jlgreer/cfgMgtVcs.cf

## cfgMgtVcs.cf
################################################################################
#
# Administers version control (Subversion) for Cfengine 3
#
################################################################################

bundle agent cfgMgtVcs {

vars:

  "fileserver"      slist => { @(var.fileserver) };
  "masterfiles"    string => "$(var.masterfiles)";
  "secrets"        string => "/var/cfengine/masterfiles/dcsunix/cfgMgtVcs/pri";
  "prefix"         string => "/var/cfengine/masterfiles/dcsunix/cfgMgtVcs/pub";

  "svn_sticky_dirs" slist => { "httpdincludes", "repos", "svnacls", "svnlogs" };
  "repo_store"     string => "/data01/svn";
  "dav_cfg_dir"    string => "$(repo_store)/httpdincludes";
  "httpd_conf.d"   string => "/etc/httpd/conf.d";
  "repositories"    slist => { "mfdcsunix" };

files:

  CfgMgtVcs::

    "$(repo_store)/."
      create => "true",
      perms  => mode_owner_group("0755", "svn", "svn"),
      action => actionsettings_fix_inform("inform");

    "$(repo_store)/$(svn_sticky_dirs)/."
      create => "true",
      perms  => mode_owner_group("2755", "svn", "svn"),
      action => actionsettings_fix_inform("inform");

    "$(httpd_conf.d)/auth_ldap.conf"
      perms     => mode_owner_group("0644", "root", "root"),
      copy_from => copy_std("$(secrets)/$(httpd_conf.d)/auth_ldap.conf",
          "@(fileserver)", "false", "timestamp"),
      classes   => if_repaired("httpd_restart"),
      action    => actionsettings_fix_inform("inform");

    "$(dav_cfg_dir)/cfgmgtsvn-prd-$(repositories).conf"
      perms         => mode_owner_group("0444", "svn", "svn"),
      create        => "true",
      edit_line     => template("$(prefix)/$(dav_cfg_dir)/master.conf",
        "__repository__", "$(repositories)"),
      edit_defaults => empty,
      action        => actionsettings_fix_inform("inform");

commands:

  CfgMgtVcs::

    "/usr/bin/yum -y install httpd"
        contain => container_std("root", true),
        action  => actionsettings( "fix", "720", "2", "inform", "false", "false", "inform");

    "/usr/bin/yum -y install mod_dav_svn"
        contain => container_std("root", true),
        action  => actionsettings( "fix", "720", "2", "inform", "false", "false", "inform");

    "/usr/bin/yum -y install mod_ssl"
        contain => container_std("root", true),
        action  => actionsettings( "fix", "720", "2", "inform", "false", "false", "inform");

}


# Lifted from reference guide
body replace_with value(x)
{
replace_value => "$(x)";
occurrences => "all";
}

# Simple proof of concept for templatization
bundle edit_line template(templatefile, search, replace)

{

insert_lines:

 "$(templatefile)"

   insert_type     => "file",
   comment         => "Expand variables in the template file";
   # This appears only to work for Cfengine special variables?
   # expand_scalars => "true";

replace_patterns:

  "$(search)"
    replace_with => value("$(replace)");

}

body edit_defaults empty

{
empty_file_before_editing => "true";
edit_backup => "false";
max_file_size => "300000";
}

## templatization_proof_of_concept.txt
[root@annyong httpdincludes]# pwd
/data01/svn/httpdincludes
[root@annyong httpdincludes]# ls
[root@annyong httpdincludes]# cf-agent -K
 -> Created file /data01/svn/httpdincludes/cfgmgtsvn-prd-mfdcsunix.conf, mode = 444
 -> Owner of /data01/svn/httpdincludes/cfgmgtsvn-prd-mfdcsunix.conf was 0, setting to 559
 -> Edited file /data01/svn/httpdincludes/cfgmgtsvn-prd-mfdcsunix.conf
[root@annyong httpdincludes]# cat cfgmgtsvn-prd-mfdcsunix.conf
LDAPVerifyServerCert Off

<Location /repos/mfdcsunix>
  DAV svn
  SVNPath /data01/svn/repos/mfdcsunix
  AuthzSVNAccessFile /data01/svn/svnacls/cfgmgtsvn-prd-mfdcsunix.conf
  AuthType Basic
  AuthName "svn-prd-mfdcsunix"
  AuthBasicProvider ldap
  Require ldap-group CN=idontexist,OU=SubVersion,OU=Applications,OU=Enterprise Systems,OU=Information Technology Services,DC=yu,DC=yale,DC=edu
</Location>

[root@annyong httpdincludes]# diff /var/cfengine/masterfiles/dcsunix/cfgMgtVcs/pub/data01/svn/httpdincludes/master.conf
diff: missing operand after `/var/cfengine/masterfiles/dcsunix/cfgMgtVcs/pub/data01/svn/httpdincludes/master.conf'
diff: Try `diff --help' for more information.
[root@annyong httpdincludes]# diff /var/cfengine/masterfiles/dcsunix/cfgMgtVcs/pub/data01/svn/httpdincludes/master.conf cfgmgtsvn-prd-mfdcsunix.conf
3c3
< <Location /repos/__repository__>
---
> <Location /repos/mfdcsunix>
5,6c5,6
<   SVNPath /data01/svn/repos/__repository__
<   AuthzSVNAccessFile /data01/svn/svnacls/cfgmgtsvn-prd-__repository__.conf
---
>   SVNPath /data01/svn/repos/mfdcsunix
>   AuthzSVNAccessFile /data01/svn/svnacls/cfgmgtsvn-prd-mfdcsunix.conf
8c8
<   AuthName "svn-prd-__repository__"
---
>   AuthName "svn-prd-mfdcsunix"
	################################################################################
	#
	# Administers version control (Subversion) for Cfengine 3
	#
	################################################################################

	bundle agent cfgMgtVcs {

	vars:

