Re: cfengine and revision control

[Josh Lothian]

On Mon, May 09, 2005 at 03:05:58PM -0400, Luke Youngblood wrote:
> Wow, that is almost identical to the setup that I am using right now.  The
> only difference is that I added a post-commit hook to the Subversion
> repository that does an ssh into the master cfengine server and an "svn
> update" of it's repository, along with a "cfrun".  That way, my config gets
> pushed out whenever I update it and do an "svn commit".
> 
> Anyway, the way I implemented singlecopy was to call out each file
> individually, like so:

The problem with this approach, at least at our site, is that there are
(apparently) over 5000 unique filenames we're pushing out... I inherited
this from someone else and we're still running Cfengine V1, etc...

I'm hoping to reduce that number significantly, but I'm not fully aware
of the scope of changes I'm going to have to implement.  Our environment
here is pretty unique - it looks like for one of our machines I'm going
to end up having cfengine call another script which will chroot to some
other place and then re-run cfengine from inside the chrooted
environment...  Gotta love weird vendor stuff on supercomputers :)

The other thing I like is that it's possible to define more than one
"role" in the recursive way, and set a precedence for which file should be
copied first.  So say a machine is both an LDAP server and a DNS server,
I could have:

copy:
  ldap::
    $(dir)/roles/ldap/etc dest=/etc ...
  dns::
    $(dir)/roles/dns/etc dest=/etc ...
  any::
    $(dir)/$(os)/etc dest=/etc ...
  .
  .

That way, an LDAP server can get a special ldap.conf file, and a DNS
server can get a special resolv.conf, and it works if the machine is in
either role, or both.  This way there is no duplication between the two,
which I'm a big fan of.

I do like your way though, in that you can get a quick picture of what
files are going to be copied by just looking in one directory, instead
of having to fine all the ldap.confs under $(dir).

-jkl