Cfengine Goodies

To content | To menu | To search

Thursday 26 December 2013

CFEngine 3 :: Move promises files using git

G: Use an other way to synchronize/test promises from dev machine to cfengine3 client

  • On the cfengine3 client test :

- add unix group cfengine (groupadd cfengine) - Allow members of group cfengine to checkout inputs in /etc/sudoers file (visudo)

%cfengine  ALL=(root) NOPASSWD: /usr/bin/git --work-tree=/var/cfengine/inputs checkout -f

- With a member of group cfengine init the cf-inputs git repository

mkdir cf-inputs
cd cf-inputs
git init --bare

- Edit hooks/post-receive

#!/bin/bash
sudo /usr/bin/git --work-tree=/var/cfengine/inputs checkout -f
echo Updated Successfully
  • On the dev

- Clone the repository

git clone <user_member_of_cfengine_group>@<ip_cfengine3_client>:./cf-inputs

- Add/Edit cfengine3 files - Commit and Push

git add -A
git commit -m'first import'
git push origin master

Enjoy !

Monday 4 November 2013

CFEngine CM is better just because implosion is more powerful than explosion

bw.gif

Wednesday 2 October 2013

CFEngine 3 :: cf-keychain

My first cf-keychain built with ThiouxReprap (download):

cf-keychain1 cf-keychain2 cf-keychain3

Monday 19 August 2013

CFEngine 3 :: Exclude local files (type) from edit_line notification

From "$(sys.workdir)/inputs/.*" CoreBase files promise example

files:

  # Warn about rules relating to cfengine 2 in inputs - could conflict

  "$(sys.workdir)/inputs/.*"

       comment     => "Check if there are still promises about cfengine 2 that need removing",
       edit_line   => delete_lines_matching(".*$(cf2bits).*"),
       file_select => OldCf2Files,
       action      => warn_only;

illustrate how to exclude edit_line notification with ISA file_select OldCf2Files body instance :

body file_select OldCf2Files
{
leaf_name => {
             "promises.cf",
             "site.cf",
             "library.cf",
             "failsafe.cf",
             ".*.txt",
             ".*.html",
             ".*~",
             "#.*"
             };

file_result => "!leaf_name";
}

warn_only ISA action body instance with warm action_policy attribute and 60 ifelapsed attribute

Friday 26 July 2013

CFEngine 3 :: Host identity card

The goal is to maintain/detect cfid-$(sys.fqhost) host identity card file.

  • test.cf :
body common control
{
  any::
    bundlesequence  => { test };
    inputs          => {
                          "/var/cfengine/inputs/cfengine_stdlib.cf",
                       };
}

bundle agent test
{

  vars:

    "l"
      slist => readstringlist("/var/cfengine/state/allclasses.txt","#.*","\n","2000","1024k");
    "sublist"
      slist => grep("(?!(Day|Min|Hr|Day|GMT_|Lcycle|Yr|Q\d|Evening|Afternoon|Morning|Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday|January|February|March|April|May|June|July|August|September|October|November|December|from_cfexecd)).*","l");
    "tags"
      string => join(", ","sublist");

  files:

    "/tmp/cfid-$(sys.fqhost)"
      create        => "true",
      edit_template => "/tmp/cfid.tmpl";

  reports:

    debug::
      "$(sublist)";

}
  • /tmp/cfid.tmpl :
Title: $(sys.fqhost)
Tags: $(test.tags)

Host $(sys.fqhost)
=======================
  • Action :

$ cf-agent  -f ./test.cf
$ cat /tmp/cfid-blog.nanard.org

Title: blog.nanard.org
Tags: 192_168_1_1, 1_cpu, 32_bit, PK_MD5_1d68579ecaf847e03c7282690b5b9449, am_policy_hub, blog, blog_nanard_org, agent, any, cfengine, cfengine_3, cfengine_3_4, cfengine_3_4_2, org, community_edition, compiled_on_linux_gnu, debian, debian_6, debian_6_0, have_aptitude, i686, ipv4_192, ipv4_192_168, ipv4_192_168_1, ipv4_192_168_1_1, linux, linux_2_6_32_5_686, linux_i686, linux_i686_2_6_32_5_686, linux_i686_2_6_32_5_686__1_SMP_Mon_Feb_25_01_04_36_UTC_2013, mac_00_1e_8c_bf_31_91, net_iface_eth0, nanard_org, architecture_defined, architecture_virtualisation, start_monitor, update_report, virtualisation__sys_tuning_sysctl, xen_independent_wallclock_in_file, service_catalog_sys_tuning_sysctl

Host blog.nanard.org
=======================

Friday 28 June 2013

CFEngine 3 :: sys. variables

A test bundle to show more or less documented sys. variables :

Continue reading...

