Cfengine Goodies

To content | To menu | To search

Thursday 26 December 2013

CFEngine 3 :: Move promises files using git

G: Use an other way to synchronize/test promises from dev machine to cfengine3 client

  • On the cfengine3 client test :

- add unix group cfengine (groupadd cfengine) - Allow members of group cfengine to checkout inputs in /etc/sudoers file (visudo)

%cfengine  ALL=(root) NOPASSWD: /usr/bin/git --work-tree=/var/cfengine/inputs checkout -f

- With a member of group cfengine init the cf-inputs git repository

mkdir cf-inputs
cd cf-inputs
git init --bare

- Edit hooks/post-receive

sudo /usr/bin/git --work-tree=/var/cfengine/inputs checkout -f
echo Updated Successfully
  • On the dev

- Clone the repository

git clone <user_member_of_cfengine_group>@<ip_cfengine3_client>:./cf-inputs

- Add/Edit cfengine3 files - Commit and Push

git add -A
git commit -m'first import'
git push origin master

Enjoy !

Monday 4 November 2013

CFEngine CM is better just because implosion is more powerful than explosion


Wednesday 2 October 2013

CFEngine 3 :: cf-keychain

My first cf-keychain built with ThiouxReprap (download):

cf-keychain1 cf-keychain2 cf-keychain3

Monday 19 August 2013

CFEngine 3 :: Exclude local files (type) from edit_line notification

From "$(sys.workdir)/inputs/.*" CoreBase files promise example


  # Warn about rules relating to cfengine 2 in inputs - could conflict


       comment     => "Check if there are still promises about cfengine 2 that need removing",
       edit_line   => delete_lines_matching(".*$(cf2bits).*"),
       file_select => OldCf2Files,
       action      => warn_only;

illustrate how to exclude edit_line notification with ISA file_select OldCf2Files body instance :

body file_select OldCf2Files
leaf_name => {

file_result => "!leaf_name";

warn_only ISA action body instance with warm action_policy attribute and 60 ifelapsed attribute

Friday 26 July 2013

CFEngine 3 :: Host identity card

The goal is to maintain/detect cfid-$(sys.fqhost) host identity card file.

  • :
body common control
    bundlesequence  => { test };
    inputs          => {

bundle agent test


      slist => readstringlist("/var/cfengine/state/allclasses.txt","#.*","\n","2000","1024k");
      slist => grep("(?!(Day|Min|Hr|Day|GMT_|Lcycle|Yr|Q\d|Evening|Afternoon|Morning|Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday|January|February|March|April|May|June|July|August|September|October|November|December|from_cfexecd)).*","l");
      string => join(", ","sublist");


      create        => "true",
      edit_template => "/tmp/cfid.tmpl";



  • /tmp/cfid.tmpl :
Title: $(sys.fqhost)
Tags: $(test.tags)

Host $(sys.fqhost)
  • Action :

$ cf-agent  -f ./
$ cat /tmp/

Tags: 192_168_1_1, 1_cpu, 32_bit, PK_MD5_1d68579ecaf847e03c7282690b5b9449, am_policy_hub, blog, blog_nanard_org, agent, any, cfengine, cfengine_3, cfengine_3_4, cfengine_3_4_2, org, community_edition, compiled_on_linux_gnu, debian, debian_6, debian_6_0, have_aptitude, i686, ipv4_192, ipv4_192_168, ipv4_192_168_1, ipv4_192_168_1_1, linux, linux_2_6_32_5_686, linux_i686, linux_i686_2_6_32_5_686, linux_i686_2_6_32_5_686__1_SMP_Mon_Feb_25_01_04_36_UTC_2013, mac_00_1e_8c_bf_31_91, net_iface_eth0, nanard_org, architecture_defined, architecture_virtualisation, start_monitor, update_report, virtualisation__sys_tuning_sysctl, xen_independent_wallclock_in_file, service_catalog_sys_tuning_sysctl


Friday 28 June 2013

CFEngine 3 :: sys. variables

A test bundle to show more or less documented sys. variables :

Continue reading...

Monday 10 June 2013

CFEngine 3 :: Fashion victim


Thursday 23 May 2013

CFEngine 3 :: PCRE cheatsheet

Thanks to Neil Watson

Continue reading...

Wednesday 22 May 2013

CFEngine 3 :: 3.5.0 ChangeLog


New features:
 - classes promises now take an optional scope constraint.
 - new built-in functions: every, none, some, nth, sublist, uniq, filter
    classesmatching, strftime, filestat, ifelse, maparray, format
 - cf-promises flag --parse-tree is replaced by --policy-output-format=, 
    requiring the user to specify the output format (none, cf, json)
 - cf-promises allows partial check of policy 
    (without body common control) without integrity check;
   --full-check enforces integrity check
 - agent binaries support JSON input format (.json file as generated 
    by cf-promises)
 - cf-key: new options --trust-key/-t and --print-digest/-p
 - Class "failsafe_fallback" is defined in when main 
    policy contains errors and failsafe is run because of this
 - add scope attribute for body classes (Redmine #2013)
 - Better diagnostics of parsing errors
 - Error messages from parser now show the context of error
 - new cf-agent option: --self-diagnostics
 - new output format, and --legacy-output
 - warnings for cf-promises.
 - Enable zeroconf-discovery of policy hubs for automatic 
    bootstrapping if Avahi is present
 - Support for sys.cpus on more platforms than Linux & HPUX

Continue reading...

