Created
July 9, 2011 18:33
-
-
Save fapestniegd/1073831 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########################################################################### | |
| # Copyright (C) Cfengine AS | |
| # | |
| # This program is free software; you can redistribute it and/or modify it | |
| # under the terms of the GNU General Public License as published by the | |
| # Free Software Foundation; version 3. | |
| # | |
| # This program is distributed in the hope that it will be useful, | |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| # GNU General Public License for more details. | |
| # | |
| # To the extent this program is licensed as part of the Enterprise | |
| # versions of Cfengine, the applicable Commerical Open Source License | |
| # (COSL) may apply to this file if you as a licensee so wish it. See | |
| # included file COSL.txt. | |
| ########################################################################### | |
| # | |
| # Cfengine Community Open Promise-Body Library | |
| # | |
| # This initiative started by Cfengine promotes a | |
| # standardized set of names and promise specifications | |
| # for template functionality within Cfengine 3. | |
| # | |
| # The aim is to promote an industry standard for | |
| # naming of configuration patterns, leading to a | |
| # de facto middleware of standardized syntax. | |
| # | |
| # Names should be intuitive and parameters should be | |
| # minimal to assist readability and comprehensibility. | |
| # Contributions to this file are voluntarily given to | |
| # the cfengine community, and are moderated by Cfengine. | |
| # No liability or warranty for misuse is implied. | |
| # | |
| # If you add to this file, please try to make the | |
| # contributions "self-documenting". Comments made | |
| # after the bundle/body statement are retained in | |
| # the online docs | |
| # | |
| # Subversion : $Rev: 64 $ | |
| # For Cfengine Core: 3.1.0 | |
| ################################################### | |
| # If you find Cfengine useful, please consider # | |
| # purchasing a commercial version of the software.# | |
| ################################################### | |
| ################################################### | |
| # edit_line bundles | |
| ################################################### | |
| bundle edit_line insert_lines(lines) | |
| { | |
| insert_lines: | |
| "$(lines)" | |
| comment => "Append lines if they don't exist"; | |
| } | |
| ## | |
| bundle edit_line comment_lines_matching(regex,comment) | |
| # Comment lines of a file matching a regex | |
| { | |
| replace_patterns: | |
| "^($(regex))$" | |
| replace_with => comment("$(comment)"), | |
| comment => "Search and replace string"; | |
| } | |
| ## | |
| bundle edit_line uncomment_lines_matching(regex,comment) | |
| # Uncomment lines of a file where the regex matches | |
| # the text after the comment string | |
| { | |
| replace_patterns: | |
| "^$(comment)\s?($(regex))$" | |
| replace_with => uncomment, | |
| comment => "Uncomment lines matching a regular expression"; | |
| } | |
| ## | |
| bundle edit_line comment_lines_containing(regex,comment) | |
| # Comment lines of a file containing a regex | |
| { | |
| replace_patterns: | |
| "^(.*$(regex).*)$" | |
| replace_with => comment("$(comment)"), | |
| comment => "Comment out lines in a file"; | |
| } | |
| ## | |
| bundle edit_line uncomment_lines_containing(regex,comment) | |
| # Uncomment lines of a file where the regex matches | |
| # the text after the comment string | |
| { | |
| replace_patterns: | |
| "^$(comment)\s?(.*$(regex).*)$" | |
| replace_with => uncomment, | |
| comment => "Uncomment a line containing a fragment"; | |
| } | |
| ## | |
| bundle edit_line delete_lines_matching(regex) | |
| { | |
| delete_lines: | |
| "$(regex)" | |
| comment => "Delete lines matching regular expressions"; | |
| } | |
| ## | |
| bundle edit_line warn_lines_matching(regex) | |
| { | |
| delete_lines: | |
| "$(regex)" | |
| comment => "Warn about lines in a file", | |
| action => warn_only; | |
| } | |
| ## | |
