diff options
-rw-r--r-- | cfengine/watchdog.cf | 8 | ||||
-rw-r--r-- | failsafe.cf | 25 | ||||
-rw-r--r-- | templates/common/hosts | 2 |
3 files changed, 29 insertions, 6 deletions
diff --git a/cfengine/watchdog.cf b/cfengine/watchdog.cf index 22d045d..baf3993 100644 --- a/cfengine/watchdog.cf +++ b/cfengine/watchdog.cf @@ -6,7 +6,7 @@ bundle agent cfengine_watchdog !systemd:: "data" string => '{"systemd": false}'; files: - any:: + !alpinelinux:: "/etc/cron.d/cfengine_watchdog" create => "true", perms => system_owned("444"), @@ -14,6 +14,12 @@ bundle agent cfengine_watchdog template_method => "mustache", template_data => parsejson("$(data)"), classes => if_repaired("cfengine_watchdog_repaired"); + alpinelinux:: + "/etc/crontabs/root" + create => "false", + perms => system_owned("400"), + edit_line => append_if_no_line("* * * * * [ -x \"/var/lib/cfengine/bin/cf-execd\" ] && if ! /usr/bin/pgrep cf-execd > /dev/null; then \"/var/lib/cfengine/bin/cf-execd\"; fi"), + classes => if_repaired("cfengine_watchdog_repaired"); reports: any:: "$(this.bundle): /etc/cron.d/cfengine_watchdog repaired" ifvarclass => "cfengine_watchdog_repaired"; diff --git a/failsafe.cf b/failsafe.cf index daba0fc..a7cacc1 100644 --- a/failsafe.cf +++ b/failsafe.cf @@ -2,13 +2,15 @@ # - Always ensured to run the update bundle. Do not modify. Ever. # Failsafe imports and promises -body agent control { +body agent control +{ any:: abortclasses => { "no_ppkeys_ABORT_kept" }; # Bootstrapping can't continue without keys ifelapsed => "0"; # Make sure that running failsafe many times in a row does not change functionality } -bundle agent main { +bundle agent main +{ methods: any:: "Check Keys" @@ -37,8 +39,11 @@ bundle agent failsafe_checkkeys bundle agent failsafe_copy_binaries { + classes: + any:: + "alpinelinux" expression => fileexists("/etc/alpine-release"); vars: - freebsd:: + alpinelinux|freebsd:: "binaries" slist => { "cf-agent", "cf-execd", @@ -50,6 +55,11 @@ bundle agent failsafe_copy_binaries "cf-upgrade", }; files: + alpinelinux:: + "$(sys.bindir)/$(binaries)" + copy_from => failsafe_cp("/usr/sbin/$(binaries)"), + action => failsafe_u_immediate, + classes => failsafe_results("namespace", "copy_binaries"); freebsd:: "$(sys.bindir)/$(binaries)" copy_from => failsafe_cp("/usr/local/sbin/$(binaries)"), @@ -73,6 +83,11 @@ bundle agent failsafe_update { # produced binaries vs packages from the debian repository). "masterfiles_dir_remote" string => ifelse( "policy_server", $(sys.masterdir), "masterfiles" ); classes: + any:: + "alpinelinux" expression => fileexists("/etc/alpine-release"); + alpinelinux:: + "cf_execd_not_running" expression => returnszero("/usr/bin/pgrep cf-execd", "noshell"); + "cf_serverd_not_running" expression => returnszero("/usr/bin/pgrep cf-serverd", "noshell"); systemd:: "cfengine3_service_running" expression => returnszero("/bin/systemctl status cfengine3", "noshell"); files: @@ -100,9 +115,9 @@ bundle agent failsafe_update { file_select => failsafe_exclude_vcs_files, classes => failsafe_results("namespace", "modulesdir_update"); processes: - !(windows|systemd):: + !(alpinelinux|systemd|windows):: "cf-serverd" restart_class => "cf_serverd_not_running"; - !systemd.inputdir_update_repaired:: + !(alpinelinux|systemd|windows).inputdir_update_repaired:: "cf-execd" restart_class => "cf_execd_not_running"; commands: cf_execd_not_running:: diff --git a/templates/common/hosts b/templates/common/hosts index 7db7628..a90735f 100644 --- a/templates/common/hosts +++ b/templates/common/hosts @@ -27,6 +27,8 @@ ff02::2 ip6-allrouters 10.1.0.211 postgresql01 10.1.0.212 registry +10.1.0.248 coalp +10.1.0.249 hero 10.1.0.250 cobsd 10.1.0.251 reality 10.1.0.252 hurricane |