Ok, so we've installed the policy server & client & tested out some of the commands.
Now lets write a policy.
The first policy would have to say 'hello world'.
Given below is a small policy file my.cf:
[root@dockertest tmp]# cat my.cf
body common control
{
bundlesequence => { "my_test" };
}
bundle agent my_test{
files:
linux::
"/tmp/hello-world"
create => "true";
}
The only mandatory element in this section is bundlesequence, which tells CFEngine which bundles to execute and in which order. For the above example policy, we will have a single bundle my_test executed:
body common control
{
bundlesequence => { "my_test" };
}
The example says to create a file /tmp/hello-world on all Linux hosts.
To run a syntax check run the following command:
[root@dockertest tmp]# cf-promises -f ./my.cf
[root@dockertest tmp]#
{
bundlesequence => { "my_test" };
}
The example says to create a file /tmp/hello-world on all Linux hosts.
To run a syntax check run the following command:
[root@dockertest tmp]# cf-promises -f ./my.cf
[root@dockertest tmp]#
To execute the policy type:
[root@dockertest tmp]# cf-agent -KI -f ./my.cf
info: Created file '/tmp/hello-world', mode 0600
[root@dockertest tmp]#
[root@dockertest tmp]# ls -l /tmp/hello-world
-rw-------. 1 root root 0 Apr 24 13:52 /tmp/hello-world
[root@dockertest tmp]#
To run the policy on a distributed system:
By default cf-serverd will serve policy from the /var/cfengine/masterfiles directory. Upon updates, cf-agent will be notified and start to download these before executing them locally.
This means that by default you should store all your policies in the /var/cfengine/masterfiles directory on your policy server. So, now let’s copy our policy to this location:
cp /tmp/my.cf /var/cfengine/masterfiles/my.cf
1. Modify the /var/cfengine/masterfiles/promises.cf file and insert the bundle name my_test in
the bundlesequence in body common control.
2. Include the my.cf in the inputs section of body common control in
promises.cf.
Save the file, and you are
done!
No comments:
Post a Comment