diff options
Diffstat (limited to 'var/www/html/cfengine/update.cf')
-rw-r--r-- | var/www/html/cfengine/update.cf | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/var/www/html/cfengine/update.cf b/var/www/html/cfengine/update.cf new file mode 100644 index 0000000..039636c --- /dev/null +++ b/var/www/html/cfengine/update.cf @@ -0,0 +1,132 @@ +# update promises + +bundle agent update +{ + vars: + + any:: + + "master_server" string => "phost1.eurospider.com"; + + "master_location" string => "/var/cfengine/masterfiles"; + + "ignore_list" slist => { "\.svn", ".*~" }; + + redhat|freebsd:: + + "inputs_location" string => "$(sys.workdir)/inputs/."; + + debian:: + + "inputs_location" string => "/etc/cfengine3/."; + + files: + + any:: + + "$(sys.workdir)/." + + create => "true", + perms => u_p( "0700" ), + action => uimmediate; + + redhat|freebsd:: + + "$(sys.workdir)/bin/." + + create => "true", + perms => u_p( "0700" ), + action => uimmediate; + + debian:: + + "$(sys.workdir)/bin/." + + link_from => u_ln_s( "/usr/sbin" ), + action => uimmediate; + + any:: + + "$(sys.workdir)/ppkeys/." + + perms => u_p( "0700" ), + action => uimmediate; + + redhat|freebsd:: + + "$(sys.workdir)/bin" + + comment => "copy binaries from RPM location", + perms => u_p( "700" ), + copy_from => mycopy( "/usr/local/sbin", "localhost" ), + depth_search => recurse( "inf" ), + action => uimmediate; + + bunsen:: + + "$(inputs_location)" + + comment => "copy from local masterfiles on master policy server", + perms => u_p( "600" ), + copy_from => mycopy("$(master_location)","localhost"), + depth_search => recurse_ignore( "inf", "$(ignore_list)" ), + action => uimmediate; + + !bunsen:: + + "$(inputs_location)" + + comment => "all others fetch the promises from the policy master (also the slave)", + perms => u_p( "600" ), + copy_from => remote_copy( "$(master_location)", "$(master_server)" ), + depth_search => recurse_ignore( "inf", "$(ignore_list)" ), + action => uimmediate; + + commands: + + bunsen:: + + "/bin/sh -c 'cd $(master_location) && svn up >/dev/null 2>&1'" + + comment => "update the master policy files from SVN"; +} + +# self-contained functions, must work even if libaries have bugs + +# Set permissions +body perms u_p( p ) +{ + mode => "$(p)"; +} + +# Basic copy function (for local file copies) +body copy_from mycopy( from, server ) +{ + source => "$(from)"; + compare => "digest"; +} + +# Remote copy function, secure +body copy_from remote_copy( sourcedir, sourceserver ) +{ + source => "$(sourcedir)"; + servers => { "$(sourceserver)" }; + compare => "digest"; + encrypt => "true"; + verify => "true"; + trustkey => "true"; + preserve => "true"; +} + +# Copy if at least 1 minute has elapsed +body action uimmediate +{ + ifelapsed => "1"; +} + +body link_from u_ln_s(x) +{ + link_type => "symlink"; + source => "$(x)"; + when_no_source => "force"; +} |