Revision db1ad675
Added by Benoît PECCATTE about 6 years ago
techniques/system/distributePolicy/1.0/metadata.xml | ||
---|---|---|
<NAME>SUB_NODES_ID</NAME>
|
||
<NAME>SUB_NODES_KEYHASH</NAME>
|
||
<NAME>SUB_NODES_SERVER</NAME>
|
||
<NAME>RELAY_SYNC_METHOD</NAME>
|
||
<NAME>RELAY_SYNC_PROMISES</NAME>
|
||
<NAME>RELAY_SYNC_SHAREDFILES</NAME>
|
||
</SYSTEMVARS>
|
||
|
||
<SECTIONS>
|
||
<!-- The following sections are for reporting only -->
|
||
<SECTION name="Propagate promises" component="true"/>
|
||
<SECTION name="Synchronize policies" component="true"/>
|
||
<SECTION name="Synchronize files" component="true"/>
|
||
<SECTION name="Synchronize resources" component="true"/>
|
||
<SECTION name="Send inventories to Rudder server" component="true"/>
|
||
<SECTION name="Configure ncf" component="true"/>
|
||
</SECTIONS>
|
techniques/system/distributePolicy/1.0/propagatePromises.st | ||
---|---|---|
root_server::
|
||
"rudder_tools_updated_exists" expression => fileexists("${g.rudder_tools_updated_origin}");
|
||
|
||
!root_server::
|
||
# configure the Relay synchronization method
|
||
"sync_method_disabled" expression => strcmp("&RELAY_SYNC_METHOD&", "disable");
|
||
"sync_method_rsync" expression => strcmp("&RELAY_SYNC_METHOD&", "rsync");
|
||
"sync_promises" expression => strcmp("&RELAY_SYNC_PROMISES&", "true");
|
||
"sync_sharedfiles" expression => strcmp("&RELAY_SYNC_SHAREDFILES&", "true");
|
||
|
||
"disable_classic_promises" expression => "sync_method_rsync|sync_method_disabled";
|
||
"disable_classic_sharedfiles" expression => "sync_method_rsync|sync_method_disabled";
|
||
|
||
"rsync_promises" expression => "sync_promises.sync_method_rsync";
|
||
"rsync_sharedfiles" expression => "sync_sharedfiles.sync_method_rsync";
|
||
|
||
any::
|
||
"pass3" expression => "pass2";
|
||
"pass2" expression => "pass1";
|
||
"pass1" expression => "any";
|
||
|
||
# Detect if relay-server protocols works ok (update is ok), but nothing to update (no node behind the relay)
|
||
# Class definition for no propagate promises transfer, but correct promises transfer -> folder for promises for relay is empty on the server, or folder inexistent
|
||
pass3::
|
||
"update_successful" expression => "root_server|((rudder_ncf_hash_update_ok|(rudder_ncf_hash_update_repaired.rudder_ncf_common_updated_ok.rudder_ncf_local_updated_ok)).(rudder_promises_generated_tmp_file_kept|(rudder_promises_generated_tmp_file_repaired.config_ok)).!(rudder_promises_generated_tmp_file_error|rudder_tools_updated_error|rudder_tools_update_error|rudder_ncf_common_update_error|rudder_ncf_local_update_error|no_update|rudder_ncf_hash_update_error))";
|
||
|
||
"empty_promises_to_propagate" expression => "update_successful.!promises_propagated";
|
||
"promises_to_propagate_not_copied" expression => "!update_successful.!promises_propagated";
|
||
|
||
"sharedfiles_not_existent" expression => "update_successful.!shared_files_propagated"; # If shared-files doesn't exist, error class is defined, if it is empty, no class is defined
|
||
"sharedfiles_not_copied" expression => "!update_successful.could_not_propagate_shared_files";
|
||
|
||
