How to restart ssh service when its configuration file is modified?
220 views
Skip to first unread message
Denis Weerasiri
Jun 3, 2015, 8:07:59 AM6/3/15
to help-c...@googlegroups.com
Hi,
I am new to CFEngine.
Suppose I need to deploy an ssh service. And I need to "automatically" restart the ssh service every time I modify its configuration file. How can I achieve this?
Marco Marongiu
Jun 3, 2015, 8:16:51 AM6/3/15
to help-c...@googlegroups.com
Use a classes clause in the promise that changes the configuration so
that you set a class when the promise is repaired (== the file is
modified), and condition the restart of the service to that class being set.
files:
"/etc/ssh/sshd_config"
classes => if_repaired("sshd_config_updated"),
... other clauses here...
commands:
sshd_config_updated::
"/etc/init.d/sshd restart" ;
I kept it simple but notice that: 1) with many things changing in init
systems it's better not to use scripts in init.d directly any more and
2) because of 1) a services promises is probably better than a commands
promise.
Ciao
-- bronto
Neil Watson
Jun 3, 2015, 8:34:55 AM6/3/15
to help-c...@googlegroups.com
The long way is to promise your config file, and set a class if the file
is repaired using that class to issue a restart command. Roughly
files:
"/var/cache/cfengine/etc/ntp.conf"
comment => "Copy from policy_server",
create => 'true',
copy_from => remote_cp( "${sys.workdir}/sitefiles/ntp.conf",
"${sys.policy_hub}");
"/etc/ntp.conf"
comment => "Copy from local cache. Useful if server not reachable",
create => 'true',
copy_from => local_cp( "/var/cache/cfengine/etc/ntp.conf" );
classes => if_repaired( "restart_ntp" );
"/etc/ntp.conf"
comment => "Promise perms but don't trigger a restart",
perms => mog( "640", "root", "root" );
processes:
"ntpd"
comment => "Trigger restart if process is not running",
process_select => by_name( "/usr/sbin/ntpd -p /var/run/ntpd.pid
-g -u 112:120" ),
restart_class => "restart_ntp";
commands:
restart_ntp::
"/sbin/service ntp restart"
contain => in_shell_and_silent;
Or, all this can be done using an existing framework like EFL.
methods:
"services"
usebundle => efl_service( "${sys.workdir}/inputs/efl_data/services.json" );
Where services.json contains this and other services not shown:
[
{
"config_file_src" : "/var/cfengine/sitefiles/ntp.conf",
"restart_cmd" : "${paths.path[service]} ntp restart",
"config_file" : "/etc/ntp.conf",
"server" : "list_backup.policy_servers",
"owner" : "root",
"group" : "root",
"template" : "no",
"promisee" : "Neil Watson",
"mode" : "640",
"process_regex" : "/usr/sbin/ntpd -p /var/run/ntpd.pid.*",
"encrypt" : "no",
"class" : "any"
},
....
]
For more info see:
https://github.com/evolvethinking/evolve_cfengine_freelib
--
Neil H Watson
Sr. Partner, Architecture and Infrastructure
CFEngine reporting: https://github.com/evolvethinking/delta_reporting
CFEngine policy: https://github.com/evolvethinking/evolve_cfengine_freelib
CFEngine and vim: https://github.com/neilhwatson/vim_cf3
CFEngine support: http://evolvethinking.com
is repaired using that class to issue a restart command. Roughly
files:
"/var/cache/cfengine/etc/ntp.conf"
comment => "Copy from policy_server",
create => 'true',
copy_from => remote_cp( "${sys.workdir}/sitefiles/ntp.conf",
"${sys.policy_hub}");
"/etc/ntp.conf"
comment => "Copy from local cache. Useful if server not reachable",
create => 'true',
copy_from => local_cp( "/var/cache/cfengine/etc/ntp.conf" );
classes => if_repaired( "restart_ntp" );
"/etc/ntp.conf"
comment => "Promise perms but don't trigger a restart",
perms => mog( "640", "root", "root" );
processes:
"ntpd"
comment => "Trigger restart if process is not running",
process_select => by_name( "/usr/sbin/ntpd -p /var/run/ntpd.pid
-g -u 112:120" ),
restart_class => "restart_ntp";
commands:
restart_ntp::
"/sbin/service ntp restart"
contain => in_shell_and_silent;
Or, all this can be done using an existing framework like EFL.
methods:
"services"
usebundle => efl_service( "${sys.workdir}/inputs/efl_data/services.json" );
Where services.json contains this and other services not shown:
[
{
"config_file_src" : "/var/cfengine/sitefiles/ntp.conf",
"restart_cmd" : "${paths.path[service]} ntp restart",
"config_file" : "/etc/ntp.conf",
"server" : "list_backup.policy_servers",
"owner" : "root",
"group" : "root",
"template" : "no",
"promisee" : "Neil Watson",
"mode" : "640",
"process_regex" : "/usr/sbin/ntpd -p /var/run/ntpd.pid.*",
"encrypt" : "no",
"class" : "any"
},
....
]
For more info see:
https://github.com/evolvethinking/evolve_cfengine_freelib
--
Neil H Watson
Sr. Partner, Architecture and Infrastructure
CFEngine reporting: https://github.com/evolvethinking/delta_reporting
CFEngine policy: https://github.com/evolvethinking/evolve_cfengine_freelib
CFEngine and vim: https://github.com/neilhwatson/vim_cf3
CFEngine support: http://evolvethinking.com
Reply all
Reply to author
Forward
0 new messages