Monday 10 June 2013

CFEngine 3 :: Fashion victim

fashion.jpg

Thursday 23 May 2013

CFEngine 3 :: PCRE cheatsheet

Thanks to Neil Watson

Continue reading...

Wednesday 22 May 2013

CFEngine 3 :: 3.5.0 ChangeLog

3.5.0

New features:
 - classes promises now take an optional scope constraint.
 - new built-in functions: every, none, some, nth, sublist, uniq, filter
    classesmatching, strftime, filestat, ifelse, maparray, format
 - cf-promises flag --parse-tree is replaced by --policy-output-format=, 
    requiring the user to specify the output format (none, cf, json)
 - cf-promises allows partial check of policy 
    (without body common control) without integrity check;
   --full-check enforces integrity check
 - agent binaries support JSON input format (.json file as generated 
    by cf-promises)
 - cf-key: new options --trust-key/-t and --print-digest/-p
 - Class "failsafe_fallback" is defined in failsafe.cf when main 
    policy contains errors and failsafe is run because of this
 - add scope attribute for body classes (Redmine #2013)
 - Better diagnostics of parsing errors
 - Error messages from parser now show the context of error
 - new cf-agent option: --self-diagnostics
 - new output format, and --legacy-output
 - warnings for cf-promises.
 - Enable zeroconf-discovery of policy hubs for automatic 
    bootstrapping if Avahi is present
 - Support for sys.cpus on more platforms than Linux & HPUX

Continue reading...

Wednesday 15 May 2013

CFEngine 3 :: prefix musician name in csv sheet music

Ensure (first field) musician name definition in a csv sheet music

body common control
{
  any::
    bundlesequence  => { prepare("musician_name") };
    inputs          => { "/var/cfengine/inputs/libraries/cfengine_stdlib.cf" };
}

bundle agent prepare(musician) 
{
  vars:
    "sheet" slist => { "/tmp/sheet" };

  files:
    "$(sheet)"
      create => "true",
      copy_from => no_backup_cp("$(sheet).orig"),
      edit_line => prefix_lines_matching("^(?!$(musician);|(\s*#)).*", "$(musician);");
}

bundle edit_line prefix_lines_matching(regex,prefix)

 # Prefix lines of a file matching a regex

{
replace_patterns:

 "^($(regex))$"

     replace_with => prefix("$(prefix)"),
     comment => "Search and replace string";
}

body replace_with prefix(p)
{
replace_value => "$(p)$(match.1)";
occurrences => "all";
}

Example :

# cat /tmp/sheet.orig
instrument1;file1;k1=v11,k2=v21
instrument2;file1;k1=v11

# cf-agent -I -f ./test.cf
 -> Updated /tmp/sheet from source /tmp/sheet.orig on localhost
 -> Edited file /tmp/sheet

# cat /tmp/sheet
musician_name;instrument1;file1;k1=v11,k2=v21
musician_name;instrument2;file1;k1=v11

# cf-agent -I -f ./test.cf

Friday 3 May 2013

Internet Memory #2

http://blog.bomgardner.org/ gone with posterous.

As I liked this 2 articles, i can't let them vanish into the void :-)

Continue reading...

Internet Memory #1

http://blog.bomgardner.org/ gone with posterous.

As I liked this 2 articles, i can't let them vanish into the void :-)

Continue reading...

Monday 29 April 2013

CFEngine 3 :: Read in system commands and use them to calculate new variables

question.png

How to read in system commands and use them to calculate new variables ?

