diff options
| author | Julien Dessaux | 2017-03-09 09:09:51 +0000 |
|---|---|---|
| committer | Julien Dessaux | 2017-03-10 14:10:56 +0100 |
| commit | 55da0abe0d1dc2372baf3226f58b0aef6ffff93b (patch) | |
| tree | 37c326eb0287b59a0afcaa545f07844423910370 /failsafe.cf | |
| parent | Updated debian environment variables in agent run (diff) | |
| download | masterfiles-55da0abe0d1dc2372baf3226f58b0aef6ffff93b.tar.gz masterfiles-55da0abe0d1dc2372baf3226f58b0aef6ffff93b.tar.bz2 masterfiles-55da0abe0d1dc2372baf3226f58b0aef6ffff93b.zip | |
Fixed starting cfengine3 upon bootstrap on a lxc hypervisor
Diffstat (limited to 'failsafe.cf')
| -rw-r--r-- | failsafe.cf | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/failsafe.cf b/failsafe.cf index 7b57c00..354e000 100644 --- a/failsafe.cf +++ b/failsafe.cf @@ -44,6 +44,9 @@ bundle agent failsafe_update { # when running binaires from mixed sources (for example CFEngine # produced binaries vs packages from the debian repository). "masterfiles_dir_remote" string => ifelse( "policy_server", $(sys.masterdir), "masterfiles" ); + classes: + systemd:: + "cfengine3_service_running" expression => returnszero("/bin/systemctl status cfengine3", "noshell"); files: any:: "$(sys.inputdir)" @@ -60,17 +63,19 @@ bundle agent failsafe_update { comment => "If we failed to fetch policy we try again using the legacy default in case we are fetching policy from a hub that is not serving masterfiles via a shortcut."; processes: - any:: + !(windows|systemd):: "cf-serverd" restart_class => "cf_serverd_not_running"; - inputdir_update_repaired:: + !systemd.inputdir_update_repaired:: "cf-execd" restart_class => "cf_execd_not_running"; commands: - cf_execd_not_running.!systemd:: + cf_execd_not_running:: "$(sys.cf_execd)" classes => failsafe_results("namespace", "cf_execd_running"); - cf_serverd_not_running.!(windows|systemd):: + cf_serverd_not_running:: "$(sys.cf_serverd)" classes => failsafe_results("namespace", "cf_serverd_running"); - cf_execd_not_running.systemd:: - "/bin/systemctl restart cfengine3" classes => failsafe_results("namespace", "systemctl_restart_cfengine3"); + !cfengine3_service_running:: + "/bin/systemctl restart cfengine3" + contain => failsafe_noshell_and_silent, + classes => failsafe_results("namespace", "systemctl_restart_cfengine3"); } bundle agent failsafe_report { @@ -98,7 +103,7 @@ Please check * masterfiles 'bundle server' -> access: -> masterfiles -> admit/deny It is often useful to restart cf-serverd in verbose mode (cf-serverd -v) on $(sys.policy_hub) to diagnose connection issues. When updating masterfiles, wait (usually 5 minutes) for files to propagate to inputs on $(sys.policy_hub) before retrying."; - systemctl_restart_cfengine3_repaired:: + bootstrap_mode.systemctl_restart_cfengine3_repaired:: "Restarted systemd unit cfengine3"; systemctl_restart_cfengine3_error:: "Error restarting systemd unit cfengine3"; @@ -169,3 +174,9 @@ body classes failsafe_results(scope, class_prefix) "$(class_prefix)_not_kept", "$(class_prefix)_timeout" }; } + +body contain failsafe_noshell_and_silent +{ + useshell => "noshell"; + no_output => true; +} |