| bundle edit_line append_if_no_line(str) | |
| { | |
| insert_lines: | |
| "$(str)" | |
| comment => "Append a line to the file if it doesn't already exist"; | |
| } | |
| ## | |
| bundle edit_line append_if_no_lines(list) | |
| { | |
| insert_lines: | |
| "$(list)" | |
| comment => "Append lines to the file if they don't already exist"; | |
| } | |
| ## | |
| bundle edit_line resolvconf(search,list) | |
| # search is the search domains with space | |
| # list is an slist of nameserver addresses | |
| { | |
| delete_lines: | |
| "search.*" comment => "Reset search lines from resolver"; | |
| "nameserver.*" comment => "Reset nameservers in resolver"; | |
| insert_lines: | |
| "search $(search)" comment => "Add search domains to resolver"; | |
| "nameserver $(list)" comment => "Add name servers to resolver"; | |
| } | |
| ## | |
| bundle edit_line set_variable_values(v) | |
| # Sets the RHS of variables in the file of the form | |
| # LHS = RHS | |
| # Adds a new line if no LHS exists, repairs RHS values if one does exist | |
| # | |
| # To use: | |
| # 1) Define an array, where the keys are the LHS and the values are the RHS | |
| # "stuff[lhs-1]" string => "rhs1"; | |
| # "stuff[lhs-2]" string => "rhs2"; | |
| # 2) The parameter passed to the edit_line promise is the fully qualified | |
| # name of the array (i.e., "bundlename.stuff") WITHOUT any "$" or "@" | |
| { | |
| vars: | |
| "index" slist => getindices("$(v)"); | |
| # Be careful if the index string contains funny chars | |
| "cindex[$(index)]" string => canonify("$(index)"); | |
| field_edits: | |
| # match a line starting like the key = something | |
| "\s*$(index)\s*=.*" | |
| edit_field => col("=","2","$($(v)[$(index)])","set"), | |
| classes => if_ok("$(cindex[$(index)])_in_file"), | |
| comment => "Match a line starting like key = something"; | |
| insert_lines: | |
| "$(index)=$($(v)[$(index)])", | |
| comment => "Insert a variable definition", | |
| ifvarclass => "!$(cindex[$(index)])_in_file"; | |
| } | |
| ## | |
| bundle edit_line append_users_starting(v) | |
| # For adding to /etc/passwd or etc/shadow, needs | |
| # an array v[username] string => "line..." | |
| { | |
| vars: | |
| "index" slist => getindices("$(v)"); | |
| classes: | |
| "add_$(index)" not => userexists("$(index)"); | |
| insert_lines: | |
| "$($(v)[$(index)])", | |
| comment => "Append users into a password file format", | |
| ifvarclass => "add_$(index)"; | |
| } | |
| ## | |
| bundle edit_line append_groups_starting(v) | |
| # For adding groups to /etc/group, needs | |
| # an array v[groupname] string => "line..." | |
| { | |
| vars: | |
| "index" slist => getindices("$(v)"); | |
| classes: | |
| "add_$(index)" not => groupexists("$(index)"); | |
| insert_lines: | |
| "$($(v)[$(index)])", | |
| comment => "Append users into a group file format", | |
| ifvarclass => "add_$(index)"; | |
| } | |
| ## | |
| bundle edit_line set_user_field(user,field,val) | |
| # Set the value of field number "field" in | |
| # a :-field formatted file like /etc/passwd | |
| { | |
| field_edits: | |
| "$(user):.*" | |
| comment => "Edit a user attribute in the password file", | |
| edit_field => col(":","$(field)","$(val)","set"); | |
| } | |
| ## | |
| bundle edit_line append_user_field(group,field,allusers) | |
| # For adding users to to a file like /etc/group | |
| # at field position "field", comma separated subfields | |
| { | |
| vars: | |
| "val" slist => { @(allusers) }; | |
| field_edits: | |
| "$(group):.*" | |
| comment => "Append users into a password file format", | |
| edit_field => col(":","$(field)","$(val)","alphanum"); | |
| } | |
| ## | |
| bundle edit_line expand_template(templatefile) | |
| # Read in the named text file and expand $(var) | |
| # inside the file | |
| { | |
| insert_lines: | |
| "$(templatefile)" | |
| insert_type => "file", | |
| comment => "Expand variables in the template file", | |
| expand_scalars => "true"; | |
| } | |
| ## | |
| ## editing bodies | |
| ## | |
| body edit_field quoted_var(newval,method) | |
| { | |
| field_separator => "\""; | |
| select_field => "2"; | |
