blob: 5c7332dfbbfd9178d12e0c8962a7e0e41f2b9200 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
.. -*- mode: rst -*-
.. _server-plugins-generators-decisions:
=========
Decisions
=========
This page describes the Decisions plugin. The client has support for a
centralized set of per-entry installation decisions. This approach is
needed when particular changes are deemed "high risk"; this gives the
ability to centrally specify these changes, but only install them on
clients when administrator supervision is available. Because collaborative
configuration is one of the remaining hard issues in configuration
management, these issues typically crop up in environments with several
administrators and much configuration variety.
In these cases, the client can be configured to run in either a whitelist
or blacklist mode, wherein a list of entries is downloaded from the
server. The client uses this list to determine which incorrect entries
should be corrected during the current run of the installation tool. The
Decision plugin is the only stock plugin that generates entries for
client's whitelists or blacklists.
The Decision plugin uses a directory in the Bcfg2 repository called
Decisions. Files in the Decisions subdirectory are named similarly to
files managed by Cfg, probes, TCheetah, and TGenshi. File basenames
are either whitelist or blacklist. These files have a simple format;
the following is an example.
.. code-block:: xml
$ cat Decisions/whitelist
<Decisions>
<Decision type='Service' name='*'/>
<Decision type='Path' name='/etc/apt/apt.conf'/>
</Decisions>
.. note:: To add syntax highlighting in vim, you can add a modeline such as this:
<!--
vim: ft=xml
-->
This example, included as a whitelist due to its name, enables all
services, and the path entry named ``/etc/apt/apt.conf`` to be installed
on systems running in whitelist mode; all other entry installation will
be surpressed.
When a client askes for its whitelist or blacklist, all of the files
pertaining to that client of the correct type are aggregated into a
single list. This list is sent to the client. Note that this list is
only generated when a client is run with the appropriate option (-l
(whitelist|blacklist)); client behavior is not controlled unless this
option is used.
|
