Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-2429

Policy should manage cfengine service enablement for systemd hosts




      I have observed that on systemd hosts the cfengine3 service is not registered to start on system boot. This differs from how non systemd hosts pacakges behave.

      Other packages (to my knowledge) automatically configure the service to run on boot.

      This brings up an important point about the behaviour of newly installed packages on various platforms. Different platforms have different norms for service behaviour after initial package install. For example on EL hosts it is uncommon for servicecs to be started automatically or registered to start on boot as part of the package installation. Instead the administrator is expected to configure and start the service when desired. The norm for debian/ubuntu hosts is to automatically start the service after install and configure it to run on system start.

      I absolutely prefer the EL way requiring specific configuration for the service to be started. However I agree with Matt Simmons that we should simply follow the distro norm.

      • Should it be enabled via policy?
        • Most probably yes (the MPF has some support for agents_to_be_disabled and agents_to_be_enabled.
        • bundle agent enable_cfengine_agents(process) and bundle agent disable_cfengine_agents(process) manage starting and killing of the primary components.
        • bundle agent enable_cfengine_agents(process) looks for classes indicating a component should be disabled.
          "The process $(process) is persistently disabled.  Run with '-Dclear_persistent_disable_$(cprocess)' to re
          ifvarclass => "persistent_disable_$(cprocess)";
          "The process $(process) has been re-enabled.  Run with '-Dset_persistent_disable_$(cprocess)' to disable i
          ifvarclass => "clear_persistent_disable_$(cprocess)",
          classes => u_clear_always("persistent_disable_$(cprocess)");
          "The process $(process) has been disabled persistently.  Run with '-Dclear_persistent_disable_$(cprocess)'
          ifvarclass => "set_persistent_disable_$(cprocess)",
          classes => u_always_forever("persistent_disable_$(cprocess)");
      • Should it be enabled during the package install?
        • I have previously stood on the side of adhering to the platform defaults. I was shot down.
        • I still think following platform defaults is the right thing to do, but we have established a precedence with how our packages work.


          Issue Links



              • Assignee:
                a10042 Nick Anderson
                a10042 Nick Anderson
              • Votes:
                1 Vote for this issue
                3 Start watching this issue


                • Created:

                  Summary Panel