| value_separator => " "; | |
| field_value => "$(newval)"; | |
| field_operation => "$(method)"; | |
| extend_fields => "false"; | |
| allow_blank_fields => "true"; | |
| } | |
| ## | |
| body edit_field col(split,col,newval,method) | |
| { | |
| field_separator => "$(split)"; | |
| select_field => "$(col)"; | |
| value_separator => ","; | |
| field_value => "$(newval)"; | |
| field_operation => "$(method)"; | |
| extend_fields => "true"; | |
| allow_blank_fields => "true"; | |
| } | |
| ## | |
| body replace_with value(x) | |
| { | |
| replace_value => "$(x)"; | |
| occurrences => "all"; | |
| } | |
| ## | |
| body select_region INI_section(x) | |
| { | |
| select_start => "\[$(x)\]\s*"; | |
| select_end => "\[.*\]\s*"; | |
| } | |
| ## | |
| ## edit_defaults | |
| ## | |
| body edit_defaults std_defs | |
| { | |
| empty_file_before_editing => "false"; | |
| edit_backup => "false"; | |
| max_file_size => "300000"; | |
| } | |
| ## | |
| body edit_defaults empty | |
| { | |
| empty_file_before_editing => "true"; | |
| edit_backup => "false"; | |
| max_file_size => "300000"; | |
| } | |
| ## | |
| ## location | |
| ## | |
| body location start | |
| { | |
| before_after => "before"; | |
| } | |
| ## | |
| body location after(str) | |
| { | |
| before_after => "after"; | |
| select_line_matching => "$(str)"; | |
| } | |
| ## | |
| ## replace_with | |
| ## | |
| ## | |
| body replace_with comment(c) | |
| { | |
| replace_value => "$(c) $(match.1)"; | |
| occurrences => "all"; | |
| } | |
| ## | |
| body replace_with uncomment | |
| { | |
| replace_value => "$(match.1)"; | |
| occurrences => "all"; | |
| } | |
| #################################################### | |
| ## agent bodyparts | |
| #################################################### | |
| ## | |
| ## action | |
| ## | |
| body action if_elapsed(x) | |
| { | |
| ifelapsed => "$(x)"; | |
| expireafter => "$(x)"; | |
| } | |
| ## | |
| body action measure_performance(x) | |
| { | |
| measurement_class => "Detect changes in $(this.promiser)"; | |
| ifelapsed => "$(x)"; | |
| expireafter => "$(x)"; | |
| } | |
| ## | |
| body action warn_only | |
| { | |
| action_policy => "warn"; | |
| ifelapsed => "60"; | |
| } | |
| ## | |
| body action bg(elapsed,expire) | |
| { | |
| ifelapsed => "$(elapsed)"; # run only every 8 hours | |
| expireafter => "$(expire)"; | |
| background => "true"; | |
| } | |
| ## | |
| body action ifwin_bg | |
| { | |
| windows:: | |
| background => "true"; | |
| } | |
| ## | |
| body action immediate | |
| { | |
| ifelapsed => "0"; | |
| } | |
| ## | |
| body action policy(p) | |
| { | |
| action_policy => "$(p)"; | |
| } | |
| ## | |
| # Log a message to log=[/file|stdout] | |
| body action log_repaired(log,message) | |
| { | |
| log_string => "$(sys.date), $(message)"; | |
| log_repaired => "$(log)"; | |
| } | |
| ## | |
| ## contain | |
| ## | |
| body contain silent | |
| { | |
| no_output => "true"; | |
| } | |
| ## | |
| body contain in_dir(s) | |
| { | |
| chdir => "$(s)"; | |
| } | |
| ## | |
| body contain in_dir_shell(s) | |
| { | |
| chdir => "$(s)"; | |
| useshell => "true"; | |
| } | |
| ## | |
| body contain silent_in_dir(s) | |
| { | |
| chdir => "$(s)"; | |
| no_output => "true"; | |
| } | |
| ## | |
| body contain in_shell | |
| { | |
| useshell => "true"; | |
| } | |
| ## | |
| body contain setuid(x) | |
| { | |
| exec_owner => "$(x)"; | |
| useshell => "false"; | |
| } | |
| ## | |
| body contain setuid_sh(x) | |
| { | |
| exec_owner => "$(x)"; | |
| useshell => "true"; | |
| } | |
| ## | |
| body contain setuidgid_sh(owner,group) | |
| { | |
| exec_owner => "$(owner)"; | |
| exec_group => "$(group)"; | |
| useshell => "true"; | |
| } | |
| ## | |
| body contain jail(owner,root,dir) | |
| { | |
| exec_owner => "$(owner)"; | |
| useshell => "true"; | |
| chdir => "$(dir)"; | |
| chroot => "$(root)"; | |
| } | |
| ## | |
| ## classes | |
| ## | |
| body classes if_repaired(x) | |
| { | |
| promise_repaired => { "$(x)" }; | |
| } | |
| ## | |
| body classes if_else(yes,no) | |
| { | |
| promise_kept => { "$(yes)" }; | |
| promise_repaired => { "$(yes)" }; | |
