help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

conf files for review


From: paul beard
Subject: conf files for review
Date: Fri, 10 Feb 2006 14:25:39 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you all can bear to cast your eyes over these, attached are my cfservd/cfagent/update.conf files. This became a bit more urgent for me as I just discovered that the rpm version of net-snmp I rolled out a week or back across 20+ machines craps out after a while/under load. So building from scratch and rolling out looms and I'd rather do it with cfengine.

Apologies in advance if these files are a bit of dog's breakfast. I suspect I have some stuff I shouldn't or have left something out in my rounds of trial and guess^H^H^H^H^H^error.

control:
  domain = ( waypath.com )
  freebsd::
  cfrunCommand = ( "/usr/local/sbin/cfagent" )
  linux::
  cfrunCommand = ( "/usr/sbin/cfagent" )
  TrustKeysFrom = ( 192.168.10.0/24 )
  AllowUsers    = (root )
  DenyBadClocks = ( no )

  IfElapsed = ( 1 )
  ExpireAfter = ( 15 )
  MaxConnections = ( 50 )
  MultipleConnections = ( true )


admit:
   # Grant access to all hosts in waypath.com.
   /var/cfengine        *.waypath.com
   /exports/files       *.waypath.com
   freebsd::
   /usr/local/sbin/cfagent      *.waypath.com
   linux::
   /usr/sbin/cfagent    *.waypath.com
control:
  domain = ( waypath.com )
  access = ( root )
  freebsd::
  cfrunCommand = ( "/usr/local/sbin/cfagent" )
  linux::
  cfrunCommand = ( "/usr/sbin/cfagent" )
  timezone = ( PST GMT UTC )
  maxage = ( 7 )
  actionsequence = ( copy editfiles files )

#
# Fix some basic file permissions.
#
files:
  freebsd::
  /etc/sudoers mode=440 owner=root group=wheel   action=fixall
  /etc/passwd mode=644  owner=root group=wheel   action=fixall
  /etc/hosts  mode=644  owner=root group=wheel   action=fixall
  linux::
  /etc/shadow mode=640  owner=root group=root action=fixall
  /etc/sudoers mode=440 owner=root group=root   action=fixall
  /etc/passwd mode=644  owner=root group=root   action=fixall
  /etc/hosts  mode=644  owner=root group=root   action=fixall
#
# Clean out *ALL* files older than $(maxage) days from /tmp.
#
# Clean out files older than $(maxage) which match the pattern *~
# inside user home directories.
#
copy:
    /exports/files/etc/hosts   dest=/etc/hosts server=cint0.waypath.com

editfiles:
        linux::
        { /etc/fstab
        AppendIfNoSuchLine
        "cint0:/exports/files   /mnt/files   nfs   noauto,ro   0   0"
        }
#
# /etc/cfengine/update.conf - for the clients
#

control:
  trustkey        = ( true )
  domain          = ( waypath.com )
  actionsequence  = ( copy tidy )
  DefaultCopyType = ( checksum )
  master_cfinput  = ( /exports/files )
  workdir         = ( /var/cfengine )
  policyhost      = ( cint0.waypath.com )
  freebsd::
  cf_install_dir  = ( /usr/local/sbin )
  linux::
  cf_install_dir  = ( /usr/sbin )

# Download the most recent 'cfagent.conf' file from the
# server, and install it to /var/cfengine
#

   SplayTime       = ( 5 )
     copy:

          $(master_cfinput)            dest=$(workdir)/inputs
                                       r=inf
                                       mode=700
                                       type=binary
                                       exclude=*.lst
                                       exclude=*~
                                       exclude=#*
                                       server=$(policyhost)

          $(cf_install_dir)/cfagent    dest=$(workdir)/bin/cfagent
                                       mode=755
                                       backup=false
                                       type=checksum

          $(cf_install_dir)/cfservd    dest=$(workdir)/bin/cfservd
                                       mode=755
                                       backup=false
                                       type=checksum

          $(cf_install_dir)/cfexecd    dest=$(workdir)/bin/cfexecd
                                       mode=755
                                       backup=false
                                       type=checksum

tidy:
   $(workdir)/outputs   pattern=*  age=31

- --
Paul Beard
contact info: www.paulbeard.org/paulbeard.vcf

Are you trying to win an argument or solve a problem?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFD7RLmfHLPwpj1/JQRAhNpAJ95CR++xhzomzRNMuIu5i8xaWZabQCggYqr
0/Oa8YuxmXfzbsocSKyaqNs=
=mjf0
-----END PGP SIGNATURE-----




reply via email to

[Prev in Thread] Current Thread [Next in Thread]