cfengine and revision control

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

cfengine and revision control

From:	Josh Lothian
Subject:	cfengine and revision control
Date:	Mon, 9 May 2005 14:38:18 -0400
User-agent:	Mutt/1.5.6i

Greetings all,

At my previous employer, we kept all the files cfengine distributed in
a Subversion repository.  Each admin worked on his own checked out
copy of the repo, and the master cfengine server also had it's own
working copy.  This worked very well, except Subversion, like most other
revision control systems, doesn't respect file permissions well.

That wouldn't normally be a problem when using files: to call out each
file individually, but we used the SingleCopy functionality to copy from
different trees depending on os, architecture, etc.  For example:

control:
  SingleCopy = ( on )
copy:
  $(cfdir)/linux/redhat/etc dest=/etc recurse=inf
  $(cfdir)/linux/etc dest=/etc recurse=inf
  $(cfdir)/generic/etc dest=/etc recurse=inf

So, it was very easy to override any of the files with a more specific
version.  But since the files are all just copied recursively, there's
no chance to set specific permissions on them, so cfengine just uses
the current permissions on the file.  The problem comes up when someone
updated the repository, and maybe $(cfdir)/linux/etc/passwd became 0400.
Then that gets copied out with the bogus permissions...

I solved that by creating a wrapper around the SVN update process.
The repo would be updated from SVN on the master server, and then cfengine
would run a script that verified all the permissions under $(cfdir).
That worked pretty well, except when we added a new file under $(cfdir)
we also had to remember to update the permissions-fixing script.

I realize it would be pretty easy to add something like:

files:
  /etc/passwd mode=644 action=fixall

However, there is that slight delay between the time the files are copied
and the time the permissions are fixed. That worries me.

Has anyone come up with a more elegant solution to this problem?  I'd like
to implement something similar at my present employer.  I really
like the recursive copying approach rather than the one listed
on http://cfwiki.org/cfwiki/index.php/Singlecopy_Nirvana because it
doesn't require any changes to the cfengine configs to add new files to
be distributed.

sorry for the long-windedness, I do that sometimes,

-jkl

[Prev in Thread]

Current Thread

[Next in Thread]

cfengine and revision control, Josh Lothian <=
- RE: cfengine and revision control, Luke Youngblood, 2005/05/09
- Re: cfengine and revision control, Sami J. Mäkinen, 2005/05/09
  - Re: cfengine and revision control, Russell Adams, 2005/05/09
  - RE: cfengine and revision control, Luke Youngblood, 2005/05/09
    - Re: cfengine and revision control, Sami J. Mäkinen, 2005/05/10
    - Re: cfengine and revision control, Josh Lothian, 2005/05/12
    - Re: cfengine and revision control, Sami J. Mäkinen, 2005/05/12
    - Re: cfengine and revision control, Jamie Wilkinson, 2005/05/13
- RE: cfengine and revision control, Luke Youngblood, 2005/05/09
  - Re: cfengine and revision control, Josh Lothian, 2005/05/10

Prev by Date: Re: help with cfexecd/solaris/crontab
Next by Date: RE: cfengine and revision control
Previous by thread: cfservd thrushes, nodes fail to get anything
Next by thread: RE: cfengine and revision control
Index(es):
- Date
- Thread