| repair_failed => { "$(no)" }; | |
| repair_denied => { "$(no)" }; | |
| repair_timeout => { "$(no)" }; | |
| } | |
| ## | |
| body classes cf2_if_else(yes,no) | |
| # meant to match cf2 semantics | |
| { | |
| promise_repaired => { "$(yes)" }; | |
| repair_failed => { "$(no)" }; | |
| repair_denied => { "$(no)" }; | |
| repair_timeout => { "$(no)" }; | |
| } | |
| ## | |
| body classes if_notkept(x) | |
| { | |
| repair_failed => { "$(x)" }; | |
| repair_denied => { "$(x)" }; | |
| repair_timeout => { "$(x)" }; | |
| } | |
| ## | |
| body classes if_ok(x) | |
| { | |
| promise_repaired => { "$(x)" }; | |
| promise_kept => { "$(x)" }; | |
| } | |
| ## | |
| ## Persistent classes | |
| ## | |
| body classes state_repaired(x) | |
| { | |
| promise_repaired => { "$(x)" }; | |
| persist_time => "10"; | |
| } | |
| ## | |
| body classes enumerate(x) | |
| # | |
| # This is used by commercial editions to count | |
| # instances of jobs in a cluster | |
| # | |
| { | |
| promise_repaired => { "mXC_$(x)" }; | |
| promise_kept => { "mXC_$(x)" }; | |
| persist_time => "15"; | |
| } | |
| ################################################### | |
| # agent bundles | |
| ################################################### | |
| ##.................................................. | |
| ## files promises | |
| ##.................................................. | |
| ## | |
| ## copy_from | |
| ## | |
| body copy_from secure_cp(from,server) | |
| { | |
| source => "$(from)"; | |
| servers => { "$(server)" }; | |
| compare => "digest"; | |
| encrypt => "true"; | |
| verify => "true"; | |
| } | |
| ## | |
| body copy_from remote_cp(from,server) | |
| { | |
| servers => { "$(server)" }; | |
| source => "$(from)"; | |
| compare => "mtime"; | |
| } | |
| ## | |
| body copy_from local_cp(from) | |
| { | |
| source => "$(from)"; | |
| } | |
| ## | |
| body copy_from perms_cp(from) | |
| { | |
| source => "$(from)"; | |
| preserve => "true"; | |
| } | |
| ## | |
| # Copy only if the file does not already exist, i.e. seed the placement | |
| body copy_from seed_cp(from) | |
| { | |
| source => "$(from)"; | |
| compare => "exists"; | |
| } | |
| ## | |
| body copy_from sync_cp(from,server) | |
| { | |
| servers => { "$(server)" }; | |
| source => "$(from)"; | |
| purge => "true"; | |
| preserve => "true"; | |
| } | |
| ## | |
| body copy_from no_backup_cp(from) | |
| { | |
| source => "$(from)"; | |
| copy_backup => "false"; | |
| } | |
| ## | |
| body copy_from no_backup_rcp(from,server) | |
| { | |
| servers => { "$(server)" }; | |
| source => "$(from)"; | |
| compare => "mtime"; | |
| copy_backup => "false"; | |
| } | |
| ## | |
| ## link_from | |
| ## | |
| body link_from ln_s(x) | |
| { | |
| link_type => "symlink"; | |
| source => "$(x)"; | |
| when_no_source => "force"; | |
| } | |
| ## | |
| body link_from linkchildren(tofile) | |
| { | |
| source => "$(tofile)"; | |
| link_type => "symlink"; | |
| when_no_source => "force"; | |
| link_children => "true"; | |
| when_linking_children => "if_no_such_file"; # "override_file"; | |
| } | |
| ## | |
| ## perms | |
| ## | |
| body perms m(mode) | |
| { | |
| mode => "$(mode)"; | |
| } | |
| ## | |
| body perms mo(mode,user) | |
| { | |
| owners => { "$(user)" }; | |
| mode => "$(mode)"; | |
| } | |
| ## | |
| body perms mog(mode,user,group) | |
| { | |
| owners => { "$(user)" }; | |
| groups => { "$(group)" }; | |
| mode => "$(mode)"; | |
| } | |
| ## | |
| body perms og(u,g) | |
| { | |
| owners => { "$(u)" }; | |
| groups => { "$(g)" }; | |
| } | |
| ## | |
| body perms owner(user) | |
| { | |
| owners => { "$(user)" }; | |
| } | |
| ## | |
| ## ACLS (extended Unix perms) | |
| ## | |
| body acl access_generic(acl) | |
| # default/inherited ACLs are left unchanged, | |
| # applicable for both files and directory on all platforms | |
| { | |
| acl_method => "overwrite"; | |
| aces => { "@(acl)" }; | |
| } | |
| ## | |
| body acl strict | |
| # NOTE: May need to take ownership of file/dir | |
| # to be sure no-one else is allowed access | |
| { | |
| acl_method => "overwrite"; | |
