Hello community, here is the log from the commit of package cfengine-masterfiles for openSUSE:Factory checked in at 2014-10-18 09:08:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cfengine-masterfiles (Old) and /work/SRC/openSUSE:Factory/.cfengine-masterfiles.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "cfengine-masterfiles" Changes: -------- --- /work/SRC/openSUSE:Factory/cfengine-masterfiles/cfengine-masterfiles.changes 2014-08-07 12:38:02.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.cfengine-masterfiles.new/cfengine-masterfiles.changes 2014-10-18 09:08:44.000000000 +0200 @@ -1,0 +2,17 @@ +Thu Oct 9 07:21:46 UTC 2014 - kkaempf@suse.com + +- Update to 3.6.2 + Bugfix release + +------------------------------------------------------------------- +Tue Sep 16 12:16:41 UTC 2014 - kkaempf@suse.com + +- Update to 3.6.2-build5 pre-release + +------------------------------------------------------------------- +Thu Aug 7 18:02:29 UTC 2014 - kkaempf@suse.com + +- fix build for SLE 11 + add cfengine-masterfiles-rpmlintrc + +------------------------------------------------------------------- Old: ---- masterfiles-3.6.1.tar.gz New: ---- cfengine-masterfiles-rpmlintrc masterfiles-3.6.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cfengine-masterfiles.spec ++++++ --- /var/tmp/diff_new_pack.uo5bAR/_old 2014-10-18 09:08:45.000000000 +0200 +++ /var/tmp/diff_new_pack.uo5bAR/_new 2014-10-18 09:08:45.000000000 +0200 @@ -26,7 +26,7 @@ Summary: CFEngine promises master files License: MIT and LGPL-3.0+ Group: Productivity/Networking/System -Version: 3.6.1 +Version: 3.6.2 Release: 0 %define srcname masterfiles-%{version} Url: http://www.cfengine.org/ @@ -42,6 +42,11 @@ BuildRequires: automake BuildRequires: findutils BuildRequires: unzip +# wtf? SLE_11 does not honor rpmlintrc +Source1: %{name}-rpmlintrc +%if 0%{?suse_version} <= 1130 +BuildRequires: -post-build-checks +%endif %description Masterfiles are the pristine version of the CFEngine promises. These ++++++ cfengine-masterfiles-rpmlintrc ++++++ addFilter(".* is not allowed anymore in FHS 2.2.");++++++ masterfiles-3.6.1.tar.gz -> masterfiles-3.6.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/cfe_internal/CFE_cfengine.cf new/masterfiles-3.6.2/cfe_internal/CFE_cfengine.cf --- old/masterfiles-3.6.1/cfe_internal/CFE_cfengine.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/cfe_internal/CFE_cfengine.cf 2014-10-01 16:04:11.000000000 +0200 @@ -39,10 +39,6 @@ handle => "cfe_internal_management_setup_knowledge", comment => "Manage CFE Knowledge Map"; - "hub" usebundle => cfe_internal_hub_maintain, - handle => "cfe_internal_management_hub_maintain", - comment => "Start the hub maintenance process"; - "hub" usebundle => cfe_internal_apache_sudoer, handle => "cfe_internal_management_apache_sudoer", comment => "Permit Apache user to run passwordless sudo cf-runagent"; @@ -55,6 +51,13 @@ handle => "cfe_internal_management_php_runalerts", comment => "To run PHP runalerts to check bundle status on SQL and Sketch"; + # As passive hub is supposed to run read-only PostgreSQL instance + # doing maintenance makes no sense and is not possible at all. + (am_policy_hub.enterprise.!ha_enabled)||(ha_enabled.hub_active):: + + "hub" usebundle => cfe_internal_hub_maintain, + handle => "cfe_internal_management_hub_maintain", + comment => "Start the hub maintenance process"; "hub" usebundle => cfe_internal_truncate_events, handle => "cfe_internal_truncate_events", comment => "To run CFE truncate to pending"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/cfe_internal/CFE_hub_specific.cf new/masterfiles-3.6.2/cfe_internal/CFE_hub_specific.cf --- old/masterfiles-3.6.1/cfe_internal/CFE_hub_specific.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/cfe_internal/CFE_hub_specific.cf 2014-10-01 16:04:11.000000000 +0200 @@ -358,7 +358,8 @@ processes: - kill_script:: + # Make sure to kill script on non active hub(s). + kill_script||(ha_enabled.!hub_active):: "$(runalerts_script)" comment => "kill the php runalerts script because it is stale for some reason", @@ -366,7 +367,8 @@ signals => { "term" }, classes => if_repaired("run_script"); - any:: + # Run script only on active hub to not send duplicated alert emails. + !ha_enabled||(ha_enabled.hub_active):: "$(runalerts_script)" comment => "check if the php runalerts script is running or not", @@ -377,7 +379,8 @@ commands: - run_script:: + # Run script only on active hub to not send duplicated alert emails. + (run_script.!ha_enabled)||(run_script.ha_enabled.hub_active):: "$(runalerts_script) > /dev/null < /dev/null 2>&1 &" comment => "to run php alerts script", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/cfe_internal/ha/ha.cf new/masterfiles-3.6.2/cfe_internal/ha/ha.cf --- old/masterfiles-3.6.1/cfe_internal/ha/ha.cf 1970-01-01 01:00:00.000000000 +0100 +++ new/masterfiles-3.6.2/cfe_internal/ha/ha.cf 2014-10-01 16:04:11.000000000 +0200 @@ -0,0 +1,152 @@ +bundle agent ha_main +{ + vars: + ha_enabled:: + "policy_servers" slist => { @(ha_def.ips) }; + "connected_servers" slist => filter("$(sys.policy_hub)", policy_servers, false, true, 10); + + classes: + ha_enabled:: + "ha_master_valid" expression => isvariable("sys.hub_active_ip"); + + methods: + policy_server.enterprise:: + "manage_mp_ha_enabled_file" usebundle => ha_manage_mp_status_file; + + policy_server.ha_enabled:: + "sync_client_keys" usebundle => ha_hub_sync_clients_keys; + "copy_hubs_keys" usebundle => ha_hub_copy_hubs_keys; + + policy_server.ha_enabled.!hub_active:: + "sync_config_data" usebundle => ha_hub_sync_config_data; + + policy_server.keys_staged:: + "establish trust" usebundle => ha_update_staged_ppkeys; + + !policy_server.ha_enabled:: + "Copy hub keys to clients" usebundle => ha_node_sync_hub_keys; + "Write new master IP on hub" usebundle => update_master_ip_server; +} + +# ha_enabled file is used by MP as a first test to figure out if +# HA functionality is switched on or not. Based on existence of this +# file further actions are performed. +bundle agent ha_manage_mp_status_file +{ + files: + policy_server.!ha_enabled:: + "$(sys.workdir)/httpd/htdocs/ha_enabled" + delete => tidy; + + policy_server.ha_enabled:: + "$(sys.workdir)/httpd/htdocs/ha_enabled" + create => "true", + perms => mog("0644",$(def.cf_apache_user),$(def.cf_apache_group)); +} + +bundle agent ha_hub_sync_config_data +{ + files: + "$(sys.workdir)/httpd/htdocs/application/config/cf_robot.php" + copy_from => no_backup_scp("$(sys.workdir)/httpd/htdocs/application/config/cf_robot.php", $(sys.hub_active_ip)), + comment => "Synchronize cf_robot configuration", + handle => "ha_sync_robot_config"; + + "$(sys.workdir)/share/GUI/application/config/appsettings.php" + copy_from => no_backup_scp("$(sys.workdir)/share/GUI/application/config/appsettings.php", $(sys.hub_active_ip)), + comment => "Synchronize appsetings configuration", + handle => "ha_sync_appsettings_config"; + + "/opt/cfengine/notification_scripts" + copy_from => no_backup_scp("/opt/cfengine/notification_scripts", $(sys.hub_active_ip)), + comment => "Copy MP notification scripts", + handle => "ha_copy_notification_scripts", + depth_search => recurse("1"); +} + +bundle agent ha_hub_copy_hubs_keys +{ + files: + "$(ha_def.ppkeys_hubs)" + copy_from => no_backup_cp("$(sys.workdir)/ppkeys"), + file_select => hubs_keys_select, + comment => "Copy all hubs keys to directory accessible by clients", + handle => "ha_copy_hubs_keys", + depth_search => recurse("1"), + classes => if_repaired("hubs_keys_staged"); +} + + +bundle agent update_master_ip_server +{ + files: + !policy_server:: + "$(sys.workdir)/policy_server.dat" + copy_from => u_rcp("$(sys.workdir)/state/master_hub.dat", @(def.policy_servers)), + comment => "Update master hub IP on CFEngine node", + handle => "ha_cfengine_node_update_master"; +} + +bundle agent ha_hub_sync_clients_keys +{ + vars: + "exclude_files" slist => {"localhost.priv", "localhost.pub", @(ha_def.hub_shas)}; + files: + "$(ha_def.ppkeys_staging)" + copy_from => no_backup_scp("$(sys.workdir)/ppkeys", @(ha_main.connected_servers)), + file_select => ex_list(@(exclude_files)), + comment => "Distribute all client keys between replica set servers", + handle => "ha_copy_client_keys_between_replica_set_servers", + depth_search => recurse("1"), + classes => if_repaired("keys_staged"); +} + +bundle agent ha_update_staged_ppkeys +{ + files: + "$(sys.workdir)/ppkeys" + copy_from => no_backup_cp("$(ha_def.ppkeys_staging)"), + file_select => plain, + comment => "Copy staged client keys to ppkeys", + handle => "ha_copy_staged_client_keys", + depth_search => recurse("1"), + classes => if_repaired("ppkeys_updated"); +} + +bundle agent ha_node_sync_hub_keys +{ + files: + !policy_server:: + "$(sys.workdir)/ppkeys" + copy_from => no_backup_scp("$(ha_def.ppkeys_hubs)", @(def.policy_servers)), + file_select => hub_all_keys, + depth_search => u_recurse("inf"), + comment => "Distribute all hub keys to clients", + handle => "ha_copy_hub_keys_to_nodes", + classes => if_repaired("keys_copied_clients"); +} + +body file_select hub_all_keys +{ + leaf_name => {".*.pub"}; + file_result => "leaf_name"; +} + +body file_select hubs_keys_select +{ + search_size => irange("426", "426"); + leaf_name => {escape("root-SHA=$(ha_def.config[$(ha_main.connected_servers)][sha]).pub")}; + file_result => "leaf_name"; +} + + +body copy_from no_backup_scp(from,server) +{ + servers => { "$(server)" }; + source => "$(from)"; + compare => "digest"; + copy_backup => "false"; + encrypt => "true"; + trustkey => "true"; +} + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/cfe_internal/ha/ha_def.cf new/masterfiles-3.6.2/cfe_internal/ha/ha_def.cf --- old/masterfiles-3.6.1/cfe_internal/ha/ha_def.cf 1970-01-01 01:00:00.000000000 +0100 +++ new/masterfiles-3.6.2/cfe_internal/ha/ha_def.cf 2014-10-01 16:04:11.000000000 +0200 @@ -0,0 +1,32 @@ +bundle common ha_def +{ + classes: + any:: + "ha_enabled" expression => "!any"; + #"ha_enabled" expression => "enterprise"; + + vars: + ha_enabled:: + "config_file" string => "$(this.promise_dirname)/ha_info.json"; + "ppkeys_staging" string => "$(sys.workdir)/ppkeys_staging"; + "ppkeys_hubs" string => "$(sys.workdir)/ppkeys_hubs"; + + "config" data => readjson("$(config_file)", "4k"); + + "ips" slist => getindices("config"); + + "hub_sha[$(ips)]" + string => escape("root-SHA=$(config[$(ips)][sha]).pub"), + comment => "We need to construct an intermediary array so that we can + extract a combined list of all hub keys."; + + "hub_shas" + slist => getvalues("hub_sha"), + comment => "We use the list of hub key files for restricting clients access only to those"; + + reports: + verbose_mode:: + "HA hub $(ips) $(config[$(ips)][sha])"; +} + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/cfe_internal/ha/ha_info.json new/masterfiles-3.6.2/cfe_internal/ha/ha_info.json --- old/masterfiles-3.6.1/cfe_internal/ha/ha_info.json 1970-01-01 01:00:00.000000000 +0100 +++ new/masterfiles-3.6.2/cfe_internal/ha/ha_info.json 2014-10-01 16:04:11.000000000 +0200 @@ -0,0 +1,15 @@ +{ + "192.168.100.10": + { + "sha": "3e9df4ec8c9826eaa2c397f99eeae22e0a35a22307474d56f7fdedadff7dd485", + "internal_ip": "192.168.100.10", + "tags": ["node1"] + }, + "192.168.100.11": + { + "sha": "37baa6f2f18a907131dadbf3e255d4ed0eda2f403e2123bab2c5f82f7ac8cd79", + "internal_ip": "192.168.100.11", + "tags": ["node2"] + } +} + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/cfe_internal/host_info_report.cf new/masterfiles-3.6.2/cfe_internal/host_info_report.cf --- old/masterfiles-3.6.1/cfe_internal/host_info_report.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/cfe_internal/host_info_report.cf 2014-10-01 16:04:11.000000000 +0200 @@ -140,7 +140,7 @@ reports: host_info_report_output_repaired:: - "Host info report generated and avilable at '$(host_info_report.host_info_report_output)'"; + "Host info report generated and available at '$(host_info_report.host_info_report_output)'"; host_info_report_output_not_ok:: "There was a problem generating your host info report at '$(host_info_report.host_info_report_output)'"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/controls/cf_serverd.cf new/masterfiles-3.6.2/controls/cf_serverd.cf --- old/masterfiles-3.6.1/controls/cf_serverd.