	"fileserver" slist => { @(var.fileserver) };
	"masterfiles" string => "$(var.masterfiles)";
	"secrets" string => "/var/cfengine/masterfiles/dcsunix/cfgMgtVcs/pri";
	"prefix" string => "/var/cfengine/masterfiles/dcsunix/cfgMgtVcs/pub";

	"svn_sticky_dirs" slist => { "httpdincludes", "repos", "svnacls", "svnlogs" };
	"repo_store" string => "/data01/svn";
	"dav_cfg_dir" string => "$(repo_store)/httpdincludes";
	"httpd_conf.d" string => "/etc/httpd/conf.d";
	"repositories" slist => { "mfdcsunix" };

	files:

	CfgMgtVcs::

	"$(repo_store)/."
	create => "true",
	perms => mode_owner_group("0755", "svn", "svn"),
	action => actionsettings_fix_inform("inform");

	"$(repo_store)/$(svn_sticky_dirs)/."
	create => "true",
	perms => mode_owner_group("2755", "svn", "svn"),
	action => actionsettings_fix_inform("inform");

	"$(httpd_conf.d)/auth_ldap.conf"
	perms => mode_owner_group("0644", "root", "root"),
	copy_from => copy_std("$(secrets)/$(httpd_conf.d)/auth_ldap.conf",
	"@(fileserver)", "false", "timestamp"),
	classes => if_repaired("httpd_restart"),
	action => actionsettings_fix_inform("inform");

	"$(dav_cfg_dir)/cfgmgtsvn-prd-$(repositories).conf"
	perms => mode_owner_group("0444", "svn", "svn"),
	create => "true",
	edit_line => template("$(prefix)/$(dav_cfg_dir)/master.conf",
	"__repository__", "$(repositories)"),
	edit_defaults => empty,
	action => actionsettings_fix_inform("inform");

	commands:

	CfgMgtVcs::

	"/usr/bin/yum -y install httpd"
	contain => container_std("root", true),
	action => actionsettings( "fix", "720", "2", "inform", "false", "false", "inform");

	"/usr/bin/yum -y install mod_dav_svn"
	contain => container_std("root", true),
	action => actionsettings( "fix", "720", "2", "inform", "false", "false", "inform");

	"/usr/bin/yum -y install mod_ssl"
	contain => container_std("root", true),
	action => actionsettings( "fix", "720", "2", "inform", "false", "false", "inform");

	}



	# Lifted from reference guide
	body replace_with value(x)
	{
	replace_value => "$(x)";
	occurrences => "all";
	}

	# Simple proof of concept for templatization
	bundle edit_line template(templatefile, search, replace)

	{

	insert_lines:

	"$(templatefile)"

	insert_type => "file",
	comment => "Expand variables in the template file";
	# This appears only to work for Cfengine special variables?
	# expand_scalars => "true";

	replace_patterns:

	"$(search)"
	replace_with => value("$(replace)");

	}

	body edit_defaults empty

	{
	empty_file_before_editing => "true";
	edit_backup => "false";
	max_file_size => "300000";
	}
	[root@annyong httpdincludes]# pwd
	/data01/svn/httpdincludes
	[root@annyong httpdincludes]# ls
	[root@annyong httpdincludes]# cf-agent -K
	-> Created file /data01/svn/httpdincludes/cfgmgtsvn-prd-mfdcsunix.conf, mode = 444
	-> Owner of /data01/svn/httpdincludes/cfgmgtsvn-prd-mfdcsunix.conf was 0, setting to 559
	-> Edited file /data01/svn/httpdincludes/cfgmgtsvn-prd-mfdcsunix.conf
	[root@annyong httpdincludes]# cat cfgmgtsvn-prd-mfdcsunix.conf
	LDAPVerifyServerCert Off

	<Location /repos/mfdcsunix>
	DAV svn
	SVNPath /data01/svn/repos/mfdcsunix
	AuthzSVNAccessFile /data01/svn/svnacls/cfgmgtsvn-prd-mfdcsunix.conf
	AuthType Basic
	AuthName "svn-prd-mfdcsunix"
	AuthBasicProvider ldap
	Require ldap-group CN=idontexist,OU=SubVersion,OU=Applications,OU=Enterprise Systems,OU=Information Technology Services,DC=yu,DC=yale,DC=edu
	</Location>

	[root@annyong httpdincludes]# diff /var/cfengine/masterfiles/dcsunix/cfgMgtVcs/pub/data01/svn/httpdincludes/master.conf
	diff: missing operand after `/var/cfengine/masterfiles/dcsunix/cfgMgtVcs/pub/data01/svn/httpdincludes/master.conf'
	diff: Try `diff --help' for more information.
	[root@annyong httpdincludes]# diff /var/cfengine/masterfiles/dcsunix/cfgMgtVcs/pub/data01/svn/httpdincludes/master.conf cfgmgtsvn-prd-mfdcsunix.conf
	3c3
	< <Location /repos/__repository__>
	---
	> <Location /repos/mfdcsunix>
	5,6c5,6
	< SVNPath /data01/svn/repos/__repository__
	< AuthzSVNAccessFile /data01/svn/svnacls/cfgmgtsvn-prd-__repository__.conf
	---
	> SVNPath /data01/svn/repos/mfdcsunix
	> AuthzSVNAccessFile /data01/svn/svnacls/cfgmgtsvn-prd-mfdcsunix.conf
	8c8
	< AuthName "svn-prd-__repository__"
	---
	> AuthName "svn-prd-mfdcsunix"