file_select: combining attributes

[Xander Cage]

hi,

i am using "recurse_ignore" to exlude dirs from search, but now i read somewhere in the docs the "file_select" has an exclude option. the thing is,

i have no idea how to combine the atrributes (type and exclude in this case).

"/cferoot"
           perms => mog("755","root","system"),
           depth_search => recurse_ignore("inf", "@(exclude_dirs)" ),
           file_select => dir,
           classes => if_repaired("DIRECTORY_PERMS_REPAIRED");

so how to combine the "dir" filetype with the exclude option?

file_select => exclude("secret_file");

wbr chris

[Bas van der Vlies]

Xander,

recurse_ignore can be use to exclude directories, with `file_select`
you can do much more:
*
https://docs.cfengine.com/docs/3.15/reference-promise-types-files.html#file_select

recurse_ignore| for excluding dirs and for example file_select to exclude files:
--

"$(ganglia_server_files)"
copy_from =>
sara_hash_cp("$(source_dir)/$(ganglia_server_files)"),
depth_search => recurse_ignore("1", "@(exclude_dir)" ),
file_select => ex_list("@(exclude_file)"),
classes => if_repaired("ganglia_gmond_config_restart");
```

[Xander Cage]

yes i know, but how can i tell file_select that the file type should be "dir" and addtitional the name of the directory to exclude.

just like recurse_ignore which also takes two paramaters (type and name).

pseudo code:

file_select   => ("dir", "@(exclude_dir)");

On Tuesday, July 28, 2020 at 12:18:08 PM UTC+2, Bas van der Vlies wrote:

Xander,

 recurse_ignore can be use to exclude directories, with `file_select`
you can do much more:
 *
https://docs.cfengine.com/docs/3.15/reference-promise-types-files.html#file_select

recurse_ignore| for excluding dirs and for example file_select to exclude files.

[Aleksey Tsalolikhin]

Hi Chris,

See https://docs.cfengine.com/docs/3.12/reference-promise-types-files.html#file_types

Notice one of the file types menu items is "dir".

Example, for filtering out directories:

body file_select filter { file_types => { "dir" }; file_result => "!file_types"; }  

Best,

Aleksey

-- 

Founder

Vertical Sysadmin, Inc.

Achieve real learning.

--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/help-cfengine/a5f1ebb0-a042-47ff-8c84-ff292fc2256co%40googlegroups.com.

[Xander Cage]

i'm sorry but i still dont get it *feeling dumb*

all the examples just show one parameter...either type or name...but i want them together in one file_select expression.

On Tuesday, July 28, 2020 at 3:51:01 PM UTC+2, Aleksey Tsalolikhin wrote:

Hi Chris,

See https://docs.cfengine.com/docs/3.12/reference-promise-types-files.html#file_types

Notice one of the file types menu items is "dir".

Example, for filtering out directories:

body file_select filter { file_types => { "dir" }; file_result => "!file_types"; }  

Best,

Aleksey

-- 

Founder

Vertical Sysadmin, Inc.

Achieve real learning.

To unsubscribe from this group and stop receiving emails from it, send an email to help-c...@googlegroups.com.

[Aleksey Tsalolikhin]

Hi Chris,

Sorry, I should have provided an example.  file_select takes a class expression.

See Listing 13.3: 520-060-File_Selection-0520-Select_by_several_things.cf in  CFEngineTutorial.org  

Best,

Aleksey

-- 

Founder

Vertical Sysadmin, Inc.

Achieve real learning.

To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/help-cfengine/c2ea2904-d10e-4d0f-986c-389d6bf58c8bo%40googlegroups.com.

[Nick Anderson]

i'm sorry but i still dont get it feeling dumb all the examples just show one parameter…either type or name…but i want them together in one file_select expression.

Hi Xander

Indeed, the example in the docs doesn't show how much flexibility you have. The stdlib has several file_select bodies, but they also don't have very complex expressions.

Note that it's file_result in the file_select body that takes an expression.

https://docs.cfengine.com/docs/master/reference-promise-types-files.html#file_result

From the stdlib: https://docs.cfengine.com/docs/master/reference-masterfiles-policy-framework-lib-files.html#file_select-bodies

Listing 1: file_select bodies from the stdlib that show file_result expression

