1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
##################################################################
#
# DO NOT EDIT THIS FILE. All policy files prefixed with CFE_ are maintained
# by CFEngine and its original state is required for internal operations of
# CFEngine. If the file has been modified CFEngine’s upgrades may require
# manual intervention. Contact CFEngine support if additional information
# and/or recommendation is needed.
#
##################################################################
##################################################################
#
# cfe_internal_management
# - manage internal CFE functionalities (any:: can be modified)
# - some agent bundles are in CFE_hub_specific.cf
#
##################################################################
bundle agent cfe_internal_management
{
methods:
#
# CFEngine internals
#
am_policy_hub::
"hub" usebundle => cfe_internal_update_folders,
handle => "cfe_internal_management_update_folders",
comment => "Create empty directories for CFE self-upgrade";
am_policy_hub.enterprise::
"hub" usebundle => cfe_internal_webserver("on"),
handle => "cfe_internal_management_web_server",
comment => "Manage Apache Web server (on/off)";
"hub" usebundle => cfe_internal_setup_knowledge,
handle => "cfe_internal_management_setup_knowledge",
comment => "Manage CFE Knowledge Map";
"hub" usebundle => cfe_internal_apache_sudoer,
handle => "cfe_internal_management_apache_sudoer",
comment => "Permit Apache user to run passwordless sudo cf-runagent";
"hub" usebundle => cfe_internal_httpd_related,
handle => "cfe_internal_management_httpd_related",
comment => "To run MP on another TCP port (80 by default)";
"hub" usebundle => cfe_internal_php_runalerts,
handle => "cfe_internal_management_php_runalerts",
comment => "To run PHP runalerts to check bundle status on SQL and Sketch";
# As passive hub is supposed to run read-only PostgreSQL instance
# doing maintenance makes no sense and is not possible at all.
(am_policy_hub.enterprise.!ha_enabled)||(ha_enabled.hub_active)::
"hub" usebundle => cfe_internal_hub_maintain,
handle => "cfe_internal_management_hub_maintain",
comment => "Start the hub maintenance process";
"hub" usebundle => cfe_internal_truncate_events,
handle => "cfe_internal_truncate_events",
comment => "To run CFE truncate to pending";
postgresql_full_maintenance|postgresql_monitoring_maintenance::
"hub" usebundle => cfe_internal_postgresql_maintenance,
handle => "cfe_internal_management_postgresql_maintenance",
comment => "Run vacuumdb to clean up PostgreSQL database";
any::
"any" usebundle => cfe_internal_limit_robot_agents,
handle => "cfe_internal_management_limit_cfe_agents",
comment => "Manage CFE processes";
"any" usebundle => cfe_internal_log_rotation,
handle => "cfe_internal_management_log_rotation",
comment => "Rotate CFEngine logs so we dont fill the disk";
}
##################################################################
#
# cfe_internal_limit_rebot_agents
# - kill CFE processes and restart it when the process grown
#
##################################################################
bundle agent cfe_internal_limit_robot_agents
{
processes:
!windows::
"bin/cf-execd"
process_count => check_execd("1"),
comment => "Check cf-execd process if exceed the number",
handle => "cfe_internal_limit_robot_agents_processes_check_cf_execd";
"bin/cf-monitord"
process_count => check_monitord("1"),
comment => "Check cf-monitord process if exceed the number",
handle => "cfe_internal_limit_robot_agents_processes_check_cf_monitord";
#
# Do not do this for cf-hub because cf-hub may have unlimited processes
#
something_wrong_execd::
"bin/cf-execd"
signals => { "term", "kill" },
restart_class => "restart_execd",
comment => "When cf-execd comes undone then kill all and restart the process",
handle => "cfe_internal_limit_robot_agents_processes_kill_cf_execd";
something_wrong_monitord::
"bin/cf-monitord"
signals => { "term", "kill" },
restart_class => "restart_monitord",
comment => "When cf-monitord comes undone then kill all and restart the process",
handle => "cfe_internal_limit_robot_agents_processes_kill_cf_monitord";
#
commands:
restart_execd::
"$(sys.cf_execd)"
comment => "Restart cf-execd process",
classes => kept_successful_command,
handle => "cfe_internal_limit_robot_agents_commands_restart_cf_execd";
restart_monitord::
"$(sys.cf_monitord)"
comment => "Restart cf-monitord process",
classes => kept_successful_command,
handle => "cfe_internal_limit_robot_agents_commands_restart_cf_monitord";
}
#
body process_count check_execd(n)
{
match_range => "0,$(n)";
out_of_range_define => {"something_wrong_execd"};
}
body process_count check_monitord(n)
{
match_range => "0,$(n)";
out_of_range_define => {"something_wrong_monitord"};
}
##################################################################
#
# cfe_internal_log_rotation
# - Rotate logs and clean up old files so the disk doesnt get full
#
##################################################################
bundle agent cfe_internal_log_rotation
# @brief Manage CFEngine log files so they dont fill up disks
# See def.cf to enable rotation
{
methods:
cfengine_internal_rotate_logs::
# CFEngine generates internal log files that need to be rotated.
# Have a look at def.cf to enable rotation of these files
"rotate_promise_summary" usebundle => logrotate("@(def.cfe_log_files)", "1m", "10"),
comment => "Rotate log files once their size reach 1MB, keep 10 versions";
"rotate_outputs" usebundle => prunedir("@(def.cfe_log_dirs)", "30"),
comment => "Delete outputs/* files older than 30 days";
}
|
