0:00'
        ReplaceLineWith 'DEVICE=eth0:00'
      EndGroup
      ResetSearch 1
      ... repeat that for each of BOOTPROTO, ONBOOT, IPADDR, NETMASK...

      DefineClasses eth0_restart
   }

and later in shellcommands:

  eth0_restart:

      "/sbin/ifdown eth0" useshell=false
      "/sbin/ifup eth0" useshell=false


Now that sucked a lot, especially for one of our hosts that has about 30
aliases interfaces, and there's 30 hosts in total with at least 2
interfaces each and an additional aliased interface; our cf.interfaces
was the most hideous and suckful file.

I've since built some M4 macros to autogenerate the file, so now I'm
more confident that I'm not introducing errors into the file and
potentially rolling out a configuration that'll prevent a machine from
coming back up after its interfaces are downed.  There's still a risk
but now I can easily cross check the file against our list of assigned
IPs, and the errors are restricted to typos in the IPs themselves and
not the editfiles scripts.

I was going to announce my M4 stuff once it was better, but now's a good
a time as any, so I'll attach it now.

I have a Makefile with the following rule in it to generate the
cfinputs:

%.cf: %.cf.in
        m4 -I m4 autocf.m4 $< > $@

all the inputs themselves are named like 'ssh.cf.in'.

Hopefully someone might find this useful.

-- 
jaq@spacepants.org                           http://spacepants.org/jaq.gpg

Attachment: autocf.m4
Description: Text document

Attachment: copy.m4
Description: Text document

Attachment: editfiles.m4
Description: Text document

reply via email to
[Prev in Thread] Current Thread [Next in Thread]