Yann, you can link promises together with classes ifrepaired. Check out slides 31 and 32 in cf-primer. https://digitalelf.net/cf-primer/#(31)
--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengine+unsubscribe@googlegroups.com.
To post to this group, send email to help-c...@googlegroups.com.
Visit this group at https://groups.google.com/group/help-cfengine.
For more options, visit https://groups.google.com/d/optout.
For your specific case, it's not as hard as you might think:
cfengine will "not_repaired" file promises for owners that do not exist. If you promise "/etc/httpd/sites.available/mysite.conf" owner => "apache"; cfengine will make sure that happens once the apache user exists. Similarly, if you have a separate user for the webapps, they can be enforced "eventually". These implicit dependencies are better handled with--
The depends_on attribute for the promise!… Description: A list of promise handles for promises that must have an outcome of KEPT or REPAIRED in order for the promise to be actuated.
#!/var/cfengine/bin/cf-agent -vbmain
bundle agent main {
packages:
"apache2"
handle => "install_apache_pkg",
policy => "present",
package_module => apt_get,
version => "latest";
files:
"/var/tomcat/webapps/mycoolwebapp1.jar"
handle => "webapp1_jar_copy",
copy_from => rcp("/deploy/mycoolwebapp1.jar", $(sys.policy_hub));
"/etc/httpd/sites.availabe/webapp1.conf"
owner => "webappdeveloper", # This implicitly depends on the users: promise below.
depends_on => { "install_apache_pkg", "webapp1_jar_copy" };
users:
"webappdeveloper"
policy => "present",
password => hashed_password("$6$the/string/youd/find/in/shadow");
}
body file control { inputs => {"$(sys.libdir)/stdlib.cf";}
This example will take at least 2 passes (of running cf-agent) and maybe up to 5, to converge to having everything installed right, but the system is at a stable (although misconfigured) state after each execution.
--Joe
--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.
Dear Yann,
Small technical point - there is no need to restart Apache after updating configuration. You can reload configuration instead which is less disruptive. See "/etc/init.d/httpd reload" and Apache graceful restart.
Best,
-at
--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengine+unsubscribe@googlegroups.com.
Le lundi 24 octobre 2016 à 14:29 -0400, Neil Watson a écrit :
> If I understand your need correctly, order may not be as important as
> you think. Order is a habit we gained from the Old Days of scripting.
> It's not important what order Apache or PHP are installed and configured
> in. Cf-agent will converge to the desired state in one run or two if
> some arbitrary dependency constrains it. So long as the cf-agent run
> frequency is high don't worry about order so much. Worrying less about
> order is liberating. Try it and see.
I'm not sure to understand what you mean by not worrying about ordering
because it will eventually converge.
Cfengine introduced the notion of ‘convergence’ into system administration. This was orginially only implicit in the early work, but was named explicitly in the Computer Immunology essay in (Burgess, 1998) and was immediately taken up by Couch et al (Couch and Gilfix, 1999) and formed the basis of the con- figuration management workshops. This concept was quickly understood to be important....Cfengine addresses convergence in two ways: by making each successful operation convergent in a single step, and by checking for contrary sequences. If a single step should fail or be undermined, for what ever reason (crash, interruption, changing conditions, loss of connectivity etc), it can be repeated later; this is sufficient to ensure that simple configurations converge.
Yep. :) Agreed. :)