<The CFEngine Blog

Change in behavior: ignore_interfaces.rx prefers a new location

Posted by Nick Anderson
November 16, 2023

ignore_interfaces.rx can be populated with regular expressions that match network interface names. When an interface matches CFEngine will ignore the interface.

In the upcoming release of 3.23.0, and in the future release of 3.21.4 there is a change in behavior with respect to the preferred location of ignore_interfaces.rx from $(sys.inputdir) (typically /var/cfengine/inputs) to $(sys.workdir) (typically /var/cfengine). The change from $(sys.inputdir) to $(sys.workdir) makes it easier to ignore different interfaces on different hosts.

With the change, if ignore_interfaces.rx is found in $(sys.inputdir):

  • cf-agent will emit warnings 
    warning: Found interface exception file ignore_interfaces.rx in /var/cfengine/inputs but it should be in /var/cfengine. Please consider moving it to the appropriate location.
  • Recommendation policy will emit a reports about the state of ignore_interfaces.rx 
    R: NOTICE: 'ignore_interfaces.rx' is present in '$(sys.inputdir)' ('/var/cfengine/inputs/ignore_interfaces.rx'). We recommend that it be removed and migrated to '$(sys.workdir)' ('/var/cfengine/ignore_interfaces.rx')
R: NOTICE: 'ignore_interfaces.rx' in '$(sys.workdir)' and '$(sys.inputdir)' but not identical. We recommend verifying the desired content of '$(sys.workdir)/ignore_interfaces.rx', correcting it if necessary and removing '$(sys.inputdir)/ignore_interfaces.rx'
R: NOTICE: 'ignore_interfaces.rx' identical in '$(sys.workdir)' and '$(sys.inputdir)'. We recommend removing '$(sys.inputdir)/ignore_interfaces.rx'
  • Recommendation policy will emit warnings about the presence of the file in inputs 
    warning: Should delete file '/var/cfengine/inputs/ignore_interfaces.rx', but only warning promised

What to do

Adjust the policy so that ignore_interfaces.rx is not at the root of your policy set when running CFEngine versions 3.21.4 or newer, and 3.23.0 or newer.

Setting the class default:mpf_auto_migrate_ignore_interfaces_rx_to_workdir will cause the recommendation policy to promise that $(sys.workdir)/ignore_interfaces.rx is a copy of $(sys.inputdir)/ignore_interfaces.rx which will suppress the warning from cf-agent about the file being found in inputs, but reports from the recommendation policy will continue to be active unless the recommendation policy is disabled by defining the class default:cfengine_recommendations_disabled.

If you have questions or need help reach out on the mailing list1, or GitHub discussions2. If you have a support contract feel free to open a ticket in our support system3.

  1. CFEngine Help mailing list https://groups.google.com/g/help-cfengine ↩︎

  2. CFEngine GitHub discussions https://github.com/cfengine/core/discussions ↩︎

  3. Northern.tech Support https://support.northern.tech ↩︎

Try CFEngine Enterprise for free

Sign up for CFEngine Enterprise and connect up to 25 hosts for free. No credit card required. Get started in minutes.

Try enterprise for free