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/controls/cf_serverd.cf 2014-10-01 16:04:11.000000000 +0200 @@ -92,34 +92,76 @@ comment => "Grant access to plugins directory", admit => { @(def.acl) }; + !windows:: "$(def.cf_runagent_shell)" handle => "server_access_grant_access_shell_cmd", comment => "Grant access to shell for cfruncommand", - admit => { "$(sys.policy_hub)" }; + admit => { @(def.policy_servers) }; + + policy_server.ha_enabled:: + "$(sys.workdir)/ppkeys" + handle => "server_access_grant_access_ppkeys_hubs", + comment => "Grant access to ppkeys for HA hubs", + admit => { @(def.policy_servers) }; + + # Allow slave hub to synchronize cf_robot and appsettings content. + # Files are containing configuration that must be the same on all hubs. + "$(sys.workdir)/httpd/htdocs/application/config/cf_robot.php" + handle => "server_access_grant_access_cf_robot", + comment => "Grant access to cf_robot file for HA hubs", + admit => { @(def.policy_servers) }; + + "$(sys.workdir)/share/GUI/application/config/appsettings.php" + handle => "server_access_grant_access_appsettings", + comment => "Grant access to appsettings for HA hubs", + admit => { @(def.policy_servers) }; + + # Allow access to notification_scripts directory so passive hub + # will be able to synchronize its content. Once passive hub will + # be promoted to act as a master all the custom scripts will be + # accessible. + "/opt/cfengine/notification_scripts" + handle => "server_access_grant_access_notification scripts", + comment => "Grant access tonotification scripts", + admit => { @(def.policy_servers) }; + + # When HA is enabled clients are updating active hub IP address + # using data stored in master_hub.dat file. + "$(sys.workdir)/state/master_hub.dat" + handle => "server_access_grant_access_policy_server_dat", + comment => "Grant access to policy_server.dat", + admit => { @(def.acl) }; + + # Hubs keys working in HA configuration are stored in ppkeys_hubs directory. + # In order to perform failover while active hub is down clients needs to + # have all hubs keys. This gives ability to connect to slave hub promoted to active role + # once active is down. + "$(sys.workdir)/ppkeys_hubs" + handle => "server_access_grant_access_to_clients", + comment => "Grant access to hubs' keys to clients", + admit => { @(def.acl) }; windows:: "c:\program files\cfengine\bin\cf-agent.exe" handle => "server_access_grant_access_agent", comment => "Grant access to the agent (for cf-runagent)", - admit => { @(def.acl) }; + admit => { @(def.policy_servers) }; !policy_server.enterprise:: - "$(query_types)" handle => "server_access_grant_$(query_types)_for_hosts", comment => "Grant $(query_types) reporting query for the hub on the hosts", resource_type => "query", report_data_select => default_data_select_host, - admit => { "$(sys.policy_hub)" }; + admit => { @(def.policy_servers) }; policy_server.enterprise:: - "$(query_types)" handle => "server_access_grant_$(query_types)_for_hub", comment => "Grant $(query_types) reporting query for the hub on the policy server", resource_type => "query", report_data_select => default_data_select_policy_hub, - admit => { "$(sys.policy_hub)" }; + admit => { @(def.policy_servers) }; roles: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/def.cf new/masterfiles-3.6.2/def.cf --- old/masterfiles-3.6.1/def.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/def.cf 2014-10-01 16:04:11.000000000 +0200 @@ -152,6 +152,15 @@ "$(sys.workdir)/reports", }; + # ha_enabled is defined in WORKDIR/cfe_internal/ha/ha_def.cf + # Disabled by default + + ha_enabled:: + "policy_servers" slist => {"$(sys.policy_hub)", @(ha_def.ips)}; + + !ha_enabled:: + "policy_servers" slist => {"$(sys.policy_hub)"}; + classes: ### Enable special features policies. Set to "any" to enable. @@ -193,6 +202,11 @@ # sketch activations on a host. "cfengine_internal_sudoers_editing_enable" expression => "!any"; + # Class defining which versions of cfengine are (not) supported + # by this policy version. + # Also note that this policy will only be run on enterprise policy_server + "postgresql_maintenance_supported" expression => "(policy_server.enterprise.!cfengine_3_5.!ha_enabled)|(policy_server.enterprise.ha_enabled.hub_active)"; + # This class is for PosgreSQL maintenance # pre-defined to every Sunday at 2 a.m. # This can be changed later on. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/inventory/any.cf new/masterfiles-3.6.2/inventory/any.cf --- old/masterfiles-3.6.1/inventory/any.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/inventory/any.cf 2014-10-01 16:04:11.000000000 +0200 @@ -63,7 +63,7 @@ # default, as it runs instantly and has no side effects. { vars: - "ports" slist => { @(mon.listening_ports) }, + "ports" slist => sort( "mon.listening_ports", "int"), meta => { "inventory", "attribute_name=Ports listening" }; } @@ -324,14 +324,45 @@ "useshell"), meta => { "inventory", "attribute_name=$(dmidefs[$(dmivars)])" }; + windows:: + "dmi[bios-vendor]" string => $(bios_array[1]), + meta => { "inventory", "attribute_name=BIOS vendor" }; + + "dmi[system-serial-number]" string => $(bios_array[2]), + meta => { "inventory", "attribute_name=System serial number" }; + + "dmi[bios-version]" string => $(bios_array[3]), + meta => { "inventory", "attribute_name=BIOS version" }; + + "dmi[system-version]" string => $(bios_array[4]), + meta => { "inventory", "attribute_name=System version" }; + + "dmi[processor-version]" string => $(processor_array[1]), + meta => { "inventory", "attribute_name=CPU model" }; + + "split_pscomputername" + slist => string_split($(system_array[1]), "PSComputerName\s.*", 2), + comment => "Work around weird appearance of PSComputerName into System manufacturer"; - - "_canonified_var[$(dmivars)]" string => canonify($(dmivars)); - "_canonified[$(dmivars)]" string => canonify("$(dmi[$(dmivars)])"); + "dmi[system-manufacturer]" string => nth(split_pscomputername, 0), + meta => { "inventory", "attribute_name=System manufacturer" }; classes: "have_dmidecode" expression => fileexists($(inventory_control.dmidecoder)); + windows:: + "bios_match" expression => regextract(".*Manufacturer\s+:\s([a-zA-Z0-9 ]+)\n.*SerialNumber\W+([a-zA-Z0-9 ]+).*SMBIOSBIOSVersion\W+([a-zA-Z0-9 ]+).*Version\W+([a-zA-Z0-9 -]+)", + execresult("gwmi -query 'SELECT SMBIOSBIOSVersion, Manufacturer, SerialNumber, Version FROM WIN32_BIOS'", "powershell"), + "bios_array"); + + "processor_match" expression => regextract(".*Name\W+(.*)", + execresult("gwmi -query 'SELECT Name FROM WIN32_PROCESSOR'", "powershell"), + "processor_array"); + + "system_match" expression => regextract(".