help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dividing into imports


From: Mark Burgess
Subject: Re: dividing into imports
Date: Sat, 21 Jan 2006 08:25:35 +0100

I think that the only way this could happen (if I understand you
correctly) is if another instantiation of cfengine starts while you are
still copying the files across). Could this come from cron? Maybe you
need to make sure the copying happens quickly, or block the start of an
update while copying is taking place. You could do this by creating a
lock file like touch /etc/nocfengine and making actions conditional on
this??

I am not sure this is a correct diagnosis. What do you think? 

M

On Fri, 2006-01-20 at 22:32 +0100, John Smith wrote:
> Hi All,
> 
>       situation:
> 
>       bunch of servers and workstations, linux, bsd, solaris, hpux.
> 
>       there was a 1st attempt to use cfengine, but this was used 
> only to prevent known errors to ocure again (corrective).
> 
>       new project to roll out all servers anew, from installation
> servers, including cfengine in the 'paranoid' setting (installation,
> configuration, detection and correction).
> 
>       Divided my cfengine server from out of a cvs server into
> four separte policy environments, old, old-test, new and new-test 
> (with automatic transfer mechanisms for hosts between the different 
> environments), with a common update.conf which decides which 
> cfagent.conf from which environment a client gets, based on the 
> following criteria:
> 
>       iprange
>       os
>       domain 
>       policy (group membership)
> 
>       Commonly used variables are also centrally defined.
> 
>       The first criteria are defined as classes and groups and
> stored in a 'general.classes'. The second in a 'general.main' and
> consists of 1 large control section (without an actionsequence).
> 
>       Each policy environment consists of a cfagent.conf that
> does as little as possible except for to import the common 
> 'general.*' files and the policies own cfagent.* files and define
> an actionsequence. Purpose of the cfagent.* files to compartmentalize
> and share application settings among policies.
> 
>       The cfagent.conf (and policy dependent files) distribution
> according to policy, goes well. We even defined an 'alien' class
> for hosts that are not part of any policy and that get reported and
> taken care of very well.
> 
>       problem:
> 
>       It is with the action sequence that I run into trouble.
> 
>       Decesision was made for each cfexecd -F run to copy all 
> for the client relevant files from a central server, based on classes 
> etc. into a local data repository which at the end is copied in 1 go 
> into the live filesystem. It's purpose is to correct errors under a 
> DOS attack and directly after a reboot.
> 
>       First action is then 'copy', which is divided into multiple
> server to local repository copies and 1 final repository to /. All 
> following actions are policy dependent.
> 
>       My main problem is that the actions are started before the
> final copy (from the local repository to the live filesystem) is 
> finished. And yes, there is only one copy: statement.
> 
>       I tried several things (defines at the end of each copy
> statements to enforce sequence -they do not-, run everything 
> from 1 cfagent.conf), I can't get it to work.
> 
>       I presume that I make a fundamental mistake somewhere, so
> that's the main reason for this elaborate description.
> 
>       Can somebody please give a hint of what I do wrong or give
> a general description on how to take care of this problem.
> 
> Sincerely,
> 
> Jan.
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/help-cfengine





reply via email to

[Prev in Thread] Current Thread [Next in Thread]