Wednesday 15 May 2013

CFEngine 3 :: prefix musician name in csv sheet music

Ensure (first field) musician name definition in a csv sheet music

body common control
    bundlesequence  => { prepare("musician_name") };
    inputs          => { "/var/cfengine/inputs/libraries/" };

bundle agent prepare(musician) 
    "sheet" slist => { "/tmp/sheet" };

      create => "true",
      copy_from => no_backup_cp("$(sheet).orig"),
      edit_line => prefix_lines_matching("^(?!$(musician);|(\s*#)).*", "$(musician);");

bundle edit_line prefix_lines_matching(regex,prefix)

 # Prefix lines of a file matching a regex



     replace_with => prefix("$(prefix)"),
     comment => "Search and replace string";

body replace_with prefix(p)
replace_value => "$(p)$(match.1)";
occurrences => "all";

Example :

# cat /tmp/sheet.orig

# cf-agent -I -f ./
 -> Updated /tmp/sheet from source /tmp/sheet.orig on localhost
 -> Edited file /tmp/sheet

# cat /tmp/sheet

# cf-agent -I -f ./

Friday 3 May 2013

Internet Memory #2 gone with posterous.

As I liked this 2 articles, i can't let them vanish into the void :-)

Continue reading...

Internet Memory #1 gone with posterous.

As I liked this 2 articles, i can't let them vanish into the void :-)

Continue reading...

Monday 29 April 2013

CFEngine 3 :: Read in system commands and use them to calculate new variables


How to read in system commands and use them to calculate new variables ?

Bash script :

# Linux bash script to compute values for the
# recommended HugePages/HugeTLB configuration
# Note: This script does calculation for all shared memory
# segments available when the script is run, no matter it
# is an Oracle RDBMS shared memory segment or not.
# Check for the kernel version
KERN=`uname -r | awk -F. '{ printf("%d.%d\n",$1,$2); }'`
# Find out the HugePage size
HPG_SZ=`grep Hugepagesize /proc/meminfo | awk {'print $2'}`
# Start from 1 pages to be on the safe side and guarantee 1 free HugePage
# Cumulative number of pages required to handle the running shared memory segments
for SEG_BYTES in `ipcs -m | awk {'print $5'} | grep "[0-9][0-9]*"`
   MIN_PG=`echo "$SEG_BYTES/($HPG_SZ*1024)" | bc -q`
   if [ $MIN_PG -gt 0 ]; then
      NUM_PG=`echo "$NUM_PG+$MIN_PG+1" | bc -q`
# Finish with results
case $KERN in
   '2.4') HUGETLB_POOL=`echo "$NUM_PG*$HPG_SZ/1024" | bc -q`;
          echo "Recommended setting: vm.hugetlb_pool = $HUGETLB_POOL" ;;
   '2.6') echo "Recommended setting: vm.nr_hugepages = $NUM_PG" ;;
    *) echo "Unrecognized kernel version $KERN. Exiting." ;;
# End


"meminfo" string => execresult( "${paths.path[cat] /proc/meminfo", "noshell" );

"memtotal" string => "${mi_array[1]";

"myvar" string => execresult( "${paths.path[bc]} <<< '${SEG_BYTES / 2', "noshell" );

You might need useshell rather than noshell.

You can pull data from ${meminfo} using regextract.

 expression => regextract(

Answered by Neil Watson

sysctl.conf hugepages and variables calculation

Friday 26 April 2013

CFEngine 3 :: core/master updates

  • service_policy => "restart" & service_policy => "reload" add (commit, iss2468)
"restartcommand[cfengine3]" string => "/etc/init.d/cfengine3 restart";
"reloadcommand[cfengine3]"  string => "/etc/init.d/cfengine3 reload";

  "restart" expression => strcmp("restart","$(state)"),
             comment => "Check if to restart a service";
  "reload" expression => strcmp("reload","$(state)"),
             comment => "Check if to reload a service";

    "$(restartcommand[$(service)])" -> { "@(stakeholders[$(service)])" }

            comment => "Execute command to restart the $(service) service";

    "$(reloadcommand[$(service)])" -> { "@(stakeholders[$(service)])" }

            comment => "Execute command to reload the $(service) service";
  • body file_select older_than add (commit)
body file_select older_than(years, months, days, hours, minutes, seconds)
# Generic older_than selection body, aimed to have a common definition handy
# for every case possible.
mtime       => irange(0,ago("$(years)","$(months)","$(days)","$(hours)","$(minutes)","$(seconds)"));
file_result => "mtime";

Wednesday 10 April 2013

CFEngine 3 :: regline is not regcmp

rtfm.JPGbe careful if you want to check a directory name with regcmp

I made a mistake with regline which check if arg1 matches a line in a FILE

Code :

Continue reading...

Tuesday 26 March 2013

CFEngine 3 :: Groups definition from csv file

csv_file.pngYou can set groups definition in a csv file. synchronizes csv files and the agent uses them to define contexts.

Example :

Continue reading...

Tuesday 12 March 2013

CFEngine 3 :: Call bundle variable in a csv file


An example to call architecture bundle variable in a csv service file

CFEngine example :

Continue reading...

Wednesday 6 March 2013

CFEngine 3.4.0 builtin functions

Sort columns by clicking.


Continue reading...

Tuesday 5 March 2013

CFEngine 3 :: Promises metrics

metrics.pngYou can use /var/cfengine/promise_summary.log to build Ganglia promises metrics

Continue reading...

Friday 1 March 2013

CFEngine 3 :: satellite mail system with postfix

email_send.jpgBased on the work found at Simply install and configure a ghost postfix without dns MX, only with a external email account.

Continue reading...

- page 1 of 2