search

neilhwatson / evolve_cfengine_freelib

Evolve Thinking's free Cfengine promise library.
18 stars 5 forks source link

the freelib produces the following errors #28

Closed flynn1973 closed 7 years ago

flynn1973 commented 7 years ago

cfengine 3.7.0

error: A variable seems to have been used for the name of the method. In this case, the promiser also needs to contain the unique name of the method error: A method attempted to use a bundle '${d[0][bundle]}' that was apparently not defined error: Method 'efl_bug2638' failed in some repairs error: A variable seems to have been used for the name of the method. In this case, the promiser also needs to contain the unique name of the method error: A method attempted to use a bundle '${d[1][bundle]}' that was apparently not defined error: Method 'efl_bug2638' failed in some repairs error: A variable seems to have been used for the name of the method. In this case, the promiser also needs to contain the unique name of the method error: A method attempted to use a bundle '${d[2][bundle]}' that was apparently not defined error: Method 'efl_bug2638' failed in some repairs error: Method 'efl_main' failed in some repairs error: Method 'efl_run' failed in some repairs

neilhwatson commented 7 years ago

Most likely caused by the input data file. Can you provide it?

flynn1973 commented 7 years ago

root@nimmsag: /var/cfengine # cat /var/cfengine/masterfiles/efl_data/bundle_params/efl_main.json [ { "promisee" : "nimmsag", "class" : "any", "path" : "/usr/local/bin", "admit" : [ "127.0.0.1" , "172.17.8.0/21" , "172.18.33.101" , "172.18.33.201", ] },

{ "promisee" : "nimmsag", "class" : "any", "path" : "/etc/sudoers.d", "admit" : [ "127.0.0.1" , "172.17.8.0/21" , "172.18.33.101" , "172.18.33.201", ] },

{ "promisee" : "nimmsag", "class" : "any", "path" : "/cferoot", "admit" : [ "127.0.0.1" , "172.17.8.0/21" , "172.18.33.101" , "172.18.33.201", ] },

]

neilhwatson commented 7 years ago

That's not the correct format for the efl_main bundle. That data looks to be meant for cf-serverd access rules. To apply those see

https://github.com/neilhwatson/evolve_cfengine_freelib/blob/master/HOWTO.md#cf-serverd-acls http://watson-wilson.ca/blog/2015/10/13/simple-cfengine-setup-with-efl/

For efl_main:

https://github.com/neilhwatson/evolve_cfengine_freelib/blob/master/INSTALL.md#building-data-files

flynn1973 commented 7 years ago

yes its meant for serverd acls. i wasnt aware there are any format restrictions and btw. i can not really spot any differences. however i changed it accordingly but the errors still persits.

changed file content:

[ { "promisee" : "cfengine server", "class" : "am_policy_hub", "path" : "/usr/local/bin/", "admit" : [ "127.0.0.1" , "172.17.8.0/21" , "172.18.33.101" , "172.18.33.201", ] },

{ "promisee" : "cfengine server", "class" : "am_policy_hub", "path" : "/etc/sudoers.d/", "admit" : [ "127.0.0.1" , "172.17.8.0/21" , "172.18.33.101" , "172.18.33.201", ] },

{ "promisee" : "cfengine server", "class" : "am_policy_hub", "path" : "/cferoot/", "admit" : [ "127.0.0.1" , "172.17.8.0/21" , "172.18.33.101" , "172.18.33.201", ] },

]

neilhwatson commented 7 years ago

If you want to assign server acls then rename that data file to sys_workdir/inputs/efl_data/bundle_params/efl_server.json. Cf-serverd bundles do not allow parameters, so this filename and path are hard coded: https://github.com/neilhwatson/evolve_cfengine_freelib/blob/master/masterfiles/lib/3.7/EFL/efl_common.cf#L80

flynn1973 commented 7 years ago

uhh,did not even notice that there are two different files (efl_server.json,efl_main.json). thank you.

while we are at it, i am forced by management to try out your delta reporting thingy (sigh). is there any step by step setup documentation with examples?

especially these steps needs examples or even better, working templates, the rest is already done more or less.

  1. Install delta_reporting.cf into your CFEngine policy. Run bundles in the following order. Use of EFL's main methods bundle is encouraged. Don't forget the null parameters.
    1. deltarep_prelogging as early as possible on all hosts.
    2. deltarep_postlogging as late as possible on all hosts.
    3. deltarep_client_get after deltarep_postlogging on policy servers only.
  2. Define the namespace class delta_reporting for all hosts, as early as possible.
  3. Install bin/dhlogmaker and configure CFEngine to install it on all hosts. /opt/delta_reporting/bin/dhlogmaker suggested.
  4. Create server access promises that allow the policy server's agent to download from cf-serverd on all agents, including itself, the directory ${sys.workdir}/delta_reporting. Use of the EFL bundle efl_server is encouraged.
neilhwatson commented 7 years ago

I don't offer exact instructions because everyone's CFEngine install is different. I suggest you get EFL going first then move on to DR. If you get stuck, post questions on the CFEngine mailing list or find me on #cfengine on freenode. Finally, I do sell support and professional services. http://watson-wilson.ca/page/about/