[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
'singlecopy' oddities in 2.0.5
From: |
Eric Sorenson |
Subject: |
'singlecopy' oddities in 2.0.5 |
Date: |
Fri, 2 May 2003 14:42:18 -0700 (PDT) |
Hi, I'm setting up a configuration distribution system with cfengine
using the new 'singlecopy' behavior. This is described in the HTML
reference docs (but isn't in the current PDF version, for some reason!) as
follows:
[ http://www.cfengine.org/docs/cfengine-Reference.html#singlecopy ]
If singlecopy is defined the behavior of copy: is modified so that a file
will
only be copied once, helping to achieve hierarchical or "most specific" file
copy overrides, provided that the most specific file occurs first. With the
following file structure on a host running cfservd:
/dist/hosts/loghost1.example.com/etc/syslog.conf
/dist/solaris/etc/syslog.conf
/dist/all/etc/syslog.conf
The configuration:
control:
singlecopy = ( on )
copy:
/dist/${fqhost} dest=/ inform=true syslog=true r=inf
server=disthost
/dist/${ostype} dest=/ inform=true syslog=true r=inf
server=disthost
/dist/all dest=/ inform=true syslog=true r=inf
server=disthost
Would result in:
/dist/hosts/loghost1.example.com/etc/syslog.conf being copied to
loghost1.example.com
/dist/solaris/etc/syslog.conf being copied to Solaris systems
/dist/all/etc/syslog.conf being copied to all other systems
Apologies for the long paste, but I think it'll be useful for comparison.
My configuration repository is set up such that, instead of having different
filesystem structures to get verious levels of specificity, there is a single
directory tree and the source files have extensions that match either the
hostname or a more general $(role) variable that's set earlier on.
This has the advantage over a directory-based structure that you can look
in one place and determine which file to edit to affect a particular host.
You can also mix-and-match specificities without having to create a wholly
populated tree for only one changed file. However, it does mean you have
to list out each file under configuration management in "copy:" instead
of simply recursing down the repository and copying whatever's there.
So, the host (sinistar) running cfservd has:
[root@sinistar /export/home/local/cfengine2/dist/etc]# ls motd*
motd.default motd.dmz motd.farmsys motd.homesys motd.mis motd.sinistar
The client configuration has (in part)
control:
singlecopy = ( on )
# fileserver setup, some short two-letter variables copy: uses
fs = ( sinistar ) # fileserver
dr = ( /export/home/local/cfengine2/dist ) # distribution root
copy:
$(dr)/etc/motd.$(host) server=$(fs) dest=/etc/motd mode=444
owner=root group=root backup=false type=sum
$(dr)/etc/motd.$(role) server=$(fs) dest=/etc/motd mode=444
owner=root group=root backup=false type=sum
So far so good. This even seems to work as advertised. :) I've observed some
strange behavior during the copy, though. For instance when a client tries to
download 'motd.$(host)' where there isn't one on the server, it throws this set
of errors:
cfengine:xylin: Strong authentication of server=sinistar connection
confirmed
cfengine:xylin: Server returned error: Host authentication failed. Did you
forget the domain name?
cfengine:xylin: Can't stat /export/home/local/cfengine2/dist/etc/motd.xylin
in copy
and the server says:
cfservd: Strongly authentication of client xylin.domain.com/10.10.27.10
cfservd: Couldn't stat filename
/export/home/local/cfengine2/dist/etc/motd.xylin from host xylin.domain.com
cfservd: lstatcfservd: Host authorization/authentication failed or access
denied
Ignoring for a moment the extra '-ly' in the first line...
this "authentication failed" error is throwing me for something of a loop --
is it just a catch-all message for "couldn't stat file" or is there really
an authentication problem here? If it's a catch-all, could I request that
some less-misleading message be substituted instead?
Additionally, there's a confusing message logged during the control: section
parsing to this effect:
Patterns to exclude from copies: = (Root Repository Entries CVS )
Patterns to copy one time: = (on )
Based on a quick look at the code (image.c:834) it looks like it's not
actually trying to pattern-match but just determining on/off; while
debugging a related problem (turned out to be my fault) I tried "*",
a list of files, etc here, which didn't work.
Aside from these admittedly nit-picky gripes, this is a pretty nice feature.
I didn't seen any discussion about it in the archives though, so I'm wondering:
are other people are using 'singlecopy' in this manner? If so, is this
layout pretty close to what you're doing? Have you run into any 'gotchas'
as you expanded to hundreds of files/hosts?
--
Eric Sorenson - EXPLOSIVE Networking - http://explosive.net
- 'singlecopy' oddities in 2.0.5,
Eric Sorenson <=