*Manufacturer\W+(.*)", + execresult("gwmi -query 'SELECT Manufacturer FROM WIN32_COMPUTERSYSTEM'", "powershell"), + "system_array"); + reports: inform_mode:: "$(this.bundle): Obtained $(dmidefs[$(dmivars)]) = '$(dmi[$(dmivars)])'"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/inventory/lsb.cf new/masterfiles-3.6.2/inventory/lsb.cf --- old/masterfiles-3.6.1/inventory/lsb.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/inventory/lsb.cf 2014-10-01 16:04:11.000000000 +0200 @@ -6,7 +6,8 @@ classes: "have_lsb" expression => fileexists($(lsb_exec)); - "_inventory_lsb_found" expression => regcmp("^[1-9][0-9]*$", $(dim)); + "_inventory_lsb_found" expression => regcmp("^[1-9][0-9]*$", $(dim)), + scope => "namespace"; _inventory_lsb_found:: "lsb_$(os)" expression => "any", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/inventory/os.cf new/masterfiles-3.6.2/inventory/os.cf --- old/masterfiles-3.6.1/inventory/os.cf 1970-01-01 01:00:00.000000000 +0100 +++ new/masterfiles-3.6.2/inventory/os.cf 2014-10-01 16:04:11.000000000 +0200 @@ -0,0 +1,17 @@ +bundle common inventory_os +{ +vars: + +_inventory_lsb_found:: + "description" string => "$(inventory_lsb.os) $(inventory_lsb.release)", + meta => { "inventory", "attribute_name=OS" }; + +!_inventory_lsb_found.windows:: + "description" string => "$(sys.release)", + meta => { "inventory", "attribute_name=OS" }; + +!_inventory_lsb_found.!windows:: + "description" string => "$(sys.flavor) (LSB missing)", + meta => { "inventory", "attribute_name=OS" }; + +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/lib/3.5/common.cf new/masterfiles-3.6.2/lib/3.5/common.cf --- old/masterfiles-3.6.1/lib/3.5/common.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/lib/3.5/common.cf 2014-10-01 16:04:11.000000000 +0200 @@ -213,9 +213,9 @@ # Define x prefixed/suffixed with promise outcome { promise_repaired => { "promise_repaired_$(x)", "$(x)_repaired", "$(x)_ok", "$(x)_reached" }; - repair_failed => { "repair_failed_$(x)", "$(x)_failed", "$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; - repair_denied => { "repair_denied_$(x)", "$(x)_denied", "$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; - repair_timeout => { "repair_timeout_$(x)", "$(x)_timeout", "$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; + repair_failed => { "repair_failed_$(x)", "$(x)_failed", "$(x)_not_ok", "$(x)_error", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; + repair_denied => { "repair_denied_$(x)", "$(x)_denied", "$(x)_not_ok", "$(x)_error", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; + repair_timeout => { "repair_timeout_$(x)", "$(x)_timeout", "$(x)_not_ok", "$(x)_error", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; promise_kept => { "promise_kept_$(x)", "$(x)_kept", "$(x)_ok", "$(x)_not_repaired", "$(x)_reached" }; } @@ -224,9 +224,9 @@ { scope => "$(scope)"; promise_repaired => { "promise_repaired_$(x)", "$(x)_repaired", "$(x)_ok", "$(x)_reached" }; - repair_failed => { "repair_failed_$(x)", "$(x)_failed", "$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; - repair_denied => { "repair_denied_$(x)", "$(x)_denied", "$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; - repair_timeout => { "repair_timeout_$(x)", "$(x)_timeout", "$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; + repair_failed => { "repair_failed_$(x)", "$(x)_failed", "$(x)_not_ok", "$(x)_error", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; + repair_denied => { "repair_denied_$(x)", "$(x)_denied", "$(x)_not_ok", "$(x)_error", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; + repair_timeout => { "repair_timeout_$(x)", "$(x)_timeout", "$(x)_not_ok", "$(x)_error", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; promise_kept => { "promise_kept_$(x)", "$(x)_kept", "$(x)_ok", "$(x)_not_repaired", "$(x)_reached" }; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/lib/3.5/packages.cf new/masterfiles-3.6.2/lib/3.5/packages.cf --- old/masterfiles-3.6.1/lib/3.5/packages.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/lib/3.5/packages.cf 2014-10-01 16:04:11.000000000 +0200 @@ -1016,8 +1016,8 @@ { package_changes => "bulk"; package_list_command => "/opt/local/bin/pkgin list"; - package_list_name_regex => "(.*)\-[0-9]+.*"; - package_list_version_regex => ".*\-([0-9][^\s]+).*"; + package_list_name_regex => "([^\s]+)\-[0-9]+.*\s"; + package_list_version_regex => "[^\s]+\-([0-9][^\s]+)\s"; package_installed_regex => ".*"; # all reported are installed @@ -1027,10 +1027,10 @@ package_add_command => "/opt/local/bin/pkgin -y install"; package_delete_command => "/opt/local/bin/pkgin -y remove"; - + # pkgin update doesn't do what you think it does. pkgin install against and # already installed package will upgrade it however. - + package_update_command => "/opt/local/bin/pkgin -y install"; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/lib/3.5/paths.cf new/masterfiles-3.6.2/lib/3.5/paths.cf --- old/masterfiles-3.6.1/lib/3.5/paths.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/lib/3.5/paths.cf 2014-10-01 16:04:11.000000000 +0200 @@ -103,6 +103,7 @@ "path[dmidecode]" string => "/usr/bin/dmidecode"; "path[echo]" string => "/usr/bin/echo"; "path[egrep]" string => "/usr/bin/egrep"; + "path[ethtool]" string => "/usr/bin/ethtool"; "path[find]" string => "/usr/bin/find"; "path[free]" string => "/usr/bin/free"; "path[grep]" string => "/usr/bin/grep"; @@ -184,6 +185,10 @@ "path[sort]" string => "/usr/bin/sort"; "path[tr]" string => "/usr/bin/tr"; + smartos:: + "path[npm]" string => "/opt/local/bin/npm"; + "path[pip]" string => "/opt/local/bin/pip"; + solaris:: "path[awk]" string => "/usr/bin/awk"; @@ -243,6 +248,7 @@ "path[domainname]" string => "/bin/domainname"; "path[echo]" string => "/bin/echo"; "path[egrep]" string => "/bin/egrep"; + "path[ethtool]" string => "/usr/sbin/ethtool"; "path[find]" string => "/usr/bin/find"; "path[grep]" string => "/bin/grep"; "path[hostname]" string => "/bin/hostname"; @@ -330,6 +336,7 @@ "path[domainname]" string => "/bin/domainname"; "path[echo]" string => "/bin/echo"; "path[egrep]" string => "/bin/egrep"; + "path[ethtool]" string => "/sbin/ethtool"; "path[find]" string => "/usr/bin/find"; "path[grep]" string => "/bin/grep"; "path[hostname]" string => "/bin/hostname"; @@ -396,6 +403,7 @@ "path[domainname]" string => "/bin/domainname"; "path[echo]" string => "/bin/echo"; "path[egrep]" string => "/usr/bin/egrep"; + "path[ethtool]" string => "/usr/sbin/ethtool"; "path[find]" string => "/usr/bin/find"; "path[free]" string => "/usr/bin/free"; "path[grep]" string => "/usr/bin/grep"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/lib/3.6/cfe_internal.cf new/masterfiles-3.6.2/lib/3.6/cfe_internal.cf --- old/masterfiles-3.6.1/lib/3.6/cfe_internal.