2014-01-20T11:02:27+0100 error: Insufficient specification in mount promise - need source and server
It looks like the promise type "storage" and more specific the mount statement can only be used with nfs servers.
is this assumption correct?, or am I doing something wrong?
Please enlighten me.
Cheers,
Patrick
Yes, storage type promises are for NFS currently. https://cfengine.com/docs/master/reference-promise-types-storage.html
--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.
To post to this group, send email to help-c...@googlegroups.com.
Visit this group at http://groups.google.com/group/help-cfengine.
For more options, visit https://groups.google.com/groups/opt_out.
# Description:
# 1. Ensure file systems requiring the nosuid mount option
# are correctly mounted.
# 2. Ensure root file system is mounted with the log option.
#
# /etc/fstab will be edited and file systems will be remounted as
# needed.
#
#########################################################
#
# Check /etc/fstab
bundle agent fstab
{
vars:
"Fstab" -> { "GEN002420, GEN003640" }
comment => "CAT II UNIX STIG: 3.12.1 Set User ID (suid); 3.21 File Systems",
string => "/etc/fstab";
"fstab"
comment => "Read /etc/fstab into array",
slist => readstringlist(
"$(Fstab)",
"#[^\n]*",
"\n",
"256",
"8192"
);
"nosuid_filesystems"
comment => "Pattern to match file systems that require nosuid",
string => "^(/dev/|\w+:)((?!\s(/|/media/\w+|/opt|/opt/applmgr(/\S*)?|/opt/oracle|/proc|swap|/tmp|/usr|/var)\s).)*$";
"nosuid"
comment => "Pattern to match file systems that have no nosuid option",
string => "^((?![\s,](nosuid)[\s,]).)*$";
"may_need_nosuid"
comment => "List of file systems to check for nosuid option",
slist => grep("$(nosuid_filesystems)","fstab");
"need_nosuid"
comment => "List of file systems that need nosuid option added",
slist => grep("$(nosuid)","may_need_nosuid");
hpux::
"log_filesystems"
comment => "Pattern to match file systems that require log option (currently only /)",
string => "^.*\s+(/)\s+.*$";
"logopt"
comment => "Pattern to match file systems that have no log option",
string => "^((?![\s,](log)[\s,]).)*$";
"may_need_logopt"
comment => "List of file systems to check for log option",
slist => grep("$(log_filesystems)","fstab");
"need_logopt"
comment => "List of file systems that need log option added",
slist => grep("$(logopt)","may_need_logopt");
files:
any::
"$(Fstab)"
comment => "Edit /etc/fstab",
edit_line => set_fstab_options,
edit_defaults => std_defs,
create => "true";
methods:
any::
"ok" usebundle => remount("$(need_nosuid)","nosuid","suid");
"ok" usebundle => remount("$(need_logopt)","log","delaylog|tmplog");
}
bundle agent remount(fs,opt,nopt)
{
#########################################################
#
# remount a file system
#
# This bundle takes as input:
# fs - the file system entry from fstab
# opt - the new mount option
# nopt - any conflicting mount option(s) that should be removed
vars:
hpux::
"fs_type" string => "-F";
"mount" string => "/sbin/mount";
linux::
"fs_type" string => "-t";
"mount" string => "/bin/mount";
remount::
"mount_options_old" slist => splitstring("$(fs_ent[4])",",","9");