Bash script :

#!/bin/bash
#
# hugepages_settings.sh
#
# Linux bash script to compute values for the
# recommended HugePages/HugeTLB configuration
#
# Note: This script does calculation for all shared memory
# segments available when the script is run, no matter it
# is an Oracle RDBMS shared memory segment or not.
# Check for the kernel version
KERN=`uname -r | awk -F. '{ printf("%d.%d\n",$1,$2); }'`
# Find out the HugePage size
HPG_SZ=`grep Hugepagesize /proc/meminfo | awk {'print $2'}`
# Start from 1 pages to be on the safe side and guarantee 1 free HugePage
NUM_PG=1
# Cumulative number of pages required to handle the running shared memory segments
for SEG_BYTES in `ipcs -m | awk {'print $5'} | grep "[0-9][0-9]*"`
do
   MIN_PG=`echo "$SEG_BYTES/($HPG_SZ*1024)" | bc -q`
   if [ $MIN_PG -gt 0 ]; then
      NUM_PG=`echo "$NUM_PG+$MIN_PG+1" | bc -q`
   fi
done
# Finish with results
case $KERN in
   '2.4') HUGETLB_POOL=`echo "$NUM_PG*$HPG_SZ/1024" | bc -q`;
          echo "Recommended setting: vm.hugetlb_pool = $HUGETLB_POOL" ;;
   '2.6') echo "Recommended setting: vm.nr_hugepages = $NUM_PG" ;;
    *) echo "Unrecognized kernel version $KERN. Exiting." ;;
esac
# End

answer.png

"meminfo" string => execresult( "${paths.path[cat] /proc/meminfo", "noshell" );

memtotal::
"memtotal" string => "${mi_array[1]";

"myvar" string => execresult( "${paths.path[bc]} <<< '${SEG_BYTES / 2', "noshell" );

You might need useshell rather than noshell.

You can pull data from ${meminfo} using regextract.

classes:
"memtotal"
 expression => regextract(
   "(?i).*?memtotal:\s*(\d*).*",
   "${meminfo}",
   "mi_array"
   );

Answered by Neil Watson

sysctl.conf hugepages and variables calculation

Friday 26 April 2013

CFEngine 3 :: cfengine_stdlib.cf core/master updates

  • service_policy => "restart" & service_policy => "reload" add (commit, iss2468)
...
"restartcommand[cfengine3]" string => "/etc/init.d/cfengine3 restart";
"reloadcommand[cfengine3]"  string => "/etc/init.d/cfengine3 reload";
...
classes:

  "restart" expression => strcmp("restart","$(state)"),
             comment => "Check if to restart a service";
  "reload" expression => strcmp("reload","$(state)"),
             comment => "Check if to reload a service";
...
commands:

  restart::
    "$(restartcommand[$(service)])" -> { "@(stakeholders[$(service)])" }

            comment => "Execute command to restart the $(service) service";

  reload::
    "$(reloadcommand[$(service)])" -> { "@(stakeholders[$(service)])" }

            comment => "Execute command to reload the $(service) service";
...
  • body file_select older_than add (commit)
body file_select older_than(years, months, days, hours, minutes, seconds)
# Generic older_than selection body, aimed to have a common definition handy
# for every case possible.
{
mtime       => irange(0,ago("$(years)","$(months)","$(days)","$(hours)","$(minutes)","$(seconds)"));
file_result => "mtime";
}

Wednesday 10 April 2013

CFEngine 3 :: regline is not regcmp

rtfm.JPGbe careful if you want to check a directory name with regcmp

I made a mistake with regline which check if arg1 matches a line in a FILE

Code :

Continue reading...

Tuesday 26 March 2013

CFEngine 3 :: Groups definition from csv file

csv_file.pngYou can set groups definition in a csv file.

update.cf synchronizes csv files and the agent uses them to define contexts.

Example :

Continue reading...

Friday 22 March 2013

Subversion :: post-commit auto-update

subversion.png Simple bash script to maintain working copy on post-commit

post-commit script :


Continue reading...

Tuesday 12 March 2013

CFEngine 3 :: Call bundle variable in a csv file

csv_file.png

An example to call architecture bundle variable in a csv service file

CFEngine example :

Continue reading...

Wednesday 6 March 2013

CFEngine 3.4.0 builtin functions

Sort columns by clicking.

from https://cfengine.com/syntax

Continue reading...

Tuesday 5 March 2013

CFEngine 3 :: Promises metrics

metrics.pngYou can use /var/cfengine/promise_summary.log to build Ganglia ganglia.info promises metrics

Continue reading...

- page 1 of 2