help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

'singlecopy' oddities in 2.0.5

From: Eric Sorenson
Subject: 'singlecopy' oddities in 2.0.5
Date: Fri, 2 May 2003 14:42:18 -0700 (PDT) 
Hi, I'm setting up a configuration distribution system with cfengine
using the new 'singlecopy' behavior.  This is described in the HTML
reference docs (but isn't in the current PDF version, for some reason!) as
follows: 

 [ http://www.cfengine.org/docs/cfengine-Reference.html#singlecopy ]

    If singlecopy is defined the behavior of copy: is modified so that a file 
will
    only be copied once, helping to achieve hierarchical or "most specific" file
    copy overrides, provided that the most specific file occurs first. With the
    following file structure on a host running cfservd:

    /dist/hosts/loghost1.example.com/etc/syslog.conf 
    /dist/solaris/etc/syslog.conf 
    /dist/all/etc/syslog.conf

    The configuration:

         control:
            singlecopy = ( on )
         
         copy:
          /dist/${fqhost}       dest=/ inform=true syslog=true r=inf 
server=disthost
          /dist/${ostype}       dest=/ inform=true syslog=true r=inf 
server=disthost
          /dist/all             dest=/ inform=true syslog=true r=inf 
server=disthost

    Would result in:

         /dist/hosts/loghost1.example.com/etc/syslog.conf being copied to 
loghost1.example.com
         /dist/solaris/etc/syslog.conf being copied to Solaris systems
         /dist/all/etc/syslog.conf being copied to all other systems
         
Apologies for the long paste, but I think it'll be useful for comparison.
My configuration repository is set up such that, instead of having different
filesystem structures to get verious levels of specificity, there is a single
directory tree and the source files have extensions that match either the 
hostname or a more general $(role) variable that's set earlier on. 

This has the advantage over a directory-based structure that you can look 
in one place and determine which file to edit to affect a particular host.
You can also mix-and-match specificities without having to create a wholly
populated tree for only one changed file. However, it does mean you have
to list out each file under configuration management in "copy:" instead
of simply recursing down the repository and copying whatever's there.

So, the host (sinistar) running cfservd has:

    [root@sinistar /export/home/local/cfengine2/dist/etc]# ls motd*
    motd.default  motd.dmz  motd.farmsys  motd.homesys  motd.mis  motd.sinistar

The client configuration has (in part)

    control:
            singlecopy = ( on )
            # fileserver setup, some short two-letter variables copy: uses
            fs  = ( sinistar )          # fileserver
            dr  = ( /export/home/local/cfengine2/dist ) # distribution root

    copy:
            $(dr)/etc/motd.$(host)  server=$(fs) dest=/etc/motd mode=444
                owner=root group=root backup=false type=sum
            $(dr)/etc/motd.$(role)  server=$(fs) dest=/etc/motd mode=444
                owner=root group=root backup=false type=sum

So far so good. This even seems to work as advertised. :) I've observed some
strange behavior during the copy, though.  For instance when a client tries to
download 'motd.$(host)' where there isn't one on the server, it throws this set
of errors:

    cfengine:xylin: Strong authentication of server=sinistar connection 
confirmed
    cfengine:xylin: Server returned error:  Host authentication failed. Did you 
forget the domain name?
    cfengine:xylin: Can't stat /export/home/local/cfengine2/dist/etc/motd.xylin 
in copy

and the server says:

    cfservd: Strongly authentication of client xylin.domain.com/10.10.27.10
    cfservd: Couldn't stat filename 
/export/home/local/cfengine2/dist/etc/motd.xylin from host xylin.domain.com
    cfservd: lstatcfservd: Host authorization/authentication failed or access 
denied

Ignoring for a moment the extra '-ly' in the first line...
this "authentication failed" error is throwing me for something of a loop --
is it just a catch-all message for "couldn't stat file" or is there really
an authentication problem here? If it's a catch-all, could I request that
some less-misleading message be substituted instead?

Additionally, there's a confusing message logged during the control: section
parsing to this effect:

    Patterns to exclude from copies: = (Root Repository Entries CVS )
    Patterns to copy one time: = (on )

Based on a quick look at the code (image.c:834) it looks like it's not 
actually trying to pattern-match but just determining on/off; while
debugging a related problem (turned out to be my fault) I tried "*",
a list of files, etc here, which didn't work.

Aside from these admittedly nit-picky gripes, this is a pretty nice feature.
I didn't seen any discussion about it in the archives though, so  I'm wondering:
are other people are using 'singlecopy' in this manner? If so, is this 
layout pretty close to what you're doing?  Have you run into any 'gotchas' 
as you expanded to hundreds of files/hosts? 

-- 
    Eric Sorenson - EXPLOSIVE Networking - http://explosive.net
reply via email to
[Prev in Thread] Current Thread [Next in Thread]