Task :
- Check that a file named cf_test_file exists on both the CFEngine policy server and client.
- If it does not exists, we are instructing CFEngine to create it.
- Additionally, we are directing CFEngine to ensure that the permissions are set to 644; that it is owned by root; and the group ownership is the ‘sys’ group.
Create cftest1.cf under /var/cfengine/masterfiles/
[[email protected] ~]# cd /var/cfengine/masterfiles/
[[email protected] masterfiles]# ls
0010_Basic_Examples._Create_a_file.cf cfengine_stdlib.cf cf_promises_validated failsafe.cf promises.cf
!!!Create cftest1.cf
[[email protected] masterfiles]# vi cftest1.cf
#====
bundle agent test
{
files:
"/tmp/cf_test_file"
comment => "Promise that a plain file exists with stated permissions",
perms => mog("644", "root", "sys"),
create => "true";
}
#===
|
Now Modify promises.cf and add the details for cftest.cf
[email protected] masterfiles]# vi /var/cfengine/masterfiles/promises.cf
###############################################################################
#
# promises.cf - Basic Policy for Community
#
###############################################################################
body common control
{
bundlesequence => { "main","test" };
inputs => {
"cfengine_stdlib.cf",
"cftest.cf",
};
version => "Community Promises.cf 1.0.0";
}
|
Save the /var/cfengine/masterfiles/promises.cf file.
Return to cfhost and manually start the agent by running: ‘
/var/cfengine/bin/cf-agent -Kv
|
The ‘-K’ switch will bypass any locks and the ‘-v’ switch will allow you to see the actual output. By default, cf-agent will only execute a policy at minimum once a minute. When we specify the -K flag on the command line at the 3rd execution, the -K instructs cf-agent to ignore this "one minute rule" .
