pkgsrc/sysutils/cfengine2/PLIST

58 lines
1.6 KiB
Text
Raw Normal View History

Update to 2.1.22: 2.1.22 IMPORTANT: cfshow output formatting changes database internal format changes Rewritten the checksum subsystem to allow for future development and improvements and tidied the fragile Berkeley DB code. Cfservd no longer caches checksums, as this causes update issues. This could lead to additional load. The checksum code has been rewritten with a new database model, so all old data will be rebuilt. The checksum database has been renamed. ChecksumDatabase variable is not longer used. Package manager debian patch added to iterate over packages under installation. Package manager for AIX code added, courtesy of Anthony Rassin Package manager for Gentoo added, courtesy of Eric Searcy ShowState(rootprocs), ShowState(otherprocs) added for better process reporting General code reorganization for better separation of concerns, looking towards cfengine 3. cfconvert removed. Change of future strategy for cfengine 3 migration. Rationalization of internal instrumentation and better integration with cfenvd. Bug fixes to miscmounts. Editing was broken with respect to editfilesize variable. Option processing for miscmounts was also broken. Support for old Berkeley DB APIs abandoned. Encryption level added for full encryption of opendir traffic. Must set FullEncryption = ( true ) in control for compatability server=none now signals noop in method execution and copy. Varstring expansion bug for nested variables. 2.1.21 copy action now supports this $(this) variable which is made equal to the current server. This allows separating files from multiple hosts when downloading. cfenvd LDT fixes Bugs in PeerLeader/Group functions fixed. Some buffer limits too small and hardcoded in item.c - fix PH support removed from cfenvd during code rationalization - never used Cfenvd code rationalization and channge in database format. THe first time cfenvd runs, it will convert the database into the new format, be aware that this could take some time as it is disk intensive. Matt Shibla (ARM) ReturnsZeroShell function added. Cfrun ignored port number, fix 2.1.20 ipv6 structure compilation error for Tru64 Tested for compilation with latest Berkeley4.4-NC New option in cfservd.conf "LogEncryptedTransfers" (true/false). If true, any file that is granted access and is marked "encrypt=true" will be logged in syslog. i.e. one can keep a record of sensitive transfers. Linkcopy fix in 2.1.19 broke copying of links that point nowhere. Fixed. Copy was missing from the multi-pass detection. Fixed Patch to debian package management. (bastiaans@sara.nl) fixed - debian package always returned eq/true without cmp/version statement" (checking if a package is installed, regardless of version, now works However the "Comparison result" is always "eq" (equal) somehow for me... " If you are experiencing problems with 2.1.19 please get 2.1.19a. One of the changes in 2.1.19 has had bizarre side effects in links and disks. 2.1.19 cfagent will now exit and cease processing if any class in the defined control list AbortClasses = ( class_name_1 class_name_2 ... ) The singlecopy feature has been rewritten after reports of it not working, besides, the code was bizarre and the documentation was even worse. The autodefine code also patched and tested. In both these cases, there are lists of *patterns* or wildcards. The code and docs now agree ExecResult now runs its command in -n mode Error parsing strings (esp shellcommands) that contain the $ symbol due to a bug in 2D-lists. VMWare ESX recognition. Bug in cfservd stat-mode on symbolic links not correctly evaluated. Bug in linktype=copy for copy fixed. Bug in array expansion fixed - would truncate string after expansion Constant-cosmetics and length alterations. CF_SMALLBUF introduced, and MAXHOSTNAMELEN used PID file added for each daemin in WORKDIR == /var/cfengine Patch for function argument parsing Typo in docs. SelectPartitionGroup -> SelectPartitionNeighbours Inform=true support for packages HostRange bug - recoding not implemented properly from 2.1.16. Caused seg fault. Joe Buehler's harmless patch to cfexecd to flag daemon and batch mode. Serious bug in binserver handling fixed. (Rarely used feature) home tidying did not set the "done flag" for multiple pass avoidance. Patches to setting unqualified and qualified names SuSE 10 detection patch Minor error fixes discovered by Joe Buehler and his wonderful software. Files is the "suspicious" list were marked "not sensible" so that follow-up rules e.g. to delete them would not be triggered This is now considered a confusion of roles. Suspicious files are no longer skipped. More memory leaks in cfservd Compilation fix for non-IPv6 savvy machines 2.1.18 Error in FileExists() left over from 2.1.16 changes. Fixed elsedefine was not defined if a copy was requested of a non-existent file. Fixed. HostnameKeys (dynamic keys for dhcp clients) fix for cfservd. Error in stat'ing links that point to non-existent files in cfservd. Missing "else" caused this to be reported as an error in remote file copy. 5 second timeout reduced to 10 in cfservd file change check. Error message returned by cfservd is non-specific and previously said authentication denied, regardless of failure. The daemon now replies "Unspecified refusal". Users should use -v or -d2 on both sides of a connection to diagnose the true cause of failure, Segmentation fault when in verbose mode fixed - editfiles pointer. Error in parsing quotes and escaped quotes in functions. Bug in implementation of tidy scheduling during dependent classes fixed. BeginGroupIfLineMatch BeginGroupIfMatch BeginGroupIfLineContaining operations added Function ExecShellResult similar to ExecResult, but a shell is used, cfservd some additional memory reclamation during file updates, could cause memory leaks.. 2.1.17 This is a minor bugfix release WARNING - the handling of function arguments has been changed. You are recommended to use normal C/Perl quoting of argument strings., e.g. result = ( ExecResult("/bin/sh -c \"${pf_cc} -V | head -1 | cut -d\ -f3\"") ) not result = ( ExecResult(/bin/sh -c "${pf_cc} -V | head -1 | cut -d\ -f3") ) IsWildItemIn now has reflexive check - some confusion in the code about whether the needle or the haystack is the wildcard. Templating in editfiles. A new editfiles directive "ExpandVariables" adds an "m4" like function to cfengine -- allowing predefined variable strings to be expanded into text. Patch contributed to expansvariables: Davor Ocelic <docelic@mail.inet.hr> Alerts patch - some alerts not installed, if classes not defined. Patch for missing variable expansion after function parameter rewrite in 2.1.16. Some functions were not fully ported. vicf eliminated from distribution PrepModule environment fix Compilation error C++ mixed into cfetool fix Chdir to / when ascting as a daemon for cfservd, cfexecd etc 2.1.16 Bugfix release Moved method parameter setting to fix a bug where parameters would be set too late to be used in the parser action=warn in copy required inform=true to work, fixed. Function arg expansion bug and improvement fix Include directive added to cfrun.hosts (Olivier Fauchon) MOUNT_RO name collision fix SEG fault fixed when signalling cfenvd SkipIdentify partial fix Alf Wachsmann and Elizabeth Cassel's cfetool added, based on cfenvd. "cfetool makes a standalone tool out of cfenvd that accepts arbitrary periodic data. In addition, it has support for yearly periodic data. It's function and the user interface is in many aspects like rrdtool's. cfetoolgraph was added to work with the new features of cfetool. It works basically like cfenvgraph." Bug fix for multipass evaluation when resolving dependencies. Cfservd reread patch. Timeout on polling for linux, Default route code now uses "route" command exclusively for portability. EmailFrom patch to cfexecd / redundant code was paste error Increase pass depth in evaluation of action sequence. Skipident patch Size increase for interface buffer list HPUX,AIX ifconfig location fix Methods documentation improved. New control function for testing tcp services var = ReadTCP(host,port,"send string",maxbytes) 2.1.15 -f removal in cfservd patch Segmentation fault in cfservd with RSA key exchange fixed. Disk freespace alerting bug - did not agree with manual specification. Message appears only in verbose. Fixed. Autodefine install patch. Abspath in shellcommands was not parsed and acted on... Warnall action was not respected in copy. Permissions were altered on destination file anyway. cfcolon added to special symbols. 