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/lib/3.6/cfe_internal.cf 2014-10-01 16:04:11.000000000 +0200 @@ -127,7 +127,7 @@ }, { "report": "diagnostics", - "table": "__Diagnostics", + "table": "Diagnostics", "history_length_days": 1, "time_key": "TimeStamp" } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/lib/3.6/common.cf new/masterfiles-3.6.2/lib/3.6/common.cf --- old/masterfiles-3.6.1/lib/3.6/common.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/lib/3.6/common.cf 2014-10-01 16:04:11.000000000 +0200 @@ -257,9 +257,9 @@ # @param x The unique part of the classes to be defined { promise_repaired => { "promise_repaired_$(x)", "$(x)_repaired", "$(x)_ok", "$(x)_reached" }; - repair_failed => { "repair_failed_$(x)", "$(x)_failed", "$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; - repair_denied => { "repair_denied_$(x)", "$(x)_denied", "$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; - repair_timeout => { "repair_timeout_$(x)", "$(x)_timeout", "$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; + repair_failed => { "repair_failed_$(x)", "$(x)_failed", "$(x)_not_ok", "$(x)_error", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; + repair_denied => { "repair_denied_$(x)", "$(x)_denied", "$(x)_not_ok", "$(x)_error", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; + repair_timeout => { "repair_timeout_$(x)", "$(x)_timeout", "$(x)_not_ok", "$(x)_error","$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; promise_kept => { "promise_kept_$(x)", "$(x)_kept", "$(x)_ok", "$(x)_not_repaired", "$(x)_reached" }; } @@ -273,9 +273,9 @@ { scope => "$(scope)"; promise_repaired => { "promise_repaired_$(x)", "$(x)_repaired", "$(x)_ok", "$(x)_reached" }; - repair_failed => { "repair_failed_$(x)", "$(x)_failed", "$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; - repair_denied => { "repair_denied_$(x)", "$(x)_denied", "$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; - repair_timeout => { "repair_timeout_$(x)", "$(x)_timeout", "$(x)_not_ok", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; + repair_failed => { "repair_failed_$(x)", "$(x)_failed", "$(x)_not_ok", "$(x)_error", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; + repair_denied => { "repair_denied_$(x)", "$(x)_denied", "$(x)_not_ok", "$(x)_error", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; + repair_timeout => { "repair_timeout_$(x)", "$(x)_timeout", "$(x)_not_ok", "$(x)_error", "$(x)_not_kept", "$(x)_not_repaired", "$(x)_reached" }; promise_kept => { "promise_kept_$(x)", "$(x)_kept", "$(x)_ok", "$(x)_not_repaired", "$(x)_reached" }; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/lib/3.6/files.cf new/masterfiles-3.6.2/lib/3.6/files.cf --- old/masterfiles-3.6.1/lib/3.6/files.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/lib/3.6/files.cf 2014-10-01 16:04:11.000000000 +0200 @@ -1348,6 +1348,17 @@ preserve => "true"; } +body copy_from perms_dcp(from) +# @brief Copy a local file if it is different from the existing copy and +# preserve file permissions on the local copy. +# +# @param from The path to the source file. +{ + source => "$(from)"; + preserve => "true"; + compare => "digest"; +} + body copy_from backup_local_cp(from) # @brief Copy a local file and keep a backup of old versions. # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/lib/3.6/packages.cf new/masterfiles-3.6.2/lib/3.6/packages.cf --- old/masterfiles-3.6.1/lib/3.6/packages.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/lib/3.6/packages.cf 2014-10-01 16:04:11.000000000 +0200 @@ -1195,8 +1195,8 @@ { package_changes => "bulk"; package_list_command => "/opt/local/bin/pkgin list"; - package_list_name_regex => "(.*)\-[0-9]+.*"; - package_list_version_regex => ".*\-([0-9][^\s]+).*"; + package_list_name_regex => "([^\s]+)\-[0-9]+.*\s"; + package_list_version_regex => "[^\s]+\-([0-9][^\s]+)\s"; package_installed_regex => ".*"; # all reported are installed @@ -1206,10 +1206,10 @@ package_add_command => "/opt/local/bin/pkgin -y install"; package_delete_command => "/opt/local/bin/pkgin -y remove"; - + # pkgin update doesn't do what you think it does. pkgin install against and # already installed package will upgrade it however. - + package_update_command => "/opt/local/bin/pkgin -y install"; } @@ -1832,19 +1832,19 @@ debian:: "$(package)" package_policy => "addupdate", - package_version => "9999999999", + package_version => "999999999", package_method => apt_get_permissive; redhat:: "$(package)" package_policy => "addupdate", - package_version => "9999999999", + package_version => "999999999", package_method => yum_rpm_permissive; suse:: "$(package)" package_policy => "addupdate", - package_version => "9999999999", + package_version => "999999999", package_method => zypper; !debian.!redhat.!suse:: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/lib/3.6/paths.cf new/masterfiles-3.6.2/lib/3.6/paths.cf --- old/masterfiles-3.6.1/lib/3.6/paths.