summaryrefslogtreecommitdiffstats
path: root/doc/plugins/generators/rules.txt
blob: d05fef7730691030358b911bc105bbc193136ddf (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
.. -*- mode: rst -*-

.. _plugins-generators-rules:

=====
Rules
=====

The Rules plugin resolves the following Abstract Configuration Entities:

* Service
* Directory
* SymLink
* Package
* Path
* Permissions
* Action

to literal configuration entries suitable for the client drivers to consume.

For an entity specification to be included in the Literal configuration the name attribute from an Abstract Entity Tag (from Base or Bundler) must match the name attribute of an Entity tag in Rules, along with the appropriate group associations of course.

Each file in the Rules directory has a priority.  This allows the same Entities to be served by multiple files.  The priorities can be used to break ties in the case that multiple files serve data for the same Entity.


Usage of Groups in Rules
========================

Groups are used by the Rules plugin, along with host metadata, for selecting the Configuration Entity entries to include in the clients literal configuration.  They can be thought of as::

    if client is a member of group1 then
        assign to literal config

Nested groups are conjunctive (logical and).::

    if client is a member of group1 and group2 then
        assign to literal config

Group membership may be negated.

Tag Attributes in Rules
=======================

Rules Tag
---------

The Rules Tag may have the following attributes:

|| '' '''Name''' '' || '' '''Description''' '' || '' '''Values''' '' ||
|| priority || Sets the priority for Rules in this Rules list.The higher value wins. || String ||

Rules Group Tag
---------------

The Rules Group Tag may have the following attributes:

|| '' '''Name''' '' || '' '''Description''' '' || '' '''Values''' '' ||
|| name  || Group Name || String ||
|| negate || Negate group membership (is not a member of) || (True|False) ||

Package Tag
-----------

The Package Tag may have the following attributes:

|| '' '''Name''' '' || '' '''Description''' '' || '' '''Values''' '' ||
|| name || Package Name || String ||
|| version || Package Version orversion='noverify' to not do version checking in the Yum driver only (temporary work a round). || String ||
|| file || Package file name.  Several other attributes (name, version) can be automatically defined based on regular expressions defined in the Pkgmgr plugin. || String ||
|| simplefile || Package file name. No name parsing is performed, so no extra fields get set || String ||
|| verify || verify='false' - do not do package verification || String ||
|| reloc || RPM relocation path. || String ||
|| multiarch || Comma separated list of the architectures of this package that should be installed. || String ||
|| srcs || Filename creation rules for multiarch packages. || String ||
|| type || Package type. (rpm, yum, apt,sysv,blast) || String ||

Permissions Tag
---------------

The Permissions tag is

|| '' '''Name''' '' || '' '''Description''' '' || '' '''Values''' '' ||
|| name || Name of the file. || String ||
|| perms || Permissions of the file. ||   ||
|| owner || Owner of the file. ||   ||
|| group || Group of the file. ||   ||

Action Tag
----------

See [wiki:Plugins/Actions Actions]

Service Tag
-----------

The Service tag is

|| '' '''Name''' '' || '' '''Description''' '' || '' '''Values''' '' ||
|| name || Service Name || String ||
|| status || Should the service be on or off. || (on|off) ||
|| restart || Service command for restart (default:restart) || String ||
|| type || Driver to use on the client to manage this service. || (chkconfig|deb|rc-update|smf) ||
|| sequence || Order for service startup (debian services only) || integer ||

Directory Tag
-------------

The Directory tag is

|| '' '''Name''' '' || '' '''Description''' '' || '' '''Values''' '' ||
|| name || Directory Name || String ||
|| perms || Permissions of the directory. || String ||
|| owner || Owner of the directory || String ||
|| group || Group Owner of the directory || String ||
|| prune || prune unspecified entries from the Directory || true|false ||

SymLink Tag
-----------

The SymLink tag is

|| '' '''Name''' '' || '' '''Description''' '' || '' '''Values''' '' ||
|| name || Name of the symlink. || String ||
|| to || File to link to || String ||

Client Tag
----------

The Client Tag is used in Rules for selecting the package entries to include in the clients literal configuration.  Its function is similar to the Group tag in this context.  It can be thought of as::

    if client is name then
        assign to literal config

The Client Tag may have the following attributes:

|| '' '''Name''' '' || '' '''Description''' '' || '' '''Values''' '' ||
|| name  || Client Name || String ||
|| negate || Negate client selection (if not client name) || (True|False) ||

Path Tag
--------

The Path tag is

|| '' '''Name''' '' || '' '''Description''' '' || '' '''Values''' '' ||
|| name || Name of the file || String ||
|| type || Type of file || nonexistent ||


Rules Directory
===============

The Rules/ directory keeps the XML files that define what rules are available for a host.  All the files in the directory are processed.