2.1.14 Alerts processed now in update context. More locking canonification fixes Exception for ReplaceALL convergence warning. Warning is not fatal if the operation is inside an editgroup. md5/sha1 message incorrect on new file found. Fixup Makefile.am and doc/Makefile.am. Docs are now installed in the CFEngine "share" directory where they belong. Directory iteration fixed. New: owner=LastNode sets the owner of the directory to the name of the last node in the dir name. This allows the creation of homedirs. CentOS support added. Extra encryption stage added in C5 protocol. NOTE: This makes 2.1.14 cfagent clients unable to talk to older servers. (Upgrade servers first, or at the same time.) Class "no_default_route" is now defined if a default route is not previously set, and a default route is defined for the current host. Added class functions IsGreaterThan, IsLessThan for numerical or string comparisons control: actionsequence = ( files ) a = ( 2.12 ) b = ( 2.11 ) classes: lt = ( LessThan(${a},${b}) ) gt = ( GreaterThan(${a},${b}) ) alerts: lt:: "$(a) LESS THAN $(b)" gt:: "$(a) GREATER THAN $(b)" Bugfix for cfshow -c options (Nathan Hruby) 2.1.13 Mistake in placement of update.conf runs fixed. Alteration to lock hashing to avoid conflicts Mandrake version type patch/repatched Error message in disable now underlines move to respository where defined. Locking patch to tidy. Did not release lock when tidying recursively with subdirectory deletions. (Eric Sorensen). Host range patched (again) (Bas VdV) 2.1.12 cf.preconf can now cause an abort if the script prints out a string containing the substring "cfengine-preconf-abort". An exit code of 2 signals this failure Cfrun bug in placement of workdir initialization. Would try to open /inputs/cfrun.hosts instead of /var/cfengine/inputs/cfrun.hosts Moved mutex locks in address purging, to see if it prevents some segmentation faults. In image.c: /* if (TRAVLINKS || ip->linktype == 'n') */ Took out linktype reference. This appears to be erroneous. Patch to tidy: "Guolin Cheng" <guolin@alexa.com> Patch to -Q to prevent update.conf from being executed. Patch to rationalize choice of port number for new getaddrinfo interfaces. (ip.c) small patch to allow the use of PCRE if it is compiled with --with-pcre. This is using the POSIX compatible API that PCRE provides, so the change necessary is to use pcreposix.h instead of regex.h and to link in pcreposix.so. cindy.marasco@pnl.gov) 2.1.11 SUPPORT FOR POSIX ACLS IN LINUX IS NOT AS STRAIGHTFORWARD AS ORIGINALLY THOUGHT. THE API DOES NOT MATCH EXISTING IMPLEMENTATIONS AND SEEMS SIGNIFICANTLY MORE COMPLEX. IN THE INTERESTS OF STABILITY THIS WILL HAVE TO BE DEFERRED TO A LATER RELEASE. Comma in function argument bug in FileExists etc, fixed Option -z (--schedule) now prints only the run schedule. Option -Q (--query) added to print values of variables defined in configuration cfagent -Q sysadm,domain,site,ipaddress in format varname=value New variables can be used in cfagent.conf for cfexecd control: EmailFrom = ( ) EmailTo = ( ) - overrides sysadm if set White Box linux class recognition added When setting classes or variables by function call, the function evaluation is no longer performed if it is not in an active class. Cfexecd now calls cfagent with -D from_cfexecd to define the class "from_cfexecd::" when run from the executor WarnIfFileMissing added to editfiles and default is not to warn of non-existent files, except in inform/verbose modes. Check added for DefineInGroup, signals error if not in group Added copy type "any" for any matching criteria, date/sum etc. Respository variable was not expanded like a normal variable cfshow tool added for consulting the databases Better autodetection of Berkeley DB in some distros of Linux (SuSE) - has anyone heard of "standards"? Date format changed in cfexecd output files Errors if remote copy is not encrypted when server demands encryption. (patch) Renaming of directories is now allowed if dest= is set specifically. Check added for variables defined in terms of undefined variables. Patch for solaris package manager added (Louis Erickson - wwonko@rdwarf.com) file added as synonym til reg in filter Patch to HostRange (item.c) (rader@ginseng.hep.wisc.edu) Internal variable determining WORKDIR for non-privileged users. Various minor changes and cosmetics. Lock string must include server name in copy - added Method reply bundles fixed to work correctly with ipv6 addresses SIGPIPE and SIGCHLD added to signal handler (SIGCHILD ignored against posix, but how the hell do you sort this out?) srand -> srand48 typo in cfenvd Multiple method reply variables were incorrectly separated. Added options to disable LastSeen data recording feature. fclose used instead of pclose when calling ifconfig - resulted in zombies
2007-02-07 01:03:28 +01:00
@comment $NetBSD: PLIST,v 1.10 2007/02/07 00:03:28 wiz Exp $
man/man8/cfagent.8
man/man8/cfengine.8
man/man8/cfenvd.8
man/man8/cfenvgraph.8
Update to 2.1.22: 2.1.22 IMPORTANT: cfshow output formatting changes database internal format changes Rewritten the checksum subsystem to allow for future development and improvements and tidied the fragile Berkeley DB code. Cfservd no longer caches checksums, as this causes update issues. This could lead to additional load. The checksum code has been rewritten with a new database model, so all old data will be rebuilt. The checksum database has been renamed. ChecksumDatabase variable is not longer used. Package manager debian patch added to iterate over packages under installation. Package manager for AIX code added, courtesy of Anthony Rassin Package manager for Gentoo added, courtesy of Eric Searcy ShowState(rootprocs), ShowState(otherprocs) added for better process reporting General code reorganization for better separation of concerns, looking towards cfengine 3. cfconvert removed. Change of future strategy for cfengine 3 migration. Rationalization of internal instrumentation and better integration with cfenvd. Bug fixes to miscmounts. Editing was broken with respect to editfilesize variable. Option processing for miscmounts was also broken. Support for old Berkeley DB APIs abandoned. Encryption level added for full encryption of opendir traffic. Must set FullEncryption = ( true ) in control for compatability server=none now signals noop in method execution and copy. Varstring expansion bug for nested variables. 2.1.21 copy action now supports this $(this) variable which is made equal to the current server. This allows separating files from multiple hosts when downloading. cfenvd LDT fixes Bugs in PeerLeader/Group functions fixed. Some buffer limits too small and hardcoded in item.c - fix PH support removed from cfenvd during code rationalization - never used Cfenvd code rationalization and channge in database format. THe first time cfenvd runs, it will convert the database into the new format, be aware that this could take some time as it is disk intensive. Matt Shibla (ARM) ReturnsZeroShell function added. Cfrun ignored port number, fix 2.1.20 ipv6 structure compilation error for Tru64 Tested for compilation with latest Berkeley4.4-NC New option in cfservd.conf "LogEncryptedTransfers" (true/false). If true, any file that is granted access and is marked "encrypt=true" will be logged in syslog. i.e. one can keep a record of sensitive transfers. Linkcopy fix in 2.1.19 broke copying of links that point nowhere. Fixed. Copy was missing from the multi-pass detection. Fixed Patch to debian package management. (bastiaans@sara.nl) fixed - debian package always returned eq/true without cmp/version statement" (checking if a package is installed, regardless of version, now works However the "Comparison result" is always "eq" (equal) somehow for me... " If you are experiencing problems with 2.1.19 please get 2.1.19a. One of the changes in 2.1.19 has had bizarre side effects in links and disks. 2.1.19 cfagent will now exit and cease processing if any class in the defined control list AbortClasses = ( class_name_1 class_name_2 ... ) The singlecopy feature has been rewritten after reports of it not working, besides, the code was bizarre and the documentation was even worse. The autodefine code also patched and tested. In both these cases, there are lists of *patterns* or wildcards. The code and docs now agree ExecResult now runs its command in -n mode Error parsing strings (esp shellcommands) that contain the $ symbol due to a bug in 2D-lists. VMWare ESX recognition. Bug in cfservd stat-mode on symbolic links not correctly evaluated. Bug in linktype=copy for copy fixed. Bug in array expansion fixed - would truncate string after expansion Constant-cosmetics and length alterations. CF_SMALLBUF introduced, and MAXHOSTNAMELEN used PID file added for each daemin in WORKDIR == /var/cfengine Patch for function argument parsing Typo in docs. SelectPartitionGroup -> SelectPartitionNeighbours Inform=true support for packages HostRange bug - recoding not implemented properly from 2.1.16. Caused seg fault. Joe Buehler's harmless patch to cfexecd to flag daemon and batch mode. Serious bug in binserver handling fixed. (Rarely used feature) home tidying did not set the "done flag" for multiple pass avoidance. Patches to setting unqualified and qualified names SuSE 10 detection patch Minor error fixes discovered by Joe Buehler and his wonderful software. Files is the "suspicious" list were marked "not sensible" so that follow-up rules e.g. to delete them would not be triggered This is now considered a confusion of roles. Suspicious files are no longer skipped. More memory leaks in cfservd Compilation fix for non-IPv6 savvy machines 2.1.18 Error in FileExists() left over from 2.1.16 changes. Fixed elsedefine was not defined if a copy was requested of a non-existent file. Fixed. HostnameKeys (dynamic keys for dhcp clients) fix for cfservd. Error in stat'ing links that point to non-existent files in cfservd. Missing "else" caused this to be reported as an error in remote file copy. 5 second timeout reduced to 10 in cfservd file change check. Error message returned by cfservd is non-specific and previously said authentication denied, regardless of failure. The daemon now replies "Unspecified refusal". Users should use -v or -d2 on both sides of a connection to diagnose the true cause of failure, Segmentation fault when in verbose mode fixed - editfiles pointer. Error in parsing quotes and escaped quotes in functions. Bug in implementation of tidy scheduling during dependent classes fixed. BeginGroupIfLineMatch BeginGroupIfMatch BeginGroupIfLineContaining operations added Function ExecShellResult similar to ExecResult, but a shell is used, cfservd some additional memory reclamation during file updates, could cause memory leaks.. 2.1.17 This is a minor bugfix release WARNING - the handling of function arguments has been changed. You are recommended to use normal C/Perl quoting of argument strings., e.g. result = ( ExecResult("/bin/sh -c \"${pf_cc} -V | head -1 | cut -d\ -f3\"") ) not result = ( ExecResult(/bin/sh -c "${pf_cc} -V | head -1 | cut -d\ -f3") ) IsWildItemIn now has reflexive check - some confusion in the code about whether the needle or the haystack is the wildcard. Templating in editfiles. A new editfiles directive "ExpandVariables" adds an "m4" like function to cfengine -- allowing predefined variable strings to be expanded into text. Patch contributed to expansvariables: Davor Ocelic <docelic@mail.inet.hr> Alerts patch - some alerts not installed, if classes not defined. Patch for missing variable expansion after function parameter rewrite in 2.1.16. Some functions were not fully ported. vicf eliminated from distribution PrepModule environment fix Compilation error C++ mixed into cfetool fix Chdir to / when ascting as a daemon for cfservd, cfexecd etc 2.1.16 Bugfix release Moved method parameter setting to fix a bug where parameters would be set too late to be used in the parser action=warn in copy required inform=true to work, fixed. Function arg expansion bug and improvement fix Include directive added to cfrun.hosts (Olivier Fauchon) MOUNT_RO name collision fix SEG fault fixed when signalling cfenvd SkipIdentify partial fix Alf Wachsmann and Elizabeth Cassel's cfetool added, based on cfenvd. "cfetool makes a standalone tool out of cfenvd that accepts arbitrary periodic data. In addition, it has support for yearly periodic data. It's function and the user interface is in many aspects like rrdtool's. cfetoolgraph was added to work with the new features of cfetool. It works basically like cfenvgraph." Bug fix for multipass evaluation when resolving dependencies. Cfservd reread patch. Timeout on polling for linux, Default route code now uses "route" command exclusively for portability. EmailFrom patch to cfexecd / redundant code was paste error Increase pass depth in evaluation of action sequence. Skipident patch Size increase for interface buffer list HPUX,AIX ifconfig location fix Methods documentation improved. New control function for testing tcp services var = ReadTCP(host,port,"send string",maxbytes) 2.1.15 -f removal in cfservd patch Segmentation fault in cfservd with RSA key exchange fixed. Disk freespace alerting bug - did not agree with manual specification. Message appears only in verbose. Fixed. Autodefine install patch. Abspath in shellcommands was not parsed and acted on... Warnall action was not respected in copy. Permissions were altered on destination file anyway. cfcolon added to special symbols. 2.1.14 Alerts processed now in update context. More locking canonification fixes Exception for ReplaceALL convergence warning. Warning is not fatal if the operation is inside an editgroup. md5/sha1 message incorrect on new file found. Fixup Makefile.am and doc/Makefile.am. Docs are now installed in the CFEngine "share" directory where they belong. Directory iteration fixed. New: owner=LastNode sets the owner of the directory to the name of the last node in the dir name. This allows the creation of homedirs. CentOS support added. Extra encryption stage added in C5 protocol. NOTE: This makes 2.1.14 cfagent clients unable to talk to older servers. (Upgrade servers first, or at the same time.) Class "no_default_route" is now defined if a default route is not previously set, and a default route is defined for the current host. Added class functions IsGreaterThan, IsLessThan for numerical or string comparisons control: actionsequence = ( files ) a = ( 2.12 ) b = ( 2.11 ) classes: lt = ( LessThan(${a},${b}) ) gt = ( GreaterThan(${a},${b}) ) alerts: lt:: "$(a) LESS THAN $(b)" gt:: "$(a) GREATER THAN $(b)" Bugfix for cfshow -c options (Nathan Hruby) 2.1.13 Mistake in placement of update.conf runs fixed. Alteration to lock hashing to avoid conflicts Mandrake version type patch/repatched Error message in disable now underlines move to respository where defined. Locking patch to tidy. Did not release lock when tidying recursively with subdirectory deletions. (Eric Sorensen). Host range patched (again) (Bas VdV) 2.1.12 cf.preconf can now cause an abort if the script prints out a string containing the substring "cfengine-preconf-abort". An exit code of 2 signals this failure Cfrun bug in placement of workdir initialization. Would try to open /inputs/cfrun.hosts instead of /var/cfengine/inputs/cfrun.hosts Moved mutex locks in address purging, to see if it prevents some segmentation faults. In image.c: /* if (TRAVLINKS || ip->linktype == 'n') */ Took out linktype reference. This appears to be erroneous. Patch to tidy: "Guolin Cheng" <guolin@alexa.com> Patch to -Q to prevent update.conf from being executed. Patch to rationalize choice of port number for new getaddrinfo interfaces. (ip.c) small patch to allow the use of PCRE if it is compiled with --with-pcre. This is using the POSIX compatible API that PCRE provides, so the change necessary is to use pcreposix.h instead of regex.h and to link in pcreposix.so. cindy.marasco@pnl.gov) 2.1.11 SUPPORT FOR POSIX ACLS IN LINUX IS NOT AS STRAIGHTFORWARD AS ORIGINALLY THOUGHT. THE API DOES NOT MATCH EXISTING IMPLEMENTATIONS AND SEEMS SIGNIFICANTLY MORE COMPLEX. IN THE INTERESTS OF STABILITY THIS WILL HAVE TO BE DEFERRED TO A LATER RELEASE. Comma in function argument bug in FileExists etc, fixed Option -z (--schedule) now prints only the run schedule. Option -Q (--query) added to print values of variables defined in configuration cfagent -Q sysadm,domain,site,ipaddress in format varname=value New variables can be used in cfagent.conf for cfexecd control: EmailFrom = ( ) EmailTo = ( ) - overrides sysadm if set White Box linux class recognition added When setting classes or variables by function call, the function evaluation is no longer performed if it is not in an active class. Cfexecd now calls cfagent with -D from_cfexecd to define the class "from_cfexecd::" when run from the executor WarnIfFileMissing added to editfiles and default is not to warn of non-existent files, except in inform/verbose modes. Check added for DefineInGroup, signals error if not in group Added copy type "any" for any matching criteria, date/sum etc. Respository variable was not expanded like a normal variable cfshow tool added for consulting the databases Better autodetection of Berkeley DB in some distros of Linux (SuSE) - has anyone heard of "standards"? Date format changed in cfexecd output files Errors if remote copy is not encrypted when server demands encryption. (patch) Renaming of directories is now allowed if dest= is set specifically. Check added for variables defined in terms of undefined variables. Patch for solaris package manager added (Louis Erickson - wwonko@rdwarf.com) file added as synonym til reg in filter Patch to HostRange (item.c) (rader@ginseng.hep.wisc.edu) Internal variable determining WORKDIR for non-privileged users. Various minor changes and cosmetics. Lock string must include server name in copy - added Method reply bundles fixed to work correctly with ipv6 addresses SIGPIPE and SIGCHLD added to signal handler (SIGCHILD ignored against posix, but how the hell do you sort this out?) srand -> srand48 typo in cfenvd Multiple method reply variables were incorrectly separated. Added options to disable LastSeen data recording feature. fclose used instead of pclose when calling ifconfig - resulted in zombies