| windows:: | |
| aces => { "user:Administrator:rwx" }; | |
| !windows:: | |
| aces => { "user:root:rwx" }; | |
| } | |
| ## | |
| ## depth_search | |
| ## | |
| body depth_search recurse(d) | |
| { | |
| depth => "$(d)"; | |
| xdev => "true"; | |
| } | |
| ## | |
| body depth_search recurse_ignore(d,list) | |
| { | |
| depth => "$(d)"; | |
| exclude_dirs => { @(list) }; | |
| } | |
| ## | |
| ## delete | |
| ## | |
| body delete tidy | |
| { | |
| dirlinks => "delete"; | |
| rmdirs => "true"; | |
| } | |
| ## | |
| ## rename | |
| ## | |
| body rename disable | |
| { | |
| disable => "true"; | |
| } | |
| ## | |
| body rename rotate(level) | |
| { | |
| rotate => "$(level)"; | |
| } | |
| ## | |
| body rename to(file) | |
| { | |
| newname => "$(file)"; | |
| } | |
| ## | |
| ## file_select | |
| ## | |
| body file_select name_age(name,days) | |
| { | |
| leaf_name => { "$(name)" }; | |
| mtime => irange(0,ago(0,0,"$(days)",0,0,0)); | |
| file_result => "mtime.leaf_name"; | |
| } | |
| ## | |
| body file_select days_old(days) | |
| { | |
| mtime => irange(0,ago(0,0,"$(days)",0,0,0)); | |
| file_result => "mtime"; | |
| } | |
| ## | |
| body file_select size_range(from,to) | |
| { | |
| search_size => irange("$(from)","$(to)"); | |
| file_result => "size"; | |
| } | |
| ## | |
| body file_select exclude(name) | |
| { | |
| leaf_name => { "$(name)"}; | |
| file_result => "!leaf_name"; | |
| } | |
| ## | |
| body file_select plain | |
| { | |
| file_types => { "plain" }; | |
| file_result => "file_types"; | |
| } | |
| body file_select dirs | |
| { | |
| file_types => { "dir" }; | |
| file_result => "file_types"; | |
| } | |
| ## | |
| body file_select by_name(names) | |
| { | |
| leaf_name => { @(names)}; | |
| file_result => "leaf_name"; | |
| } | |
| ## | |
| body file_select ex_list(names) | |
| { | |
| leaf_name => { @(names)}; | |
| file_result => "!leaf_name"; | |
| } | |
| ## | |
| ## changes | |
| ## | |
| body changes detect_all_change | |
| # This is fierce, and will cost disk cycles | |
| { | |
| hash => "best"; | |
| report_changes => "all"; | |
| update_hashes => "yes"; | |
| } | |
| ## | |
| body changes detect_content | |
| # This is a cheaper alternative | |
| { | |
| hash => "md5"; | |
| report_changes => "content"; | |
| update_hashes => "yes"; | |
| } | |
| ## | |
| body changes noupdate | |
| # Use on (small) files that should never change | |
| { | |
| hash => "sha256"; | |
| report_changes => "content"; | |
| update_hashes => "no"; | |
| } | |
| ## | |
| body changes diff | |
| # Generates diff report (Nova and above) | |
| { | |
| hash => "sha256"; | |
| report_changes => "content"; | |
| report_diffs => "true"; | |
| update_hashes => "yes"; | |
| } | |
| ##-------------------------------------------------------------- | |
| ## Packages promises | |
| ##-------------------------------------------------------------- | |
| body package_method zypper | |
| { | |
| package_changes => "bulk"; | |
| package_list_command => "/usr/bin/zypper packages"; | |
| package_patch_list_command => "/usr/bin/zypper patches"; | |
| package_installed_regex => "i.*"; | |
| package_list_name_regex => "[^|]+\|[^|]+\|\s+([^\s]+).*"; | |
| package_list_version_regex => "[^|]+\|[^|]+\|[^|]+\|\s+([^\s]+).*"; | |
| package_list_arch_regex => "[^|]+\|[^|]+\|[^|]+\|[^|]+\|\s+([^\s]+).*"; | |
| package_patch_installed_regex => ".*Installed.*|.*Not Applicable.*"; | |
| package_patch_name_regex => "[^|]+\|\s+([^\s]+).*"; | |
| package_patch_version_regex => "[^|]+\|[^|]+\|\s+([^\s]+).*"; | |
| package_name_convention => "$(name)"; | |
| package_add_command => "/usr/bin/zypper -non-interactive install"; | |
| package_delete_command => "/usr/bin/zypper -non-interactive remove --force-resolution"; | |
| package_update_command => "/usr/bin/zypper -non-interactive update"; | |
| package_patch_command => "/usr/bin/zypper -non-interactive patch$"; # $ means no args | |
| package_verify_command => "/usr/bin/zypper -non-interactive verify$"; | |
| } | |
| ## | |
| body package_method apt | |
| { | |
| package_changes => "bulk"; | |
