Did you know CFEngine has Macros?
They were first introduced in CFEngine 3.7 (back in 2015), and more have been introduced since then. Macros are convenient for preventing the parsing of a section of the policy. It is handy for protecting older binaries from getting tripped up on newer syntax the agent does not understand. Let’s take a look.
Currently there are 8 macros.
minimum_version - Prevent the section of policy from being parsed unless the agent meets a minimum version.
Ever want to manage subvalues in a configuration file? In episode 39 we talk about using field_edits in edit_line bundles.
Cody and Craig join Nick as he prototypes and iterates on some policy showing how to manage subvalues in KEY = quoted values. A question raised during one of our recent post show discussions.
Video The video recording is available on YouTube:
At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees.
This is a heads up to anyone upgrading to CFEngine 3.24.0 or newer versions, about a small change that can be considered a breaking change.
In CFEngine versions prior to 3.24.0, the CFEngine roles inventory attribute showed up in Mission Portal with the value policy_server for the hub, and as (Not reported) for all the other hosts (clients). The technical reason for this was that the policy_server class was tagged with inventory,attribute_name=CFEngine roles.
Today, we are pleased to announce the release of CFEngine 3.24.0! The code word for this release is consistency.
This release also marks an important event, the beginning of the 3.24 LTS series, which will be supported for 3 years.
Several new features have been added since the release of CFEngine 3.21 LTS, in the form of non-LTS releases. In this blog post we’ll highlight the most important features since the previous LTS release, even though some of them technically landed in intermediate non-supported releases.
Do you know how to quickly see what variables and classes are defined?
Often, while developing CFEngine policy it’s convenient to emit a variable value or a report based on the presence of a class. For example:
bundle agent main { reports: "Unqualified hostname = '$(sys.uqhost)'"; linux:: "I am running on linux"; } In some cases, this is because you are exploring what classes are available. In other cases, it might be DEBUG-related reports helping you understand how a variable is resolved during policy evaluation.
Ever want to get some data into CFEngine? Have you heard about the def.json Augments file?1
Augments are JSON data files that allow you to define classes and variables very early during agent initialization, before policy. Augments are practical in a variety of ways. Perhaps most notably for overriding policy defaults.
Let’s look at a simple example.
Here we have a policy /tmp/feature-friday/18-0.cf
/tmp/feature-friday/18-0.cf bundle agent main { reports: "MyVariable $(with) defined '$(MyVariable)'" with => ifelse( isvariable( MyVariable ), "is", "is not" ); } Running it, we can see that MyVariable isn’t defined
Let’s talk about tags and how they can be useful for Inventory and Reporting.
If you have been following along with the Feature Friday series you already heard about using tags to find currently defined classes, variables and bundles, but they are also very useful for reporting. In CFEngine Enterprise the inventory and attribute_name tags are special. A variable or class tagged with inventory becomes visible in the Inventory subsystem in Mission Portal with the name given in the attribute_name tag.
For security reasons, you generally want to uninstall talk, samba, and apache2 in your infrastructure. However, on your webservers, which have the webserver CFEngine class defined, you might want Apache to be installed. With the conditional-installer module, you can put talk,samba,apache2 in the list of packages to uninstall. And in the list of packages to install, you can put apache2 with the condition webserver. Hence, the module will install apache2 on your webservers and uninstall it everywhere else.
Did you know the Masterfiles Policy Framework (MPF) ships with a host info report?
That’s right, you can simply run cf-agent --bundlesequence host_info_report and a report will be generated.
command cf-agent --bundlesequence host_info_report output R: Host info report generated and available at '/var/cfengine/reports/host_info_report.txt' It’s packed with information about the specific host.
Let’s peek:
command head -n 9 /var/cfengine/reports/host_info_report.txt output # Host Information Generated: Fri Feb 23 19:54:13 2024 ## Identity Fully Qualified Hostname: hub.
Interested to see what’s new in the next LTS version (3.24) of CFEngine?
Nick joins Craig and Cody to see what’s coming in 3.24. From the new groups feature which allows you to assign data to a group of hosts to improvements in filtering and new functionality in Build and other changes in behavior, checkout the video for all the details.
Video The video recording is available on YouTube:
At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees.