2007-02-07 01:03:28 +01:00
man/man8/cfetoolcheck.8
man/man8/cfetoolcreate.8
man/man8/cfetooldump.8
man/man8/cfetoolgraph.8
man/man8/cfetoolimport.8
man/man8/cfetoolinfo.8
man/man8/cfetoolupdate.8
man/man8/cfexecd.8
man/man8/cfkey.8
man/man8/cfrun.8
man/man8/cfservd.8
Update to 2.1.22: 2.1.22 IMPORTANT: cfshow output formatting changes database internal format changes Rewritten the checksum subsystem to allow for future development and improvements and tidied the fragile Berkeley DB code. Cfservd no longer caches checksums, as this causes update issues. This could lead to additional load. The checksum code has been rewritten with a new database model, so all old data will be rebuilt. The checksum database has been renamed. ChecksumDatabase variable is not longer used. Package manager debian patch added to iterate over packages under installation. Package manager for AIX code added, courtesy of Anthony Rassin Package manager for Gentoo added, courtesy of Eric Searcy ShowState(rootprocs), ShowState(otherprocs) added for better process reporting General code reorganization for better separation of concerns, looking towards cfengine 3. cfconvert removed. Change of future strategy for cfengine 3 migration. Rationalization of internal instrumentation and better integration with cfenvd. Bug fixes to miscmounts. Editing was broken with respect to editfilesize variable. Option processing for miscmounts was also broken. Support for old Berkeley DB APIs abandoned. Encryption level added for full encryption of opendir traffic. Must set FullEncryption = ( true ) in control for compatability server=none now signals noop in method execution and copy. Varstring expansion bug for nested variables. 2.1.21 copy action now supports this $(this) variable which is made equal to the current server. This allows separating files from multiple hosts when downloading. cfenvd LDT fixes Bugs in PeerLeader/Group functions fixed. Some buffer limits too small and hardcoded in item.c - fix PH support removed from cfenvd during code rationalization - never used Cfenvd code rationalization and channge in database format. THe first time cfenvd runs, it will convert the database into the new format, be aware that this could take some time as it is disk intensive. Matt Shibla (ARM) ReturnsZeroShell function added. Cfrun ignored port number, fix 2.1.20 ipv6 structure compilation error for Tru64 Tested for compilation with latest Berkeley4.4-NC New option in cfservd.conf "LogEncryptedTransfers" (true/false). If true, any file that is granted access and is marked "encrypt=true" will be logged in syslog. i.e. one can keep a record of sensitive transfers. Linkcopy fix in 2.1.19 broke copying of links that point nowhere. Fixed. Copy was missing from the multi-pass detection. Fixed Patch to debian package management. (bastiaans@sara.nl) fixed - debian package always returned eq/true without cmp/version statement" (checking if a package is installed, regardless of version, now works However the "Comparison result" is always "eq" (equal) somehow for me... " If you are experiencing problems with 2.1.19 please get 2.1.19a. One of the changes in 2.1.19 has had bizarre side effects in links and disks. 2.1.19 cfagent will now exit and cease processing if any class in the defined control list AbortClasses = ( class_name_1 class_name_2 ... ) The singlecopy feature has been rewritten after reports of it not working, besides, the code was bizarre and the documentation was even worse. The autodefine code also patched and tested. In both these cases, there are lists of *patterns* or wildcards. The code and docs now agree ExecResult now runs its command in -n mode Error parsing strings (esp shellcommands) that contain the $ symbol due to a bug in 2D-lists. VMWare ESX recognition. Bug in cfservd stat-mode on symbolic links not correctly evaluated. Bug in linktype=copy for copy fixed. Bug in array expansion fixed - would truncate string after expansion Constant-cosmetics and length alterations. CF_SMALLBUF introduced, and MAXHOSTNAMELEN used PID file added for each daemin in WORKDIR == /var/cfengine Patch for function argument parsing Typo in docs. SelectPartitionGroup -> SelectPartitionNeighbours Inform=true support for packages HostRange bug - recoding not implemented properly from 2.1.16. Caused seg fault. Joe Buehler's harmless patch to cfexecd to flag daemon and batch mode. Serious bug in binserver handling fixed. (Rarely used feature) home tidying did not set the "done flag" for multiple pass avoidance. Patches to setting unqualified and qualified names SuSE 10 detection patch Minor error fixes discovered by Joe Buehler and his wonderful software. Files is the "suspicious" list were marked "not sensible" so that follow-up rules e.g. to delete them would not be triggered This is now considered a confusion of roles. Suspicious files are no longer skipped. More memory leaks in cfservd Compilation fix for non-IPv6 savvy machines 2.1.18 Error in FileExists() left over from 2.1.16 changes. Fixed elsedefine was not defined if a copy was requested of a non-existent file. Fixed. HostnameKeys (dynamic keys for dhcp clients) fix for cfservd. Error in stat'ing links that point to non-existent files in cfservd. Missing "else" caused this to be reported as an error in remote file copy. 5 second timeout reduced to 10 in cfservd file change check. Error message returned by cfservd is non-specific and previously said authentication denied, regardless of failure. The daemon now replies "Unspecified refusal". Users should use -v or -d2 on both sides of a connection to diagnose the true cause of failure, Segmentation fault when in verbose mode fixed - editfiles pointer. Error in parsing quotes and escaped quotes in functions. Bug in implementation of tidy scheduling during dependent classes fixed. BeginGroupIfLineMatch BeginGroupIfMatch BeginGroupIfLineContaining operations added Function ExecShellResult similar to ExecResult, but a shell is used, cfservd some additional memory reclamation during file updates, could cause memory leaks.. 2.1.17 This is a minor bugfix release WARNING - the handling of function arguments has been changed. You are recommended to use normal C/Perl quoting of argument strings., e.g. result = ( ExecResult("/bin/sh -c \"${pf_cc} -V | head -1 | cut -d\ -f3\"") ) not result = ( ExecResult(/bin/sh -c "${pf_cc} -V | head -1 | cut -d\ -f3") ) IsWildItemIn now has reflexive check - some confusion in the code about whether the needle or the haystack is the wildcard. Templating in editfiles. A new editfiles directive "ExpandVariables" adds an "m4" like function to cfengine -- allowing predefined variable strings to be expanded into text. Patch contributed to expansvariables: Davor Ocelic <docelic@mail.inet.hr> Alerts patch - some alerts not installed, if classes not defined. Patch for missing variable expansion after function parameter rewrite in 2.1.16. Some functions were not fully ported. vicf eliminated from distribution PrepModule environment fix Compilation error C++ mixed into cfetool fix Chdir to / when ascting as a daemon for cfservd, cfexecd etc 2.1.16 Bugfix release Moved method parameter setting to fix a bug where parameters would be set too late to be used in the parser action=warn in copy required inform=true to work, fixed. Function arg expansion bug and improvement fix Include directive added to cfrun.hosts (Olivier Fauchon) MOUNT_RO name collision fix SEG fault fixed when signalling cfenvd SkipIdentify partial fix Alf Wachsmann and Elizabeth Cassel's cfetool added, based on cfenvd. "cfetool makes a standalone tool out of cfenvd that accepts arbitrary periodic data. In addition, it has support for yearly periodic data. It's function and the user interface is in many aspects like rrdtool's. cfetoolgraph was added to work with the new features of cfetool. It works basically like cfenvgraph." Bug fix for multipass evaluation when resolving dependencies. Cfservd reread patch. Timeout on polling for linux, Default route code now uses "route" command exclusively for portability. EmailFrom patch to cfexecd / redundant code was paste error Increase pass depth in evaluation of action sequence. Skipident patch Size increase for interface buffer list HPUX,AIX ifconfig location fix Methods documentation improved. New control function for testing tcp services var = ReadTCP(host,port,"send string",maxbytes) 2.1.15 -f removal in cfservd patch Segmentation fault in cfservd with RSA key exchange fixed. Disk freespace alerting bug - did not agree with manual specification. Message appears only in verbose. Fixed. Autodefine install patch. Abspath in shellcommands was not parsed and acted on... Warnall action was not respected in copy. Permissions were altered on destination file anyway. cfcolon added to special symbols. 