| package_list_command => "/usr/bin/dpkg -l"; | |
| package_list_name_regex => "ii\s+([^\s]+).*"; | |
| package_list_version_regex => "ii\s+[^\s]+\s+([^\s]+).*"; | |
| package_installed_regex => ".*"; # all reported are installed | |
| package_name_convention => "$(name)"; | |
| package_list_update_ifelapsed => "240"; # 4 hours | |
| have_aptitude:: | |
| package_add_command => "/usr/bin/aptitude --assume-yes install"; | |
| package_list_update_command => "/usr/bin/aptitude update"; | |
| package_delete_command => "/usr/bin/aptitude --assume-yes remove"; | |
| package_update_command => "/usr/bin/aptitude --assume-yes install"; | |
| package_verify_command => "/usr/bin/aptitude show"; | |
| package_noverify_regex => "(State: not installed|E: Unable to locate package .*)"; | |
| !have_aptitude:: | |
| package_add_command => "/usr/bin/apt-get --yes install"; | |
| package_list_update_command => "/usr/bin/apt-get update"; | |
| package_delete_command => "/usr/bin/apt-get --yes remove"; | |
| package_update_command => "/usr/bin/apt-get --yes install"; | |
| package_verify_command => "/usr/bin/dpkg -s"; | |
| package_noverify_returncode => "1"; | |
| } | |
| ## | |
| body package_method rpm_version(repo) | |
| { | |
| package_changes => "individual"; | |
| package_list_command => "/bin/rpm -qa --queryformat \"i | repos | %{name} | %{version} | %{arch}\n\""; | |
| package_list_name_regex => "[^|]+\|[^|]+\|\s+([^\s|]+).*"; | |
| package_list_version_regex => "[^|]+\|[^|]+\|[^|]+\|\s+([^\s|]+).*"; | |
| package_list_arch_regex => "[^|]+\|[^|]+\|[^|]+\|[^|]+\|\s+([^\s]+).*"; | |
| package_installed_regex => "i.*"; | |
| package_file_repositories => { "$(repo)" }; | |
| package_name_convention => "$(name)-$(version)-$(arch).rpm"; | |
| package_add_command => "/bin/rpm -ivh "; | |
| package_delete_command => "/bin/rpm -e --nodeps"; | |
| package_verify_command => "/bin/rpm -V"; | |
| package_update_command => "/bin/rpm -Uvh "; | |
| package_noverify_regex => ".*[^\s].*"; | |
| } | |
| ## | |
| body package_method msi_implicit(repo) | |
| # Use whole file name as promiser, e.g. "7-Zip-4.50-x86_64.msi", | |
| # the name, version and arch is then deduced from the promiser | |
| { | |
| package_changes => "individual"; | |
| package_file_repositories => { "$(repo)" }; | |
| package_installed_regex => ".*"; | |
| package_name_convention => "$(name)-$(version)-$(arch).msi"; | |
| package_delete_convention => "$(firstrepo)$(name)-$(version)-$(arch).msi"; | |
| package_name_regex => "^(\S+)-(\d+\.?)+"; | |
| package_version_regex => "^\S+-((\d+\.?)+)"; | |
| package_arch_regex => "^\S+-[\d\.]+-(.*).msi"; | |
| package_add_command => "\"$(sys.winsysdir)\msiexec.exe\" /qn /i"; | |
| package_update_command => "\"$(sys.winsysdir)\msiexec.exe\" /qn /i"; | |
| package_delete_command => "\"$(sys.winsysdir)\msiexec.exe\" /qn /x"; | |
| } | |
| ## | |
| body package_method msi_explicit(repo) | |
| # use software name as promiser, e.g. "7-Zip", and explicitly | |
| # specify any package_version and package_arch | |
| { | |
| package_changes => "individual"; | |
| package_file_repositories => { "$(repo)" }; | |
| package_installed_regex => ".*"; | |
| package_name_convention => "$(name)-$(version)-$(arch).msi"; | |
| package_delete_convention => "$(firstrepo)$(name)-$(version)-$(arch).msi"; | |
| package_add_command => "\"$(sys.winsysdir)\msiexec.exe\" /qn /i"; | |
| package_update_command => "\"$(sys.winsysdir)\msiexec.exe\" /qn /i"; | |
| package_delete_command => "\"$(sys.winsysdir)\msiexec.exe\" /qn /x"; | |
| } | |
| ## | |
| body package_method yum | |
| { | |
| package_changes => "bulk"; | |
| package_list_command => "/usr/bin/yum list installed"; | |
| # Remember to escape special characters like | | |
| package_list_name_regex => "([^.]+).*"; | |
| package_list_version_regex => "[^\s]\s+([^\s]+).*"; | |
| package_list_arch_regex => "[^.]+\.([^\s]+).*"; | |
| package_installed_regex => ".*installed.*"; | |
| package_name_convention => "$(name).$(arch)"; | |
| package_add_command => "/usr/bin/yum -y install"; | |
| package_delete_command => "/bin/rpm -e"; | |
