From mark.burgess@fys.uio.no Fri Jun 19 15:27 MET 1998
Received: from pat.uio.no (6089@pat.uio.no [129.240.130.16])
	by nexus.iu.hioslo.no (8.8.8/8.8.6) with SMTP id PAA00749
	for <mark@iu.hioslo.no>; Fri, 19 Jun 1998 15:27:26 +0200 (METDST)
Resent-From: mark.burgess@fys.uio.no
Resent-Message-Id: <199806191327.PAA00749@nexus.iu.hioslo.no>
Received: from ulrik.uio.no by pat.uio.no id <25513-0@pat.uio.no>;
          Fri, 19 Jun 1998 15:27:00 +0200
Old-Return-Path: <help-cfengine-request@gnu.org>
Delivery-Date: Fri, 19 Jun 1998 15:26:58 +0200
Old-Received: from pat.uio.no (actually pat.uio.no [129.240.130.16]) by 
              pat.uio.no with SMTP (PP); Fri, 19 Jun 1998 15:26:03 +0200
Old-Received: from mescaline.gnu.org 
              (we-refuse-to-spy-on-our-users@mescaline.gnu.org 
              [158.121.106.21]) by pat.uio.no ; Fri, 19 Jun 1998 15:26:02 
              +0200 (MET DST)
Old-Received: by mescaline.gnu.org (8.8.5/8.6.12GNU) id JAA27333 for 
              Mark.Burgess@physics.uio.no; Fri, 19 Jun 1998 09:26:31 -0400
Old-Resent-Date: Fri, 19 Jun 1998 09:26:31 -0400
Old-Received: from vivaldi.dwelle.de by mescaline.gnu.org (8.8.5/8.6.12GNU) 
              with ESMTP id JAA27254 for <help-cfengine@gnu.org>; Fri, 19 Jun 
              1998 09:21:41 -0400
Old-Received: from eisler.dwelle.de (root@eisler.dwelle.de [194.55.32.51]) by 
              vivaldi.dwelle.de (8.7.5/8.7.3) with ESMTP id PAA13253; Fri, 19 
              Jun 1998 15:29:38 +0200 (MET DST)
Organisation: Deutsche Welle Berlin
Old-Received: by dwelle.de via sendmail from stdin id 
              <m0yn1BO-0001TxC@eisler.dwelle.de> (Debian Smail3.2.0.101) for 
              help-cfengine@gnu.org; Fri, 19 Jun 1998 15:26:22 +0200 (CEST)
Message-ID: <19980619152622.54550@eisler>
Date: Fri, 19 Jun 1998 15:26:22 +0200
From: Uwe Sievers <uwe@dwelle.de>
To: Mark.Burgess@iu.hioslo.no
Cc: help-cfengine@gnu.org
Subject: script for cfengine
Mime-Version: 1.0
X-Mailer: Mutt 0.89.1
Old-Resent-Message-ID: <"t66Eb.0._f6.fNcYr"@mescaline.gnu.org>
Old-Resent-From: help-cfengine@gnu.org
X-Mailing-List: <help-cfengine@gnu.org> archive/latest/132
X-Loop: help-cfengine@gnu.org
Precedence: list
Old-Resent-Sender: help-cfengine-request@gnu.org
Resent-Date: Fri, 19 Jun 1998 15:27:00 +0200
Resent-To: mark@iu.hioslo.no
Content-Type: text/plain; charset=us-ascii
Content-Length: 5834
Status: RO
X-Status: 
X-Keywords:

Hi Mark,
hi all!

I would like to contribute the following script "cfcron" to the cfengine 
package. Basically it is a sh-script version of cfwrap. I wrote a 
README (puh ;-) where everything else is explained.

If anybody has any problems running this script please send me a
mail. I wrote it primarily for SunOS 4.1.x and Solaris, so if it doesn't
work on other platforms you might have to do some minor changes or drop 
me a mail, too.

Here we go, first the README, then the script. Hope you find it useful.

Cheers
	Uwe

------------------------cfcron.README-----------------------------------------
	cfcron vers. 1.3 

cfcron is a wrapper script, which helps using CFengine from within
cron. The output of a CFengine run will be mailed to the sysadmin only
if it has changed, at least once a day. This script is more or less
based on cfwrap which was written in perl by Mark Burgess. But I don't
have perl around on all platforms, so I needed a shell script. Also
this script has some features which are not found in cfwrap.

Before using cfcron you should adopt some variables at the
beginning of the script (pathes etc.)

I think a short example will describe the usage best.

Suppose you have your cfengine scripts in a central repository
which you mount to different hosts by NFS, let's say 
/usr/local/etc/cfe. You might consider to put cfcron in
/usr/local/etc. Now you can put an entry into all the crontab's 
on all that hosts like this:
11 * * * * [ -x /usr/local/etc/cfe/cfcron ] && /usr/local/etc/cfe/cfcron

This entry will run CFengine ones per hour and mail you the
results (if they have changed). Everything normal until here.
But if you want to stop running CFengine on all hosts (e.g. for
some testing) you normally have to rename the script or remove the 
crontab entries. Another way is the one I use in this script: there
is a global stop file, "noconf" e.g. in /usr/local/etc/cfe. This
file prohibits the running of CFengine if it exists. So for the
example above you just have to do a "touch /usr/local/etc/cfe/noconf"
and you are done, cfcron will exit silently from now on.

Sometimes you might want to stop the execution of CFengine on just
one host. For that reason (and for those guys starting every script
lying around ;-) cfcron uses another file which permits the running 
of CFengine. It looks for a file named ".ok" in the current directory,
which is if cfcron is run by cron the homedir of the crontab owner
(in most cases root). But if cfcron is started accidently, one will
(hopefully) not be in the home directory. So this mechanism might be
helpful to avoid running a complete CFengine job by mistake. If the
ok file does not exist cfcron will send a mail that it is disabled.

In system administration CFengine does a great job, but it could be
pretty dangerous too, cause it can do a lot of damage if not used
careful, especially if you let it run by cron. With those
possibilities described above it might be a bit more safely to let it
run automatically on a bigger no. of hosts.

So many words for such a small script...

Uwe Sievers, <uwe@dwelle.de>, 1998
------------------------cfcron-----------------------------------------------
#!/bin/sh
##############################################################
#
# wrapper script, mails output if there is any (and if changed)
# Mainly intended for running cfengine; more or less based on
# cfwrap which is written in perl. Also this one has some 
# "enhancements" (see the README). 
#
# (us) 21-12-97 v1.1
# (us) 23-12-97 v1.2 ok-file permits execution (local)
#		     noconf prohibits execution (global)
#		     on all hosts (silent)
# (us) 24-12-97 v1.3 Fixed: mail problem if error in cfe-script (could 
#		            not find sysadmin)
#
# Solaris Version & SunOS
#
# Copyright (c) Uwe Sievers 1997/98    <uwe@dwelle.de>
# GPL rules, vers. 2 or newer. Use this program at your own risk!
##############################################################
#
#----------------------- adopt to your needs ----------------------
FILECF="/usr/local/etc/cfe/cron/cron.cf"
CFENGINE=/usr/local/sbin/cfengine
TMPFILE=/var/tmp/cfwrap.$$
OLDFILE=/var/tmp/cfwrap.o
NOCONF=/usr/local/etc/noconf
USER=`/usr/ucb/whoami`
HOST=`/usr/bin/hostname`
MAILER=/usr/bin/mailx
#------------------no changes should be nessesary below (hopefully)
COMM="$CFENGINE -f $FILECF"
SYSV=
BSD=
OK=


#cfe Vars
OSREL=`uname -r`
OSVERS=`uname -s`
export OSREL OSVERS

if [ "$USER" != "root" ] ; then
	echo "Bad luck, only root can run this one!"
	$MAILER -s "$USER tried to run cfcron on $HOST" root </dev/null
	exit 1
fi

# just a hook
if [ $OSVERS = SunOS -a $OSREL -lt 5 ] ; then
#    echo BSD
    :
else
#    echo SYSV
    :
fi

if [ -f $NOCONF ] ; then		# exit silently
	exit 1
fi

if [ -f .ok ] ; then 
    OK=true
else
    COMM=/bin/true
    unset OK
#    exit 0
fi

# does not work in case of error in cfe script
#SYSADM=`$CFENGINE -a -S -w -f $FILECF 2>/dev/null` 

SYSADM=`egrep '^[^#].*sysadm.*=' $FILECF | cut -f2 -d\( | cut -f1 -d\)`

SUBJECT="cfengine on $HOST start at `date`" 

echo "This message originates from host $HOST on `date '+%d.%m.%y'`" \
						>> $TMPFILE
if [ -n "$OK" ] ; then
    echo "The full command issued was: $COMM"   >> $TMPFILE
else
    echo "d i s a b l e d"			>> $TMPFILE
fi

[ -n "$OK" ] && $COMM >>$TMPFILE 2>&1

# only send mail if anything changes
/usr/bin/diff $TMPFILE $OLDFILE >/dev/null ||
	$MAILER -s "$SUBJECT" $SYSADM < $TMPFILE

rm $OLDFILE
mv $TMPFILE $OLDFILE
chmod 600 $OLDFILE
exit 0
--------------------------end----------------------------------------
-- 
________      ____Deutsche Welle Berlin radio & tv broadcasting________
   | \  \    /    Uwe Sievers		(system administrator)
   | /   \/\/     <sievers@dwelle.de>	Tel.: +49 30 4646 8121 
=========================USENET is *not* the non-clickable part of WWW!


