#######
#
# BEGIN update.conf
#
# This script distributes the configuration, a simple file so that,
# if there are syntax errors in the main config, we can still
# distribute a correct configuration to the machines afterwards, even
# though the main config won’t parse. It is read and run just before the
# main configuration is parsed.
#
############################################################################

control:

  # Keep this simple and constant
  actionsequence	= ( copy processes tidy )

  # Needed for remote copy
  domain		= ( harker.com )

  # Which host/dir is the master for configuration roll-outs?

  policyhost		= ( vm.bb.harker.com )
  master_cf		= ( /home/masterfiles/cfengine )
  master_node		= ( /home/masterfiles/node )

  # Some convenient variables

  workdir	= ( /var/cfengine )
  # cfscript_install_dir	= ( /var/cfengine/bin )

  # Avoid server contention
  SplayTime = ( 1 )

  # This is the IP address of the master cfengine server,
  #	the VMware server itself
  TrustKeysFrom = ( 172.16.32.32 )

############################################################################
#
# Make sure there is a local copy of the configuration and
# the most important binaries in case we have no connectivity
# e.g. for mobile stations or during DOS attacks
#
copy:
  $(master_cf)/inputs		dest=$(workdir)/inputs
				r=inf
				mode=700
				type=binary
				exclude=*.lst
				exclude=*~
				exclude=#*
				server=$(policyhost)
				trustkey=true

  $(master_cf)/bin/cfagent	dest=$(workdir)/bin/cfagent
				mode=755
				backup=false
				type=checksum
				server=$(policyhost)
				trustkey=true

  $(master_cf)/bin/cfservd	dest=$(workdir)/bin/cfservd
				mode=755
				backup=false
				type=checksum
				server=$(policyhost)
				trustkey=true

  $(master_cf)/bin/cfenvd	dest=$(workdir)/bin/cfenvd
				mode=755
				backup=false
				type=checksum
				server=$(policyhost)
				trustkey=true

#####################################################################

processes:

  "cfservd" restart /var/cfengine/bin/cfservd
  "cfenvd" restart "/var/cfengine/bin/cfenvd"

#####################################################################

tidy:

# Cfexecd stores output in this directory.
# Make sure we don’t build up files and choke on our own words!

  $(workdir)/outputs pattern=* age=7

#######
#
# END update.conf
#
#######