CFengine doesn't update promises on client
171 views
Skip to first unread message
Danilo Chilene
Aug 14, 2014, 4:48:59 PM8/14/14
to help-c...@googlegroups.com
Hello,
My issue is that my cfengine clients doesn't update the promises from hub.
My hub information
[root@hub ~]# rpm -qa|grep cfeng
cfengine-community-3.5.3-1.x86_64
cf-promises -c run smoothly.
A example promise
[root@hub masterfiles]# ls -lah edit_motd.cf
-rw-r--r-- 1 root root 2.1K Aug 12 18:54 edit_motd.cf
[root@hub masterfiles]# cat edit_motd.cf
bundle agent edit_motd
{
vars:
"motd" string => "/etc/motd";
files:
"$(motd)"
create => "true",
edit_defaults => empty,
edit_line => addmessage;
reports:
cfengine::
"Cfengine Running: MOTD Promise";
}
bundle edit_line addmessage
{
insert_lines:
prod::
"Welcome to $(sys.fqhost)!
This system is managed by O_O.
The policy was last updated on $(sys.last_policy_update)";
}
On the client
[root@client inputs]# rpm -qa|grep cf
cfengine-community-3.5.3-1.x86_64
[root@client inputs]# pwd
/var/cfengine/inputs
[root@client inputs]# ls -lah edit_motd.cf
-rw------- 1 root root 735 Oct 29 2013 edit_motd.cf
It only updates edit_motd.cf if I bootstrap the client again, and this behaviour is very random and annoying.
Any ideas what is causing this or how I can debug this ? If you need more information please let me know.
Best Regards,My issue is that my cfengine clients doesn't update the promises from hub.
My hub information
[root@hub ~]# rpm -qa|grep cfeng
cfengine-community-3.5.3-1.x86_64
cf-promises -c run smoothly.
A example promise
[root@hub masterfiles]# ls -lah edit_motd.cf
-rw-r--r-- 1 root root 2.1K Aug 12 18:54 edit_motd.cf
[root@hub masterfiles]# cat edit_motd.cf
bundle agent edit_motd
{
vars:
"motd" string => "/etc/motd";
files:
"$(motd)"
create => "true",
edit_defaults => empty,
edit_line => addmessage;
reports:
cfengine::
"Cfengine Running: MOTD Promise";
}
bundle edit_line addmessage
{
insert_lines:
prod::
"Welcome to $(sys.fqhost)!
This system is managed by O_O.
The policy was last updated on $(sys.last_policy_update)";
}
On the client
[root@client inputs]# rpm -qa|grep cf
cfengine-community-3.5.3-1.x86_64
[root@client inputs]# pwd
/var/cfengine/inputs
[root@client inputs]# ls -lah edit_motd.cf
-rw------- 1 root root 735 Oct 29 2013 edit_motd.cf
It only updates edit_motd.cf if I bootstrap the client again, and this behaviour is very random and annoying.
Any ideas what is causing this or how I can debug this ? If you need more information please let me know.
Nick Anderson
Aug 14, 2014, 4:59:50 PM8/14/14
to help-c...@googlegroups.com
On 08/14/2014 03:48 PM, Danilo Chilene wrote:
> Hello,
>
> My issue is that my cfengine clients doesn't update the promises from hub.
Hi Danilo,
> Hello,
>
> My issue is that my cfengine clients doesn't update the promises from hub.
Can you send the verbose output from the client when running the update
policy?
`cf-agent -KIf udpate.cf`
Also does the policy in your masterfiles directory on the hub validate?
`cf-promises -cf /var/cfengine/masterfiles/promises.cf`
When peoples policy is not updating it makes me think it has to do with
cf_promises_validated.
http://www.cmdln.org/2012/10/24/cfengine-3-policy-update-or-how-
cf_promises_validated-works/
Usually either there is policy that does not validate, or
cf_promises_validated has gotten checked into version control in
masterfiles.
I recommend reading the documentation on the policy framework. The
documentation covers 3.6, but it should still help you understand how
the default policy update mechanism works.
https://docs.cfengine.com/latest/guide-writing-and-serving-policy-policy-framework.html
Danilo Chilene
Aug 15, 2014, 11:09:40 AM8/15/14
to Nick Anderson, help-c...@googlegroups.com
Hi Nick,
The promises are ok.
[root@hub ~]# cf-promises -cf /var/cfengine/masterfiles/promises.cf
[root@hub ~]#
Thi is the log from a client http://pastebin.com/AAynp79gThe promises are ok.
[root@hub ~]# cf-promises -cf /var/cfengine/masterfiles/promises.cf
[root@hub ~]#
--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.
To post to this group, send email to help-c...@googlegroups.com.
Visit this group at http://groups.google.com/group/help-cfengine.
For more options, visit https://groups.google.com/d/optout.
Nick Anderson
Aug 15, 2014, 11:41:37 AM8/15/14
to Danilo Chilene, Nick Anderson, help-c...@googlegroups.com
On 08/15/2014 10:09 AM, Danilo Chilene wrote:
> Hi Nick,
>
> The promises are ok.
>
> [root@hub ~]# cf-promises -cf /var/cfengine/masterfiles/promises.cf
> <http://promises.cf>
> Hi Nick,
>
> The promises are ok.
>
> [root@hub ~]# cf-promises -cf /var/cfengine/masterfiles/promises.cf
OK, are you using a version control system to manage your masterfiles?
I see this in the output of the update policy.
```
2014-08-15T12:02:03-0300 verbose: Skipping next promise
'/var/cfengine/inputs', as context
'am_policy_hub|validated_updates_ready' is not relevant
```
This indicates that the client thinks that there are no updates ready
and for efficiency skips hashing each file in masterfiles individually.
This can happen if the `cf_promises_validated` file happens to get
checked into your masterfiles repository.
I think its important to understand this behaviour. If you go and muck
with the policy files on a client in inputs directly those changes won't
be reverted until someone releases new policy on the hub, and
cf_promises_validated gets updated so that the client knows it should
scan the rest of the policy and look for changes.
Danilo Chilene
Aug 15, 2014, 6:08:19 PM8/15/14
to Nick Anderson, help-c...@googlegroups.com
Hello,
I'm not using a vcs to control masterfiles, but I'm using to deliver files(deploy, /etc/sudo, etc.)
I will check this issue further next week.I'm not using a vcs to control masterfiles, but I'm using to deliver files(deploy, /etc/sudo, etc.)
Thanks for the help.
Danilo Chilene
Aug 21, 2014, 1:47:20 PM8/21/14
to Nick Anderson, help-c...@googlegroups.com
Hi,
Just a update, after I removed(manually) cf_promises_validated all promises was delivered(and updated if needed).
Just a update, after I removed(manually) cf_promises_validated all promises was delivered(and updated if needed).
Reply all
Reply to author
Forward
0 new messages