1

I just started with CFEngine. I have 1 policy servers and 2 clients (Ubuntu 14.04 Desktop , Ubuntu 12.04 Desktop).

Started with creating a local policy on the Ubuntu 14.04 Desktop with CFEngine agent installed on it.

This policy removes an existing "telnet" client.

That local policy worked fine. So I wanted to use the policy on my policy server which then should push it to the clients after 5 minutes. This does not work.

These are the steps I did on the policy server: Step1: Create a file remove_packages.cf in the /var/cfengine/masterfiles directory

bundle agent remove_packages
{
  methods:
      "telnet"  usebundle => package_absent("telnet");
}

Step2: vi promises.cf in the /var/cfengine/masterfiles directory and add 

body common control

{

      bundlesequence => {
           remove_packages,

Step3: vi promises.cf in the /var/cfengine/masterfiles directory and add 

  inputs => {
            # JF 15/08/2014 remove telnet package
                  "remove_packages.cf",

      };

Step4: Check on mistakes

root@ubuntu:/var/cfengine/masterfiles# cf-promises ./promises.cf

Step5: Wait 5 minutes until it replicates to the clients..

Here nothing happens at the clients ... As you can see it is still present:

root@ubu14client:~# which telnet
/usr/bin/telnet

Can somebody explain me why it does not work?

Devin
  • 7,405
  • 6
  • 35
  • 48
Joeri Feyen
  • 65
  • 1
  • 8

2 Answers2

1

I found in another post it had to do with "clock skew".

I have set the correct timezone for my servers and update with the ubuntu timeservers. From then everything went fine.

https://serverfault.com/questions/387675/cfengine-3-policies-slow-update-to-clients

Community
  • 1
  • 1
Joeri Feyen
  • 65
  • 1
  • 8
0

I upvoted your question just for the inclusion of careful step by step sequence of what you did. I thought I would mention the remaining debugging steps you could have taken, that may have shown you what was wrong more easily (and more directly) than just googling around:

Step 6: Run the update policy on a bootstrapped host to pick up the changed policy files.

cf-agent -f update.cf

If you like, run it in verbose mode (with color for ease of reading):

cf-agent -f update.cf -v -C

If the update policy just ran, you may need to override the time locks with -K:

cf-agent -f update.cf -v -C -K

Step 7: Run the agent in verbose mode on the bootstrapped host (just the default promises.cf rather than the update policy)

cf-agent  ## or...
cf-agent -IC  ## for "Inform" mode, with color output, or...
cf-agent -C -v ## verbose mode, color output, or...
cf-agent -C -v -K ## Evaluate all promises even if agent just ran.

The verbose output can be very verbose, but it's good to learn to sift through it. You can virtually always find everything you need to diagnose/debug a problem by running in verbose mode.

Wildcard
  • 1,051
  • 1
  • 19
  • 39