From 45a9fab6deb69766608be50eb23aa23bd44f685b Mon Sep 17 00:00:00 2001 From: Nick Anderson Date: Fri, 18 Aug 2023 12:07:45 -0500 Subject: [PATCH] Added ability to enable backup archives during policy update By default CFEngine creates backups of files when they are modified. These backups are created by default in the same directory as the file that changed. Files in $(sys.inputdir) are affected by this as well, but the default policy update and sync settings result in these backups being culled since they do not exist at the distribution point. This change adds the capability to enable backing up files that change in $(sys.inputdir) to a single location. Note: A similar setting already exists that applies to promises.cf (normal agent runs). But it seems undesirable that the same configuration applies to the update policy, resulting in backups of all changes to policy locally on the host, hence the introduction of this new configuration option. Ticket: ENT-10481 Changelog: Title --- MPF.md | 44 ++++++++++++++++++++++++++++++++++++++- controls/update_def.cf.in | 9 ++++++++ update.cf | 6 ++++++ 3 files changed, 58 insertions(+), 1 deletion(-) diff --git a/MPF.md b/MPF.md index 613054251..8d7b3274e 100644 --- a/MPF.md +++ b/MPF.md @@ -1691,7 +1691,49 @@ For example: } ``` -**History**: Added in 3.10.1 +**Notes:** + +- This applies to `promises.cf`. + + +**History:** + +- Introduced in CFEngine 3.10.1 + +### Configure default repository for file backups during policy update + +By default the agent creates a backup of a file before it is edited in the same +directory as the edited file. This happens during policy update but the backup +files are culled by default as part of the default sync behavior. + +Defining the `default:mpf_update_control_agent_default_repository` class will +cause these backups to be placed in `$(sys.workdir)/backups`. Customize the +backup directory by setting `default:update_def.control_agent_default_backup`. + +For example: + +``` +{ + "classes": { + "default:mpf_update_control_agent_default_repository": { + "class_expressions": [ "any::" ] + } + }, + "variables": { + "default:update_def.control_agent_default_repository": { + "value": "/var/cfengine/policy-update-backups" + } + } +} +``` + +**Notes:** + +- This applies to `update.cf`. + +**History:** + +- Introduced in CFEngine 3.23.0 ### Configure periodic package inventory refresh interval diff --git a/controls/update_def.cf.in b/controls/update_def.cf.in index 58d226839..5c23cffd6 100644 --- a/controls/update_def.cf.in +++ b/controls/update_def.cf.in @@ -120,6 +120,15 @@ bundle common update_def # enable_cfengine_enterprise_hub_ha is defined below # Disabled by default + # If we want to use the backup repository for update (because the class is + # defined) and if the location is not already configured (via Augments), + # set a default. + + "control_agent_default_repository" -> { "ENT-10481" } + string => "$(sys.workdir)/backups", + if => and( "mpf_update_control_agent_default_repository", + not( isvariable( "control_agent_default_repository" ) ) ); + enable_cfengine_enterprise_hub_ha:: "standby_servers" slist => filter("$(sys.policy_hub)", "ha_def.ips", false, true, 10); "policy_servers" slist => { "$(sys.policy_hub)", "@(standby_servers)" }; diff --git a/update.cf b/update.cf index 38319bafe..8019eae6c 100644 --- a/update.cf +++ b/update.cf @@ -158,6 +158,12 @@ body agent control agentfacility => "$(default:update_def.control_agent_agentfacility)"; + mpf_update_control_agent_default_repository:: + + # Location to backup files before they are edited by cfengine + + default_repository => "$(update_def.control_agent_default_repository)"; + } #############################################################################