0

I'm wondering what's the best, fastest, easiest way to temporarily stop, in an emergency, a single cfengine client from performing a certain promise, without needing to change anything on the cfengine server (hub).

My solution so far has been to edit /var/cfengine/inputs/promises.cf and comment out the services I want to stop (in this case, I want cfengine to stop trying to restart mysqld). Then I restarted cfengine. I'm not sure if this is the best way though (or even if it will not break something). So far it seems to not have started anything on fire, but I'm just wondering if there's a more "accepted" way.

steev
  • 165
  • 7

2 Answers2

0

I believe the method you have used is the best one, although restarting CFEngine should not be necessary. Note that this will only be a temporary measure though. As soon as some policy changes on the policy server, it will trigger a redownload of policies which will overwrite the changes you made in /var/cfengine/inputs.

So make sure you make the changes on both sides. Making the change on the client inside /var/cfengine/inputs makes the change immediate, making it on the server inside /var/cfengine/masterfiles makes it permanent. This is a method I have used many times myself.

kacfengine
  • 16
0

Any change to inputs/ is going to get stomped next time cf-agent runs update.cf (fetching fresh masterfiles from the policy server and over-writing your edit). So your quick hack is apt to only work transiently, I think. This also means (unless I'm mistaken, which I may well be) that any non-transient fix necessarily involves editing policy on its server (the hub).

The edit to (general) policy would then condition the relevant promise on negation of some class set only on the specific host, e.g. by adding an ifvarclass => "!ipv4_10_20_30_40" attribute to the promise, if the host is 10.20.30.40. (Note that you can do the same with a class:: condition on the promise too, but this may affect later promises or tangle with any class:: condition already applicable to it.)

user284302
  • 1