| package_verify_command => "/bin/rpm -V"; | |
| } | |
| ## | |
| body package_method yum_rpm | |
| # Contributed by Trond Hasle Amundsen | |
| # More efficient package method for RedHat - uses rpm to list instead of yum | |
| # Notes: | |
| # - using $(name).$(arch) instead of $(name) for package_name_convention | |
| # causes uninstallation to fail. | |
| # - using allmatches to remove for all architectures | |
| # | |
| { | |
| package_changes => "bulk"; | |
| package_list_command => "/bin/rpm -qa --qf '%{name} %{version}-%{release} %{arch}\n'"; | |
| package_list_name_regex => "^(\S+?)\s\S+?\s\S+$"; | |
| package_list_version_regex => "^\S+?\s(\S+?)\s\S+$"; | |
| package_list_arch_regex => "^\S+?\s\S+?\s(\S+)$"; | |
| package_installed_regex => ".*"; | |
| package_name_convention => "$(name)"; | |
| package_add_command => "/usr/bin/yum -y install"; | |
| package_update_command => "/usr/bin/yum -y update"; | |
| package_delete_command => "/bin/rpm -e --allmatches"; | |
| package_verify_command => "/bin/rpm -V"; | |
| } | |
| ## | |
| # The solaris package system is poorly designed, with too many different | |
| # names to track. See the example in tests/units/unit_package_solaris.cf | |
| # to see how to use this | |
| body package_method solaris (pkgname, spoolfile, adminfile) | |
| { | |
| package_changes => "individual"; | |
| package_list_command => "/usr/bin/pkginfo -l"; | |
| package_multiline_start => "\s*PKGINST:\s+[^\s]+"; | |
| package_list_name_regex => "\s*PKGINST:\s+([^\s]+)"; | |
| package_list_version_regex => "\s*VERSION:\s+([^\s]+)"; | |
| package_list_arch_regex => "\s*ARCH:\s+([^\s]+)"; | |
| package_installed_regex => "\s*STATUS:\s*(completely|partially)\s+installed.*"; | |
| package_name_convention => "$(name)"; | |
| package_add_command => "/usr/sbin/pkgadd -n -a /tmp/$(adminfile) -d /tmp/$(spoolfile)"; | |
| package_delete_command => "/usr/sbin/pkgrm -n -a /tmp/$(adminfile)"; | |
| } | |
| ## | |
| body package_method freebsd | |
| { | |
| package_changes => "individual"; | |
| # Could use rpm for this | |
| package_list_command => "/usr/sbin/pkg_info"; | |
| # Remember to escape special characters like | | |
| package_list_name_regex => "([^-]+).*"; | |
| package_list_version_regex => "[^-]+-([^\s]+).*"; | |
| package_name_regex => "([^-]+).*"; | |
| package_version_regex => "[^-]+-([^\s]+).*"; | |
| package_installed_regex => ".*"; | |
| package_name_convention => "$(name)-$(version)"; | |
| package_add_command => "/usr/sbin/pkg_add -r"; | |
| package_delete_command => "/usr/sbin/pkg_delete"; | |
| } | |
| ## | |
| # Single bundle for all the similar managers simplifies promises | |
| body package_method generic | |
| { | |
| SuSE:: | |
| package_changes => "bulk"; | |
| package_list_command => "/usr/bin/zypper packages"; | |
| package_patch_list_command => "/usr/bin/zypper patches"; | |
| package_installed_regex => "i.*"; | |
| package_list_name_regex => "[^|]+\|[^|]+\|\s+([^\s]+).*"; | |
| package_list_version_regex => "[^|]+\|[^|]+\|[^|]+\|\s+([^\s]+).*"; | |
| package_list_arch_regex => "[^|]+\|[^|]+\|[^|]+\|[^|]+\|\s+([^\s]+).*"; | |
| package_patch_installed_regex => ".*Installed.*|.*Not Applicable.*"; | |
| package_patch_name_regex => "[^|]+\|\s+([^\s]+).*"; | |
| package_patch_version_regex => "[^|]+\|[^|]+\|\s+([^\s]+).*"; | |
| package_name_convention => "$(name)"; | |
| package_add_command => "/usr/bin/zypper -non-interactive install"; | |
| package_delete_command => "/usr/bin/zypper -non-interactive remove --force-resolution"; | |
| package_update_command => "/usr/bin/zypper -non-interactive update"; | |
| package_patch_command => "/usr/bin/zypper -non-interactive patch$"; # $ means no args | |
| package_verify_command => "/usr/bin/zypper -non-interactive verify$"; | |
| redhat:: | |
| package_changes => "bulk"; | |
| package_list_command => "/usr/bin/yum list installed"; | |
| package_list_name_regex => "([^.]+).*"; | |
| package_list_version_regex => "[^\s]\s+([^\s]+).*"; | |
| package_list_arch_regex => "[^.]+\.([^\s]+).*"; | |
| package_installed_regex => ".*installed.*"; | |
