Cfengine Goodies

Thursday 26 December 2013

CFEngine 3 :: Move promises files using git

By cyril on Thursday 26 December 2013, 14:00 - CFEngine

git

G: Use an other way to synchronize/test promises from dev machine to cfengine3 client

On the cfengine3 client test :

- add unix group cfengine (groupadd cfengine) - Allow members of group cfengine to checkout inputs in /etc/sudoers file (visudo)

%cfengine  ALL=(root) NOPASSWD: /usr/bin/git --work-tree=/var/cfengine/inputs checkout -f

- With a member of group cfengine init the cf-inputs git repository

mkdir cf-inputs
cd cf-inputs
git init --bare

- Edit hooks/post-receive

#!/bin/bash
sudo /usr/bin/git --work-tree=/var/cfengine/inputs checkout -f
echo Updated Successfully

On the dev

- Clone the repository

git clone <user_member_of_cfengine_group>@<ip_cfengine3_client>:./cf-inputs

- Add/Edit cfengine3 files - Commit and Push

git add -A
git commit -m'first import'
git push origin master

Enjoy !

no comment no trackback

Monday 4 November 2013

CFEngine CM is better just because implosion is more powerful than explosion

By cyril on Monday 4 November 2013, 14:00 - CFEngine

no comment no trackback

Wednesday 2 October 2013

CFEngine 3 :: cf-keychain

By cyril on Wednesday 2 October 2013, 23:20 - CFEngine

My first cf-keychain built with ThiouxReprap (download):

2 comments no trackback

Monday 19 August 2013

CFEngine 3 :: Exclude local files (type) from edit_line notification

By cyril on Monday 19 August 2013, 12:13 - CFEngine

edit_line

From "$(sys.workdir)/inputs/.*" CoreBase files promise example

files:

  # Warn about rules relating to cfengine 2 in inputs - could conflict

  "$(sys.workdir)/inputs/.*"

       comment     => "Check if there are still promises about cfengine 2 that need removing",
       edit_line   => delete_lines_matching(".*$(cf2bits).*"),
       file_select => OldCf2Files,
       action      => warn_only;

illustrate how to exclude edit_line notification with ISA file_select OldCf2Files body instance :

body file_select OldCf2Files
{
leaf_name => {
             "promises.cf",
             "site.cf",
             "library.cf",
             "failsafe.cf",
             ".*.txt",
             ".*.html",
             ".*~",
             "#.*"
             };

file_result => "!leaf_name";
}

warn_only ISA action body instance with warm action_policy attribute and 60 ifelapsed attribute

no comment no trackback

Friday 26 July 2013

CFEngine 3 :: Host identity card

By cyril on Friday 26 July 2013, 19:22 - CFEngine

readstringlist

The goal is to maintain/detect cfid-$(sys.fqhost) host identity card file.

test.cf :

body common control
{
  any::
    bundlesequence  => { test };
    inputs          => {
                          "/var/cfengine/inputs/cfengine_stdlib.cf",
                       };
}

bundle agent test
{

  vars:

    "l"
      slist => readstringlist("/var/cfengine/state/allclasses.txt","#.*","\n","2000","1024k");
    "sublist"
      slist => grep("(?!(Day|Min|Hr|Day|GMT_|Lcycle|Yr|Q\d|Evening|Afternoon|Morning|Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday|January|February|March|April|May|June|July|August|September|October|November|December|from_cfexecd)).*","l");
    "tags"
      string => join(", ","sublist");

  files:

    "/tmp/cfid-$(sys.fqhost)"
      create        => "true",
      edit_template => "/tmp/cfid.tmpl";

  reports:

    debug::
      "$(sublist)";

}

/tmp/cfid.tmpl :

Title: $(sys.fqhost)
Tags: $(test.tags)

Host $(sys.fqhost)
=======================

Action :