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/lib/3.6/paths.cf 2014-10-01 16:04:11.000000000 +0200 @@ -141,6 +141,7 @@ "path[dmidecode]" string => "/usr/bin/dmidecode"; "path[echo]" string => "/usr/bin/echo"; "path[egrep]" string => "/usr/bin/egrep"; + "path[ethtool]" string => "/usr/bin/ethtool"; "path[find]" string => "/usr/bin/find"; "path[free]" string => "/usr/bin/free"; "path[grep]" string => "/usr/bin/grep"; @@ -170,12 +171,11 @@ "path[journalctl]" string => "/usr/bin/journalctl"; "path[netctl]" string => "/usr/bin/netctl"; - freebsd|netbsd:: + freebsd|netbsd|openbsd:: "path[awk]" string => "/usr/bin/awk"; "path[bc]" string => "/usr/bin/bc"; "path[cat]" string => "/bin/cat"; - "path[cksum]" string => "/usr/bin/cksum"; "path[crontabs]" string => "/var/cron/tabs"; "path[cut]" string => "/usr/bin/cut"; "path[dc]" string => "/usr/bin/dc"; @@ -194,32 +194,19 @@ "path[sed]" string => "/usr/bin/sed"; "path[sort]" string => "/usr/bin/sort"; "path[tr]" string => "/usr/bin/tr"; + + freebsd|netbsd:: + + "path[cksum]" string => "/usr/bin/cksum"; "path[realpath]" string => "/bin/realpath"; openbsd:: - "path[awk]" string => "/usr/bin/awk"; - "path[bc]" string => "/usr/bin/bc"; - "path[cat]" string => "/bin/cat"; "path[cksum]" string => "/bin/cksum"; - "path[crontabs]" string => "/var/cron/tabs"; - "path[cut]" string => "/usr/bin/cut"; - "path[dc]" string => "/usr/bin/dc"; - "path[df]" string => "/bin/df"; - "path[diff]" string => "/usr/bin/diff"; - "path[dig]" string => "/usr/sbin/dig"; - "path[echo]" string => "/bin/echo"; - "path[egrep]" string => "/usr/bin/egrep"; - "path[find]" string => "/usr/bin/find"; - "path[grep]" string => "/usr/bin/grep"; - "path[ls]" string => "/bin/ls"; - "path[netstat]" string => "/usr/bin/netstat"; - "path[ping]" string => "/usr/bin/ping"; - "path[perl]" string => "/usr/bin/perl"; - "path[printf]" string => "/usr/bin/printf"; - "path[sed]" string => "/usr/bin/sed"; - "path[sort]" string => "/usr/bin/sort"; - "path[tr]" string => "/usr/bin/tr"; + + smartos:: + "path[npm]" string => "/opt/local/bin/npm"; + "path[pip]" string => "/opt/local/bin/pip"; solaris:: @@ -280,6 +267,7 @@ "path[domainname]" string => "/bin/domainname"; "path[echo]" string => "/bin/echo"; "path[egrep]" string => "/bin/egrep"; + "path[ethtool]" string => "/usr/sbin/ethtool"; "path[find]" string => "/usr/bin/find"; "path[grep]" string => "/bin/grep"; "path[hostname]" string => "/bin/hostname"; @@ -367,6 +355,7 @@ "path[domainname]" string => "/bin/domainname"; "path[echo]" string => "/bin/echo"; "path[egrep]" string => "/bin/egrep"; + "path[ethtool]" string => "/sbin/ethtool"; "path[find]" string => "/usr/bin/find"; "path[grep]" string => "/bin/grep"; "path[hostname]" string => "/bin/hostname"; @@ -412,7 +401,7 @@ "path[sysctl]" string => "/sbin/sysctl"; !suse:: - "path[logger]" string => "/usr/bin/logger"; + "path[logger]" string => "/usr/bin/logger"; suse:: @@ -433,6 +422,7 @@ "path[domainname]" string => "/bin/domainname"; "path[echo]" string => "/bin/echo"; "path[egrep]" string => "/usr/bin/egrep"; + "path[ethtool]" string => "/usr/sbin/ethtool"; "path[find]" string => "/usr/bin/find"; "path[free]" string => "/usr/bin/free"; "path[grep]" string => "/usr/bin/grep"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/lib/3.6/reports.cf new/masterfiles-3.6.2/lib/3.6/reports.cf --- old/masterfiles-3.6.1/lib/3.6/reports.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/lib/3.6/reports.cf 2014-10-01 16:04:11.000000000 +0200 @@ -56,9 +56,7 @@ { metatags_include => { "inventory", "report" }; metatags_exclude => { "noreport" }; - monitoring_include => { "cpu", - "loadavg", - "diskfree" }; + monitoring_include => { "" }; } body report_data_select default_data_select_policy_hub @@ -70,5 +68,5 @@ { metatags_include => { "inventory", "report" }; metatags_exclude => { "noreport" }; - + monitoring_include => { "" }; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/promises.cf new/masterfiles-3.6.2/promises.cf --- old/masterfiles-3.6.1/promises.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/promises.cf 2014-10-01 16:04:11.000000000 +0200 @@ -12,6 +12,7 @@ # Common bundle first (Best Practice) inventory_control, @(inventory.bundles), + ha_def, def, cfe_internal_hub_vars, @@ -25,11 +26,13 @@ # Agent bundle cfe_internal_management, # See cfe_internal/CFE_cfengine.cf service_catalogue, + ha_main, }; inputs => { # File definition for global variables and classes + "cfe_internal/ha/ha_def.cf", "def.cf", # Inventory policy @@ -66,10 +69,11 @@ # List of services here "services/file_change.cf", + "cfe_internal/ha/ha.cf" }; - version => "CFEngine Promises.cf 3.6.0"; + version => "CFEngine Promises.cf 3.6.2"; # Uncomment to connect to the hub using latest protocol. #protocol_version => "latest"; @@ -97,26 +101,26 @@ vars: # This list is intended to grow as needed !(cfengine_3_4|cfengine_3_5).debian:: - "inputs" slist => { "inventory/any.cf", "inventory/linux.cf", "inventory/lsb.cf", "inventory/debian.cf" }; - "bundles" slist => { "inventory_control", "inventory_any", "inventory_autorun", "inventory_linux", "inventory_lsb", "inventory_debian" }; + "inputs" slist => { "inventory/any.cf", "inventory/linux.cf", "inventory/lsb.cf", "inventory/debian.cf", "inventory/os.cf" }; + "bundles" slist => { "inventory_control", "inventory_any", "inventory_autorun", "inventory_linux", "inventory_lsb", "inventory_debian", "inventory_os" }; !(cfengine_3_4|cfengine_3_5).redhat:: - "inputs" slist => { "inventory/any.cf", "inventory/linux.cf", "inventory/lsb.cf", "inventory/redhat.cf" }; - "bundles" slist => { "inventory_control", "inventory_any", "inventory_autorun", "inventory_linux", "inventory_lsb", "inventory_redhat" }; + "inputs" slist => { "inventory/any.cf", "inventory/linux.cf", "inventory/lsb.cf", "inventory/redhat.cf", "inventory/os.cf" }; + "bundles" slist => { "inventory_control", "inventory_any", "inventory_autorun", "inventory_linux", "inventory_lsb", "inventory_redhat", "inventory_os" }; !(cfengine_3_4|cfengine_3_5).suse:: - "inputs" slist => { "inventory/any.cf", "inventory/linux.cf", "inventory/lsb.cf", "inventory/suse.cf" }; - "bundles" slist => { "inventory_control", "inventory_any", "inventory_autorun", "inventory_linux", "inventory_lsb", "inventory_suse" }; + "inputs" slist => { "inventory/any.cf", "inventory/linux.cf", "inventory/lsb.cf", "inventory/suse.cf", "inventory/os.cf" }; + "bundles" slist => { "inventory_control", "inventory_any", "inventory_autorun", "inventory_linux", "inventory_lsb", "inventory_suse", "inventory_os" }; !(cfengine_3_4|cfengine_3_5).windows:: - "inputs" slist => { "inventory/any.cf", "inventory/windows.cf" }; - "bundles" slist => { "inventory_control", "inventory_any", "inventory_autorun", "inventory_windows" }; + "inputs" slist => { "inventory/any.cf", "inventory/windows.cf", "inventory/os.cf" }; + "bundles" slist => { "inventory_control", "inventory_any", "inventory_autorun", "inventory_windows", "inventory_os" }; !