File copy using cf-engine from policy hub to hosts

Question

I am trying to copy a file using cf-engine from policy hub to host. Empty file is created on the host. How do I get to write the contents? Should policy hub and hosts have the file in same location?

Answer 1

In order to copy a file from a cfengine server needs to have an acl that allows the file to be shared to the remote agent. You can see some examples of access promises in the Masterfiles Policy Frameworks bundle server access_rules.

As a simple example say you want all hosts to share /tmp on the policy hub to all other hosts.

bundle server kiran_access_rules
{
  access:
    # First you restrict promises to the proper context
    # by using a class guard. Here we allow only hosts
    # with the class am_policy_hub or policy_server to
    # share /tmp

    am_policy_hub|policy_server::

      "/tmp"
        admit => { "0.0.0.0/0" }, 
        comment => "Probably you would reference a list in 
                    the admit attribute like @(def.acl).
                    That's the variable named acl in the
                    bundle named def.";
}

And then separately you would have a bundle that promised to copy the file.

bundle agent kirians_bundle
{
  files:
    "/tmp/myfile"
      copy_from => remote_dcp("/tmp/serverfile",$(sys.policy_hub)),
      create => "true";
}

Now, what you see above in this copy_from promise is really multiple promises compressed into one. You are promising that the file exists, and you are promising that the file should have the same content as the file shared by the policy hub. As cfengine converged it was able to repair part but not all of the compound promise. I believe that is why you ended up with an empty file.

Also the best place to ask cfengine questions is on the cfengine help list or in the cfengine IRC channel.