$ cf-agent  -f ./test.cf
$ cat /tmp/cfid-blog.nanard.org

Title: blog.nanard.org
Tags: 192_168_1_1, 1_cpu, 32_bit, PK_MD5_1d68579ecaf847e03c7282690b5b9449, am_policy_hub, blog, blog_nanard_org, agent, any, cfengine, cfengine_3, cfengine_3_4, cfengine_3_4_2, org, community_edition, compiled_on_linux_gnu, debian, debian_6, debian_6_0, have_aptitude, i686, ipv4_192, ipv4_192_168, ipv4_192_168_1, ipv4_192_168_1_1, linux, linux_2_6_32_5_686, linux_i686, linux_i686_2_6_32_5_686, linux_i686_2_6_32_5_686__1_SMP_Mon_Feb_25_01_04_36_UTC_2013, mac_00_1e_8c_bf_31_91, net_iface_eth0, nanard_org, architecture_defined, architecture_virtualisation, start_monitor, update_report, virtualisation__sys_tuning_sysctl, xen_independent_wallclock_in_file, service_catalog_sys_tuning_sysctl

Host blog.nanard.org
=======================

no comment no trackback

Friday 28 June 2013

CFEngine 3 :: sys. variables

By cyril on Friday 28 June 2013, 18:31 - CFEngine

sys.variables

A test bundle to show more or less documented sys. variables :

no comment no trackback

Monday 10 June 2013

CFEngine 3 :: Fashion victim

By cyril on Monday 10 June 2013, 14:38 - CFEngine

no comment no trackback

Thursday 23 May 2013

CFEngine 3 :: PCRE cheatsheet

By cyril on Thursday 23 May 2013, 19:33 - CFEngine

pcre

Thanks to Neil Watson

no comment no trackback

Wednesday 22 May 2013

CFEngine 3 :: 3.5.0 ChangeLog

By cyril on Wednesday 22 May 2013, 23:41 - CFEngine

3.5.0

New features:
 - classes promises now take an optional scope constraint.
 - new built-in functions: every, none, some, nth, sublist, uniq, filter
    classesmatching, strftime, filestat, ifelse, maparray, format
 - cf-promises flag --parse-tree is replaced by --policy-output-format=, 
    requiring the user to specify the output format (none, cf, json)
 - cf-promises allows partial check of policy 
    (without body common control) without integrity check;
   --full-check enforces integrity check
 - agent binaries support JSON input format (.json file as generated 
    by cf-promises)
 - cf-key: new options --trust-key/-t and --print-digest/-p
 - Class "failsafe_fallback" is defined in failsafe.cf when main 
    policy contains errors and failsafe is run because of this
 - add scope attribute for body classes (Redmine #2013)
 - Better diagnostics of parsing errors
 - Error messages from parser now show the context of error
 - new cf-agent option: --self-diagnostics
 - new output format, and --legacy-output
 - warnings for cf-promises.
 - Enable zeroconf-discovery of policy hubs for automatic 
    bootstrapping if Avahi is present
 - Support for sys.cpus on more platforms than Linux & HPUX

no comment no trackback

Wednesday 15 May 2013

CFEngine 3 :: prefix musician name in csv sheet music

By cyril on Wednesday 15 May 2013, 18:05 - CFEngine

Ensure (first field) musician name definition in a csv sheet music

body common control
{
  any::
    bundlesequence  => { prepare("musician_name") };
    inputs          => { "/var/cfengine/inputs/libraries/cfengine_stdlib.cf" };
}

bundle agent prepare(musician) 
{
  vars:
    "sheet" slist => { "/tmp/sheet" };

  files:
    "$(sheet)"
      create => "true",
      copy_from => no_backup_cp("$(sheet).orig"),
      edit_line => prefix_lines_matching("^(?!$(musician);|(\s*#)).*", "$(musician);");
}

bundle edit_line prefix_lines_matching(regex,prefix)

 # Prefix lines of a file matching a regex

{
replace_patterns:

 "^($(regex))$"

     replace_with => prefix("$(prefix)"),
     comment => "Search and replace string";
}

body replace_with prefix(p)
{
replace_value => "$(p)$(match.1)";
occurrences => "all";
}

Example :

# cat /tmp/sheet.orig
instrument1;file1;k1=v11,k2=v21
instrument2;file1;k1=v11

# cf-agent -I -f ./test.cf
 -> Updated /tmp/sheet from source /tmp/sheet.orig on localhost
 -> Edited file /tmp/sheet

# cat /tmp/sheet
musician_name;instrument1;file1;k1=v11,k2=v21
musician_name;instrument2;file1;k1=v11

# cf-agent -I -f ./test.cf

no comment no trackback

Friday 3 May 2013

Internet Memory #2

By Bernard on Friday 3 May 2013, 13:24 - CFEngine

http://blog.bomgardner.org/ gone with posterous.

