OK, now I'm just starting to think that 'agent_expireafter' just doesn't work. Or, perhaps I'm testing it wrong somehow?
As a test, I set this in 'body executor control':
agent_expireafter => "10";
At the same time, I set this in my policy:
classes:
second_pass::
"test_expire" expression => returnszero("/bin/sleep 99999999999", "noshell");
any::
"second_pass" expression => "any";
The 'second_pass' guard just keeps it from getting hung up in pre-validation.
After a full restart of cfengine, I watched as cf-agent eventually ran, and I saw the sleep process that was spawned... but that's it. Its been running now for 45 minutes, with no sign that it's doing anything other than waiting for that impossibly long sleep to finish.
Is anyone else using this... and have you confirmed that it's working the way you would expect?
__Jason