help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

dividing into imports

From: John Smith
Subject: dividing into imports
Date: Sat, 21 Jan 2006 05:46:43 +0100 
Hi All,

        situation:

        bunch of servers and workstations, linux, bsd, solaris, hpux.

        there was a 1st attempt to use cfengine, but this was used 
only to prevent known errors to ocure again (corrective).

        new project to roll out all servers anew, from installation
servers, including cfengine in the 'paranoid' setting (installation,
configuration, detection and correction).

        Divided my cfengine server from out of a cvs server into
four separte policy environments, old, old-test, new and new-test 
(with automatic transfer mechanisms for hosts between the different 
environments), with a common update.conf which decides which 
cfagent.conf from which environment a client gets, based on the 
following criteria:

        iprange
        os
        domain 
        policy (group membership)

        Commonly used variables are also centrally defined.

        The first criteria are defined as classes and groups and
stored in a 'general.classes'. The second in a 'general.main' and
consists of 1 large control section (without an actionsequence).

        Each policy environment consists of a cfagent.conf that
does as little as possible except for to import the common 
'general.*' files and the policies own cfagent.* files and define
an actionsequence. Purpose of the cfagent.* files to compartmentalize
and share application settings among policies.

        The cfagent.conf (and policy dependent files) distribution
according to policy, goes well. We even defined an 'alien' class
for hosts that are not part of any policy and that get reported and
taken care of very well.

        problem:

        It is with the action sequence that I run into trouble.

        Decesision was made for each cfexecd -F run to copy all 
for the client relevant files from a central server, based on classes 
etc. into a local data repository which at the end is copied in 1 go 
into the live filesystem. It's purpose is to correct errors under a 
DOS attack and directly after a reboot.

        First action is then 'copy', which is divided into multiple
server to local repository copies and 1 final repository to /. All 
following actions are policy dependent.

        My main problem is that the actions are started before the
final copy (from the local repository to the live filesystem) is 
finished. And yes, there is only one copy: statement.

        I tried several things (defines at the end of each copy
statements to enforce sequence -they do not-, run everything 
from 1 cfagent.conf), I can't get it to work.

        I presume that I make a fundamental mistake somewhere, so
that's the main reason for this elaborate description.

        Can somebody please give a hint of what I do wrong or give
a general description on how to take care of this problem.

Sincerely,

Jan.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]