From 55da0abe0d1dc2372baf3226f58b0aef6ffff93b Mon Sep 17 00:00:00 2001
From: Julien Dessaux
Date: Thu, 9 Mar 2017 09:09:51 +0000
Subject: Fixed starting cfengine3 upon bootstrap on a lxc hypervisor

---
 failsafe.cf | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

(limited to 'failsafe.cf')

diff --git a/failsafe.cf b/failsafe.cf
index 7b57c00..354e000 100644
--- a/failsafe.cf
+++ b/failsafe.cf
@@ -44,6 +44,9 @@ bundle agent failsafe_update {
             # when running binaires from mixed sources (for example CFEngine
             # produced binaries vs packages from the debian repository).
             "masterfiles_dir_remote" string => ifelse( "policy_server", $(sys.masterdir), "masterfiles" );
+    classes:
+        systemd::
+            "cfengine3_service_running" expression => returnszero("/bin/systemctl status cfengine3", "noshell");
     files:
         any::
             "$(sys.inputdir)"
@@ -60,17 +63,19 @@ bundle agent failsafe_update {
                 comment => "If we failed to fetch policy we try again using the legacy default in case we are fetching policy
                             from a hub that is not serving masterfiles via a shortcut.";
     processes:
-        any::
+        !(windows|systemd)::
             "cf-serverd" restart_class => "cf_serverd_not_running";
-        inputdir_update_repaired::
+        !systemd.inputdir_update_repaired::
             "cf-execd" restart_class => "cf_execd_not_running";
     commands:
-        cf_execd_not_running.!systemd::
+        cf_execd_not_running::
             "$(sys.cf_execd)" classes => failsafe_results("namespace", "cf_execd_running");
-        cf_serverd_not_running.!(windows|systemd)::
+        cf_serverd_not_running::
             "$(sys.cf_serverd)" classes => failsafe_results("namespace", "cf_serverd_running");
-        cf_execd_not_running.systemd::
-            "/bin/systemctl restart cfengine3" classes => failsafe_results("namespace", "systemctl_restart_cfengine3");
+        !cfengine3_service_running::
+            "/bin/systemctl restart cfengine3"
+                contain => failsafe_noshell_and_silent,
+                classes => failsafe_results("namespace", "systemctl_restart_cfengine3");
 }
 
 bundle agent failsafe_report {
@@ -98,7 +103,7 @@ Please check
     * masterfiles 'bundle server' -> access: -> masterfiles -> admit/deny
 It is often useful to restart cf-serverd in verbose mode (cf-serverd -v) on $(sys.policy_hub) to diagnose connection issues.
 When updating masterfiles, wait (usually 5 minutes) for files to propagate to inputs on $(sys.policy_hub) before retrying.";
-        systemctl_restart_cfengine3_repaired::
+        bootstrap_mode.systemctl_restart_cfengine3_repaired::
             "Restarted systemd unit cfengine3";
         systemctl_restart_cfengine3_error::
             "Error restarting systemd unit cfengine3";
@@ -169,3 +174,9 @@ body classes failsafe_results(scope, class_prefix)
                         "$(class_prefix)_not_kept",
                         "$(class_prefix)_timeout" };
 }
+
+body contain failsafe_noshell_and_silent
+{
+    useshell => "noshell";
+    no_output => true;
+}
-- 
cgit v1.2.3