Question
Specifically, if cfengine is used to install the most recent version of an onboard device's firmware and do some tests to see if a reboot is required, and the results indicate that the machine needs a restart, is this something that can be done from within cfengine or should that practice be avoided? If so, why? My experience with Puppet tells me that stopping a run to reboot could be a Very Bad Thing in certain cases, so I'm wondering if the same limitations apply to cfengine as well.
Solution
Stopping a CFEngine run is not that bad; it's designed to be convergent and modifications are always atomic. If it stops, the next runs will behave correctly.
However, writing promises that restart a device could lead to bad surprises (like, if there is a flaws in the logic of the promise, that results in never-ending restarts), so I suggest that it should be avoided, if possible, and if it is necessary (like, handling thousands of devices), it should be thoroughly tested
OTHER TIPS
Like Nicolas said, there is no harm in stopping a CFEngine run. A CFEngine policy will continue converging the next time it runs. If you want to ensure that everything is properly finished before the reboot, you could just set a class that indicates that a reboot is needed, and to the actual reboot in a separate bundle that is called near the end of your bundlesequence (I'm assuming CFEngine 3).
And indeed, be VERY mindful and test VERY carefully the conditions under which the reboot will take place!
https://stackoverflow.com/questions/14212749
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian