-
Notifications
You must be signed in to change notification settings - Fork 104
Expand file tree
/
Copy pathmain.cf
More file actions
86 lines (65 loc) · 3.75 KB
/
main.cf
File metadata and controls
86 lines (65 loc) · 3.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
bundle agent cfe_internal_enterprise_main
# @brief Drive policy related to CFEngine Enterprise
{
methods:
any::
"security" -> { InfoSec }
usebundle => change_management,
comment => "Basic change management",
handle => "cfe_internal_enterprise_main_change_management";
enterprise_edition.(policy_server|am_policy_hub)::
"hub" usebundle => cfe_internal_update_folders,
handle => "cfe_internal_management_update_folders",
comment => "Create empty directories for CFE self-upgrade";
"hub" -> { "Mission Portal", "CFEngine Enterprise" }
usebundle => cfe_internal_purge_scheduled_reports_older_than_days( $(def.purge_scheduled_reports_older_than_days) ),
handle => "cfe_internal_management_purge_scheduled_reports_older_than_days",
comment => "So that we do not fill up the disk we need to purge scheduled
reports after some time.";
"hub" usebundle => cfe_internal_setup_knowledge,
handle => "cfe_internal_management_setup_knowledge",
comment => "Manage CFE Knowledge Map";
"Enterprise Maintenance"
usebundle => cfe_internal_enterprise_maintenance;
"hub" usebundle => cfe_internal_php_runalerts,
handle => "cfe_internal_management_php_runalerts",
comment => "To run PHP runalerts to check bundle status on SQL and Sketch.
ENT-5432: must run after cfe_internal_enterprise_maintenance bundle
so that active_hub class is determined";
"Inventory Enterprise License Utilization" -> { "ENT-5089" }
usebundle => inventory_cfengine_enterprise_license_utilization;
enterprise_edition.(policy_server|am_policy_hub).enable_log_cfengine_enterprise_license_utilization::
"hub" -> { "ENT-3186" }
usebundle => log_cfengine_enterprise_license_utilization,
handle => "log_cfengine_enterprise_license_utilization",
comment => "Log license utilization information";
# As passive hub is supposed to run read-only PostgreSQL instance
# doing maintenance makes no sense and is not possible at all.
(enterprise_edition.(policy_server|am_policy_hub).!enable_cfengine_enterprise_hub_ha)||(enable_cfengine_enterprise_hub_ha.hub_active)::
"hub" usebundle => cfe_internal_hub_maintain,
handle => "cfe_internal_management_hub_maintain",
comment => "Start the hub maintenance process";
"Ensure users notice that report retention settings have changed" -> { "ENT-9531" }
usebundle => cfe_internal_hub_maintain_notice_retention_settings_change;
"hub" usebundle => cfe_internal_truncate_events,
handle => "cfe_internal_truncate_events",
comment => "To run CFE truncate to pending";
postgresql_full_maintenance|postgresql_monitoring_maintenance::
"hub" usebundle => cfe_internal_postgresql_maintenance,
handle => "cfe_internal_management_postgresql_maintenance",
action => measure_promise_time("cfe_internal_management_postgresql_maintenance"),
comment => "Run clean up on PostgreSQL database";
postgresql_vacuum::
"hub" usebundle => cfe_internal_postgresql_vacuum,
handle => "cfe_internal_management_postgresql_vacuum",
action => measure_promise_time("cfe_internal_management_postgresql_vacuum"),
comment => "Maintain PostgreSQL by executing vacuum";
enable_cfe_internal_cleanup_agent_reports::
"any" usebundle => cfe_internal_cleanup_agent_reports,
handle => "cfe_internal_management_cleanup_agent_reports",
comment => "Remove accumulated reports if they grow too large in size";
!windows::
"Permissions and Ownership"
usebundle => cfe_internal_permissions,
comment => "Specific expectations for permissions and ownership for cfengine itself";
}