So taking the high-level overview:
1. On your existing (3.6.x) set-up, try to get things in order:
(a) clean separation of CFEngine policy from your own;
(b) closeness of your copy of CFEngine masterfiles to what they had distributed;
2. Consider the two-step approach (3.6 -> 3.7; 3.7 -> 3.10) rather than a giant leap;
3. Use the two documents listed above to guide you on the work itself.
I hope that helps.
-- David Lee, ECMWF
Hi Bob,
Where do people store the files that will be copied to the target system
(/etc/issue, /etc/motd, /etc/yp.conf)?
There is no standard that I am aware of.
It can be nice to track versions of hand crafted files separately from the
policy itself.
Neil mentions /var/cfengine/sitefiles
. If you select a place outside of
masterfiles, then you just need to be sure to have an appropriate access
promise granting hosts access to the files stored under that path.
bundle server bobs_access_rules { access: policy_server|am_policy_hub:: "/var/cfengine/sitefiles" admit_ips => { @(def.acl) }, comment => "Hand crafted configs are stored here. All hosts need to be able to copy assets from this directory on the hub."; }
I assume my policy files reside in masterfiles/services ?
The services directory is a place you can store your custom policy. The
masterfiles policy framework does ship services/main.cf
which contains an
empty bundle agent main
. You can use this as a branching off point.
I commonly see directories created under the top level as well. For example
bob
or mycompany
. The main guidance is that you should try to avoid
modifying the files that are shipped as part of masterfiles.
The masterfiles policy framework is rendered in the documentation here:
https://docs.cfengine.com/docs/3.10/reference-masterfiles-policy-framework.html
–
Nick Anderson