Add new cf-agent option --skip-bootstrap-service-start

For environments where CFEngine services have to be started in some special way. Ticket: ENT-11932 Changelog: cf-agent now has a new option --skip-bootstrap-service-start to skip starting CFEngine services during the bootstrap process
cfengine · Jul 2, 2024 · f5e2678 · f5e2678
1 parent 07172a4
commit f5e2678
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 4 deletions.
diff --git a/cf-agent/cf-agent.c b/cf-agent/cf-agent.c
@@ -155,7 +155,7 @@ static PromiseResult KeepAgentPromise(EvalContext *ctx, const Promise *pp, void
 static void NewTypeContext(TypeSequence type);
 static void DeleteTypeContext(EvalContext *ctx, TypeSequence type);
 static PromiseResult ParallelFindAndVerifyFilesPromises(EvalContext *ctx, const Promise *pp);
-static bool VerifyBootstrap(void);
+static bool VerifyBootstrap(bool skip_cf_execd_check);
 static void KeepPromiseBundles(EvalContext *ctx, const Policy *policy, GenericAgentConfig *config);
 static void KeepPromises(EvalContext *ctx, const Policy *policy, GenericAgentConfig *config);
 static int NoteBundleCompliance(const Bundle *bundle, int save_pr_kept, int save_pr_repaired, int save_pr_notkept, struct timespec start);
@@ -216,6 +216,7 @@ static const struct option OPTIONS[] =
     {"show-evaluated-classes", optional_argument, 0, 0 },
     {"show-evaluated-vars", optional_argument, 0, 0 },
     {"skip-bootstrap-policy-run", no_argument, 0, 0 },
+    {"skip-bootstrap-service-start", no_argument, 0, 0 },
     {"skip-db-check", optional_argument, 0, 0 },
     {"simulate", required_argument, 0, 0},
     {NULL, 0, 0, '\0'}
@@ -250,6 +251,7 @@ static const char *const HINTS[] =
     "Show *final* evaluated classes, including those defined in common bundles in policy. Optionally can take a regular expression.",
     "Show *final* evaluated variables, including those defined without dependency to user-defined classes in policy. Optionally can take a regular expression.",
     "Do not run policy as the last step of the bootstrap process",
+    "Do not start CFEngine services as part of the bootstrap process",
     "Do not run database integrity checks and repairs at startup",
     "Run in simulate mode, either 'manifest', 'manifest-full' or 'diff'",
     NULL
@@ -302,6 +304,14 @@ int main(int argc, char *argv[])
         DoCleanupAndExit(EXIT_FAILURE);
     }
 
+    if ((config->agent_specific.agent.bootstrap_argument != NULL) &&
+        config->agent_specific.agent.skip_bootstrap_service_start &&
+        !EvalContextClassPutHard(ctx, "bootstrap_skip_services", "source=environment"))
+    {
+        Log(LOG_LEVEL_ERR, "Failed to define the 'bootstrap_skip_services' class");
+        /* not a fatal issue, let's continue the bootstrap process */
+    }
+
     int ret = 0;
 
     GenericAgentPostLoadInit(ctx);
@@ -356,7 +366,8 @@ int main(int argc, char *argv[])
     }
 
     PolicyDestroy(policy); /* Can we safely do this earlier ? */
-    if (config->agent_specific.agent.bootstrap_argument && !VerifyBootstrap())
+    if (config->agent_specific.agent.bootstrap_argument &&
+        !VerifyBootstrap(config->agent_specific.agent.skip_bootstrap_service_start))
     {
         PolicyServerRemoveFile(GetWorkDir());
         WriteAmPolicyHubFile(false);
@@ -720,6 +731,10 @@ static GenericAgentConfig *CheckOpts(int argc, char **argv)
             {
                 config->agent_specific.agent.bootstrap_trigger_policy = false;
             }
+            else if (StringEqual(option_name, "skip-bootstrap-service-start"))
+            {
+                config->agent_specific.agent.skip_bootstrap_service_start = true;
+            }
             else if (StringEqual(option_name, "skip-db-check"))
             {
                 if (optarg == NULL)
@@ -2138,7 +2153,7 @@ static PromiseResult ParallelFindAndVerifyFilesPromises(EvalContext *ctx, const
 
 /**************************************************************/
 
-static bool VerifyBootstrap(void)
+static bool VerifyBootstrap(bool skip_cf_execd_check)
 {
     const char *policy_server = PolicyServerGet();
     if (NULL_OR_EMPTY(policy_server))
@@ -2165,7 +2180,7 @@ static bool VerifyBootstrap(void)
     ClearProcessTable();
     LoadProcessTable();
 
-    if (!IsProcessNameRunning(".*cf-execd.*"))
+    if (!skip_cf_execd_check && !IsProcessNameRunning(".*cf-execd.*"))
     {
         Log(LOG_LEVEL_ERR, "Bootstrapping failed, cf-execd is not running");
         return false;

diff --git a/libpromises/generic_agent.c b/libpromises/generic_agent.c
@@ -2519,6 +2519,9 @@ GenericAgentConfig *GenericAgentConfigNewDefault(AgentType agent_type, bool tty_
     /* By default we run promises.cf as the last step of boostrapping */
     config->agent_specific.agent.bootstrap_trigger_policy = true;
 
+    /* By default we start services during bootstrap */
+    config->agent_specific.agent.skip_bootstrap_service_start = false;
+
     /* Log classes */
     config->agent_specific.agent.report_class_log = false;
 

diff --git a/libpromises/generic_agent.h b/libpromises/generic_agent.h
@@ -91,6 +91,7 @@ typedef struct
             char *bootstrap_ip;
             bool bootstrap_trust_server;
             bool bootstrap_trigger_policy;
+            bool skip_bootstrap_service_start;
             char *show_evaluated_classes;
             char *show_evaluated_variables;