How to force clients to download new promises?
2,633 views
Skip to first unread message
Samnang Sen
Nov 22, 2012, 4:37:01 PM11/22/12
to help-c...@googlegroups.com
I'm a new cfengine user and I have a hub and client setup with cfengine 3 community. Let's say I make a change to a promise file and added a new bundle. How can i force my client to download the changes immediately? I tried running "cf-agent -KI" on the client but it doesn't seem to work. About 10 minutes later I noticed it worked on its own so I'm assuming there's some sort of delay?
neilhwatson
Nov 22, 2012, 4:40:11 PM11/22/12
to help-c...@googlegroups.com
Try cf-agent -IKf failsafe.cf. There still may be some delay. For example, if failsafe.cf consults cf_promises_validated.
In general we do not force clients to do anything. For testing it is O.K. to do so. In production we want voluntary co-operation.
In general we do not force clients to do anything. For testing it is O.K. to do so. In production we want voluntary co-operation.
Samnang Sen
Nov 22, 2012, 4:52:06 PM11/22/12
to help-c...@googlegroups.com
Yea, that didn't work. Ok, that's fine I was just tired of waiting around for the new bundles to take effect when I'm testing. :-)
Mark Burgess
Nov 22, 2012, 4:56:25 PM11/22/12
to Samnang Sen, help-c...@googlegroups.com
Rundt cf-agent -f failsafe.cf first to update the policy usually.
--
Sent from my Android phone with probably ridiculous and involuntary spelling corrections.
--
Sent from my Android phone with probably ridiculous and involuntary spelling corrections.
neilhwatson
Nov 22, 2012, 5:03:31 PM11/22/12
to help-c...@googlegroups.com
What was the file on the hub that you changed? Please include the full path.
Samnang Sen
Nov 22, 2012, 5:22:31 PM11/22/12
to help-c...@googlegroups.com
Ok, bear with me. I'll include paths to the files in question
Let's say I have the following scenario.
File structure on the "hub" server
- /var/cfengine/masterfiles/promises
- /var/cfengine/masterfiles/test1.cf
- /var/cfengine/masterfiles/test1.cf
Let's say I add "test2.cf" to the "repo" and I want my clients to pick it up immediately. I tried running "cf-agent -KI -f /var/cfengine/inputs/failsafe.cfg" yielded nothing. It did however pick up on the next schedule run (I assume 5 mins later).
Scenario 2:
Let's say I wanted to delete "test1.cf" and its associated references in the "promises" file. Would the clients pick up and this and remove the file as well? I can't imagine what would happen if I ended up with 20 bundles and we do some house cleaning later on.
Thanks guys!
Samnang Sen
Nov 22, 2012, 5:23:53 PM11/22/12
to help-c...@googlegroups.com
That should read "failsafe.cf" not "failsafe.cfg"
lauwersw
Nov 23, 2012, 2:50:12 AM11/23/12
to help-c...@googlegroups.com
For me this scenario always works:
on the hub:
cf-agent -K -f failsafe.cf && cf-promises
The cf-promises is not strictly necessary because the failsafe runs it as well, but if you have any errors in code, they will become visible immediately. If you have any error, the cf_promises_validated file will not be renewed, so you have to fix your errors first.
Next on the test client:
rm -f /var/cfengine/inputs/cf_promises_validated && cf-agent -K -f failsafe.cf && cf-agent -K
This ensures that you will always be executing the most recent code on your test client and that any changes can be enforced immediately during testing. But I agree with the others that you should do this only during testing.
on the hub:
cf-agent -K -f failsafe.cf && cf-promises
The cf-promises is not strictly necessary because the failsafe runs it as well, but if you have any errors in code, they will become visible immediately. If you have any error, the cf_promises_validated file will not be renewed, so you have to fix your errors first.
Next on the test client:
rm -f /var/cfengine/inputs/cf_promises_validated && cf-agent -K -f failsafe.cf && cf-agent -K
This ensures that you will always be executing the most recent code on your test client and that any changes can be enforced immediately during testing. But I agree with the others that you should do this only during testing.
Samnang Sen
Nov 23, 2012, 8:51:25 AM11/23/12
to help-c...@googlegroups.com
Not sure what the heck happened but it's working as expected now. Running "cf-agent -KI" on the client that is.
matthew willson
Dec 11, 2012, 11:31:14 AM12/11/12
to help-c...@googlegroups.com
Doing the same fixed my inability to update as well. I really wish the learning cfengine3 book was more clear on creating a usable system. A quick search of the book yields zero results for promises_validated despite this being an integral part of how cfengine communicates changes.
Brian Bennett
Dec 11, 2012, 12:14:35 PM12/11/12
to matthew willson, help-c...@googlegroups.com
I run the following on the policy server, then client:
sudo cf-agent -f /var/cfengine/inputs/failsafe.cf -KI && sudo cf-agent -KI
This makes sure the policy server has been updated from masterfiles, so that the updated files will be available to the clients.
The normal procedure that most people use is to edit files in /var/cfengine/masterfiles, while they are served from /var/cfengine/inputs. cf-agent needs to run on the policy server once to make them ready for serving to clients.
When you make an edit, then right away run cf-agent on clients and they don't see you're change it's because the server hasn't updated yet. Then later without doing anything else, it just works. It's because the server itself has had time to run cf-agent itself and update the files.
--
Brian
> --
> You received this message because you are subscribed to the Google Groups "help-cfengine" group.
> To post to this group, send email to help-c...@googlegroups.com.
> To unsubscribe from this group, send email to help-cfengin...@googlegroups.com.
> Visit this group at http://groups.google.com/group/help-cfengine?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
sudo cf-agent -f /var/cfengine/inputs/failsafe.cf -KI && sudo cf-agent -KI
This makes sure the policy server has been updated from masterfiles, so that the updated files will be available to the clients.
The normal procedure that most people use is to edit files in /var/cfengine/masterfiles, while they are served from /var/cfengine/inputs. cf-agent needs to run on the policy server once to make them ready for serving to clients.
When you make an edit, then right away run cf-agent on clients and they don't see you're change it's because the server hasn't updated yet. Then later without doing anything else, it just works. It's because the server itself has had time to run cf-agent itself and update the files.
--
Brian
> You received this message because you are subscribed to the Google Groups "help-cfengine" group.
> To post to this group, send email to help-c...@googlegroups.com.
> To unsubscribe from this group, send email to help-cfengin...@googlegroups.com.
> Visit this group at http://groups.google.com/group/help-cfengine?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
Reply all
Reply to author
Forward
0 new messages