CFEngine 3.12.0 introduced the augments key to the Augments file format. If you are not already familiar with Augments, check it out. It's a very easy way to define classes and variables very early during agent execution, before policy. The new augments key allows you to merge additional data in the augments format on top of the base augments. I However, there is, I think, still a simple way to accomplish this.
How do you deal with config files that need different settings based on various services that are running on a host and cooperate with other teams? It's a common question, and it came up on in #cfengine on irc.freenode.net recently. The issue is that team A might be working on package A, which requires some environment variables set. But team B might be working on a totally different thing – and want to achieve the same thing.
In CFEngine classes are used for decision making. Classes can be defined as the result of a promise by attaching a classes body to the promise via the classes attribute. For example, here we run the command echo Hello World and define bundle scoped classes using the results classes body prefixed with Hello_World. 1 2 3 4 5 6 7 8 9 10 bundle agent main { commands: "echo Hello World" contain => in_shell, classes => results( "bundle", "Hello_World" ); reports: "Defined Classes: $(with)" with => join( ", ", classesmatching( "Hello_.
This was asked on the CFEngine Help Mailing list on October 1st 2018. How can I use classes in a mustache template while passing explicit data to template_data? When a mustache template is rendered without providing explicit data to the template_data attribute in a files promise datastate() is used. datastate() contains the JSON representation of the current cfengine state. When providing explicit data the variables and classes from the current state are not included.
How do I set the timeout with url_get()? As shown in the documentation for url_get(), you set url.timeout in the data container passed for url_get() options. This example policy shows how to configure the timeout and demonstrates it by making a request through www.delay.me. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 bundle agent main { vars: "options" data => '{ "url.timeout": "2", "url.
Recently I noticed that my CPU was pretty busy with the desktop search indexing, it brought me to the question: How can I disable the desktop search service trackerd? After a brief investigation I found some XDG desktop needed to be edited to include the key Hidden=true. This policy disables known trackerd related XDG files when they are found. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 body file control { inputs => { "$(sys.
How can I define custom access promises for cf-serverd without modifying vendored policy? Commonly, when custom access promises are introduced, they are introduced by editing bundle server access_rules in controls/cf_serverd.cf where the default access rules are promised. Modifying policy maintained upstream can complicate future framework upgrades because care must be taken to ensure that modifications are preserved. There is no need to edit the vendored policy file to define custom access promises.
> How can I automatically remediate the issue where corruption in LMDB causes the agent to crash? In some cases lmdb corruption causes cf-agent to crash. The typical fix is to remove the corrupt lmdbs causing the problem. In some cases this can be remediated from policy. This policy (run early in the bundlesequence) uses lmdump to probe all lmdbs. If the probe fails the offending lmdb and it's associated lock files are deleted.
> How do I know if vars or classes come first during cfengine evaluation? Read the documentation on Normal Order There is a wealth of information on docs.cfengine.com. Find documentation about the order of agent promise evaluation (Normal Order) in the Language Concepts section of the Reference manual. Run the agent with –verbose or -v and grep for pass 1. Write a test policy that has both vars and classes promises.
> How can I ensure that a notice containing legal text is presented to windows users during login? With the windows agent (Northern.tech builds Enterprise windows agents) you can accomplish this by managing the registry using the databases promise type. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 bundle agent registered_owner #@ brief Make the laywers happy by showing their notice to windows users on login { meta: windows:: "tags" slist => { "autorun" }; "description" string => "Ensure the proper leagal notice is displayed to users when they log on.