As I liked this 2 articles, i can't let them vanish into the void :-)

no comment no trackback

Internet Memory #1

By Bernard on Friday 3 May 2013, 13:16 - CFEngine

http://blog.bomgardner.org/ gone with posterous.

As I liked this 2 articles, i can't let them vanish into the void :-)

no comment no trackback

Monday 29 April 2013

CFEngine 3 :: Read in system commands and use them to calculate new variables

By cyril on Monday 29 April 2013, 22:11 - CFEngine

How to read in system commands and use them to calculate new variables ?

Bash script :

#!/bin/bash
#
# hugepages_settings.sh
#
# Linux bash script to compute values for the
# recommended HugePages/HugeTLB configuration
#
# Note: This script does calculation for all shared memory
# segments available when the script is run, no matter it
# is an Oracle RDBMS shared memory segment or not.
# Check for the kernel version
KERN=`uname -r | awk -F. '{ printf("%d.%d\n",$1,$2); }'`
# Find out the HugePage size
HPG_SZ=`grep Hugepagesize /proc/meminfo | awk {'print $2'}`
# Start from 1 pages to be on the safe side and guarantee 1 free HugePage
NUM_PG=1
# Cumulative number of pages required to handle the running shared memory segments
for SEG_BYTES in `ipcs -m | awk {'print $5'} | grep "[0-9][0-9]*"`
do
   MIN_PG=`echo "$SEG_BYTES/($HPG_SZ*1024)" | bc -q`
   if [ $MIN_PG -gt 0 ]; then
      NUM_PG=`echo "$NUM_PG+$MIN_PG+1" | bc -q`
   fi
done
# Finish with results
case $KERN in
   '2.4') HUGETLB_POOL=`echo "$NUM_PG*$HPG_SZ/1024" | bc -q`;
          echo "Recommended setting: vm.hugetlb_pool = $HUGETLB_POOL" ;;
   '2.6') echo "Recommended setting: vm.nr_hugepages = $NUM_PG" ;;
    *) echo "Unrecognized kernel version $KERN. Exiting." ;;
esac
# End

"meminfo" string => execresult( "${paths.path[cat] /proc/meminfo", "noshell" );

memtotal::
"memtotal" string => "${mi_array[1]";

"myvar" string => execresult( "${paths.path[bc]} <<< '${SEG_BYTES / 2', "noshell" );

You might need useshell rather than noshell.

You can pull data from ${meminfo} using regextract.

classes:
"memtotal"
 expression => regextract(
   "(?i).*?memtotal:\s*(\d*).*",
   "${meminfo}",
   "mi_array"
   );

Answered by Neil Watson

sysctl.conf hugepages and variables calculation

no comment no trackback

Friday 26 April 2013

CFEngine 3 :: cfengine_stdlib.cf core/master updates

By cyril on Friday 26 April 2013, 19:50 - CFEngine

stdlib

service_policy => "restart" & service_policy => "reload" add (commit, iss2468)

...
"restartcommand[cfengine3]" string => "/etc/init.d/cfengine3 restart";
"reloadcommand[cfengine3]"  string => "/etc/init.d/cfengine3 reload";
...
classes:

  "restart" expression => strcmp("restart","$(state)"),
             comment => "Check if to restart a service";
  "reload" expression => strcmp("reload","$(state)"),
             comment => "Check if to reload a service";
...
commands:

  restart::
    "$(restartcommand[$(service)])" -> { "@(stakeholders[$(service)])" }

            comment => "Execute command to restart the $(service) service";

  reload::
    "$(reloadcommand[$(service)])" -> { "@(stakeholders[$(service)])" }

            comment => "Execute command to reload the $(service) service";
...

body file_select older_than add (commit)

body file_select older_than(years, months, days, hours, minutes, seconds)
# Generic older_than selection body, aimed to have a common definition handy
# for every case possible.
{
mtime       => irange(0,ago("$(years)","$(months)","$(days)","$(hours)","$(minutes)","$(seconds)"));
file_result => "mtime";
}

no comment no trackback

Wednesday 10 April 2013