Project

General

Profile

« Previous | Next » 

Revision cd961713

Added by Félix DALLIDET over 6 years ago

Fixes #11224: service technique

View differences:

maintained-techniques
systemSettings/networking/nfsServer/3.0
systemSettings/networking/routingManagement/2.0
systemSettings/process/servicesManagement/3.0
systemSettings/process/services/1.0
systemSettings/remoteAccess/sshConfiguration/4.0
systemSettings/remoteAccess/sshConfiguration/5.0
systemSettings/remoteAccess/sshKeyDistribution/3.0
techniques/systemSettings/process/services/1.0/metadata.xml
<!--
Copyright 2017 Normation SAS
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, Version 3.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<TECHNIQUE name="Services technique">
<DESCRIPTION>Check and enforce the state of services</DESCRIPTION>
<MULTIINSTANCE>true</MULTIINSTANCE>
<BUNDLES>
<NAME>services</NAME>
</BUNDLES>
<TMLS>
<TML name="services"/>
</TMLS>
<TRACKINGVARIABLE>
<SAMESIZEAS>SERVICES_TECHNIQUE_NAME</SAMESIZEAS>
</TRACKINGVARIABLE>
<SECTIONS>
<SECTION name="Services posthook" multivalued="false" component="true" componentKey="SERVICES_TECHNIQUE_NAME"/>
<SECTION name="Services boot status" multivalued="false" component="true" componentKey="SERVICES_TECHNIQUE_NAME"/>
<SECTION name="Services status" multivalued="true" component="true" componentKey="SERVICES_TECHNIQUE_NAME">
<INPUT>
<NAME>SERVICES_TECHNIQUE_NAME</NAME>
<DESCRIPTION>Service name (as seen in chkconfig or systemctl, or Windows tasks)</DESCRIPTION>
</INPUT>
<SELECT1>
<NAME>SERVICES_TECHNIQUE_STATUS</NAME>
<DESCRIPTION>Status</DESCRIPTION>
<ITEM>
<LABEL>Running</LABEL>
<VALUE>running</VALUE>
</ITEM>
<ITEM>
<LABEL>Stopped</LABEL>
<VALUE>stopped</VALUE>
</ITEM>
<ITEM>
<LABEL>Don't change</LABEL>
<VALUE>ignore</VALUE>
</ITEM>
<CONSTRAINT>
<DEFAULT>ignore</DEFAULT>
</CONSTRAINT>
</SELECT1>
<SELECT1>
<NAME>SERVICES_TECHNIQUE_BOOT</NAME>
<DESCRIPTION>Boot status</DESCRIPTION>
<ITEM>
<LABEL>Enabled</LABEL>
<VALUE>enabled</VALUE>
</ITEM>
<ITEM>
<LABEL>Disabled</LABEL>
<VALUE>disabled</VALUE>
</ITEM>
<ITEM>
<LABEL>Don't change</LABEL>
<VALUE>ignore</VALUE>
</ITEM>
<CONSTRAINT>
<DEFAULT>ignore</DEFAULT>
</CONSTRAINT>
</SELECT1>
<INPUT>
<NAME>SERVICES_TECHNIQUE_POSTHOOK</NAME>
<DESCRIPTION>Command to run in case of repaired result</DESCRIPTION>
<CONSTRAINT>
<MAYBEEMPTY>true</MAYBEEMPTY>
</CONSTRAINT>
</INPUT>
<SELECT1>
<NAME>SERVICES_TECHNIQUE_PERSISTENT</NAME>
<DESCRIPTION>Retry the posthook until success</DESCRIPTION>
<ITEM>
<LABEL>True</LABEL>
<VALUE>true</VALUE>
</ITEM>
<ITEM>
<LABEL>False</LABEL>
<VALUE>false</VALUE>
</ITEM>
<CONSTRAINT>
<DEFAULT>false</DEFAULT>
<MAYBEEMPTY>false</MAYBEEMPTY>
</CONSTRAINT>
</SELECT1>
</SECTION>
</SECTIONS>
</TECHNIQUE>
techniques/systemSettings/process/services/1.0/services.st
#####################################################################################
# Copyright 2017 Normation SAS
#####################################################################################
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, Version 3.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#####################################################################################
# Enforce the defined services parameters
bundle agent services
{
vars:
&SERVICES_TECHNIQUE_NAME:{service |"service[&i&]" string => "&service&";
}&
&SERVICES_TECHNIQUE_STATUS:{status |"status[&i&]" string => "&status&";
}&
&SERVICES_TECHNIQUE_BOOT:{boot |"boot[&i&]" string => "&boot&";
}&
&SERVICES_TECHNIQUE_POSTHOOK:{posthook |"posthook[&i&]" string => "&posthook&";
}&
&SERVICES_TECHNIQUE_POSTHOOK_PERSISTENT:{persitent |"persistent[&i&]" string => "&persistent&";
}&
&TRACKINGKEY:{trackingkey |"trackingkey[&i&]" string => "&trackingkey&";
}&
"index" slist => getindices("service");
"technique_name" string => "Services technique";
"service_canon[${index}]" string => canonify("${service[${index}]}");
"posthook_canon[${index}]" string => canonify("${posthook[${index}]}");
classes:
any::
"pass3" expression => "pass2";
