-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #10081: Use rudder agent run as cfruncommand #1111
Fixes #10081: Use rudder agent run as cfruncommand #1111
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are some changes needed to make it work
@@ -246,8 +246,9 @@ body server control | |||
# last single quote in cfruncommand is left open, so that | |||
# arguments (like -K and --remote-bundles) are properly appended. | |||
cfruncommand => "${def.cf_runagent_shell} -c \' | |||
${sys.cf_agent} -I -D cfruncommand -f failsafe.cf \&\& | |||
${sys.cf_agent} -I -D cfruncommand"; | |||
${g.rudder_command} agent update && |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you need to backslash the &
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and you will need an access rule for g.rudder_command, like
"$(g.rudder_command)" comment => "Grant access to rudder agent command for cfruncommand", admit => { ${def.policy_server} };
Commit modified |
4e03fde
to
f39400f
Compare
Commit modified |
f39400f
to
028429b
Compare
@@ -114,7 +114,7 @@ bundle server access_rules | |||
admit => { host2ip("${server_info.cfserved}"), string_downcase(escape("${server_info.cfserved}")) }; | |||
|
|||
!windows:: | |||
"${def.cf_runagent_shell}" | |||
"${g.rudder_command}" comment => "Grant access to rudder agent command for cfruncommand", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So we won't need the shll anywhere ?
I think it was because if download fails, promises are probably not up to date. |
Commit modified |
028429b
to
6dc112d
Compare
ping @peckpeck |
Commit modified |
6dc112d
to
b455281
Compare
OK, merging this PR |
https://www.rudder-project.org/redmine/issues/10081