The latest updates about everything CFEngine

Feature Friday #6: cf-promises

Will your policy work? cf-promises can check the CFEngine policy for syntax errors and give you an overview of the host’s context. It’s always a good idea to check your policy for syntax errors. Consider this policy file: /tmp/ bundle agent feature_friday { reports: "$(this.promise_filename)" printfile => cat( "$(this.promise_filename)" ) } Can you spot the error? Let’s see if cf-promises can help: command cf-promises -f /tmp/ output /tmp/ error: syntax error } ^ /tmp/feature-friday-6.

Posted by Nick Anderson
April 19, 2024

Feature Friday #5: cfbs

Do you maintain multiple policy sets? Do you leverage policy written by others? Ever wished for an easier way to upgrade your policy framework? cfbs can help to improve all of these cases. cfbs is a command line tool that aims to help simplify managing a policy set and working with CFEngine Build, a website for finding and sharing modules. A policy set usually - but not always - builds on top of some base, like the Masterfiles Policy Framework (MPF).

Posted by Nick Anderson
April 12, 2024

Feature Friday #4: cf-remote

What’s the easiest way to install cfengine? Have you heard of cf-remote? cf-remote was born out of a developer’s itch for an easy way to get CFEngine installed on some host for testing. We have featured cf-remote in several posts1 since it was first released in 2019, but today is Friday, so let’s review its features. Overview cf-remote (available via the Python Package Index) primarily targets installing CFEngine on a remote host, but it also provides some related conveniences including:

Posted by Nick Anderson
April 5, 2024

Inventory and remediate Red Hat Enterprise Linux with Security Technical Implementation Guides (STIGs)

Security Technical Implementation Guides (STIGs) are an excellent body of knowledge to leverage in securing your infrastructure. With the stig-rhel-7 module you can easily add inventory and remediation policy for RHEL 7 with CFEngine. Do note that as of March 2024 this module does not provide comprehensive coverage but rather an initial 10 findings are implemented. Setup To start I installed CFEngine Enterprise on a local virtual machine, logged in and started a new Build project with the stig-rhel-7 module added and configured to enforce (as opposed to only warn).

Posted by Craig Comstock
April 1, 2024

Feature Friday #3: execresult_as_data()

When you want to inspect both the return code and output from a command execresult_as_data() might be the function you are searching for. Most CFEngine policy writers have used execresult() and returnszero(). They are useful when you want to do something based on the output of a command or based on its successful execution (returning zero). For example: /tmp/ bundle agent __main__ { vars: "hostname" string => execresult( "$(paths.hostname)", "useshell" ); classes: "my_command_returned_zero" expression => returnszero( "$(paths.

Posted by Nick Anderson
March 29, 2024

Show notes: The agent is in - Episode 35 - Automatic grouping of hosts with select_class

Have you ever wanted some hosts to organize themselves into different groups, but without spending time to worry about assigning a specific group? Cody, Craig, and Nick talk about using the select_class feature in CFEngine. Nick implements automatic assignment of a maintainer for each host: You want to assign a maintainer to each host that should be the primary point of contact. Some hosts should may have a specific maintainer, but generally, you don’t care about the relationship between the person and the actual function of the machine.

Posted by Nick Anderson
March 28, 2024

Feature Friday #2: $(with)

Ever wanted to manipulate a string - temporarily - for an individual promise? Check out the with attribute and its special, $(with) variable. Sometimes you need some variation on a string for a specific case. Traditionally, to achieve this you’d simply define another variable. Here is a contrived example: I have a string, nginx and I want to emit a report that contains both the string itself and the upper case version of the string.

Posted by Nick Anderson
March 22, 2024

Feature Friday #1: ifelse()

Looking for a way to concisely set a variable conditionally? Have you heard of ifelse()? In CFEngine, traditionally class expressions are used to constrain promises to different contexts. Setting a variable to different values based on context might look like this: /tmp/ bundle agent __main__ { vars: "MyVariable" string => "My Default value"; redhat_8|centos_8|rocky_8:: "MyVariable" string => "My value for EL 8"; ubuntu_22:: "MyVariable" string => "My value for Ubuntu 22"; any:: "MyVariable" string => "My value on Friday", if => "Friday"; reports: "It's $(sys.

Posted by Nick Anderson
March 15, 2024

Feature Friday: A 42-part saga

Last year in commemoration of 30 years of CFEngine I received this lovely coin. I thought it would be fun to celebrate by writing 42 blog posts, each with some little tip about CFEngine. So, be sure to come check in on Friday for the first post in the Feature Friday series.

Posted by Nick Anderson
March 11, 2024

Show notes: The agent is in - Episode 34 - Host visibility with containerized CFEngine

Curious about getting visibility of a host where you can’t install CFEngine natively, but can run a container? Craig shows us how he’s getting inventory from his Torizon Verdin IMX8MP by deploying a container with a chroot containing volumes bind mounted from the host. A long post show discussion was had about CfgMgmtCamp as well as a long troubleshooting session dealing with a prickly package management situation. Video The video recording is available on YouTube:

Posted by Nick Anderson
February 29, 2024
Get in touch with us
to discuss how we can help!
Contact us
Sign up for
our newsletter
By signing up, you agree to your email address being stored and used to receive newsletters about CFEngine. We use tracking in our newsletter emails to improve our marketing content.