"mount_options_tmp" slist => { "remount", "@(mount_options_old)", "$(opt)" };
"mount_options_new" slist => grep("(?!${nopt}).*","mount_options_tmp");
"mount_options" string => join(",","mount_options_new");
classes:
"remount"
comment => "Extract device, fstype, options and mount point into array",
expression => regextract("([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s.*","$(fs)","fs_ent");
"have_mount_options"
expression => isvariable("mount_options");
commands:
have_mount_options.(!debug)::
"$(mount) $(fs_type) $(fs_ent[3]) -o $(mount_options) $(fs_ent[1]) $(fs_ent[2])"
comment => "Remount a file system";
reports:
have_mount_options.debug::
"$(fs_ent[2]) mount_options_old [$(mount_options_old)]";
"$(fs_ent[2]) mount_options_tmp [$(mount_options_tmp)]";
"$(fs_ent[2]) mount_options_new [$(mount_options_new)]";
"$(fs_ent[2]) mount_options [$(mount_options)]";
"Remount needed: $(mount) $(fs_type) $(fs_ent[3]) -o $(mount_options) $(fs_ent[1]) $(fs_ent[2])"
comment => "Turn on debugging with \"cf-agent -KIb mount_nfs -Ddebug -f ./promises.cf\"";
}
bundle edit_line set_fstab_options
{
field_edits:
# do add before remove to avoid creating a blank field
"$(fstab.nosuid_filesystems)"
comment => "Add nosuid mount option",
edit_field => col("\s+","4","nosuid","append");
"$(fstab.nosuid_filesystems)"
comment => "Remove suid mount option",
edit_field => col("\s+","4","suid","delete");
"$(fstab.log_filesystems)"
comment => "Add log mount option",
edit_field => col("\s+","4","log","append");
"$(fstab.log_filesystems)"
comment => "Remove delaylog mount option",
edit_field => col("\s+","4","delaylog","delete");
...
cat fstab.cf
#########################################################
#
# fstab.cf - check fstab options
#
# 1. Ensure file systems requiring the nosuid mount option
# are correctly mounted.
# 2. Ensure root file system is mounted with the log option.
#
# /etc/fstab will be edited and file systems will be remounted as
# needed.
#
bundle agent fstab
{
vars:
"Fstab" -> { "GEN002420, GEN003640" }
comment => "CAT II UNIX STIG: 3.12.1 Set User ID (suid); 3.21 File Systems",
string => "/home/admin/ringerso/inputs/fstab";
comment => "add nosuid option",
edit_line => fstab_option_editor("append","$(need_nosuid)","nosuid"),
edit_defaults => std_defs,
create => "true";
"$(Fstab)"
comment => "delete suid option",
edit_line => fstab_option_editor("delete","$(need_nosuid)","suid"),
edit_defaults => std_defs,
create => "true";
"$(Fstab)"
comment => "add log option",
edit_line => fstab_option_editor("append","$(need_logopt)","log"),
edit_defaults => std_defs,
create => "true";
"$(Fstab)"
comment => "remove delaylog option",
edit_line => fstab_option_editor("delete","$(need_logopt)","delaylog"),
# "$(fs_ent[2]) mount_options_tmp [$(mount_options_tmp)]";
"$(fs_ent[2]) mount_options_new [$(mount_options_new)]";
"$(fs_ent[2]) mount_options_final [$(mount_options)]";
"Remount needed: $(mount) $(fs_type) $(fs_ent[3]) -o $(mount_options) $(fs_ent[1]) $(fs_ent[2])"
cat fstab
/dev/cciss/c0d0p1 /boot ext3 defaults,nosuid 1 2
/dev/cciss/c0d0p2 swap swap defaults 0 0
/dev/vg00/lvol1 / ext3 defaults,acl 1 1
