CFengine - failsafe.cf

CFengine - failsafe.cf

From Consultancy.EdVoncken.NET

Jump to: navigation, search

failsafe.cf 

   # CFengine Failsafe
   #
   # This file is used to update or recover from configuration mistakes
   #
   # NOTE: Do not modify this file once it works properly!
   
   body common control
   {
       bundlesequence => { "update" };
   }
   
   ############################################
   
   bundle agent update
   {
   vars:
       "master_location" string  => "$(sys.workdir)/masterfiles",
                         comment => "Location of master files on the Policy Server.";
   
       "policy_server"   string  => readfile("$(sys.workdir)/policy_server.dat",40),
                         comment => "File containing IP address of your Policy Server.";
   
   classes:
       "policy_host" or      => { 
                                    classmatch(canonify("ipv4_$(policy_server)")),
                                    classmatch(canonify("$(policy_server)"))
                                },
                     comment => "Define the ip identity of the policy source host";
   
       "have_ppkeys" expression => fileexists("$(sys.workdir)/ppkeys/localhost.pub"),
                     comment    => "Determine if encryption keys are available for this host.";
   
       "nofile"      expression => fileexists("$(sys.workdir)/policy_server.dat");
   
   commands:
       !have_ppkeys::
           "/usr/local/sbin/cf-key";
   
   files:
       "/var/cfengine/inputs" 
           handle => "update_policy",
           perms => u_p("600"),
           copy_from => u_scp("$(master_location)"),
           depth_search => u_recurse("inf"),
           action => immediate;
   
       "/var/cfengine/bin" 
           perms => u_p("700"),
           copy_from => u_scp("/usr/local/sbin"),
           depth_search => u_recurse("inf"),
           action => immediate;
   
   processes:
       any::
           "cf-execd" restart_class => "start_exec",
                      comment => "cf-execd needs to run on all hosts.";
   
       policy_host::
           "cf-serverd" restart_class => "start_server",
                        comment => "cf-serverd only runs on Policy Server(s).";
   
   commands:
       start_exec::
           "$(sys.workdir)/bin/cf-execd",
           action => logme("executor");
   
       start_server::
           "$(sys.workdir)/bin/cf-serverd",
           action => logme("server");
   
   reports:
       bootstrap_mode.policy_host::
           "I am the policy host - i.e. with ipv4 address $(policy_server)";
   
   }
   
   ############################################
   
   body action logme(x)
   {
       log_repaired => "stdout";
       log_string => " -> Started the $(x) (success)";
   }
   
   ############################################
   
   body perms u_p(p)
   {
       mode  => "$(p)";
   }
   
   #############################################
   
   body copy_from u_scp(from)
   {
       source      => "$(from)";
       compare     => "digest";
       trustkey    => "true";
   
       !policy_host::
           servers => { "$(policy_server)" };
   }
   
   #########################################################
   
   body action immediate
   {
       ifelapsed => "1";
   }
   
   ############################################
   
   body depth_search u_recurse(d)
   {
       depth => "$(d)";
   }
   
   # EOF

Navigation

Retrieved from "http://consultancy.edvoncken.net/index.php/CFengine_-_failsafe.cf"