... | ... | |
comment => "Enforce the ncf configuration file",
|
||
classes => classes_generic("configure_ncf_config");
|
||
|
||
(policy_server|role_rudder_relay_promises_only).!root_server::
|
||
(policy_server|role_rudder_relay_promises_only).!root_server.!disable_classic_promises::
|
||
|
||
"${client_data}" #that's a loop on each files in client_inputs
|
||
copy_from => remote("${server_info.cfserved}","${server_data}"),
|
||
depth_search => recurse_visible("inf"),
|
||
comment => "Fetching the promises to propagate",
|
||
classes => if_else("promises_propagated", "could_not_propagate_promise");
|
||
classes => if_else("promises_propagated", "could_not_propagate_promises");
|
||
|
||
(policy_server|role_rudder_relay_promises_only).!root_server.!disable_classic_sharedfiles::
|
||
"&SHARED_FILES_FOLDER&"
|
||
copy_from => remote("${server_info.cfserved}","&SHARED_FILES_FOLDER&"),
|
||
depth_search => recurse_visible("inf"),
|
||
comment => "Fetching the files shared for the promises execution",
|
||
classes => if_else("files_propagated", "could_not_propagate_files");
|
||
|
||
(policy_server|role_rudder_relay_promises_only).!root_server::
|
||
"${g.rudder_var}/shared-files/"
|
||
copy_from => remote("${server_info.cfserved}","${g.rudder_var}/shared-files/${g.uuid}/shared-files"),
|
||
depth_search => recurse_visible("inf"),
|
||
... | ... | |
comment => "Fetching the ncf common to propagate",
|
||
classes => if_else("ncf_common_promises_propagated", "could_not_propagate_ncf_common_promise");
|
||
|
||
"&SHARED_FILES_FOLDER&"
|
||
copy_from => remote("${server_info.cfserved}","&SHARED_FILES_FOLDER&"),
|
||
depth_search => recurse_visible("inf"),
|
||
comment => "Fetching the files shared for the promises execution",
|
||
classes => if_else("files_propagated", "could_not_propagate_files");
|
||
|
||
"${g.rudder_tools}"
|
||
copy_from => remote_unsecured("${server_info.cfserved}","${g.rudder_tools}"),
|
||
... | ... | |
!root_server::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_na", "&TRACKINGKEY&", "Configure ncf", "None", "Configuration of configuration library is not necessary on non root servers");
|
||
|
||
# Success if files are updated or not changed (kept or repaired).
|
||
# root server have only tools to be updated and others have tools,
|
||
# promises, masterfiles folder to be updated.
|
||
pass3.(((root_server.propagate_tools_ok)|(!root_server.propagate_tools_ok.(promises_propagated|empty_promises_to_propagate).(shared_files_propagated|sharedfiles_not_existent).masterfiles_propagated.ncf_local_promises_propagated.ncf_common_promises_propagated.nodeslist_copied)).!(propagate_tools_error|promises_to_propagate_not_copied|sharedfiles_not_copied|could_not_propagate_masterfiles|could_not_propagate_ncf_local_promise|could_not_propagate_ncf_common_promise|could_not_copy_nodeslist))::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_success", "&TRACKINGKEY&", "Propagate promises", "None", "All files have been propagated");
|
||
pass3.promises_to_propagate_not_copied::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Propagate promises", "None", "Cannot propagate policy");
