1 files changed, 132 insertions, 0 deletions
diff --git a/var/www/html/cfengine/update.cf b/var/www/html/cfengine/update.cf
new file mode 100644
index 0000000..039636c
--- /dev/null
+++ b/var/www/html/cfengine/update.cf
@@ -0,0 +1,132 @@
+# update promises
+
+bundle agent update
+{
+    vars:
+
+        any::
+
+            "master_server"   string => "phost1.eurospider.com";
+
+            "master_location" string => "/var/cfengine/masterfiles";
+
+            "ignore_list"     slist  => { "\.svn", ".*~" };
+
+        redhat|freebsd::
+
+            "inputs_location" string => "$(sys.workdir)/inputs/.";
+
+        debian::
+
+            "inputs_location" string => "/etc/cfengine3/.";
+
+    files:
+
+        any::
+
+            "$(sys.workdir)/."
+
+                create  => "true",
+                perms   => u_p( "0700" ),
+                action  => uimmediate;
+
+        redhat|freebsd::
+
+            "$(sys.workdir)/bin/."
+
+                create  => "true",
+                perms   => u_p( "0700" ),
+                action  => uimmediate;
+
+        debian::
+
+            "$(sys.workdir)/bin/."
+
+                link_from => u_ln_s( "/usr/sbin" ),
+                action  => uimmediate;
+
+        any::
+
+            "$(sys.workdir)/ppkeys/."
+
+                perms   => u_p( "0700" ),
+                action  => uimmediate;
+
+        redhat|freebsd::
+
+            "$(sys.workdir)/bin"
+
+                comment      => "copy binaries from RPM location",
+                perms        => u_p( "700" ),
+                copy_from    => mycopy( "/usr/local/sbin", "localhost" ),
+                depth_search => recurse( "inf" ),
+                action       => uimmediate;
+
+        bunsen::
+
+            "$(inputs_location)"
+
+                comment      => "copy from local masterfiles on master policy server",
+                perms        => u_p( "600" ),
+                copy_from    => mycopy("$(master_location)","localhost"),
+                depth_search => recurse_ignore( "inf", "$(ignore_list)" ),
+                action       => uimmediate;
+
+        !bunsen::
+
+            "$(inputs_location)"
+
+                comment      => "all others fetch the promises from the policy master (also the slave)",
+                perms        => u_p( "600" ),
+                copy_from    => remote_copy( "$(master_location)", "$(master_server)" ),
+                depth_search => recurse_ignore( "inf", "$(ignore_list)" ),
+                action       => uimmediate;
+
+    commands:
+
+        bunsen::
+
+           "/bin/sh -c 'cd $(master_location) && svn up >/dev/null 2>&1'"
+
+               comment => "update the master policy files from SVN";
+}
+
+# self-contained functions, must work even if libaries have bugs
+
+# Set permissions
+body perms u_p( p )
+{
+    mode => "$(p)";
+}
+
+# Basic copy function (for local file copies)
+body copy_from mycopy( from, server )
+{
+    source      => "$(from)";
+    compare     => "digest";
+}
+
+# Remote copy function, secure
+body copy_from remote_copy( sourcedir, sourceserver )
+{
+    source      => "$(sourcedir)";   
+    servers     => { "$(sourceserver)" };
+    compare     => "digest";
+    encrypt     => "true";
+    verify      => "true";
+    trustkey    => "true";
+    preserve    => "true";
+}
+
+# Copy if at least 1 minute has elapsed
+body action uimmediate
+{
+    ifelapsed => "1";
+}
+
+body link_from u_ln_s(x)
+{
+    link_type => "symlink";
+    source => "$(x)";
+    when_no_source => "force";
+}