body file_select name_age(name,days)
# @brief Select files that have a matching `name` and have not been modified for at least `days`
# @param name A regex that matches the file name
# @param days Number of days
{
      leaf_name   => { "$(name)" };
      mtime       => irange(0,ago(0,0,"$(days)",0,0,0));
      file_result => "mtime.leaf_name";
}

body file_select filetype_older_than(filetype, days)
# @brief Select files of specified type older than specified number of days
#
# @param filetype File type to select
# @param days Number of days
#
# This body only takes a single filetype, see `filetypes_older_than()`
# if you want to select more than one type of file.
{
      file_types => { "$(filetype)" };
      mtime      => irange(0,ago(0,0,"$(days)",0,0,0));
      file_result => "file_types.mtime";
}

body file_select filetypes_older_than(filetypes, days)
# @brief Select files of specified types older than specified number of days
#
# This body only takes a list of filetypes
#
# @param filetypes A list of file types
# @param days Number of days
#
# **See also:** `filetype_older_than()`
{
      file_types => { @(filetypes) };
      mtime      => irange(0,ago(0,0,"$(days)",0,0,0));
      file_result => "file_types.mtime";
}

So, file_result takes an expression comprised of the other file_select body attributes to determine which files should be selected.

e.g. search_size.file_types.!(mtime|leaf_name) would find files where file size was in the range specified for search_size, the file type matched that specified in file_types, ctime, and leaf_name all did not match.

Does that helps to clarify?

If you can think of a good example where you need to operate on files using some kind of complex expression we can look to add an example in core and then leverage that in the documentation.

– Nick Anderson| Doer of Things | (+1) 785-550-1767 | https://northern.tech

[Aleksey Tsalolikhin]

Thanks Nick, and apologies, Chris, for mis-stating that file_select takes a class expression. As Nick wrote, it's file_result  (inside file_select) that takes an expression.  Let us know how it goes now, Chris.

Best,

Aleksey

-- 

Founder

Vertical Sysadmin, Inc.

Achieve real learning.

--

You received this message because you are subscribed to the Google Groups "help-cfengine" group.

To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/help-cfengine/87ime7elsa.fsf%40northern.tech.

[Xander Cage]

hi,

i gave up and did the permission stuff on the clients not in the source file pool...

here is the proposed but incomplete policy, maybe its helpfull for documentation purposes.

#
# setting various permissions in a big file hierachy/pool
#
#

bundle agent b0027_cferoot_perm_watcher
    {

 # this triggers the autorun shit
 meta:
    "tags"  slist => { "itsv" };

  vars:
     "exclude_dirs"  slist   => { "/usr/local/nagios", "/usr/local/bin" };




  files:

     policy_server::


          # first set permissions on nagios base dir
          # and check files/scripts
          "/cferoot/usr/local/nagios"
           perms => mog("755","nagios","system"),
           classes => if_repaired("NAGIOS_BASEPERMS_REPAIRED");

          "/cferoot/usr/local/nagios"
          perms => mog("755","nagios","system"),
          depth_search => recurse("inf"),
          classes => if_repaired("NAGIOS_FILEPERMS_REPAIRED");

          # after nagios, set the rest of the whole file pool
          # directories but exclude the nagios files
          # the recurse_ignore part should be redone to use file_select,
          # but this is to complicated for my poor little brain.

          "/cferoot"
           perms => mog("755","root","system"),
           depth_search => recurse_ignore("inf", "@(exclude_dirs)" ),
           file_select => dir,
           classes => if_repaired("DIRECTORY_PERMS_REPAIRED");

  reports:

    policy_server.(NAGIOS_BASEPERMS_REPAIRED|NAGIOS_FILEPERMS_REPAIRED)::

      "nagios file permissions in cferoot fixed...";

    policy_server.DIRECTORY_PERMS_REPAIRED::

      "directory permissions in cferoot fixed...";


    }

To unsubscribe from this group and stop receiving emails from it, send an email to help-c...@googlegroups.com.