|
||
# Success if resources are updated or not changed (kept or repaired).
|
||
# root server have only tools and nodelist to be updated
|
||
# relays have tools, ncf, masterfiles nodelist and shared_files folder to be updated.
|
||
pass3.root_server.propagate_tools_ok.nodeslist_copied.!(propagate_tools_error|could_not_copy_nodeslist)::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_success", "&TRACKINGKEY&", "Synchronize resources", "None", "All resources have been updated");
|
||
|
||
pass3.!root_server.propagate_tools_ok.(shared_files_propagated|sharedfiles_not_existent).masterfiles_propagated.ncf_local_promises_propagated.ncf_common_promises_propagated.nodeslist_copied).!(propagate_tools_error|sharedfiles_not_copied|could_not_propagate_masterfiles|could_not_propagate_ncf_local_promise|could_not_propagate_ncf_common_promise|could_not_copy_nodeslist))::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_success", "&TRACKINGKEY&", "Synchronize resources", "None", "All resources have been synchronized");
|
||
|
||
pass3.sharedfiles_not_copied::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Propagate promises", "None", "Cannot propagate shared files");
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Synchronize resources", "None", "Cannot synchronize shared files");
|
||
|
||
pass3.root_server::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_na", "&TRACKINGKEY&", "Synchronize policies", "None", "Rudder server does not need to synchronize its policies");
|
||
pass3.(sync_method_disabled|(!sync_promises.sync_method_rsync))::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_na", "&TRACKINGKEY&", "Synchronize policies", "None", "Policies need to be synchronized by an external system");
|
||
|
||
pass3.could_not_propagate_promises.((!sync_method_rsync.!update_successful)|sync_method_rsync)::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Synchronize policies", "None", "Cannot synchronize policies");
|
||
|
||
pass3.promises_propagated.sync_method_rsync::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_success", "&TRACKINGKEY&", "Synchronize policies", "None", "Policies synchronized using rsync");
|
||
pass3.(promises_propagated|(could_not_propagate_promises.update_successful)).!sync_method_rsync::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_success", "&TRACKINGKEY&", "Synchronize policies", "None", "Policies synchronized using classic method");
|
||
|
||
pass3.root_server::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_na", "&TRACKINGKEY&", "Synchronize files", "None", "Rudder server does not need to synchronize its shared files");
|
||
pass3.(sync_method_disabled|(!sync_sharedfiles.sync_method_rsync))::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_na", "&TRACKINGKEY&", "Synchronize files", "None", "Shared files need to be synchronized by an external system");
|
||
|
||
pass3.could_not_propagate_files::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Propagate promises", "None", "Cannot propagate shared files");
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Synchronize files", "None", "Cannot propagate shared files");
|
||
|
||
pass3.files_propagated.sync_method_rsync::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_success", "&TRACKINGKEY&", "Synchronize files", "None", "Shared files synchronized using rsync");
|
||
pass3.(files_propagated|(could_not_propagate_files.update_successful)).!sync_method_rsync::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_success", "&TRACKINGKEY&", "Synchronize files", "None", "Shared files synchronized using classic method");
|
||
|
||
|
||
|
||
pass3.propagate_tools_error::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Propagate promises", "None", "Cannot propagate tools");
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Synchronize resources", "None", "Cannot propagate tools");
|
||
|
||
pass3.could_not_propagate_ncf_local_promise::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Propagate promises", "None", "Cannot propagate local configuration library");
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Synchronize resources", "None", "Cannot propagate local configuration library");
|
||
|
||
pass3.could_not_propagate_ncf_common_promise::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Propagate promises", "None", "Cannot propagate common configuration library");
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Synchronize resources", "None", "Cannot propagate common configuration library");
|
||
|
||
pass3.could_not_propagate_masterfiles::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Propagate promises", "None", "Cannot propagate masterfiles");
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Synchronize resources", "None", "Cannot propagate masterfiles");
|
||
|
||
pass3.could_not_copy_license::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "log_warn", "&TRACKINGKEY&", "Propagate promises", "None", "Cannot copy local license");
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "log_warn", "&TRACKINGKEY&", "Synchronize resources", "None", "Cannot copy local license");
|
||
|
||
pass3.could_not_copy_nodeslist::
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "log_warn", "&TRACKINGKEY&", "Propagate nodeslist", "None", "Cannot copy local nodes list");
|
||
"any" usebundle => rudder_common_report("DistributePolicy", "log_warn", "&TRACKINGKEY&", "Synchronize resources", "None", "Cannot copy local nodes list");
|
||
|
||
commands:
|
||
policy_server.!root_server.rsync_promises::
|
||
"/usr/bin/rsync --archive --checksum --compress --sparse --delete ${server_info.cfserved}:${server_data}/ ${client_data}"
|
||
classes => if_else("promises_propagated", "could_not_propagate_promises");
|
||
policy_server.!root_server.rsync_sharedfiles::
|
||
"/usr/bin/rsync --archive --checksum --compress --sparse --delete ${server_info.cfserved}:&SHARED_FILES_FOLDER&/ &SHARED_FILES_FOLDER&/"
|
||
classes => if_else("files_propagated", "could_not_propagate_files");
|
||
|
||
}
|
||
|
Also available in: Unified diff
Fixes #11631: Implement disable-flag for policy server policy copy for nodes