2.1.14 Alerts processed now in update context. More locking canonification fixes Exception for ReplaceALL convergence warning. Warning is not fatal if the operation is inside an editgroup. md5/sha1 message incorrect on new file found. Fixup Makefile.am and doc/Makefile.am. Docs are now installed in the CFEngine "share" directory where they belong. Directory iteration fixed. New: owner=LastNode sets the owner of the directory to the name of the last node in the dir name. This allows the creation of homedirs. CentOS support added. Extra encryption stage added in C5 protocol. NOTE: This makes 2.1.14 cfagent clients unable to talk to older servers. (Upgrade servers first, or at the same time.) Class "no_default_route" is now defined if a default route is not previously set, and a default route is defined for the current host. Added class functions IsGreaterThan, IsLessThan for numerical or string comparisons control: actionsequence = ( files ) a = ( 2.12 ) b = ( 2.11 ) classes: lt = ( LessThan(${a},${b}) ) gt = ( GreaterThan(${a},${b}) ) alerts: lt:: "$(a) LESS THAN $(b)" gt:: "$(a) GREATER THAN $(b)" Bugfix for cfshow -c options (Nathan Hruby) 2.1.13 Mistake in placement of update.conf runs fixed. Alteration to lock hashing to avoid conflicts Mandrake version type patch/repatched Error message in disable now underlines move to respository where defined. Locking patch to tidy. Did not release lock when tidying recursively with subdirectory deletions. (Eric Sorensen). Host range patched (again) (Bas VdV) 2.1.12 cf.preconf can now cause an abort if the script prints out a string containing the substring "cfengine-preconf-abort". An exit code of 2 signals this failure Cfrun bug in placement of workdir initialization. Would try to open /inputs/cfrun.hosts instead of /var/cfengine/inputs/cfrun.hosts Moved mutex locks in address purging, to see if it prevents some segmentation faults. In image.c: /* if (TRAVLINKS || ip->linktype == 'n') */ Took out linktype reference. This appears to be erroneous. Patch to tidy: "Guolin Cheng" <guolin@alexa.com> Patch to -Q to prevent update.conf from being executed. Patch to rationalize choice of port number for new getaddrinfo interfaces. (ip.c) small patch to allow the use of PCRE if it is compiled with --with-pcre. This is using the POSIX compatible API that PCRE provides, so the change necessary is to use pcreposix.h instead of regex.h and to link in pcreposix.so. cindy.marasco@pnl.gov) 2.1.11 SUPPORT FOR POSIX ACLS IN LINUX IS NOT AS STRAIGHTFORWARD AS ORIGINALLY THOUGHT. THE API DOES NOT MATCH EXISTING IMPLEMENTATIONS AND SEEMS SIGNIFICANTLY MORE COMPLEX. IN THE INTERESTS OF STABILITY THIS WILL HAVE TO BE DEFERRED TO A LATER RELEASE. Comma in function argument bug in FileExists etc, fixed Option -z (--schedule) now prints only the run schedule. Option -Q (--query) added to print values of variables defined in configuration cfagent -Q sysadm,domain,site,ipaddress in format varname=value New variables can be used in cfagent.conf for cfexecd control: EmailFrom = ( ) EmailTo = ( ) - overrides sysadm if set White Box linux class recognition added When setting classes or variables by function call, the function evaluation is no longer performed if it is not in an active class. Cfexecd now calls cfagent with -D from_cfexecd to define the class "from_cfexecd::" when run from the executor WarnIfFileMissing added to editfiles and default is not to warn of non-existent files, except in inform/verbose modes. Check added for DefineInGroup, signals error if not in group Added copy type "any" for any matching criteria, date/sum etc. Respository variable was not expanded like a normal variable cfshow tool added for consulting the databases Better autodetection of Berkeley DB in some distros of Linux (SuSE) - has anyone heard of "standards"? Date format changed in cfexecd output files Errors if remote copy is not encrypted when server demands encryption. (patch) Renaming of directories is now allowed if dest= is set specifically. Check added for variables defined in terms of undefined variables. Patch for solaris package manager added (Louis Erickson - wwonko@rdwarf.com) file added as synonym til reg in filter Patch to HostRange (item.c) (rader@ginseng.hep.wisc.edu) Internal variable determining WORKDIR for non-privileged users. Various minor changes and cosmetics. Lock string must include server name in copy - added Method reply bundles fixed to work correctly with ipv6 addresses SIGPIPE and SIGCHLD added to signal handler (SIGCHILD ignored against posix, but how the hell do you sort this out?) srand -> srand48 typo in cfenvd Multiple method reply variables were incorrectly separated. Added options to disable LastSeen data recording feature. fclose used instead of pclose when calling ifconfig - resulted in zombies
2007-02-07 01:03:28 +01:00
man/man8/cfshow.8
sbin/cfagent
sbin/cfdoc
sbin/cfenvd
sbin/cfenvgraph
Update to 2.1.22: 2.1.22 IMPORTANT: cfshow output formatting changes database internal format changes Rewritten the checksum subsystem to allow for future development and improvements and tidied the fragile Berkeley DB code. Cfservd no longer caches checksums, as this causes update issues. This could lead to additional load. The checksum code has been rewritten with a new database model, so all old data will be rebuilt. The checksum database has been renamed. ChecksumDatabase variable is not longer used. Package manager debian patch added to iterate over packages under installation. Package manager for AIX code added, courtesy of Anthony Rassin Package manager for Gentoo added, courtesy of Eric Searcy ShowState(rootprocs), ShowState(otherprocs) added for better process reporting General code reorganization for better separation of concerns, looking towards cfengine 3. cfconvert removed. Change of future strategy for cfengine 3 migration. Rationalization of internal instrumentation and better integration with cfenvd. Bug fixes to miscmounts. Editing was broken with respect to editfilesize variable. Option processing for miscmounts was also broken. Support for old Berkeley DB APIs abandoned. Encryption level added for full encryption of opendir traffic. Must set FullEncryption = ( true ) in control for compatability server=none now signals noop in method execution and copy. Varstring expansion bug for nested variables. 2.1.21 copy action now supports this $(this) variable which is made equal to the current server. This allows separating files from multiple hosts when downloading. cfenvd LDT fixes Bugs in PeerLeader/Group functions fixed. Some buffer limits too small and hardcoded in item.c - fix PH support removed from cfenvd during code rationalization - never used Cfenvd code rationalization and channge in database format. THe first time cfenvd runs, it will convert the database into the new format, be aware that this could take some time as it is disk intensive. Matt Shibla (ARM) ReturnsZeroShell function added. Cfrun ignored port number, fix 2.1.20 ipv6 structure compilation error for Tru64 Tested for compilation with latest Berkeley4.4-NC New option in cfservd.conf "LogEncryptedTransfers" (true/false). If true, any file that is granted access and is marked "encrypt=true" will be logged in syslog. i.e. one can keep a record of sensitive transfers. Linkcopy fix in 2.1.19 broke copying of links that point nowhere. Fixed. Copy was missing from the multi-pass detection. Fixed Patch to debian package management. (bastiaans@sara.nl) fixed - debian package always returned eq/true without cmp/version statement" (checking if a package is installed, regardless of version, now works However the "Comparison result" is always "eq" (equal) somehow for me... " If you are experiencing problems with 2.1.19 please get 2.1.19a. One of the changes in 2.1.19 has had bizarre side effects in links and disks. 