-
Notifications
You must be signed in to change notification settings - Fork 0
/
update.cf
92 lines (71 loc) · 2.22 KB
/
update.cf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
###############################################################################
#
# update.cf - Basic Update Policy
#
###############################################################################
body common control
{
bundlesequence => { "def", "update_def", "update_inputs" };
inputs => { "def.cf" };
version => "update.cf 3.6.2";
}
#############################################################################
body agent control
{
ifelapsed => "1";
skipidentify => "true";
}
#############################################################################
bundle common update_def
{
vars:
"input_name_patterns" slist => { ".*\.cf",".*\.dat",".*\.txt", ".*\.conf", ".*\.mustache", "cf_promises_release_id", ".*\.json" },
comment => "Filename patterns to match when updating the policy (see update/update_policy.cf)",
handle => "common_def_vars_input_name_patterns";
# the permissions for your masterfiles, which will propagate to inputs
"masterfiles_perms_mode" string => "0600",
handle => "common_def_vars_masterfiles_perms_mode";
# classes:
reports:
"$(current_branch)";
}
bundle agent update_inputs
{
files:
"$(def.dir_inputs)"
comment => "Copy the files from our deployed branch",
handle => "cfe_internal_update_policy_check_valid_update",
copy_from => u_rcp("$(def.dir_masterfiles)", @(def.policy_servers)),
action => u_immediate,
classes => u_if_repaired("validated_updates_ready");
}
body classes u_kept_successful_command
# @brief Set command to "kept" instead of "repaired" if it returns 0
{
kept_returncodes => { "0" };
failed_returncodes => { "1" };
}
body copy_from u_rcp(from,server)
{
source => "$(from)";
compare => "digest";
trustkey => "false";
!am_policy_hub::
servers => { "$(server)" };
cfengine_internal_encrypt_transfers::
encrypt => "true";
cfengine_internal_purge_policies::
purge => "true";
}
#########################################################
body copy_from u_cp(from)
{
source => "$(from)";
compare => "digest";
}
body classes u_if_repaired(x){
promise_repaired => { "$(x)" };
}
body action u_immediate{
ifelapsed => "0";
}