Feature Friday #35: Groups in Mission Portal

Posted by Nick Anderson
November 8, 2024

Have you seen the new Groups feature in CFEngine Enterprise Mission Portal?

It was first released in 3.23.0 and it’s part of the 3.24 LTS series released earlier this year, let’s check it out.

Groups in Mission Portal can be based on any host reported data. They can be dynamic (hosts can come and go from a group) or they can be static and tied to specific hosts by hostname, mac address, IP or CFEngine’s public key. By default groups are not shared with other users and they can be used any place where you would use a filter constraining the scope of hosts based on various conditions related to the hosts reported data. If a group is shared it can have data associated with it.

For example, here we adjust the execution schedule for all hosts to be on a 10 minute interval with a 9 minute splay time.

Shared group data is merged based on a groups priority along with any host specific data that has been applied and ultimately delivered to the host via host_specific.json.1 Looking at host_specific.json on a host we see the data applied above has been delivered to the host.

jq --monochrome-output < /var/cfengine/data/host_specific.json
{
  "classes": {},
  "variables": {
    "default:def.control_executor_schedule": {
      "comment": "",
      "name": "default:def.control_executor_schedule",
      "tags": [
        "report"
      ],
      "type": "Array",
      "value": [
        "Min00",
        "Min10",
        "Min20",
        "Min30",
        "Min40",
        "Min50"
      ]
    },
    "default:def.control_executor_splaytime": {
      "comment": "",
      "name": "default:def.control_executor_splaytime",
      "tags": [
        "report"
      ],
      "type": "String",
      "value": "9"
    }
  }
}

We can apply host specific data to the same host to return the schedule to a 5 minute interval:

And (after some time) we can see how it took effect:

jq --monochrome-output < /var/cfengine/data/host_specific.json
{
  "classes": {},
  "variables": {
    "default:def.control_executor_schedule": {
      "comment": "",
      "name": "default:def.control_executor_schedule",
      "tags": [
        "report"
      ],
      "type": "Array",
      "value": [
        "Min00",
        "Min10",
        "Min20",
        "Min30",
        "Min40",
        "Min50",
        "Min00",
        "Min05",
        "Min10",
        "Min15",
        "Min20",
        "Min25",
        "Min30",
        "Min35",
        "Min40",
        "Min45",
        "Min50",
        "Min55"
      ]
    },
    "default:def.control_executor_splaytime": {
      "comment": "",
      "name": "default:def.control_executor_splaytime",
      "tags": [
        "report"
      ],
      "type": "String",
      "value": "9"
    }
  }
}

Beware the results of a merge between groups. Lists and arrays are extended, keys in data are overridden by a group of higher priority.

Here we have defined a data container and a list for the Linux group:

Defining similar data for the RHEL group (which has higher priority than Linux):

Looking into the resulting host_specific.json we can see that lists/arrays are extended while strings and objects are overwritten by higher priority groups.

jq --monochrome-output '.variables.data.value, .variables.list.value' < /var/cfengine/data/host_specific.json
{
  "array1": [
    "1",
    "2",
    "3",
    "one",
    "two",
    "three"
  ],
  "key1": "RHEL",
  "key2": "Also RHEL"
}
[
  "1",
  "2",
  "3",
  "one",
  "two",
  "three"
]

I hope you find the new groups in Mission Portal useful.

Happy Friday! 🎉


  1. We talked about host_specific.json in Feature Friday #24: Augments - host_specific.json↩︎