2.1.19 cfagent will now exit and cease processing if any class in the defined control list AbortClasses = ( class_name_1 class_name_2 ... ) The singlecopy feature has been rewritten after reports of it not working, besides, the code was bizarre and the documentation was even worse. The autodefine code also patched and tested. In both these cases, there are lists of *patterns* or wildcards. The code and docs now agree ExecResult now runs its command in -n mode Error parsing strings (esp shellcommands) that contain the $ symbol due to a bug in 2D-lists. VMWare ESX recognition. Bug in cfservd stat-mode on symbolic links not correctly evaluated. Bug in linktype=copy for copy fixed. Bug in array expansion fixed - would truncate string after expansion Constant-cosmetics and length alterations. CF_SMALLBUF introduced, and MAXHOSTNAMELEN used PID file added for each daemin in WORKDIR == /var/cfengine Patch for function argument parsing Typo in docs. SelectPartitionGroup -> SelectPartitionNeighbours Inform=true support for packages HostRange bug - recoding not implemented properly from 2.1.16. Caused seg fault. Joe Buehler's harmless patch to cfexecd to flag daemon and batch mode. Serious bug in binserver handling fixed. (Rarely used feature) home tidying did not set the "done flag" for multiple pass avoidance. Patches to setting unqualified and qualified names SuSE 10 detection patch Minor error fixes discovered by Joe Buehler and his wonderful software. Files is the "suspicious" list were marked "not sensible" so that follow-up rules e.g. to delete them would not be triggered This is now considered a confusion of roles. Suspicious files are no longer skipped. More memory leaks in cfservd Compilation fix for non-IPv6 savvy machines 2.1.18 Error in FileExists() left over from 2.1.16 changes. Fixed elsedefine was not defined if a copy was requested of a non-existent file. Fixed. HostnameKeys (dynamic keys for dhcp clients) fix for cfservd. Error in stat'ing links that point to non-existent files in cfservd. Missing "else" caused this to be reported as an error in remote file copy. 5 second timeout reduced to 10 in cfservd file change check. Error message returned by cfservd is non-specific and previously said authentication denied, regardless of failure. The daemon now replies "Unspecified refusal". Users should use -v or -d2 on both sides of a connection to diagnose the true cause of failure, Segmentation fault when in verbose mode fixed - editfiles pointer. Error in parsing quotes and escaped quotes in functions. Bug in implementation of tidy scheduling during dependent classes fixed. BeginGroupIfLineMatch BeginGroupIfMatch BeginGroupIfLineContaining operations added Function ExecShellResult similar to ExecResult, but a shell is used, cfservd some additional memory reclamation during file updates, could cause memory leaks.. 2.1.17 This is a minor bugfix release WARNING - the handling of function arguments has been changed. You are recommended to use normal C/Perl quoting of argument strings., e.g. result = ( ExecResult("/bin/sh -c \"${pf_cc} -V | head -1 | cut -d\ -f3\"") ) not result = ( ExecResult(/bin/sh -c "${pf_cc} -V | head -1 | cut -d\ -f3") ) IsWildItemIn now has reflexive check - some confusion in the code about whether the needle or the haystack is the wildcard. Templating in editfiles. A new editfiles directive "ExpandVariables" adds an "m4" like function to cfengine -- allowing predefined variable strings to be expanded into text. Patch contributed to expansvariables: Davor Ocelic <docelic@mail.inet.hr> Alerts patch - some alerts not installed, if classes not defined. Patch for missing variable expansion after function parameter rewrite in 2.1.16. Some functions were not fully ported. vicf eliminated from distribution PrepModule environment fix Compilation error C++ mixed into cfetool fix Chdir to / when ascting as a daemon for cfservd, cfexecd etc 2.1.16 Bugfix release Moved method parameter setting to fix a bug where parameters would be set too late to be used in the parser action=warn in copy required inform=true to work, fixed. Function arg expansion bug and improvement fix Include directive added to cfrun.hosts (Olivier Fauchon) MOUNT_RO name collision fix SEG fault fixed when signalling cfenvd SkipIdentify partial fix Alf Wachsmann and Elizabeth Cassel's cfetool added, based on cfenvd. "cfetool makes a standalone tool out of cfenvd that accepts arbitrary periodic data. In addition, it has support for yearly periodic data. It's function and the user interface is in many aspects like rrdtool's. cfetoolgraph was added to work with the new features of cfetool. It works basically like cfenvgraph." Bug fix for multipass evaluation when resolving dependencies. Cfservd reread patch. Timeout on polling for linux, Default route code now uses "route" command exclusively for portability. EmailFrom patch to cfexecd / redundant code was paste error Increase pass depth in evaluation of action sequence. Skipident patch Size increase for interface buffer list HPUX,AIX ifconfig location fix Methods documentation improved. New control function for testing tcp services var = ReadTCP(host,port,"send string",maxbytes) 2.1.15 -f removal in cfservd patch Segmentation fault in cfservd with RSA key exchange fixed. Disk freespace alerting bug - did not agree with manual specification. Message appears only in verbose. Fixed. Autodefine install patch. Abspath in shellcommands was not parsed and acted on... Warnall action was not respected in copy. Permissions were altered on destination file anyway. cfcolon added to special symbols. 2.1.14 Alerts processed now in update context. More locking canonification fixes Exception for ReplaceALL convergence warning. Warning is not fatal if the operation is inside an editgroup. md5/sha1 message incorrect on new file found. Fixup Makefile.am and doc/Makefile.am. Docs are now installed in the CFEngine "share" directory where they belong. Directory iteration fixed. New: owner=LastNode sets the owner of the directory to the name of the last node in the dir name. This allows the creation of homedirs. CentOS support added. Extra encryption stage added in C5 protocol. NOTE: This makes 2.1.14 cfagent clients unable to talk to older servers. (Upgrade servers first, or at the same time.) Class "no_default_route" is now defined if a default route is not previously set, and a default route is defined for the current host. Added class functions IsGreaterThan, IsLessThan for numerical or string comparisons control: actionsequence = ( files ) a = ( 2.12 ) b = ( 2.11 ) classes: lt = ( LessThan(${a},${b}) ) gt = ( GreaterThan(${a},${b}) ) alerts: lt:: "$(a) LESS THAN $(b)" gt:: "$(a) GREATER THAN $(b)" Bugfix for cfshow -c options (Nathan Hruby) 2.1.13 Mistake in placement of update.conf runs fixed. Alteration to lock hashing to avoid conflicts Mandrake version type patch/repatched Error message in disable now underlines move to respository where defined. Locking patch to tidy. Did not release lock when tidying recursively with subdirectory deletions. (Eric Sorensen). Host range patched (again) (Bas VdV) 2.1.12 cf.preconf can now cause an abort if the script prints out a string containing the substring "cfengine-preconf-abort". An exit code of 2 signals this failure Cfrun bug in placement of workdir initialization. Would try to open /inputs/cfrun.hosts instead of /var/cfengine/inputs/cfrun.hosts Moved mutex locks in address purging, to see if it prevents some segmentation faults. In image.c: /* if (TRAVLINKS || ip->linktype == 'n') */ Took out linktype reference. This appears to be erroneous. Patch to tidy: "Guolin Cheng" <guolin@alexa.com> Patch to -Q to prevent update.conf from being executed. Patch to rationalize choice of port number for new getaddrinfo interfaces. (ip.c) small patch to allow the use of PCRE if it is compiled with --with-pcre. This is using the POSIX compatible API that PCRE provides, so the change necessary is to use pcreposix.h instead of regex.h and to link in pcreposix.so. cindy.marasco@pnl.gov) 2.1.11 SUPPORT FOR POSIX ACLS IN LINUX IS NOT AS STRAIGHTFORWARD AS ORIGINALLY THOUGHT. THE API DOES NOT MATCH EXISTING IMPLEMENTATIONS AND SEEMS SIGNIFICANTLY MORE COMPLEX. IN THE INTERESTS OF STABILITY THIS WILL HAVE TO BE DEFERRED TO A LATER RELEASE. Comma in function argument bug in FileExists etc, fixed Option -z (--schedule) now prints only the run schedule. Option -Q (--query) added to print values of variables defined in configuration cfagent -Q sysadm,domain,site,ipaddress in format varname=value New variables can be used in cfagent.conf for cfexecd control: EmailFrom = ( ) EmailTo = ( ) - overrides sysadm if set White Box linux class recognition added When setting classes or variables by function call, the function evaluation is no longer performed if it is not in an active class. Cfexecd now calls cfagent with -D from_cfexecd to define the class "from_cfexecd::" when run from the executor WarnIfFileMissing added to editfiles and default is not to warn of non-existent files, except in inform/verbose modes. Check added for DefineInGroup, signals error if not in group Added copy type "any" for any matching criteria, date/sum etc. Respository variable was not expanded like a normal variable cfshow tool added for consulting the databases Better autodetection of Berkeley DB in some distros of Linux (SuSE) - has anyone heard of "standards"? Date format changed in cfexecd output files Errors if remote copy is not encrypted when server demands encryption. (patch) Renaming of directories is now allowed if dest= is set specifically. Check added for variables defined in terms of undefined variables. Patch for solaris package manager added (Louis Erickson - wwonko@rdwarf.com) file added as synonym til reg in filter Patch to HostRange (item.c) (rader@ginseng.hep.wisc.edu) Internal variable determining WORKDIR for non-privileged users. Various minor changes and cosmetics. Lock string must include server name in copy - added Method reply bundles fixed to work correctly with ipv6 addresses SIGPIPE and SIGCHLD added to signal handler (SIGCHILD ignored against posix, but how the hell do you sort this out?) srand -> srand48 typo in cfenvd Multiple method reply variables were incorrectly separated. Added options to disable LastSeen data recording feature. fclose used instead of pclose when calling ifconfig - resulted in zombies
