Show Notes: The Agent is In - Episode 31 - Sneak Peek of 3.23.0

Posted by Nick Anderson
November 30, 2023

Join the team for a sneak peek of what’s coming in 3.23.0.

Herman joins Cody, Craig and Nick to discuss what’s new in the upcoming release of CFEngine 3.23.0. We look at improvements to Groups in Mission Portal with easier ways to specify specific hosts that should or should not be part of the group based on reported attributes. This new functionality makes it much easier to affect change across a set of hosts without touching policy.


The video recording is available on YouTube:

Post show discussion

At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion.

How can I populate a variable from a script without executing the script many times?

Someone asked how they could minimize the number of times CFEngine runs a script to populate a variable:

I want to populate a variable with the result of a python script, currently I am using execresult() but the script is executed many times when the policy runs. How can I minimize the number of times the script is executed and populate my variable?

The script is executed many times because of pre-evaluation1. CFEngine eagerly resolves vars and classes promises in common bundles and vars promises in agent bundles. There are various ways in which you could minimize the executions of the script.

You could move the script to a commands promise and write it’s output to a file which can be read into a variable. With this approach, unless specifically guarded against, the value of the variable can change between the three passes of policy evaluation that occur on each agent run. This would cause any policy which uses this variable to execute once for each unique value of the variable. readfile() 2, readdata() 3, readcsv() 4, readjson() 5, readyaml() 6, readenvfile() 7 , and read_module_protocol() 8 are all good candidates depending on the output.

You could adjust the script to run as a commands promise and use the module protocol to define variables and classes as a byproduct of it’s execution. With this methodology there won’t be a file who’s state must be managed but the variable will also not be available very early during policy execution.

Setting up a new offline Enterprise Hub, how do I install cfbs?

Someone asked how they could install cfbs on a new Enterprise Hub that is not connected to the internet.

I am setting up a new hub and it is not connected to the internet. How can I install cfbs?

Usually you install cfbs via Python’s package index (pip). But for the case of an Enterprise Hub you don’t need to. cfbs is vendored with the hub package. So, just install the hub package and you will have access to cfbs.

How can I manage files with the immutable bit?

Someone asked how they could manage files that have the immutable bit set.

In our environment sometimes administrators set the immutable bit on configuration files. CFEngine fails to modify these files. How can I manage these files?

Unfortunately there isn’t currently native support in files promises for managing immutable files. Currently you must use a commands promise or function like execresult() or execresult_as_data() to unset the immutable bit.

Get in touch with us
to discuss how we can help!
Contact us
Sign up for
our newsletter
By signing up, you agree to your email address being stored and used to receive newsletters about CFEngine. We use tracking in our newsletter emails to improve our marketing content.