(cfengine_3_4|cfengine_3_5).macos:: - "inputs" slist => { "inventory/any.cf", "inventory/macos.cf" }; - "bundles" slist => { "inventory_control", "inventory_any", "inventory_autorun", "inventory_macos" }; + "inputs" slist => { "inventory/any.cf", "inventory/macos.cf", "inventory/os.cf" }; + "bundles" slist => { "inventory_control", "inventory_any", "inventory_autorun", "inventory_macos", "inventory_os" }; !(cfengine_3_4|cfengine_3_5).linux.!specific_linux_os:: - "inputs" slist => { "inventory/any.cf", "inventory/linux.cf", "inventory/lsb.cf" }; - "bundles" slist => { "inventory_control", "inventory_any", "inventory_autorun", "inventory_linux", "inventory_lsb" }; + "inputs" slist => { "inventory/any.cf", "inventory/linux.cf", "inventory/lsb.cf", "inventory/os.cf" }; + "bundles" slist => { "inventory_control", "inventory_any", "inventory_autorun", "inventory_linux", "inventory_lsb", "inventory_os" }; !cfengine_3_5.other_unix_os:: - "inputs" slist => { "inventory/any.cf", "inventory/generic.cf" }; - "bundles" slist => { "inventory_control", "inventory_any", "inventory_autorun", "inventory_generic" }; + "inputs" slist => { "inventory/any.cf", "inventory/generic.cf", "inventory/os.cf" }; + "bundles" slist => { "inventory_control", "inventory_any", "inventory_autorun", "inventory_generic", "inventory_os" }; (cfengine_3_4|cfengine_3_5):: "inputs" slist => { cf_null }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/update/update_bins.cf new/masterfiles-3.6.2/update/update_bins.cf --- old/masterfiles-3.6.1/update/update_bins.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/update/update_bins.cf 2014-10-01 16:04:11.000000000 +0200 @@ -175,7 +175,7 @@ package_policy => "update", package_select => "==", # picks the newest Nova available package_architectures => { "$(pkgarch)" }, - package_version => "3.6.1-1", # Install new Nova anyway + package_version => "3.6.2-1", # Install new Nova anyway package_method => u_generic( "$(local_software_dir)" ), ifvarclass => "nova_edition.have_software_dir", classes => u_if_else("bin_update_success", "bin_update_fail"); @@ -188,7 +188,7 @@ package_policy => "update", package_select => "==", # picks the newest Nova available package_architectures => { "$(pkgarch)" }, - package_version => "3.6.1", # Install new Nova anyway + package_version => "3.6.2", # Install new Nova anyway package_method => u_generic( "$(local_software_dir)" ), ifvarclass => "nova_edition.have_software_dir", classes => u_if_else("bin_update_success", "bin_update_fail"); @@ -201,7 +201,7 @@ package_policy => "update", package_select => "==", # picks the newest Nova available package_architectures => { "$(pkgarch)" }, - package_version => "3.6.1.0", # Install new Nova anyway + package_version => "3.6.2.0", # Install new Nova anyway package_method => u_generic( "$(local_software_dir)" ), ifvarclass => "nova_edition.have_software_dir", classes => u_if_else("bin_update_success", "bin_update_fail"); @@ -214,7 +214,7 @@ package_policy => "update", package_select => "==", # picks the newest Nova available package_architectures => { "$(pkgarch)" }, - package_version => "3.6.1-1", # Install new Nova anyway + package_version => "3.6.2-1", # Install new Nova anyway package_method => u_generic( "$(local_software_dir)" ), ifvarclass => "nova_edition.have_software_dir", classes => u_if_else("bin_update_success", "bin_update_fail"); @@ -227,7 +227,7 @@ package_policy => "update", package_select => "==", # picks the newest Nova available package_architectures => { "$(pkgarch)" }, - package_version => "3.6.1", # Install new Nova anyway + package_version => "3.6.2", # Install new Nova anyway package_method => u_generic( "$(local_software_dir)" ), ifvarclass => "nova_edition.have_software_dir", classes => u_if_else("bin_update_success", "bin_update_fail"); @@ -240,7 +240,20 @@ package_policy => "update", package_select => "==", # picks the newest Nova available package_architectures => { "$(pkgarch)" }, - package_version => "3.6.1.0", # Install new Nova anyway + package_version => "3.6.2.0", # Install new Nova anyway + package_method => u_generic( "$(local_software_dir)" ), + ifvarclass => "nova_edition.have_software_dir", + classes => u_if_else("bin_update_success", "bin_update_fail"); + + !am_policy_hub.aix.enterprise:: + + "$(novapkg)" + comment => "Update Nova package to a newer version (package is there)", + handle => "cfe_internal_update_bins_packages_nova_update_aix_only_pkg_there", + package_policy => "update", + package_select => "==", # picks the newest Nova available + package_architectures => { "$(pkgarch)" }, + package_version => "3.6.2.0", # Install new Nova anyway package_method => u_generic( "$(local_software_dir)" ), ifvarclass => "nova_edition.have_software_dir", classes => u_if_else("bin_update_success", "bin_update_fail"); @@ -282,14 +295,14 @@ "$(sys.workdir)/bin/cf-upgrade" comment => "Copy cf-upgrade binary from policy hub for i386 linux", handle => "cfe_internal_update_bins_files_cf_upgrade_i386_linux", - copy_from => u_rcp("$(master_software_location)/cf-upgrade/linux.i386/cf-upgrade","$(sys.policy_hub)"), + copy_from => u_rcp("$(master_software_location)/cf-upgrade/linux.i386/cf-upgrade", @(update_def.policy_servers)), perms => u_m("0755"), ifvarclass => "linux.i686"; "$(sys.workdir)/bin/cf-upgrade" comment => "Copy cf-upgrade binary from policy hub for x86_64 linux", handle => "cfe_internal_update_bins_files_cf_upgrade_x86_64_linux", - copy_from => u_rcp("$(master_software_location)/cf-upgrade/linux.x86_64/cf-upgrade","$(sys.policy_hub)"), + copy_from => u_rcp("$(master_software_location)/cf-upgrade/linux.x86_64/cf-upgrade", @(update_def.policy_servers)), perms => u_m("0755"), ifvarclass => "linux.x86_64"; @@ -312,7 +325,7 @@ "$(local_software_dir)" comment => "Copy binary updates from master source on policy server", handle => "cfe_internal_update_bins_files_pkg_copy", - copy_from => u_pcp("$(master_software_location)/$(sys.flavour)_$(sys.arch)","$(sys.policy_hub)"), + copy_from => u_pcp("$(master_software_location)/$(sys.flavour)_$(sys.arch)", @(update_def.policy_servers)), depth_search => u_recurse("1"), # Nova updates should be in root dir action => u_immediate, classes => u_if_repaired("bin_newpkg"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/update/update_policy.cf new/masterfiles-3.6.2/update/update_policy.cf --- old/masterfiles-3.6.1/update/update_policy.