-
Notifications
You must be signed in to change notification settings - Fork 0
/
update.cf
112 lines (90 loc) · 4.14 KB
/
update.cf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
###############################################################################
#
# update.cf - Basic Update Policy
#
###############################################################################
body common control
{
bundlesequence => {
"update_def",
"u_cfengine_enterprise",
@(u_cfengine_enterprise.def),
"cfe_internal_dc_workflow",
"cfe_internal_update_policy",
"cfengine_internal_standalone_self_upgrade",
"cfe_internal_update_processes",
@(update_def.bundlesequence_end), # Define control_common_update_bundlesequnce_end via augments
};
version => "update.cf $(update_def.current_version)";
inputs => {
"cfe_internal/update/lib.cf",
"cfe_internal/update/systemd_units.cf",
@(cfengine_update_controls.update_def_inputs),
"cfe_internal/update/cfe_internal_dc_workflow.cf",
"cfe_internal/update/cfe_internal_local_git_remote.cf",
"cfe_internal/update/cfe_internal_update_from_repository.cf",
"cfe_internal/update/update_policy.cf",
"cfe_internal/update/update_processes.cf",
@(update_def.augments_inputs)
};
any::
ignore_missing_bundles => "$(update_def.control_common_ignore_missing_bundles)";
ignore_missing_inputs => "$(update_def.control_common_ignore_missing_inputs)";
}
#############################################################################
bundle common cfengine_update_controls
{
vars:
"update_def_inputs"
slist => {
"controls/update_def.cf",
"controls/update_def_inputs.cf",
};
reports:
DEBUG|DEBUG_cfengine_update_controls::
"DEBUG $(this.bundle): update def inputs='$(update_def_inputs)'";
}
bundle agent cfengine_internal_standalone_self_upgrade
# @brief Manage the version of CFEngine that is currently installed. This policy
# executes a stand alone policy as a sub agent. If systemd is found we assume
# that it is necessary to escape the current unit via systemd-run.
{
vars:
"exec_prefix"
string => ifelse( isexecutable("/bin/systemd-run"), "/bin/systemd-run --unit=cfengine-upgrade --scope ", # trailing space in commands important
isexecutable( "/usr/bin/systemd-run" ), "/usr/bin/systemd-run --unit=cfengine-upgrade --scope ",
"");
"desired_pkg_data_path" -> { "ENT-3592" }
string => "$(sys.statedir)/MPF/desired-cfengine-package-version.json";
"desired_pkg_data" -> { "ENT-3592" }
data => readjson( $(desired_pkg_data_path), inf ),
if => fileexists( $(desired_pkg_data_path) );
classes:
# If we are running the version desired by the self upgrade policy
"at_desired_version" -> { "ENT-3592" }
expression => strcmp( "$(desired_pkg_data[version])", "$(sys.cf_version)" );
# If we are running the version explicitly defined by the user
"at_desired_version" -> { "ENT-3592" }
expression => strcmp( "$(def.cfengine_software_pkg_version)", "$(sys.cf_version)" );
commands:
trigger_upgrade.!at_desired_version::
"$(exec_prefix)$(sys.cf_agent)"
handle => "standalone_self_upgrade",
args => '--inform --timestamp --file "$(this.promise_dirname)$(const.dirsep)standalone_self_upgrade.cf" --define trigger_upgrade,update_cf_initiated';
reports:
inform_mode|verbose_mode|DEBUG|DEBUG_cfengine_internal_standalone_self_upgrade::
"Skipped self upgrade because we are running the desired version $(sys.cf_version)" -> { "ENT-3592" }
if => "at_desired_version";
}
body agent control
{
ifelapsed => "1";
skipidentify => "true";
}
#############################################################################
body classes u_kept_successful_command
# @brief Set command to "kept" instead of "repaired" if it returns 0
{
kept_returncodes => { "0" };
failed_returncodes => { "1" };
}