# update promises

bundle agent update
{
    vars:

        any::

            "master_server"   string => "phost1.eurospider.com";

            "master_location" string => "/var/cfengine/masterfiles";

            "ignore_list"     slist  => { "\.svn", ".*~" };

        redhat|freebsd::

            "inputs_location" string => "$(sys.workdir)/inputs/.";

        debian::

            "inputs_location" string => "/etc/cfengine3/.";

    files:

        any::

            "$(sys.workdir)/."

                create  => "true",
                perms   => u_p( "0700" ),
                action  => uimmediate;

        redhat|freebsd::

            "$(sys.workdir)/bin/."

                create  => "true",
                perms   => u_p( "0700" ),
                action  => uimmediate;

        debian::

            "$(sys.workdir)/bin/."

                link_from => u_ln_s( "/usr/sbin" ),
                action  => uimmediate;

        any::

            "$(sys.workdir)/ppkeys/."

                perms   => u_p( "0700" ),
                action  => uimmediate;

        redhat|freebsd::

            "$(sys.workdir)/bin"

                comment      => "copy binaries from RPM location",
                perms        => u_p( "700" ),
                copy_from    => mycopy( "/usr/local/sbin", "localhost" ),
                depth_search => recurse( "inf" ),
                action       => uimmediate;

        bunsen::

            "$(inputs_location)"

                comment      => "copy from local masterfiles on master policy server",
                perms        => u_p( "600" ),
                copy_from    => mycopy("$(master_location)","localhost"),
                depth_search => recurse_ignore( "inf", "$(ignore_list)" ),
                action       => uimmediate;

        !bunsen::

            "$(inputs_location)"

                comment      => "all others fetch the promises from the policy master (also the slave)",
                perms        => u_p( "600" ),
                copy_from    => remote_copy( "$(master_location)", "$(master_server)" ),
                depth_search => recurse_ignore( "inf", "$(ignore_list)" ),
                action       => uimmediate;

    commands:

        bunsen::

           "/bin/sh -c 'cd $(master_location) && svn up >/dev/null 2>&1'"

               comment => "update the master policy files from SVN";
}

# self-contained functions, must work even if libaries have bugs

# Set permissions
body perms u_p( p )
{
    mode => "$(p)";
}

# Basic copy function (for local file copies)
body copy_from mycopy( from, server )
{
    source      => "$(from)";
    compare     => "digest";
}

# Remote copy function, secure
body copy_from remote_copy( sourcedir, sourceserver )
{
    source      => "$(sourcedir)";   
    servers     => { "$(sourceserver)" };
    compare     => "digest";
    encrypt     => "true";
    verify      => "true";
    trustkey    => "true";
    preserve    => "true";
}

# Copy if at least 1 minute has elapsed
body action uimmediate
{
    ifelapsed => "1";
}

body link_from u_ln_s(x)
{
    link_type => "symlink";
    source => "$(x)";
    when_no_source => "force";
}