CFEngine define global classes and commands
by Ladowny from LinuxQuestions.org on (#6CXD9)
I have a promise that copies fail2ban jails configuration for Apache2 and restarts fail2ban. How can I define these classes and commands globally to make them available for other bundles.
What I want to do is to restart service when its configuration changes becouse jails for another daemon are added.
For example, in this bundle I have 2 classes and 1 command to restart service defined
Code:bundle agent config_f2b
{
classes:
"hasApache24" expression => fileexists("/usr/sbin/apache2ctl");
"hasFail2Ban" expression => fileexists("/usr/bin/fail2ban-server");
files:
debian.hasApache24.hasFail2Ban::
"/etc/fail2ban/jail.d/apache.conf"
handle => "debian_copy_fail2ban_apache_conf" ,
perms => mog("644","root","root"),
copy_from => secure_cp("$(sys.workdir)/filerepo/fail2ban/apache.conf", "$(sys.policy_hub)"),
classes => if_repaired("restart_fail2ban"),
comment => "Update /etc/fail2ban/jail.d/apache.conf" ;
commands:
restart_fail2ban::
"/usr/sbin/service fail2ban restart"
handle => "restart_fail2ban",
comment => "Reloading fail2ban";
}and I would like to make it available to another example bundle
Code:bundle agent config_exim
{
files:
debian.hasApache24.hasFail2Ban::
"/etc/fail2ban/jail.d/exim.conf"
handle => "debian_copy_fail2ban_exim_conf" ,
perms => mog("644","root","root"),
copy_from => secure_cp("$(sys.workdir)/filerepo/fail2ban/exim.conf", "$(sys.policy_hub)"),
classes => if_repaired("restart_fail2ban"),
comment => "Update /etc/fail2ban/jail.d/exim.conf" ;
}Was thinking of using "bundle common", but according to the docs common bundles can only contain meta, default, vars, classes, and reports promises and I also need to run a command to restart service.
I am using common bundle to define a list of promise files and bundles.
Code:bundle common promise_setup
{
vars:
"bundles" slist => {
"..",
"config_f2b",
"config_exim",
"..."
} ;
"promise_files" slist
=> {
"Promise1.cf",
"Apache.cf",
"Exim.cf",
"OtherPromises.cf"
} ;So the question is - can these classes and commands be defined globally in some separate bundle included in "bundles" slist or do I need to have them defined separately in each bundle requiring them?
What I want to do is to restart service when its configuration changes becouse jails for another daemon are added.
For example, in this bundle I have 2 classes and 1 command to restart service defined
Code:bundle agent config_f2b
{
classes:
"hasApache24" expression => fileexists("/usr/sbin/apache2ctl");
"hasFail2Ban" expression => fileexists("/usr/bin/fail2ban-server");
files:
debian.hasApache24.hasFail2Ban::
"/etc/fail2ban/jail.d/apache.conf"
handle => "debian_copy_fail2ban_apache_conf" ,
perms => mog("644","root","root"),
copy_from => secure_cp("$(sys.workdir)/filerepo/fail2ban/apache.conf", "$(sys.policy_hub)"),
classes => if_repaired("restart_fail2ban"),
comment => "Update /etc/fail2ban/jail.d/apache.conf" ;
commands:
restart_fail2ban::
"/usr/sbin/service fail2ban restart"
handle => "restart_fail2ban",
comment => "Reloading fail2ban";
}and I would like to make it available to another example bundle
Code:bundle agent config_exim
{
files:
debian.hasApache24.hasFail2Ban::
"/etc/fail2ban/jail.d/exim.conf"
handle => "debian_copy_fail2ban_exim_conf" ,
perms => mog("644","root","root"),
copy_from => secure_cp("$(sys.workdir)/filerepo/fail2ban/exim.conf", "$(sys.policy_hub)"),
classes => if_repaired("restart_fail2ban"),
comment => "Update /etc/fail2ban/jail.d/exim.conf" ;
}Was thinking of using "bundle common", but according to the docs common bundles can only contain meta, default, vars, classes, and reports promises and I also need to run a command to restart service.
I am using common bundle to define a list of promise files and bundles.
Code:bundle common promise_setup
{
vars:
"bundles" slist => {
"..",
"config_f2b",
"config_exim",
"..."
} ;
"promise_files" slist
=> {
"Promise1.cf",
"Apache.cf",
"Exim.cf",
"OtherPromises.cf"
} ;So the question is - can these classes and commands be defined globally in some separate bundle included in "bundles" slist or do I need to have them defined separately in each bundle requiring them?