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/update/update_policy.cf 2014-10-01 16:04:11.000000000 +0200 @@ -156,7 +156,7 @@ "$(inputs_dir)/cf_promises_validated" comment => "Check whether a validation stamp is available for a new policy update to reduce the distributed load", handle => "cfe_internal_update_policy_check_valid_update", - copy_from => u_rcp("$(master_location)/cf_promises_validated","$(sys.policy_hub)"), + copy_from => u_rcp("$(master_location)/cf_promises_validated", @(update_def.policy_servers)), action => u_immediate, classes => u_if_repaired("validated_updates_ready"); @@ -165,7 +165,7 @@ "$(modules_dir)" comment => "Always update modules files on client side", handle => "cfe_internal_update_policy_files_update_modules", - copy_from => u_rcp("$(modules_dir)","$(sys.policy_hub)"), + copy_from => u_rcp("$(modules_dir)", @(update_def.policy_servers)), depth_search => u_recurse("inf"), perms => u_m("755"), action => u_immediate; @@ -173,7 +173,7 @@ "$(plugins_dir)" comment => "Always update plugins files on client side", handle => "cfe_internal_update_policy_files_update_plugins", - copy_from => u_rcp("$(plugins_dir)","$(sys.policy_hub)"), + copy_from => u_rcp("$(plugins_dir)", @(update_def.policy_servers)), depth_search => u_recurse("inf"), perms => u_m("755"), action => u_immediate; @@ -183,7 +183,7 @@ "$(sys.workdir)\modules" comment => "Always update modules files on client side (Windows)", handle => "cfe_internal_update_policy_files_update_modules_windows", - copy_from => u_rcp("$(modules_dir)","$(sys.policy_hub)"), + copy_from => u_rcp("$(modules_dir)", @(update_def.policy_servers)), depth_search => u_recurse("inf"), perms => u_m("755"), action => u_immediate; @@ -191,7 +191,7 @@ "$(sys.workdir)\plugins" comment => "Always update plugins files on client side (Windows)", handle => "cfe_internal_update_policy_files_update_plugins_windows", - copy_from => u_rcp("$(plugins_dir)","$(sys.policy_hub)"), + copy_from => u_rcp("$(plugins_dir)", @(update_def.policy_servers)), depth_search => u_recurse("inf"), perms => u_m("755"), action => u_immediate; @@ -201,12 +201,20 @@ "$(inputs_dir)" comment => "Copy policy updates from master source on policy server if a new validation was acquired", handle => "cfe_internal_update_policy_files_inputs_dir", - copy_from => u_rcp("$(master_location)","$(sys.policy_hub)"), + copy_from => u_rcp("$(master_location)", @(update_def.policy_servers)), depth_search => u_recurse("inf"), file_select => u_input_files, action => u_immediate, classes => u_if_repaired("update_report"); + !policy_server.ha_enabled:: + "$(sys.workdir)/policy_server.dat" + comment => "Copy policy_server.dat file from server", + handle => "cfe_internal_update_ha_policy_server", + copy_from => u_rcp("$(sys.workdir)/state/master_hub.dat", @(update_def.policy_servers)), + action => u_immediate, + classes => u_if_repaired("replica_failover"); # not needed ? + !windows:: "$(dir_bin)/$(agents)" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/update/update_processes.cf new/masterfiles-3.6.2/update/update_processes.cf --- old/masterfiles-3.6.1/update/update_processes.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/update/update_processes.cf 2014-10-01 16:04:11.000000000 +0200 @@ -142,18 +142,19 @@ handle => "cfe_internal_maintain_cfe_hub_process_processes_redis", ifvarclass => "nova|enterprise"; - "$(cfe_internal_process_knowledge.bindir)/postgres" - restart_class => "start_postgres_server", - comment => "Monitor postgres process", - handle => "cfe_internal_maintain_cfe_hub_process_processes_postgres", - ifvarclass => "nova|enterprise"; - "$(cfe_internal_process_knowledge.bindir)/cf-consumer" restart_class => "start_cf_consumer", comment => "Monitor cf-consumer process", handle => "cfe_internal_maintain_cfe_hub_process_processes_cf_consumer", ifvarclass => "(nova|enterprise).no_vacuumdb"; + am_policy_hub.!ha_enabled:: + "$(cfe_internal_process_knowledge.bindir)/postgres" + restart_class => "start_postgres_server", + comment => "Monitor postgres process", + handle => "cfe_internal_maintain_cfe_hub_process_processes_postgres", + ifvarclass => "nova|enterprise"; + am_policy_hub.files_ok.!windows:: "cf-hub" restart_class => "start_hub", comment => "Monitor cf-hub process", @@ -182,7 +183,7 @@ classes => u_kept_successful_command, handle => "cfe_internal_maintain_cfe_hub_process_commands_start_redis"; - !windows.am_policy_hub.start_postgres_server:: + !windows.am_policy_hub.!ha_enabled.start_postgres_server:: "$(cfe_internal_process_knowledge.bindir)/pg_ctl -D $(cfe_internal_update_policy.postgresdb_dir) -l $(cfe_internal_update_policy.postgresdb_log) start" contain => u_postgres, comment => "Start postgres process", @@ -386,5 +387,5 @@ repair_failed => { $(theclass) }; repair_denied => { $(theclass) }; repair_timeout => { $(theclass) }; - persist_time => 99999999999; + persist_time => 999999999; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/masterfiles-3.6.1/update.cf new/masterfiles-3.6.2/update.cf --- old/masterfiles-3.6.1/update.cf 2014-07-24 11:21:34.000000000 +0200 +++ new/masterfiles-3.6.2/update.cf 2014-10-01 16:04:11.000000000 +0200 @@ -7,6 +7,7 @@ body common control { bundlesequence => { + "ha_def", "update_def", "cfe_internal_dc_workflow", "cfe_internal_update_policy", @@ -14,9 +15,10 @@ "cfe_internal_update_processes", }; - version => "update.cf 3.6.1"; + version => "update.cf 3.6.2"; inputs => { + "cfe_internal/ha/ha_def.cf", "update/update_bins.cf", "update/cfe_internal_dc_workflow.cf", "update/cfe_internal_local_git_remote.cf", @@ -43,7 +45,7 @@ { vars: "input_name_patterns" slist => { ".*\.cf",".*\.dat",".*\.txt", ".*\.conf", ".*\.mustache", - "cf_promises_release_id" }, + "cf_promises_release_id", ".*\.json" }, comment => "Filename patterns to match when updating the policy (see update/update_policy.cf)", handle => "common_def_vars_input_name_patterns"; @@ -75,6 +77,15 @@ comment => "Group that CFEngine Enterprise webserver runs as", handle => "common_def_vars_cf_cfapache_group"; + # ha_enabled is defined in WORKDIR/cfe_internal/ha/ha_def.cf + # Disabled by default + + ha_enabled:: + "policy_servers" slist => {"$(sys.policy_hub)", @(ha_def.ips)}; + + !ha_enabled:: + "policy_servers" slist => {"$(sys.policy_hub)"}; + classes: # Trigger binary upgrade from policy hub -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org