forked from cfengine/masterfiles
-
Notifications
You must be signed in to change notification settings - Fork 0
/
update.cf
109 lines (82 loc) · 3.9 KB
/
update.cf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
###############################################################################
#
# update.cf - Basic Update Policy
#
###############################################################################
body common control
{
bundlesequence => {
"update_def",
"cfe_internal_dc_workflow",
"cfe_internal_update_policy",
"cfe_internal_update_processes",
"cfe_internal_update_bins"
};
version => "update.cf 3.6.0";
inputs => {
"update/update_bins.cf",
"update/cfe_internal_dc_workflow.cf",
"update/cfe_internal_local_git_remote.cf",
"update/cfe_internal_update_from_repository.cf",
"update/update_policy.cf",
"update/update_processes.cf"
};
}
#############################################################################
body agent control
{
ifelapsed => "1";
skipidentify => "true";
}
#############################################################################
bundle common update_def
{
vars:
"input_name_patterns" slist => { ".*.cf",".*.dat",".*.txt", ".*.conf", ".*.mustache",
"cf_promises_release_id" },
comment => "Filename patterns to match when updating the policy (see update/update_policy.cf)",
handle => "common_def_vars_input_name_patterns";
# the permissions for your masterfiles, which will propagate to inputs
"masterfiles_perms_mode" string => "0600",
handle => "common_def_vars_masterfiles_perms_mode";
"dc_scripts" string => "/var/cfengine/httpd/htdocs/api/dc-scripts",
comment => "Directory where design center scripts are located on Enterprise Hub";
"DCWORKFLOW" string => "/opt/cfengine",
comment => "Directory where DC Workflow related things are stored";
"masterfiles_staging" string => "$(DCWORKFLOW)/masterfiles_staging",
comment => "Directory where Mission Portal Design Center
activations are staged for commit to upstream repository";
"local_masterfiles_git" string => "$(DCWORKFLOW)/masterfiles.git",
comment => "Local bare git repository, serves as OOTB upstream repo";
"cf_git" string => "$(sys.workdir)/bin/git",
comment => "Path to git binary installed with CFEngine Enterprise";
"cf_apache_user" string => "cfapache",
comment => "User that CFEngine Enterprise webserver runs as",
handle => "common_def_vars_cf_cfapache_user";
"cf_apache_group" string => "cfapache",
comment => "Group that CFEngine Enterprise webserver runs as",
handle => "common_def_vars_cf_cfapache_group";
classes:
# Update masterfiles from Git
# Enabled for enterprise users by default
# you can also request it from the command line with
# -Dcfengine_internal_masterfiles_update
# NOTE THAT ENABLING THIS BY DEFAULT *WILL* OVERWRITE THE HUB'S /var/cfengine/masterfiles
#"cfengine_internal_masterfiles_update" expression => "enterprise.!(cfengine_3_4|cfengine_3_5)";
"cfengine_internal_masterfiles_update" expression => "!any";
# Transfer policies and binaries with encryption
# you can also request it from the command line with
# -Dcfengine_internal_encrypt_transfers
# NOTE THAT THIS CLASS ALSO NEEDS TO BE SET IN def.cf
"cfengine_internal_encrypt_transfers" expression => "!any";
# Purge policies that don't exist on the server side.
# you can also request it from the command line with
# -Dcfengine_internal_purge_policies
# NOTE THAT THIS CLASS ALSO NEEDS TO BE SET IN def.cf
"cfengine_internal_purge_policies" expression => "!any";
}
body classes u_kept_successful_command
# @brief Set command to "kept" instead of "repaired" if it returns 0
{
kept_returncodes => { "0" };
}