"pass2" expression => "pass1";
"pass1" expression => "any";
"boot_enabled_${index}" expression => strcmp("${boot[${index}]}", "enabled");
"boot_disabled_${index}" expression => strcmp("${boot[${index}]}", "disabled");
"boot_dont_change_${index}" expression => strcmp("${boot[${index}]}", "ignore");
"status_running_${index}" expression => strcmp("${status[${index}]}", "running");
"status_stopped_${index}" expression => strcmp("${status[${index}]}", "stopped");
"status_dont_change_${index}" expression => strcmp("${status[${index}]}", "ignore");
#Posthook
"posthook_specified_${index}" not => strcmp("${posthook[${index}]}", "");
"posthook_persistent_${index}" expression => strcmp("${persistent[${index}]}", "true");
"status_repaired_${index}" expression => "service_ensure_running_${service_canon[${index}]}_repaired|service_ensure_stopped_${service_canon[${index}]}_repaired";
"boot_repaired_${index}" expression => "service_ensure_started_at_boot_${service_canon[${index}]}_repaired|service_ensure_disabled_at_boot_${service_canon[${index}]}_repaired";
"repaired_${index}" expression => "boot_repaired_${index}|status_repaired_${index}";
"posthook_lauch_${index}" expression => "posthook_specified_${index}.repaired_${index}";
"posthook_rerun_${index}" expression => "posthook_persistent_${index}.command_execution_${posthook_canon[${index}]}_failed",
scope =>"namespace",
persistence => "10000";
methods:
#Status
"apply_status_${index}" usebundle => service_ensure_running("${service[${index}]}"),
ifvarclass => "status_running_${index}";
"apply_status_${index}" usebundle => service_ensure_stopped("${service[${index}]}"),
ifvarclass => "status_stopped_${index}";
#Boot
"apply_boot_${index}" usebundle => service_ensure_started_at_boot("${service[${index}]}"),
ifvarclass => "boot_enabled_${index}";
"apply_boot_${index}" usebundle => service_ensure_disabled_at_boot("${service[${index}]}"),
ifvarclass => "boot_disabled_${index}";
#Posthook
"posthook_${index}" usebundle => command_execution("${posthook[${index}]}"),
ifvarclass => "posthook_lauch_${index}|posthook_rerun_${index}";
#Reporting
#Technique
"any" usebundle => rudder_common_reports_generic("${technique_name}", "service_ensure_running_${service_canon[${index}]}", "${trackingkey[${index}]}", "Services status", "${service[${index}]}", "The service status \"running\" for ${service[${index}]}"),
ifvarclass => "status_running_${index}";
"any" usebundle => rudder_common_reports_generic("${technique_name}", "service_ensure_stopped_${service_canon[${index}]}", "${trackingkey[${index}]}", "Services status", "${service[${index}]}", "The service status \"stopped\" for ${service[${index}]}"),
ifvarclass => "status_stopped_${index}";
"report_${index}" usebundle => rudder_common_report("${technique_name}", "result_na", "${trackingkey[${index}]}", "Services status", "${service[${index}]}", "No status imposed"),
ifvarclass => "status_dont_change_${index}";
"any" usebundle => rudder_common_reports_generic("${technique_name}", "service_ensure_started_at_boot_${service_canon[${index}]}", "${trackingkey[${index}]}", "Services boot status", "${service[${index}]}", "The service boot status \"enabled\" for ${service[${index}]}"),
ifvarclass => "boot_enabled_${index}";
"any" usebundle => rudder_common_reports_generic("${technique_name}", "service_ensure_disabled_at_boot_${service_canon[${index}]}", "${trackingkey[${index}]}", "Services boot status", "${service[${index}]}", "The service boot status \"disabled\" for ${service[${index}]}"),
ifvarclass => "boot_disabled_${index}";
"report_${index}" usebundle => rudder_common_report("${technique_name}", "result_na", "${trackingkey[${index}]}", "Services boot status", "${service[${index}]}", "No boot status imposed"),
ifvarclass => "boot_dont_change_${index}";
pass3::
#Posthook
#Case with execution
"any" usebundle => rudder_common_reports_generic("${technique_name}", "command_execution_${posthook_canon[${index}]}", "${trackingkey[${index}]}", "Services posthook", "${service[${index}]}", "The command ${posthook[${index}]} from postHook execution "),