The names of the XML files have no special meaning to Bcfg2; they are simply named so it's easy for the administrator to know what the contents hold.  All Rules could be kept in a single file if so desired.  Bcfg2 simply uses the Groups in the files and priorities to determine how to assign Rules to a host's literal configuration.

.. code-block:: xml

    <Rules priority="0">
        <Directory group="root" name="/autonfs" owner="root" perms="0755"/>
        <Directory group="utmp" name="/var/run/screen" owner="root" perms="0775"/>
        <Directory group="root" name="/autonfs/stage" owner="root" perms="0755"/>
        <Directory group="root" name="/exports" owner="root" perms="0755"/>
        <Directory name="/etc/condor" owner="root" group="root" perms="0755"/>
        <Directory name="/logs" group="wwwtrans" owner="root" perms="0775"/>
        <Directory name="/mnt" group="root" owner="root" perms="0755"/>
        <Directory name="/my" owner="root" group="root" perms="0755"/>
        <Directory name="/my/bin" owner="root" group="root" perms="0755"/>
        <Directory name="/nfs" owner="root" group="root" perms="0755"/>
        <Directory name="/sandbox" perms="0777" owner="root" group="root"/>
        <Directory name="/software" group="root" owner="root" perms="0755"/>
        <Permissions perms="0555" group="audio" owner="root" name="/dev/dsp"/>
        <Permissions perms="0555" group="audio" owner="root" name="/dev/mixer"/>
        <SymLink name="/bin/whatami" to="/mcs/adm/bin/whatami"/>
        <SymLink name="/chibahomes" to="/nfs/chiba-homefarm"/>
        <SymLink name="/home" to="/nfs/mcs-homefarm"/>
        <SymLink name="/homes" to="/home"/>
        <SymLink name="/mcs" to="/nfs/mcs"/>
        <SymLink name="/my/bin/bash" to="/bin/bash"/>
        <SymLink name="/my/bin/tcsh" to="/bin/tcsh"/>
        <SymLink name="/my/bin/zsh" to="/bin/zsh"/>
        <SymLink name="/software/common" to="/nfs/software-common"/>
        <SymLink name="/software/linux" to="/nfs/software-linux"/>
        <SymLink name="/software/linux-debian_sarge" to="/nfs/linux-debian_sarge"/>
        <SymLink name="/usr/bin/passwd" to="/usr/bin/yppasswd"/>
        <SymLink name="/usr/bin/yppasswd" to="/mcs/bin/passwd"/>
        <SymLink name="/usr/lib/libgd.so.1.8" to="/usr/lib/libgd.so.1.8.4"/>
        <SymLink name="/usr/lib/libtermcap.so.2" to="/usr/lib/libtermcap.so"/>
        <SymLink name="/usr/local/bin/perl" to="/usr/bin/perl"/>
        <SymLink name="/usr/local/bin/perl5" to="/usr/bin/perl"/>
        <SymLink name="/usr/local/bin/tcsh" to="/bin/tcsh"/>
        <Service name='ntpd' status='on' type='chkconfig'/>
        <Service name='haldaemon' status='on' type='chkconfig'/>
        <Service name='messagebus' status='on' type='chkconfig'/>
        <Service name='netfs' status='on' type='chkconfig'/>
        <Service name='network' status='on' type='chkconfig'/>
        <Service name='rawdevices' status='on' type='chkconfig'/>
        <Service name='sshd' status='on' type='chkconfig'/>
        <Service name='syslog' status='on' type='chkconfig'/>
        <Service name='vmware-tools' status='on' type='chkconfig'/>
    </Rules>