2007-02-07 01:03:28 +01:00
sbin/cfetool
sbin/cfetoolgraph
sbin/cfexecd
sbin/cfkey
sbin/cfrun
sbin/cfservd
Update to 2.1.22: 2.1.22 IMPORTANT: cfshow output formatting changes database internal format changes Rewritten the checksum subsystem to allow for future development and improvements and tidied the fragile Berkeley DB code. Cfservd no longer caches checksums, as this causes update issues. This could lead to additional load. The checksum code has been rewritten with a new database model, so all old data will be rebuilt. The checksum database has been renamed. ChecksumDatabase variable is not longer used. Package manager debian patch added to iterate over packages under installation. Package manager for AIX code added, courtesy of Anthony Rassin Package manager for Gentoo added, courtesy of Eric Searcy ShowState(rootprocs), ShowState(otherprocs) added for better process reporting General code reorganization for better separation of concerns, looking towards cfengine 3. cfconvert removed. Change of future strategy for cfengine 3 migration. Rationalization of internal instrumentation and better integration with cfenvd. Bug fixes to miscmounts. Editing was broken with respect to editfilesize variable. Option processing for miscmounts was also broken. Support for old Berkeley DB APIs abandoned. Encryption level added for full encryption of opendir traffic. Must set FullEncryption = ( true ) in control for compatability server=none now signals noop in method execution and copy. Varstring expansion bug for nested variables. 2.1.21 copy action now supports this $(this) variable which is made equal to the current server. This allows separating files from multiple hosts when downloading. cfenvd LDT fixes Bugs in PeerLeader/Group functions fixed. Some buffer limits too small and hardcoded in item.c - fix PH support removed from cfenvd during code rationalization - never used Cfenvd code rationalization and channge in database format. THe first time cfenvd runs, it will convert the database into the new format, be aware that this could take some time as it is disk intensive. Matt Shibla (ARM) ReturnsZeroShell function added. Cfrun ignored port number, fix 2.1.20 ipv6 structure compilation error for Tru64 Tested for compilation with latest Berkeley4.4-NC New option in cfservd.conf "LogEncryptedTransfers" (true/false). If true, any file that is granted access and is marked "encrypt=true" will be logged in syslog. i.e. one can keep a record of sensitive transfers. Linkcopy fix in 2.1.19 broke copying of links that point nowhere. Fixed. Copy was missing from the multi-pass detection. Fixed Patch to debian package management. (bastiaans@sara.nl) fixed - debian package always returned eq/true without cmp/version statement" (checking if a package is installed, regardless of version, now works However the "Comparison result" is always "eq" (equal) somehow for me... " If you are experiencing problems with 2.1.19 please get 2.1.19a. One of the changes in 2.1.19 has had bizarre side effects in links and disks. 2.1.19 cfagent will now exit and cease processing if any class in the defined control list AbortClasses = ( class_name_1 class_name_2 ... ) The singlecopy feature has been rewritten after reports of it not working, besides, the code was bizarre and the documentation was even worse. The autodefine code also patched and tested. In both these cases, there are lists of *patterns* or wildcards. The code and docs now agree ExecResult now runs its command in -n mode Error parsing strings (esp shellcommands) that contain the $ symbol due to a bug in 2D-lists. VMWare ESX recognition. Bug in cfservd stat-mode on symbolic links not correctly evaluated. Bug in linktype=copy for copy fixed. Bug in array expansion fixed - would truncate string after expansion Constant-cosmetics and length alterations. CF_SMALLBUF introduced, and MAXHOSTNAMELEN used PID file added for each daemin in WORKDIR == /var/cfengine Patch for function argument parsing Typo in docs. SelectPartitionGroup -> SelectPartitionNeighbours Inform=true support for packages HostRange bug - recoding not implemented properly from 2.1.16. Caused seg fault. Joe Buehler's harmless patch to cfexecd to flag daemon and batch mode. Serious bug in binserver handling fixed. (Rarely used feature) home tidying did not set the "done flag" for multiple pass avoidance. Patches to setting unqualified and qualified names SuSE 10 detection patch Minor error fixes discovered by Joe Buehler and his wonderful software. Files is the "suspicious" list were marked "not sensible" so that follow-up rules e.g. to delete them would not be triggered This is now considered a confusion of roles. Suspicious files are no longer skipped. More memory leaks in cfservd Compilation fix for non-IPv6 savvy machines 2.1.18 Error in FileExists() left over from 2.1.16 changes. Fixed elsedefine was not defined if a copy was requested of a non-existent file. Fixed. HostnameKeys (dynamic keys for dhcp clients) fix for cfservd. Error in stat'ing links that point to non-existent files in cfservd. Missing "else" caused this to be reported as an error in remote file copy. 5 second timeout reduced to 10 in cfservd file change check. Error message returned by cfservd is non-specific and previously said authentication denied, regardless of failure. The daemon now replies "Unspecified refusal". Users should use -v or -d2 on both sides of a connection to diagnose the true cause of failure, Segmentation fault when in verbose mode fixed - editfiles pointer. Error in parsing quotes and escaped quotes in functions. Bug in implementation of tidy scheduling during dependent classes fixed. BeginGroupIfLineMatch BeginGroupIfMatch BeginGroupIfLineContaining operations added Function ExecShellResult similar to ExecResult, but a shell is used, cfservd some additional memory reclamation during file updates, could cause memory leaks.. 2.1.17 This is a minor bugfix release WARNING - the handling of function arguments has been changed. You are recommended to use normal C/Perl quoting of argument strings., e.g. result = ( ExecResult("/bin/sh -c \"${pf_cc} -V | head -1 | cut -d\ -f3\"") ) not result = ( ExecResult(/bin/sh -c "${pf_cc} -V | head -1 | cut -d\ -f3") ) IsWildItemIn now has reflexive check - some confusion in the code about whether the needle or the haystack is the wildcard. Templating in editfiles. A new editfiles directive "ExpandVariables" adds an "m4" like function to cfengine -- allowing predefined variable strings to be expanded into text. Patch contributed to expansvariables: Davor Ocelic <docelic@mail.inet.hr> Alerts patch - some alerts not installed, if classes not defined. Patch for missing variable expansion after function parameter rewrite in 2.1.16. Some functions were not fully ported. vicf eliminated from distribution PrepModule environment fix Compilation error C++ mixed into cfetool fix Chdir to / when ascting as a daemon for cfservd, cfexecd etc 2.1.16 Bugfix release Moved method parameter setting to fix a bug where parameters would be set too late to be used in the parser action=warn in copy required inform=true to work, fixed. Function arg expansion bug and improvement fix Include directive added to cfrun.hosts (Olivier Fauchon) MOUNT_RO name collision fix SEG fault fixed when signalling cfenvd SkipIdentify partial fix Alf Wachsmann and Elizabeth Cassel's cfetool added, based on cfenvd. "cfetool makes a standalone tool out of cfenvd that accepts arbitrary periodic data. In addition, it has support for yearly periodic data. It's function and the user interface is in many aspects like rrdtool's. cfetoolgraph was added to work with the new features of cfetool. It works basically like cfenvgraph." Bug fix for multipass evaluation when resolving dependencies. Cfservd reread patch. Timeout on polling for linux, Default route code now uses "route" command exclusively for portability. EmailFrom patch to cfexecd / redundant code was paste error Increase pass depth in evaluation of action sequence. Skipident patch Size increase for interface buffer list HPUX,AIX ifconfig location fix Methods documentation improved. New control function for testing tcp services var = ReadTCP(host,port,"send string",maxbytes) 2.1.15 -f removal in cfservd patch Segmentation fault in cfservd with RSA key exchange fixed. Disk freespace alerting bug - did not agree with manual specification. Message appears only in verbose. Fixed. Autodefine install patch. Abspath in shellcommands was not parsed and acted on... Warnall action was not respected in copy. Permissions were altered on destination file anyway. cfcolon added to special symbols. 