/dev/vg00/lvol2 /home ext3 defaults,nosuid 1 2
/dev/vg00/lvol4 /usr ext3 defaults 1 2
/dev/vg00/lvol5 /var ext3 defaults 1 2
/dev/vg00/lvol6 /opt ext3 defaults 1 2
/dev/vg00/lvol20 /u06 ext3 defaults,nosuid 1 2
/dev/vg00/lvol50 /var/log/audit ext4 nosuid,noatime,barrier=0 1 2
/dev/vg01/lvol1 /pre_release ext4 suid,noatime,barrier=0 1 2
/dev/vg01/lvol2 /releases ext4 noatime,barrier=0 1 2
/dev/vg01/lvol3 /opt/oracle ext4 noatime,barrier=0 1 2
/dev/vg01/lvol4 /usr/local/cisco ext4 nosuid,noatime,barrier=0 1 2
/dev/vg02/lvol1 /stage ext4 nosuid,noatime,barrier=0 1 2
/dev/vg02/lvol2 /exports/jboss ext4 nosuid,noatime,barrier=0 1 2
/dev/vg02/lvol3 /exports/ppm ext4 nosuid,noatime,barrier=0 1 2
/dev/vg02/lvol4 /exports/st ext4 nosuid,noatime,barrier=0 1 2
/dev/vg02/lvol5 /exports/sysadmin ext4 nosuid,noatime,barrier=0 1 2
/dev/vg02/lvol6 /restore ext4 noatime,barrier=0,nosuid 1 2
/dev/vg03/lvol1 /u01 ext4 nosuid,noatime,barrier=0 1 2
/dev/vg03/lvol2 /u02 ext4 nosuid,noatime,barrier=0 1 2
/dev/vg03/lvol3 /u03 ext4 nosuid,noatime,barrier=0 1 2
/dev/vg03/lvol4 /u04 ext4 nosuid,noatime,barrier=0 1 2
/dev/vg03/lvol5 /u05 ext4 nosuid,noatime,barrier=0 1 2
#/dev/vg03/lvol6 /u06 ext4 nosuid,noatime,barrier=0 1 2
/dev/vg03/lvol7 /u07 ext4 nosuid,noatime,barrier=0 1 2
devpts /dev/pts devpts gid=5,mode=620 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0
tmpfs /tmp tmpfs size=3G,nr_inodes=10k,mode=1777 0 0
cf-agent -KIb fstab -Ddebug -f ./fstab.cf
2014-01-21T09:42:52-0600 info: Using command line specified bundlesequence
2014-01-21T09:42:52-0600 notice: R: /pre_release mount_options_old [suid]
2014-01-21T09:42:52-0600 notice: R: /pre_release mount_options_old [noatime]
2014-01-21T09:42:52-0600 notice: R: /pre_release mount_options_old [barrier=0]
2014-01-21T09:42:52-0600 notice: R: /pre_release mount_options_new [remount]
2014-01-21T09:42:52-0600 notice: R: /pre_release mount_options_new [noatime]
2014-01-21T09:42:52-0600 notice: R: /pre_release mount_options_new [barrier=0]
2014-01-21T09:42:52-0600 notice: R: /pre_release mount_options_new [nosuid]
2014-01-21T09:42:52-0600 notice: R: /pre_release mount_options [remount,noatime,barrier=0,nosuid]
2014-01-21T09:42:52-0600 notice: R: Remount needed: /bin/mount -t ext4 -o remount,noatime,barrier=0,nosuid /dev/vg01/lvol1 /pre_release
2014-01-21T09:42:52-0600 notice: R: /releases mount_options_old [noatime]
2014-01-21T09:42:52-0600 notice: R: /releases mount_options_old [barrier=0]
2014-01-21T09:42:52-0600 notice: R: /releases mount_options_new [remount]
2014-01-21T09:42:52-0600 notice: R: /releases mount_options_new [noatime]
2014-01-21T09:42:52-0600 notice: R: /releases mount_options_new [barrier=0]
2014-01-21T09:42:52-0600 notice: R: /releases mount_options_new [nosuid]
2014-01-21T09:42:52-0600 notice: R: /releases mount_options [remount,noatime,barrier=0,nosuid]
2014-01-21T09:42:52-0600 notice: R: Remount needed: /bin/mount -t ext4 -o remount,noatime,barrier=0,nosuid /dev/vg01/lvol2 /releases
Yes. With a little work it could go into a new lib/3.[56]/fstab.cf, not
included by default but quite useful. If you make it require 3.6, you
can shorten the code even more.
Ted