从3.5手册学习CFEngine并在3.7环境下运行
Learning CFEngine from 3.5 manual and operating in a 3.7 enviornment
** 2016 年 4 月 15 日编辑
使用绝对路径引用 stdlib 得到了我执行的承诺,现在我遇到的错误发生了变化。查看该错误输出的最后一个代码块。
对 CFEngine 3.5 使用 this reference material(这是我从 da boss 那里得到的)但我正在为 3.8 环境编写承诺。这导致我不正确地使用 stdlib 并且语法很差。
我现在看到的在调用时有以下承诺和错误输出。
承诺:
{
inputs =>
# COPBL/Custom libraries. Eventually this should use wildcards.
#@(cfengine_stdlib.inputs)
{ "/var/cfengine/inputs/lib/stdlib.cf" }; #Edited this line 4/15/2016
bundlesequence => { "configfiles" };
}
bundle agent configfiles
{
vars:
# Files to edit
"files[sysctl]" string => "/etc/sysctl.conf";
"files[sshd]" string => "/etc/ssh/sshd_config";
"files[inittab]" string => "/etc/inittab";
# Sysctl variables to set
"sysctl[net.ipv4.ip_forward]" string => "0";
"sysctl[net.ipv4.conf.default.rp_filter]" string => "1";
"sysctl[net.ipv4.conf.default.accept_source_route]" string => "0";
"sysctl[kernel.sysrq]" string => "0";
"sysctl[kernel.core_uses_pid]" string => "1";
"sysctl[net.ipv4.tcp_syncookies]" string => "1";
"sysctl[net.bridge.bridge-nf-call-ip6tables]" string => "0";
"sysctl[net.bridge.bridge-nf-call-iptables]" string => "0";
"sysctl[net.bridge.bridge-nf-call-arptables]" string => "0";
# SSHD configuration to set
#
"sshd[Protocol]" string => "2";
"sshd[SyslogFacility]" string => "yes";
"sshd[LoginGraceTime]" string => "2m";
"sshd[PermitRootLogin]" string => "no";
"sshd[StrictModes]" string => "yes";
"sshd[MaxAuthTries]" string => "3";
"sshd[RSAAuthentication]" string => "yes";
"sshd[PubkeyAuthentication]" string => "yes";
"sshd[PasswordAuthentication]" string => "no";
"sshd[ChallengeResponseAuthentication]" string => "no";
"sshd[GSSAPIAuthentication]" string => "no";
"sshd[UsePAM]" string => "yes";
"sshd[X11Forwarding]" string => "yes";
"sshd[UsePrivilegeSeparation]" string => "yes";
"sshd[UseDNS]" string => "no";
methods:
"sysctl" usebundle => edit_sysctl;
"sshd" usebundle => edit_sshd;
"inittab" usebundle => edit_inittab;
}
bundle agent edit_inittab
{
files:
"$(configfiles.files[inittab])"
handle => "inittab_set_initdefault",
comment => "Default runmode=5",
create => "false",
edit_defaults => backup_timestamp,
edit_line => set_colon_field("id","2","5");
}
bundle agent edit_sshd
{
files:
"$(configfiles.files[sshdconfig])"
handle => "edit_sshd",
comment => "Set desired sshd_config parameters",
edit_line => set_config_values("configfiles.sshd"),
classes => if_repaired("restart_sshd");
commands:
restart_sshd&!no_restarts::
"/etc/init.d/sshd reload"
handle => "sshd_restart",
comment => "Restart sshd if the configuration file was modified";
services:
"ssh"
service_policy => "start";
}
bundle agent edit_sysctl
{
files:
"$(configfiles.files[sysctl])"
handle => "edit_sysctl",
comment => "Make sure sysctl.conf contains desired configuration",
create => "true",
edit_line => set_variable_values("configfiles.sysctl"),
classes => if_repaired("sysctl_modified");
commands:
sysctl_modified&!no_restarts::
"/sbin/sysctl -p"
handle => "reload_sysctl",
comment => "Make sure new sysctl settings are loaded";
}
错误输出:
inputs]# cf-agent --no-lock --inform --file ./setting_configs.cf
error: Promised to edit '$(configfiles.files[sshdconfig])', but file does not exist
error: Method 'edit_sshd' failed in some repairs
我已确认 sshd_config 文件已就位。无法弄清楚为什么 cfEngine 看不到它。
只是使用了错误的变量名;尝试调用 "sshdconfigs" 应该只是 "sshd"
** 2016 年 4 月 15 日编辑 使用绝对路径引用 stdlib 得到了我执行的承诺,现在我遇到的错误发生了变化。查看该错误输出的最后一个代码块。
对 CFEngine 3.5 使用 this reference material(这是我从 da boss 那里得到的)但我正在为 3.8 环境编写承诺。这导致我不正确地使用 stdlib 并且语法很差。
我现在看到的在调用时有以下承诺和错误输出。
承诺:
{
inputs =>
# COPBL/Custom libraries. Eventually this should use wildcards.
#@(cfengine_stdlib.inputs)
{ "/var/cfengine/inputs/lib/stdlib.cf" }; #Edited this line 4/15/2016
bundlesequence => { "configfiles" };
}
bundle agent configfiles
{
vars:
# Files to edit
"files[sysctl]" string => "/etc/sysctl.conf";
"files[sshd]" string => "/etc/ssh/sshd_config";
"files[inittab]" string => "/etc/inittab";
# Sysctl variables to set
"sysctl[net.ipv4.ip_forward]" string => "0";
"sysctl[net.ipv4.conf.default.rp_filter]" string => "1";
"sysctl[net.ipv4.conf.default.accept_source_route]" string => "0";
"sysctl[kernel.sysrq]" string => "0";
"sysctl[kernel.core_uses_pid]" string => "1";
"sysctl[net.ipv4.tcp_syncookies]" string => "1";
"sysctl[net.bridge.bridge-nf-call-ip6tables]" string => "0";
"sysctl[net.bridge.bridge-nf-call-iptables]" string => "0";
"sysctl[net.bridge.bridge-nf-call-arptables]" string => "0";
# SSHD configuration to set
#
"sshd[Protocol]" string => "2";
"sshd[SyslogFacility]" string => "yes";
"sshd[LoginGraceTime]" string => "2m";
"sshd[PermitRootLogin]" string => "no";
"sshd[StrictModes]" string => "yes";
"sshd[MaxAuthTries]" string => "3";
"sshd[RSAAuthentication]" string => "yes";
"sshd[PubkeyAuthentication]" string => "yes";
"sshd[PasswordAuthentication]" string => "no";
"sshd[ChallengeResponseAuthentication]" string => "no";
"sshd[GSSAPIAuthentication]" string => "no";
"sshd[UsePAM]" string => "yes";
"sshd[X11Forwarding]" string => "yes";
"sshd[UsePrivilegeSeparation]" string => "yes";
"sshd[UseDNS]" string => "no";
methods:
"sysctl" usebundle => edit_sysctl;
"sshd" usebundle => edit_sshd;
"inittab" usebundle => edit_inittab;
}
bundle agent edit_inittab
{
files:
"$(configfiles.files[inittab])"
handle => "inittab_set_initdefault",
comment => "Default runmode=5",
create => "false",
edit_defaults => backup_timestamp,
edit_line => set_colon_field("id","2","5");
}
bundle agent edit_sshd
{
files:
"$(configfiles.files[sshdconfig])"
handle => "edit_sshd",
comment => "Set desired sshd_config parameters",
edit_line => set_config_values("configfiles.sshd"),
classes => if_repaired("restart_sshd");
commands:
restart_sshd&!no_restarts::
"/etc/init.d/sshd reload"
handle => "sshd_restart",
comment => "Restart sshd if the configuration file was modified";
services:
"ssh"
service_policy => "start";
}
bundle agent edit_sysctl
{
files:
"$(configfiles.files[sysctl])"
handle => "edit_sysctl",
comment => "Make sure sysctl.conf contains desired configuration",
create => "true",
edit_line => set_variable_values("configfiles.sysctl"),
classes => if_repaired("sysctl_modified");
commands:
sysctl_modified&!no_restarts::
"/sbin/sysctl -p"
handle => "reload_sysctl",
comment => "Make sure new sysctl settings are loaded";
}
错误输出:
inputs]# cf-agent --no-lock --inform --file ./setting_configs.cf
error: Promised to edit '$(configfiles.files[sshdconfig])', but file does not exist
error: Method 'edit_sshd' failed in some repairs
我已确认 sshd_config 文件已就位。无法弄清楚为什么 cfEngine 看不到它。
只是使用了错误的变量名;尝试调用 "sshdconfigs" 应该只是 "sshd"