[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
dividing into imports
From: |
John Smith |
Subject: |
dividing into imports |
Date: |
Sat, 21 Jan 2006 05:46:43 +0100 |
Hi All,
situation:
bunch of servers and workstations, linux, bsd, solaris, hpux.
there was a 1st attempt to use cfengine, but this was used
only to prevent known errors to ocure again (corrective).
new project to roll out all servers anew, from installation
servers, including cfengine in the 'paranoid' setting (installation,
configuration, detection and correction).
Divided my cfengine server from out of a cvs server into
four separte policy environments, old, old-test, new and new-test
(with automatic transfer mechanisms for hosts between the different
environments), with a common update.conf which decides which
cfagent.conf from which environment a client gets, based on the
following criteria:
iprange
os
domain
policy (group membership)
Commonly used variables are also centrally defined.
The first criteria are defined as classes and groups and
stored in a 'general.classes'. The second in a 'general.main' and
consists of 1 large control section (without an actionsequence).
Each policy environment consists of a cfagent.conf that
does as little as possible except for to import the common
'general.*' files and the policies own cfagent.* files and define
an actionsequence. Purpose of the cfagent.* files to compartmentalize
and share application settings among policies.
The cfagent.conf (and policy dependent files) distribution
according to policy, goes well. We even defined an 'alien' class
for hosts that are not part of any policy and that get reported and
taken care of very well.
problem:
It is with the action sequence that I run into trouble.
Decesision was made for each cfexecd -F run to copy all
for the client relevant files from a central server, based on classes
etc. into a local data repository which at the end is copied in 1 go
into the live filesystem. It's purpose is to correct errors under a
DOS attack and directly after a reboot.
First action is then 'copy', which is divided into multiple
server to local repository copies and 1 final repository to /. All
following actions are policy dependent.
My main problem is that the actions are started before the
final copy (from the local repository to the live filesystem) is
finished. And yes, there is only one copy: statement.
I tried several things (defines at the end of each copy
statements to enforce sequence -they do not-, run everything
from 1 cfagent.conf), I can't get it to work.
I presume that I make a fundamental mistake somewhere, so
that's the main reason for this elaborate description.
Can somebody please give a hint of what I do wrong or give
a general description on how to take care of this problem.
Sincerely,
Jan.
- dividing into imports,
John Smith <=