ifvarclass => "command_execution_${posthook_canon[${index}]}_reached";
#Case without execution
"report_${index}" usebundle => rudder_common_report("${technique_name}", "result_na", "${trackingkey[${index}]}", "Services posthook", "${service[${index}]}", "No post-modification needed to run"),
ifvarclass => "!repaired_${index}.posthook_specified_${index}.!command_execution_${posthook_canon[${index}]}_reached";
#Case where no posthook set
"report_hook_${index}" usebundle => rudder_common_report("${technique_name}", "result_na", "${trackingkey[${index}]}", "Services posthook", "${service[${index}]}", "No post-modification set to run"),
ifvarclass => "!posthook_specified_${index}";
}
techniques/systemSettings/process/services/1.0/tests/test_service.cf
#!/usr/local/bin/ncf -f
bundle agent init {
methods:
"any" usebundle => file_remove("/tmp/test_output.log");
#Only for debian machine
"any" usebundle => package_present("ntp", "latest", "default", "apt");
"any" usebundle => command_execution("service ntp start"),
ifvarclass => "package_present_ntp_ok";
}
techniques/systemSettings/process/services/1.0/tests/test_service.json
{
"displayName": "Services technique",
"enabled": true,
"longDescription": "",
"parameters": {
"section": {
"name": "sections",
"sections": [
{
"section": {
"name": "Services boot status"
}
},
{
"section": {
"name": "Services posthook"
}
},
{
"section": {
"name": "Services status",
"vars": [
{
"var": {
"name": "SERVICES_TECHNIQUE_BOOT",
"value": "true"
}
},
{
"var": {
"name": "SERVICES_TECHNIQUE_NAME",
"value": "ntp"
}
},
{
"var": {
"name": "SERVICES_TECHNIQUE_PERSISTENT",
"value": "true"
}
},
{
"var": {
"name": "SERVICES_TECHNIQUE_POSTHOOK",
"value": "/bin/true"
}
},
{
"var": {
"name": "SERVICES_TECHNIQUE_STATUS",
"value": "false"
}
}
]
}
},
{
"section": {
"name": "Services status",
"vars": [
{
"var": {
"name": "SERVICES_TECHNIQUE_BOOT",
"value": "true"
}
},
{
"var": {
"name": "SERVICES_TECHNIQUE_NAME",
"value": "ssh"
}
},
{
"var": {
"name": "SERVICES_TECHNIQUE_PERSISTENT",
"value": "false"
}
},
{
"var": {
"name": "SERVICES_TECHNIQUE_POSTHOOK",
"value": ""
}
},
{
"var": {
"name": "SERVICES_TECHNIQUE_STATUS",
"value": "true"
}
}
]
}
}
]
}
},
"shortDescription": "",
"techniqueName": "services",
"techniqueVersion": "1.0"
}
techniques/systemSettings/process/services/1.0/tests/test_service.metadata
[{
"inits": ["test_service.cf"],
"directives": ["test_service.json", "test_service_cron.json"],
"checks": ["test_service.rb"],
"sharedFiles": [],
"compliance": 100
}]
techniques/systemSettings/process/services/1.0/tests/test_service.rb
require 'spec_helper'
describe service('ntp') do
it { should be_enabled }
it { should_not be_running }
end
describe service('ssh') do
it { should be_enabled }
it { should be_running }
end
describe service('cron') do
it { should_not be_enabled }
it { should be_running }
end
describe command('/bin/cat /tmp/test_output.log') do
its(:stdout) { should match /[\s\S]*?The service status \"stopped\" for ntp was repaired[\s\S]*?The command \/bin\/true from postHook execution was repaired/ }
end
techniques/systemSettings/process/services/1.0/tests/test_service_cron.json
{
"displayName": "cron Services technique",
"enabled": true,
"longDescription": "",
"parameters": {
"section": {
"name": "sections",
"sections": [
{
"section": {
"name": "Services boot status"
}
},
{
"section": {
"name": "Services posthook"
}
},
{
"section": {
"name": "Services status",
"vars": [
{
"var": {
"name": "SERVICES_TECHNIQUE_BOOT",
"value": "ignore"
}
},
{
"var": {
"name": "SERVICES_TECHNIQUE_NAME",
"value": "cron"
}
},
{
"var": {
"name": "SERVICES_TECHNIQUE_PERSISTENT",
"value": "false"
}
},
{
"var": {
"name": "SERVICES_TECHNIQUE_POSTHOOK",
"value": ""
}
},
{
"var": {
"name": "SERVICES_TECHNIQUE_STATUS",
"value": "ignore"
}
}
]
}
}
]
}
},
"shortDescription": "",
"techniqueName": "services",
"techniqueVersion": "1.0"
}

Also available in: Unified diff