diff options
| author | Julien Dessaux | 2018-03-13 17:57:11 +0100 |
|---|---|---|
| committer | Julien Dessaux | 2018-03-13 18:10:14 +0100 |
| commit | e7fe6c1dcaa905bddcb27e23706e842df0da43a1 (patch) | |
| tree | 1486ff17f4d41b1723a519c60348094d4c3f50be /update.cf | |
| parent | Deploy ssh authorized_keys to all hosts (diff) | |
| download | masterfiles-e7fe6c1dcaa905bddcb27e23706e842df0da43a1.tar.gz masterfiles-e7fe6c1dcaa905bddcb27e23706e842df0da43a1.tar.bz2 masterfiles-e7fe6c1dcaa905bddcb27e23706e842df0da43a1.zip | |
Moved to a more traditional update.cf mechanism without overwriting the builtin failsafe.cf
Diffstat (limited to 'update.cf')
| -rw-r--r-- | update.cf | 134 |
1 files changed, 131 insertions, 3 deletions
@@ -4,7 +4,135 @@ body common control bundlesequence => { main, }; - inputs => { - "failsafe.cf", - }; + inputs => {}; +} + +bundle agent main +{ + vars: + any:: + "input_name_patterns" slist => { + "authorized_keys", + "cf_promises_release_id", + ".*templates.*", + ".*\.cf", + ".*\.dat", + ".*\.txt", + ".*\.cfg", + ".*\.conf", + ".*\.json", + ".*\.mustache", + ".*\.pl", + ".*\.py", + ".*\.rb", + ".*\.sh", + ".*\.yaml", + }; + files: + !am_policy_hub:: + "$(sys.inputdir)/cf_promises_validated" + copy_from => secure_cp("$(sys.masterdir)/cf_promises_validated"), + action => immediate, + classes => if_repaired("validated_updates_ready"); + "$(sys.workdir)/modules" + copy_from => secure_cp("modules"), + depth_search => recurse("inf"), + perms => m("755"), + action => immediate, + file_select => exclude_vcs_files; + am_policy_hub:: + "$(sys.masterdir)/." + perms => m(700), + depth_search => recurse_basedir("inf"), + action => immediate; + am_policy_hub|validated_updates_ready:: + "$(sys.inputdir)" + copy_from => secure_cp("$(sys.masterdir)"), + depth_search => recurse("inf"), + file_select => input_files, + action => immediate, + classes => results("bundle", "update_inputs"); + update_inputs_not_kept:: + "$(sys.inputdir)/cf_promises_validated" + delete => tidy; +} + +body file_select exclude_vcs_files +{ + leaf_name => { "\.git.*" }; + file_result => "!leaf_name"; +} + +body file_select input_files +{ + leaf_name => { @(main.input_name_patterns) }; + file_result => "leaf_name"; +} + +body perms m(mode) +{ + mode => "$(mode)"; +} + +body copy_from secure_cp(from) +{ + any:: + source => "$(from)"; + compare => "digest"; + encrypt => "true"; + verify => "true"; + !am_policy_hub:: + servers => { "$(sys.policy_hub)" }; + portnumber => "$(sys.policy_hub_port)"; } + +body action immediate +{ + ifelapsed => "0"; +} + +body classes if_repaired(x) +{ + promise_repaired => { "$(x)" }; +} + +body depth_search recurse(d) +{ + depth => "$(d)"; + xdev => "true"; +} + +body depth_search recurse_basedir(d) +{ + include_basedir => "true"; + depth => "$(d)"; + exclude_dirs => { "\.svn", "\.git", "git-core" }; +} + +body delete tidy +{ + dirlinks => "delete"; + rmdirs => "true"; +} + +body classes results(scope, class_prefix) +{ + scope => "$(scope)"; + + promise_kept => { "$(class_prefix)_reached", + "$(class_prefix)_kept" }; + promise_repaired => { "$(class_prefix)_reached", + "$(class_prefix)_repaired" }; + repair_failed => { "$(class_prefix)_reached", + "$(class_prefix)_error", + "$(class_prefix)_not_kept", + "$(class_prefix)_failed" }; + repair_denied => { "$(class_prefix)_reached", + "$(class_prefix)_error", + "$(class_prefix)_not_kept", + "$(class_prefix)_denied" }; + repair_timeout => { "$(class_prefix)_reached", + "$(class_prefix)_error", + "$(class_prefix)_not_kept", + "$(class_prefix)_timeout" }; +}
\ No newline at end of file |