help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfengine and revision control


From: Sami J. Mäkinen
Subject: Re: cfengine and revision control
Date: Mon, 09 May 2005 23:20:47 +0300
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041217


Josh Lothian wrote:
Has anyone come up with a more elegant solution to this problem?  I'd like
to implement something similar at my present employer.  I really
like the recursive copying approach rather than the one listed
on http://cfwiki.org/cfwiki/index.php/Singlecopy_Nirvana because it
doesn't require any changes to the cfengine configs to add new files to
be distributed.

Just click on the "discussion" link on that page. :)


Briefly, my setup is (err, was) something like this:

1) Everything is stored in CVS, cfengine inputs as well
   as the "overlay" directory tree that is copied to each host.

2) On the master server, a shell script is responsible of
   cvs update, cvs tagging and rsync-copy excluding the
   CVS metadata directories from the master directory that
   is finally copied to the clients.

3) The master overlay directory is copied (cfengine internal
   or external - rsync) to each client into /etc/NWS/,
   for example.

4) On each client, a special shell script is run.
   It will generate or symlink the files according to the
   hints found in the overlay directory hierarchy.

Recent development has moved the whole customization
process into the master server. The overlay directory
is generated for each individual host separately.

This way, you cannot see other host's configurations
(/etc/sudoers, passwd etc) on every host even if you
can get a root shell. Less information leakage.

Please contact me if you want me to contribute. :)

-sjm




reply via email to

[Prev in Thread] Current Thread [Next in Thread]