File: failsafe.cf

package info (click to toggle)
cfengine3 3.2.4-2%2Bnmu1
links: PTS, VCS
area: main
in suites: wheezy
size: 8,976 kB
sloc: ansic: 66,527; sh: 11,600; yacc: 407; makefile: 288
file content (255 lines) | stat: -rw-r--r-- 7,134 bytes
###############################################################################
#
#   failsafe.cf - Basic Failsafe Policy for Community
#
###############################################################################

body common control
{
 bundlesequence => { "update" };
 version => "Community Failsafe.cf 1.0.0";
}

#############################################################################

body agent control
{
 ifelapsed => "0";
 skipidentify => "true";
}

#############################################################################

bundle agent update
{
 vars:

   "inputs_dir"         string => translatepath("$(sys.workdir)/inputs"),
                       comment => "Directory containing Cfengine policies",
                        handle => "update_vars_inputs_dir";

   "ppkeys_file"        string => translatepath("$(sys.workdir)/ppkeys/localhost.pub"),
                       comment => "Path to public key file",
                        handle => "update_vars_ppkeys_file";

   "file_check"         string => translatepath("$(inputs_dir)/promises.cf"),
                       comment => "Path to a policy file",
                        handle => "update_vars_file_check";

   "master_location"    string => "/var/cfengine/masterfiles",
                       comment => "The master cfengine policy directory on the policy host",
                        handle => "update_vars_master_location";

#

 classes:

   "have_ppkeys"   expression => fileexists("$(ppkeys_file)"),
                      comment => "Check for /var/cfengine/ppkeys/localhost.pub",
                       handle => "update_classes_have_ppkeys";

   "files_ok"      expression => fileexists("$(file_check)"),
                      comment => "Check for /var/cfengine/masterfiles/promises.cf",
                       handle => "update_classes_files_ok";

#

 processes:

  files_ok::

   "cf-serverd"  restart_class => "start_server",
                       comment => "Monitor cf-serverd process",
                        handle => "update_processes_cf_serverd";

   "cf-monitord" restart_class => "start_monitor",
                       comment => "Monitor cf-monitord process",
                        handle => "update_processes_cf_monitord";

  files_ok.!windows::

   "cf-execd"    restart_class => "start_exec",
                       comment => "Monitor cf-execd process",
                        handle => "update_processes_cf_execd";

#

 commands:

  start_server::

   "$(sys.cf_serverd)"
      comment => "Start cf-serverd process",
       handle => "update_commands_start_cf_serverd";

  start_monitor::

   "$(sys.cf_monitord)"
      comment => "Start cf-monitord process",
       handle => "update_commands_start_cf_monitord";

  !windows.start_exec::

   "$(sys.cf_execd)"
      comment => "Start cf-execd process",
       handle => "update_commands_start_cf_execd_not_windows";

  !have_ppkeys::

   "$(sys.cf_key)",
      comment => "Generate cfengine encryption keys if necessary",
       handle => "update_commands_generate_keys";

#

 files:

  !am_policy_hub::  # policy hub should not alter inputs/ uneccessary

   "$(inputs_dir)/cf_promises_validated"
        comment => "Check whether a validation stamp is available for a new policy update to reduce the distributed load",
         handle => "check_valid_update",
      copy_from => u_dcp("$(master_location)/cf_promises_validated","$(sys.policy_hub)"),
         action => u_immediate,
        classes => u_if_repaired("validated_updates_ready");

  am_policy_hub|validated_updates_ready::  # policy hub should always put masterfiles in inputs in order to check new policy

   "$(inputs_dir)"
           comment => "Copy policy updates from master source on policy server if a new validation was acquired",
            handle => "update_files_inputs_dir",
         copy_from => u_rcp("$(master_location)","$(sys.policy_hub)"),
      depth_search => u_recurse("inf"),
      file_select  => u_input_files,
        depends_on => { "grant_access_policy", "check_valid_update" },
            action => u_immediate,
           classes => u_if_repaired("update_report");

  !windows::

   "$(sys.workdir)/bin"
           comment => "Make sure cfengine binaries have right file permissions",
            handle => "update_files_sys_workdir_bin",
             perms => u_m("755"),
      depth_search => u_recurse_basedir("inf"),
            action => u_immediate;

   "$(sys.workdir)/lib"
           comment => "Make sure cfengine libraries have right file permissions",
            handle => "update_files_sys_workdir_lib",
             perms => u_m("644"),
      depth_search => u_recurse_basedir("inf"),
            action => u_immediate;

   "/usr/local/sbin"
           comment => "Ensure cfengine binaries were copied to /usr/local/sbin",
            handle => "update_files_usr_local_sbin",
             perms => u_m("755"),
         copy_from => u_cp_nobck("$(sys.workdir)/bin"),
       file_select => u_cf3_files,
      depth_search => u_recurse("1"),
            action => u_immediate;

  am_policy_hub::

   "$(master_location)/."
           comment => "Make sure masterfiles folder has right file permissions",
            handle => "update_files_sys_workdir_masterfiles",
             perms => u_m("644"),
      depth_search => u_recurse_basedir("inf"),
            action => u_immediate;
}

#########################################################
# Self-contained bodies from the lib to avoid dependencies
#########################################################

body perms u_m(p)
{
 mode  => "$(p)";
}

#########################################################

body file_select u_cf3_files
{
 leaf_name => { "cf-.*" };
 file_result => "leaf_name";
}

#########################################################

body file_select u_input_files
{
 leaf_name => { ".*.cf",".*.dat",".*.txt" };
 file_result => "leaf_name";
}

#########################################################

body copy_from u_rcp(from,server)
{
 source      => "$(from)";
 compare     => "digest";
 trustkey    => "true";

!am_policy_hub::

 servers => { "$(server)" };
}

#########################################################

body copy_from u_dcp(from,server)
{
 source      => "$(from)";
 compare     => "mtime";
 trustkey    => "true";

!am_policy_hub::

 servers => { "$(server)" };
}

#########################################################

body copy_from u_cp_nobck(from)
{
 source      => "$(from)";
 compare     => "digest";
 copy_backup => "false";
}

#########################################################

body action u_immediate
{
 ifelapsed => "0";
}

#########################################################

body depth_search u_recurse(d)
{
 depth => "$(d)";
 exclude_dirs => { "\.svn" };
}

#########################################################

body depth_search u_recurse_basedir(d)
{
 include_basedir => "true";
 depth => "$(d)";
 exclude_dirs => { "\.svn" };
}

#########################################################

body classes u_if_repaired(x)
{
 promise_repaired => { "$(x)" };
}

#########################################################