2.1.14 Alerts processed now in update context. More locking canonification fixes Exception for ReplaceALL convergence warning. Warning is not fatal if the operation is inside an editgroup. md5/sha1 message incorrect on new file found. Fixup Makefile.am and doc/Makefile.am. Docs are now installed in the CFEngine "share" directory where they belong. Directory iteration fixed. New: owner=LastNode sets the owner of the directory to the name of the last node in the dir name. This allows the creation of homedirs. CentOS support added. Extra encryption stage added in C5 protocol. NOTE: This makes 2.1.14 cfagent clients unable to talk to older servers. (Upgrade servers first, or at the same time.) Class "no_default_route" is now defined if a default route is not previously set, and a default route is defined for the current host. Added class functions IsGreaterThan, IsLessThan for numerical or string comparisons control: actionsequence = ( files ) a = ( 2.12 ) b = ( 2.11 ) classes: lt = ( LessThan(${a},${b}) ) gt = ( GreaterThan(${a},${b}) ) alerts: lt:: "$(a) LESS THAN $(b)" gt:: "$(a) GREATER THAN $(b)" Bugfix for cfshow -c options (Nathan Hruby) 2.1.13 Mistake in placement of update.conf runs fixed. Alteration to lock hashing to avoid conflicts Mandrake version type patch/repatched Error message in disable now underlines move to respository where defined. Locking patch to tidy. Did not release lock when tidying recursively with subdirectory deletions. (Eric Sorensen). Host range patched (again) (Bas VdV) 2.1.12 cf.preconf can now cause an abort if the script prints out a string containing the substring "cfengine-preconf-abort". An exit code of 2 signals this failure Cfrun bug in placement of workdir initialization. Would try to open /inputs/cfrun.hosts instead of /var/cfengine/inputs/cfrun.hosts Moved mutex locks in address purging, to see if it prevents some segmentation faults. In image.c: /* if (TRAVLINKS || ip->linktype == 'n') */ Took out linktype reference. This appears to be erroneous. Patch to tidy: "Guolin Cheng" <guolin@alexa.com> Patch to -Q to prevent update.conf from being executed. Patch to rationalize choice of port number for new getaddrinfo interfaces. (ip.c) small patch to allow the use of PCRE if it is compiled with --with-pcre. This is using the POSIX compatible API that PCRE provides, so the change necessary is to use pcreposix.h instead of regex.h and to link in pcreposix.so. cindy.marasco@pnl.gov) 2.1.11 SUPPORT FOR POSIX ACLS IN LINUX IS NOT AS STRAIGHTFORWARD AS ORIGINALLY THOUGHT. THE API DOES NOT MATCH EXISTING IMPLEMENTATIONS AND SEEMS SIGNIFICANTLY MORE COMPLEX. IN THE INTERESTS OF STABILITY THIS WILL HAVE TO BE DEFERRED TO A LATER RELEASE. Comma in function argument bug in FileExists etc, fixed Option -z (--schedule) now prints only the run schedule. Option -Q (--query) added to print values of variables defined in configuration cfagent -Q sysadm,domain,site,ipaddress in format varname=value New variables can be used in cfagent.conf for cfexecd control: EmailFrom = ( ) EmailTo = ( ) - overrides sysadm if set White Box linux class recognition added When setting classes or variables by function call, the function evaluation is no longer performed if it is not in an active class. Cfexecd now calls cfagent with -D from_cfexecd to define the class "from_cfexecd::" when run from the executor WarnIfFileMissing added to editfiles and default is not to warn of non-existent files, except in inform/verbose modes. Check added for DefineInGroup, signals error if not in group Added copy type "any" for any matching criteria, date/sum etc. Respository variable was not expanded like a normal variable cfshow tool added for consulting the databases Better autodetection of Berkeley DB in some distros of Linux (SuSE) - has anyone heard of "standards"? Date format changed in cfexecd output files Errors if remote copy is not encrypted when server demands encryption. (patch) Renaming of directories is now allowed if dest= is set specifically. Check added for variables defined in terms of undefined variables. Patch for solaris package manager added (Louis Erickson - wwonko@rdwarf.com) file added as synonym til reg in filter Patch to HostRange (item.c) (rader@ginseng.hep.wisc.edu) Internal variable determining WORKDIR for non-privileged users. Various minor changes and cosmetics. Lock string must include server name in copy - added Method reply bundles fixed to work correctly with ipv6 addresses SIGPIPE and SIGCHLD added to signal handler (SIGCHILD ignored against posix, but how the hell do you sort this out?) srand -> srand48 typo in cfenvd Multiple method reply variables were incorrectly separated. Added options to disable LastSeen data recording feature. fclose used instead of pclose when calling ifconfig - resulted in zombies
2007-02-07 01:03:28 +01:00
sbin/cfshow
share/cfengine/ChangeLog
share/cfengine/INSTALL
share/cfengine/NEWS
share/cfengine/README
share/cfengine/cfengine.el
share/examples/cfengine/cf.chflags.example
share/examples/cfengine/cf.freebsd.example
share/examples/cfengine/cf.ftp.example
share/examples/cfengine/cf.groups.example
share/examples/cfengine/cf.linux.example
share/examples/cfengine/cf.main.example
share/examples/cfengine/cf.motd.example
share/examples/cfengine/cf.preconf.example
share/examples/cfengine/cf.services.example
share/examples/cfengine/cf.site.example
share/examples/cfengine/cf.solaris.example
share/examples/cfengine/cf.sun4.example
share/examples/cfengine/cf.users.example
share/examples/cfengine/cfagent.conf-advanced.example
share/examples/cfengine/cfagent.conf.example
share/examples/cfengine/cfrc.example
share/examples/cfengine/cfrun.hosts.example
share/examples/cfengine/cfservd.conf.example
share/examples/cfengine/update.conf.example
share/examples/rc.d/cfenvd
share/examples/rc.d/cfexecd
2005-05-03 17:51:24 +02:00
share/examples/rc.d/cfservd
Update cfengine2 and cfengine2-doc to version 2.0.6. Package changes Vicf moved from $PREFIX/sbin to $PREFIX/share/examples/cfengine as it can really be used as is: site tuning is required. Both packages now share the same distinfo file. Changes in version 2.0.6 SKIPVERIFY removed from AccessControl checks. This was wrongly allowing access to files if they only had an accepted encryption key. SetLine added to AppendIfNoLineMatching to allow current line to be added. ForEachLineIn "/tmp/in" AppendIfNoLineMatching "ThisLine" EndLoop Changed /etc/services reference to port 5308 in ipv6 compatible calls. Efficiency, removed getpwnam from GetFile(). Was unnecessarily looking up the uid multiple times, which delays copying speed. Copy rates improved by five to ten times!! Single copy uses too much cache memory. Optimize by only caching copies that use the singlecopy keyword. Message status change: %s is a link which points to %s, but that file doesn't seem to exist Verbose only Patches to editfiles to check empty files. DefineinGroup added. Changes in version 2.0.5 Cfrun ipv6 patch Syslog messages name patch mountables, binservers variable usage fix backup=timestamp added in copy so that multiple backups can coexist. Other backups use this by default. Cfenvd records loadaverage - and av.db renamed to cf_averages.db since records in av.db no longer compatible. Iteration added to disk paths Typo in filters.c UID -> USER meant that Owner field in filters would not always work for processes. Bug in removal of spaces in process-filter matches could cause some criteria to fail to match. Netstat changed entry in solaris 2.9 Hard class hpux10 -> hpux and the old hpux is deprecated tidy //tmp would start tidying / due to error in ExpandWildcardsAndDo. FIxed Cfenvd netstat state recorded in separate files now in WORKDIR, by protocol and incoming/outgoing. This allows accurate record of the state to which classes refer. excludes and ignores would not appended in a tidy command if a path already existed in another previous command. Fixed so that all excludes and ignores are concatenated for all related paths. Local AF_LOCAL addresses not handled by sockaddr in IPv6 compatible functions. Now returns 127.0.0.1 (why not ::1??) Typo in tidy.c prevented tidy old links from working. Documentation patches. Checksums no longer performed on dry run (-n) in files, but still in copy. No errors written to syslog in dryrun mode. Umask patch in editfiles - umask was not properly installed New copy options / variables singlecopy= and autodefine added. Alerts added as own section alerts: allow users to define a custom message triggered by a class activation. Alerts can also quote state information from cfenvd and the process table. tidy define= does not set class if file could not be tidied. debian detect patch (Andy Stribblehill) cfservd descriptor leak (Andy Stribblehill) cfservd daemonize modification
2003-04-26 10:33:00 +02:00
@dirrm share/examples/cfengine
@dirrm share/cfengine