**Edited 4/15/2016 Using the absolute path to reference the stdlib got my promise to execute, now the errors I'm experiencing changed. See last code block for that error output.
Using this reference material for CFEngine 3.5 (it's what i've got from da boss) but I'm writing promises for a 3.8 environment. This is leading me to improperly using the stdlib and have poor syntax.
What I'm looking at now has the following promise and error output when invoked.
Promise:
{
inputs =>
# COPBL/Custom libraries. Eventually this should use wildcards.
#@(cfengine_stdlib.inputs)
{ "/var/cfengine/inputs/lib/stdlib.cf" }; #Edited this line 4/15/2016
bundlesequence => { "configfiles" };
}
bundle agent configfiles
{
vars:
# Files to edit
"files[sysctl]" string => "/etc/sysctl.conf";
"files[sshd]" string => "/etc/ssh/sshd_config";
"files[inittab]" string => "/etc/inittab";
# Sysctl variables to set
"sysctl[net.ipv4.ip_forward]" string => "0";
"sysctl[net.ipv4.conf.default.rp_filter]" string => "1";
"sysctl[net.ipv4.conf.default.accept_source_route]" string => "0";
"sysctl[kernel.sysrq]" string => "0";
"sysctl[kernel.core_uses_pid]" string => "1";
"sysctl[net.ipv4.tcp_syncookies]" string => "1";
"sysctl[net.bridge.bridge-nf-call-ip6tables]" string => "0";
"sysctl[net.bridge.bridge-nf-call-iptables]" string => "0";
"sysctl[net.bridge.bridge-nf-call-arptables]" string => "0";
# SSHD configuration to set
#
"sshd[Protocol]" string => "2";
"sshd[SyslogFacility]" string => "yes";
"sshd[LoginGraceTime]" string => "2m";
"sshd[PermitRootLogin]" string => "no";
"sshd[StrictModes]" string => "yes";
"sshd[MaxAuthTries]" string => "3";
"sshd[RSAAuthentication]" string => "yes";
"sshd[PubkeyAuthentication]" string => "yes";
"sshd[PasswordAuthentication]" string => "no";
"sshd[ChallengeResponseAuthentication]" string => "no";
"sshd[GSSAPIAuthentication]" string => "no";
"sshd[UsePAM]" string => "yes";
"sshd[X11Forwarding]" string => "yes";
"sshd[UsePrivilegeSeparation]" string => "yes";
"sshd[UseDNS]" string => "no";
methods:
"sysctl" usebundle => edit_sysctl;
"sshd" usebundle => edit_sshd;
"inittab" usebundle => edit_inittab;
}
bundle agent edit_inittab
{
files:
"$(configfiles.files[inittab])"
handle => "inittab_set_initdefault",
comment => "Default runmode=5",
create => "false",
edit_defaults => backup_timestamp,
edit_line => set_colon_field("id","2","5");
}
bundle agent edit_sshd
{
files:
"$(configfiles.files[sshdconfig])"
handle => "edit_sshd",
comment => "Set desired sshd_config parameters",
edit_line => set_config_values("configfiles.sshd"),
classes => if_repaired("restart_sshd");
commands:
restart_sshd&!no_restarts::
"/etc/init.d/sshd reload"
handle => "sshd_restart",
comment => "Restart sshd if the configuration file was modified";
services:
"ssh"
service_policy => "start";
}
bundle agent edit_sysctl
{
files:
"$(configfiles.files[sysctl])"
handle => "edit_sysctl",
comment => "Make sure sysctl.conf contains desired configuration",
create => "true",
edit_line => set_variable_values("configfiles.sysctl"),
classes => if_repaired("sysctl_modified");
commands:
sysctl_modified&!no_restarts::
"/sbin/sysctl -p"
handle => "reload_sysctl",
comment => "Make sure new sysctl settings are loaded";
}
error output:
inputs]# cf-agent --no-lock --inform --file ./setting_configs.cf
error: Promised to edit '$(configfiles.files[sshdconfig])', but file does not exist
error: Method 'edit_sshd' failed in some repairs
I've confirmed that the sshd_config file is in place. Can't figure out why cfEngine doesn't see it.
Simply using bad variable names; tried calling "sshdconfigs" when it should have been simply "sshd"