Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-2017

Override classes defined from def.json are not set soon enough to have an effect on body agent control

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: Low
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      The new def.json feature as added in 3.7 makes it significantly easier to modify the behaviour of the stock MPF.

      body executor control and body server control both make use of this functionality for various variables like mailto, and acl.

      Having a class defined to guard default_repository to when it is enabled works if the class is defined directly in policy. However it does not work if that class is defined in the external data file.

      See how the default_repository is guarded in @body executor control@;

      <pre>
      [root@hub masterfiles]# grep -A3 cfengine_internal_enable_default_repository /var/cfengine/inputs/controls/3.7/cf_agent.cf
      cfengine_internal_enable_default_repository::

      1. If enabled, where files should be backed up when modified.
        default_repository => "$(def.default_repository)";
        </pre>

      See the class set directly in def.cf

      <pre>
      [root@hub masterfiles]# grep -A1 cfengine_internal_enable_default_repository /var/cfengine/inputs/controls/3.7/def.cf

      1. can be enabled by setting the `cfengine_internal_enable_default_repository`
      2. class.

        "cfengine_internal_enable_default_repository"
        expression => "any";
        </pre>

      And the policy run shows that the file was backed up to the default repository.

      <pre>
      [root@hub masterfiles]# cf-agent -KI
      info: Installing cfe_internal_non_existing_package...
      info: Moved '/tmp/date_1435695969_Tue_Jun_30_20_26_10_2015.cf-before-edit' to repository location '/var/cfengine/default_repository/_tmp_date_1435695969_Tue_Jun_30_20_26_10_2015_cf_before_edit'
      info: Edit file '/tmp/date'
      </pre>

      Now if the class is not set directly in policy

      <pre>

      [root@hub masterfiles]# grep -A1 cfengine_internal_enable_default_repository /var/cfengine/inputs/controls/3.7/def.cf

      1. can be enabled by setting the `cfengine_internal_enable_default_repository`
      2. class.

        "cfengine_internal_enable_default_repository"
        expression => "!any";
        </pre>

      But it is defined in def.json

      <pre>
      [root@hub masterfiles]# grep cfengine_internal_enable_default_repository /var/cfengine/inputs/def.json
      "cfengine_internal_enable_default_repository": [ "any" ],
      "cfengine_internal_enable_default_repository_cleanup": [ "any" ],
      </pre>

      You can see when the policy runs, the file is edited, but it is not copied to the default repository.

      <pre>
      [root@hub masterfiles]# cf-agent -KI
      info: Installing cfe_internal_non_existing_package...
      info: Edit file '/tmp/date'
      </pre>

      I suspect this is related to pre-eval and being limited to a single discovery pass. ....

      In def.cf it will first skip definition of the override classes because the vars havent been defined:

      ```
      "$(override_classes)" expression => "any", meta =>

      { "override" }

      ;

      ```

      And it won't define them until the normal agent run which is apparently too late (makes sense I guess) to modify the agent behavior. I guess other components that had settings guarded with classes defined from def.json would also be succeptable to this.

      executor control has a class for enabling agent email, but that is set by default directly in policy.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                a10042 Nick Anderson
                Reporter:
                a10042 Nick Anderson
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: