help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bootstrapping

From: John Sechrest
Subject: Re: Bootstrapping
Date: Wed, 18 Feb 2004 15:10:08 -0800 

"Luke A. Kanies" <luke@madstop.com> writes:

 % >  How do you generate it? An external script?

 % Yep.  It's just a pretty simple ldapsearch, wrapped in a cfengine
 % statement.  Written in ruby. :)

 I would love to look at it and see how it works. 


 % >  Ok. I see. What would it take for cfservd to use a dynamic structure?

 % Well, in the case of retrieving data from LDAP or a database, I think
 % cfservd (and, I guess by extension, cfagent) should just query directly:

 % control:
 %   AllowConnectionsFrom = (
 %     LdapExists(objectclass=iphost&iphostnumber=$ip)
 %   )

 % That doesn't work for a bunch of reasons (cfagent has no mechanism for
 % specifying where to fill in a variable, for instance), but that's the
 % basic requirement.


 I spent some time talking to mark about that. And I think we decided
 to try to write some modules first, to see how it would work.

 If you had a module for accessing LDAP,


And you say:

 Ldapexists = ( PrepModule(module:getdatafromldap,"${myldapserver} 
${myldappaswd}  ${$myldapquery} ") )
 
 And this module went and got the data you wanted and set it up into
 various classes and variables.....

 Would this do what you want?

 If so, what is an example of an ldapsearch that you make that would
 work for setting things up?

 What types of classes would you want to set?
 What types of variables would you wish were filled in? 



 % >  So what do they notice being slow?

 % I've got a script called 'newhost' that adds the host information to LDAP.
 % The user runs that script, ssh's to the appropriate machine, runs 'sudo
 % cfagent -vq', and the update fails.  The configuration is totally correct,
 % but they need to wait at least 15 minutes for it to propagate.  Leaky
 % abstractions.

 hhmmmm. In this case, could you force things to go by using:

         - Stuff things into ldap (you have to trust the input into ldap)
         - run cfagent -I -K -q

 




-----
John Sechrest          .         Helping people use
                        .           computers and the Internet
                          .            more effectively
                             .                      
                                 .       Internet: sechrest@peak.org
                                      .   
                                              . http://www.peak.org/~sechrest
reply via email to
[Prev in Thread] Current Thread [Next in Thread]