[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: dividing into imports
From: |
Mark Burgess |
Subject: |
Re: dividing into imports |
Date: |
Sat, 21 Jan 2006 16:55:36 +0100 |
On Sat, 2006-01-21 at 14:55 +0100, John Smith wrote:
> I'm 99.999% sure no other instances are started, especially through cron.
> This is a testbox for cfengine, crontab is empty and I run each cfengine
> with a launch.sh, (see below) which cleans out cron after cfexecd runs.
> What I forgot to mention was that this is an older version: 2.1.10,
> because it is the only common one we could get over all platforms.
Then what you suggest is simply not possible. Cfagent is not
multithreaded.
> I am building a separate test environment at the moment to track down
> this specific problem. Will keep you posted on my findings.
>
> Sincerely,
>
> Jan.
>
> PS. Is help-cfengine@gnu.org down, since I don't get any mails from
> it at the moment, but you _do_ answer? ;-)
No it's not down.
> =======================================================================
>
> #!/bin/sh
> # COMMENTEDOUT='# '
> COMMENTEDOUT=
> NOWS=$(date +%S)
> NOWS=${NOWS#0}
> NOWM=$(date +%M)
> NOWM=${NOWM#0}
> NOWH=$(date +%H)
> NOWH=${NOWH#0}
> FROMNOW=1
> if [[ $NOWS > 58 ]] ; then
> FROMNOW=2
> fi
> MIN=$(((${NOWM}+${FROMNOW})%60))
> HOUR=$(((${NOWH}+((${NOWM}+${FROMNOW})/60))%24))
> time (crontab -l ; echo $COMMENTEDOUT$MIN' '$HOUR' * * * echo "[d-i]
> [postinstall] -run cfexecd-" ; /usr/sbin/cfexecd -F ; (crontab -l | grep -v
> /usr/sbin/cfexecd) | crontab -') | crontab -
>
> =======================================================================
>
> On Sat, 21 Jan 2006 08:25:35 +0100
> Mark Burgess <Mark.Burgess@iu.hio.no> wrote:
>
> >
> > I think that the only way this could happen (if I understand you
> > correctly) is if another instantiation of cfengine starts while you are
> > still copying the files across). Could this come from cron? Maybe you
> > need to make sure the copying happens quickly, or block the start of an
> > update while copying is taking place. You could do this by creating a
> > lock file like touch /etc/nocfengine and making actions conditional on
> > this??
> >
> > I am not sure this is a correct diagnosis. What do you think?
> >
> > M
> >
> > On Fri, 2006-01-20 at 22:32 +0100, John Smith wrote:
> > > Hi All,
> > >
> > > situation:
> > >
> > > bunch of servers and workstations, linux, bsd, solaris, hpux.
> > >
> > > there was a 1st attempt to use cfengine, but this was used
> > > only to prevent known errors to ocure again (corrective).
> > >
> > > new project to roll out all servers anew, from installation
> > > servers, including cfengine in the 'paranoid' setting (installation,
> > > configuration, detection and correction).
> > >
> > > Divided my cfengine server from out of a cvs server into
> > > four separte policy environments, old, old-test, new and new-test
> > > (with automatic transfer mechanisms for hosts between the different
> > > environments), with a common update.conf which decides which
> > > cfagent.conf from which environment a client gets, based on the
> > > following criteria:
> > >
> > > iprange
> > > os
> > > domain
> > > policy (group membership)
> > >
> > > Commonly used variables are also centrally defined.
> > >
> > > The first criteria are defined as classes and groups and
> > > stored in a 'general.classes'. The second in a 'general.main' and
> > > consists of 1 large control section (without an actionsequence).
> > >
> > > Each policy environment consists of a cfagent.conf that
> > > does as little as possible except for to import the common
> > > 'general.*' files and the policies own cfagent.* files and define
> > > an actionsequence. Purpose of the cfagent.* files to compartmentalize
> > > and share application settings among policies.
> > >
> > > The cfagent.conf (and policy dependent files) distribution
> > > according to policy, goes well. We even defined an 'alien' class
> > > for hosts that are not part of any policy and that get reported and
> > > taken care of very well.
> > >
> > > problem:
> > >
> > > It is with the action sequence that I run into trouble.
> > >
> > > Decesision was made for each cfexecd -F run to copy all
> > > for the client relevant files from a central server, based on classes
> > > etc. into a local data repository which at the end is copied in 1 go
> > > into the live filesystem. It's purpose is to correct errors under a
> > > DOS attack and directly after a reboot.
> > >
> > > First action is then 'copy', which is divided into multiple
> > > server to local repository copies and 1 final repository to /. All
> > > following actions are policy dependent.
> > >
> > > My main problem is that the actions are started before the
> > > final copy (from the local repository to the live filesystem) is
> > > finished. And yes, there is only one copy: statement.
> > >
> > > I tried several things (defines at the end of each copy
> > > statements to enforce sequence -they do not-, run everything
> > > from 1 cfagent.conf), I can't get it to work.
> > >
> > > I presume that I make a fundamental mistake somewhere, so
> > > that's the main reason for this elaborate description.
> > >
> > > Can somebody please give a hint of what I do wrong or give
> > > a general description on how to take care of this problem.
> > >
> > > Sincerely,
> > >
> > > Jan.
> > >
> > >
> > > _______________________________________________
> > > Help-cfengine mailing list
> > > Help-cfengine@gnu.org
> > > http://lists.gnu.org/mailman/listinfo/help-cfengine
> >