| package_name_convention => "$(name).$(arch)"; | |
| package_add_command => "/usr/bin/yum -y install"; | |
| package_delete_command => "/bin/rpm -e"; | |
| package_verify_command => "/bin/rpm -V"; | |
| debian:: | |
| package_changes => "bulk"; | |
| package_list_command => "/usr/bin/dpkg -l"; | |
| package_list_name_regex => "ii\s+([^\s]+).*"; | |
| package_list_version_regex => "ii\s+[^\s]+\s+([^\s]+).*"; | |
| package_installed_regex => ".*"; # all reported are installed | |
| package_name_convention => "$(name)"; | |
| package_list_update_ifelapsed => "240"; # 4 hours | |
| debian.have_aptitude:: | |
| package_add_command => "/usr/bin/aptitude --assume-yes install"; | |
| package_list_update_command => "/usr/bin/aptitude update"; | |
| package_delete_command => "/usr/bin/aptitude --assume-yes remove"; | |
| package_update_command => "/usr/bin/aptitude --assume-yes install"; | |
| package_verify_command => "/usr/bin/aptitude show"; | |
| package_noverify_regex => "(State: not installed|E: Unable to locate package .*)"; | |
| debian.!have_aptitude:: | |
| package_add_command => "/usr/bin/apt-get --yes install"; | |
| package_list_update_command => "/usr/bin/apt-get update"; | |
| package_delete_command => "/usr/bin/apt-get --yes remove"; | |
| package_update_command => "/usr/bin/apt-get --yes install"; | |
| package_verify_command => "/usr/bin/dpkg -s"; | |
| package_noverify_returncode => "1"; | |
| freebsd:: | |
| package_changes => "individual"; | |
| package_list_command => "/usr/sbin/pkg_info"; | |
| package_list_name_regex => "([^-]+).*"; | |
| package_list_version_regex => "[^-]+-([^\s]+).*"; | |
| package_name_regex => "([^-]+).*"; | |
| package_version_regex => "[^-]+-([^\s]+).*"; | |
| package_installed_regex => ".*"; | |
| package_name_convention => "$(name)-$(version)"; | |
| package_add_command => "/usr/sbin/pkg_add -r"; | |
| package_delete_command => "/usr/sbin/pkg_delete"; | |
| } | |
| ##------------------------------------------------------- | |
| ## storage promises | |
| ##------------------------------------------------------- | |
| body volume min_free_space(free) | |
| { | |
| check_foreign => "false"; | |
| freespace => "$(free)"; | |
| sensible_size => "10000"; | |
| sensible_count => "2"; | |
| } | |
| ## | |
| body mount nfs(server,source) | |
| { | |
| mount_type => "nfs"; | |
| mount_source => "$(source)"; | |
| mount_server => "$(server)"; | |
| edit_fstab => "true"; | |
| } | |
| ## | |
| body mount nfs_p(server,source,perm) | |
| { | |
| mount_type => "nfs"; | |
| mount_source => "$(source)"; | |
| mount_server => "$(server)"; | |
| mount_options => {"$(perm)"}; | |
| edit_fstab => "true"; | |
| } | |
| ## | |
| body mount unmount | |
| { | |
| mount_type => "nfs"; | |
| edit_fstab => "true"; | |
| unmount => "true"; | |
| } | |
| ##------------------------------------------------------- | |
| ## process promises | |
| ##------------------------------------------------------- | |
| body process_select exclude_procs(x) | |
| { | |
| command => "$(x)"; | |
| process_result => "!command"; | |
| } | |
| ## | |
| body process_count check_range(name,lower,upper) | |
| { | |
| match_range => irange("$(lower)","$(upper)"); | |
| out_of_range_define => { "$(name)_out_of_range" }; | |
| } | |
| ## | |
| ## service promises | |
| ## | |
| body service_method bootstart | |
| { | |
| service_autostart_policy => "boot_time"; | |
| service_dependence_chain => "start_parent_services"; | |
| windows:: | |
| service_type => "windows"; | |
| } | |
| ## | |
| body service_method force_deps | |
| { | |
| service_dependence_chain => "all_related"; | |
| windows:: | |
| service_type => "windows"; | |
| } | |
| #################################################### | |
| ## monitor bodyparts | |
| #################################################### | |
| body match_value scan_log(line) | |
| { | |
| select_line_matching => "$(line)"; | |
| track_growing_file => "true"; | |
| } | |
| ## | |
| body action sample_rate(x) | |
| { | |
| ifelapsed => "$(x)"; | |
| expireafter => "10"; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment