How to add promises as autorun

11 views
Skip to first unread message

Kasper Põllu

unread,
Aug 18, 2020, 5:26:15 AM8/18/20
to help-cfengine
Hi,
I've installed cfengine on 2 test machines, testdebian1(policy) and testdebian2(host).

As I understand, I should enable the services_autorun class through /var/cfengine/masterfiles/def.json using:

    {
      "classes": {
                   "services_autorun": [ "any" ]
                 }
    }

I have enabled 2 promises to run as autorun, by placing them in the services/autorun folder:

However, the promises put in there take no action.

Also, while trying to manually start for example the sudo policy setup, it tries to take the library it needs from somewhere it doesn't exist. On that note, I also cannot find the library file anywhere on the system.


Best regards,
Kasper

Kasper Põllu

unread,
Aug 18, 2020, 5:28:03 AM8/18/20
to help-cfengine
I was told that to enable or define the services_autorun class I could also do this:
But I do not understand how or where I should place this snippet

Bas van der Vlies

unread,
Aug 18, 2020, 5:39:15 AM8/18/20
to help-c...@googlegroups.com
Did you add the `meta` keyword o sudo.cf?
````
bundle agent sudoers
{
meta:
"tags" slist => { "autorun" };
....
}
```

it is required for autorun to work.

regards

PS) There is also a cfengine service library available at:
* https://github.com/basvandervlies/cf_surfsara_lib

Kasper Põllu

unread,
Aug 18, 2020, 6:13:22 AM8/18/20
to help-c...@googlegroups.com

Hi Bas,

The meta keyword has indeed been added.

The error I get when trying to manually start the promise:

root@testdebian1:~# cf-agent -f /var/cfengine/masterfiles/services/autorun/sudoers.cf -KI
   error: Can't stat file '/var/cfengine/masterfiles/services/autorun/libraries/cfengine_stdlib.cf' for parsing. (stat: No such file or directory)
   error: Policy failed validation with command '"/var/cfengine/bin/cf-promises" -c "/var/cfengine/masterfiles/services/autorun/sudoers.cf"'
   error: Failsafe condition triggered. Interactive session detected, skipping failsafe.cf execution.
   error: Error reading CFEngine policy. Exiting...

Contents of sudo.cf:

body common control
{
bundlesequence => { "sudoers" };
inputs => { "libraries/cfengine_stdlib.cf" };


}


bundle agent sudoers
{

 meta:
  "tags" slist => { "autorun" };

# Define the master location of the sudoers file
vars:

  "master_location" string => "/var/cfengine/masterfiles";


# Copy the master sudoers file to /etc/sudoers
files:

  "/tmp/sudoers"  # change to /etc/sudoers to use in production

     comment => "Make sure the sudo configuration is secure and up to date",
       perms => mog("440","root","root"),
   copy_from => secure_cp("$(master_location)/sudoers","$(sys.policy_hub)");

}


Best regards,

Kasper

Bas van der Vlies

unread,
Aug 18, 2020, 6:42:35 AM8/18/20
to help-c...@googlegroups.com
Did you setup a HUB and clients setup?, usually:
* cf-agent -KI

is enough to run our current setup. You run a standalone policy cfengine file.
and this on tries to find the the file:
* libraries/cfengine_stdlib.cf

The `masterfiles` is used for copying the file to `inputs` and form the `inputs`
directory you run your setup from. CFagent looks standard is this directory for
its input files.

so ypu must first have this setup running before looking into the autorun stuff.
It seems like you do not have a proper setup for now.

regards
Reply all
Reply to author
Forward
0 new messages