Let’s talk about tags and how they can be useful for Inventory and Reporting.
If you have been following along with the Feature Friday series you already heard about using tags to find currently defined classes, variables and bundles, but they are also very useful for reporting. In CFEngine Enterprise the inventory and attribute_name tags are special. A variable or class tagged with inventory becomes visible in the Inventory subsystem in Mission Portal with the name given in the attribute_name tag.
For security reasons, you generally want to uninstall talk, samba, and apache2 in your infrastructure. However, on your webservers, which have the webserver CFEngine class defined, you might want Apache to be installed. With the conditional-installer module, you can put talk,samba,apache2 in the list of packages to uninstall. And in the list of packages to install, you can put apache2 with the condition webserver. Hence, the module will install apache2 on your webservers and uninstall it everywhere else. talk and samba, on the other hand, will be uninstalled everywhere. As always with CFEngine, if the state is already correct - i.e., packages that should be installed are already installed and packages that should not be installed are not installed - no actions will be performed.
Did you know the Masterfiles Policy Framework (MPF) ships with a host info report?
That’s right, you can simply run cf-agent --bundlesequence host_info_report and a report will be generated.
command cf-agent --bundlesequence host_info_report output R: Host info report generated and available at '/var/cfengine/reports/host_info_report.txt' It’s packed with information about the specific host.
Let’s peek:
command head -n 9 /var/cfengine/reports/host_info_report.txt output # Host Information Generated: Fri Feb 23 19:54:13 2024 ## Identity Fully Qualified Hostname: hub.example.com Host ID: SHA=41ebb680d136f82c57af6ee1a7b938c093fe8d773bf320213eae1c476dad4fb0 ## CFEngine Version: CFEngine Enterprise 3.21.4 Here are the section headers:
Interested to see what’s new in the next LTS version (3.24) of CFEngine?
Nick joins Craig and Cody to see what’s coming in 3.24. From the new groups feature which allows you to assign data to a group of hosts to improvements in filtering and new functionality in Build and other changes in behavior, checkout the video for all the details.
Video The video recording is available on YouTube:
At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion.
Did you know bundles can have tags too?
That’s right! You can tag a bundle by defining tags as a meta promise on a bundle.
For example:
bundle agent example_bundle_tag { meta: "tags" slist => { "tag_1", "tag_2" }; } You’ve likely encountered bundles tagged with autorun. These tags trigger automatic execution of bundles in lexical order whenever the services_autorun class is defined. However, you’re not limited to autorun. You can create custom tags to suite your specific needs. Perhaps you want to tag bundles associated with a particular compliance framework or identify the primary developer/team responsible for maintenance.
We are pleased to announce two new patch releases for CFEngine, version 3.18.8 and 3.21.5! These patch releases contain bug fixes and dependency updates.
Changes We’d like to highlight one specific change in behavior, which some users will want to adjust to;
Change in behavior - depth_search can now be used (but warns) with an individual file as source Users of the depth_search attribute of file promises should be aware of this change in behavior. See the blog post on the topic for more details:
You may see a new warning in the upcoming releases of 3.21.5 and 3.24.0. A new warning was introduced with a fix to the behavior of depth_search when combined with a copy_from source targeting a file:
depth_search (recursion) is promised for a base object '<filename>' that is not a directory Prior to versions 3.21.5 and 3.24.0 CFEngine would copy the file initially but would subsequently avoid updating the file providing only debug log message about the fact that the file was being skipped (because it’s not possible to descend into a file). Beginning with 3.21.5 and 3.24.0 CFEngine will copy the file and properly update the file but will also emit a warning that recursion was promised for something that was not a directory.
Did you know you can find variables by name and tag?
Like the ability to find currently defined classes (as described in Feature Friday #13: classesmatching()) that match a name or tag, you can find variables by name and tag. It’s a nifty capability. variablesmatching() returns a list of variable names that match the name and tag criteria.1 variablesmatching_as_data() returns a data container of the matching variables along with their values2.
Did you know you can find classes by name and tag?
classesmatching() dynamically sources information from the current state. For example, let’s say you have classes representing a system’s role. Furthermore, let’s say that we want a host to only have a single role class defined. Finally, if we have more than one role class defined, then we don’t want to proceed.
To achieve this without classesmatching(), we might have a policy file that looks like this (/tmp/feature-friday-13/tags-on-classes-0.cf)
Whether you are migrating from Ansible to CFEngine to gain some of the benefits of scale or autonomy or just need some functionality in an Ansible module, the ansible promise type can be a great tool to utilize.
It also provides a compelling alternative to ansible-pull and works around some of the caveats included with that strategy. CFEngine has battle-tested features needed for the pull architecture:
cf-execd handles scheduling periodic runs as ansible-pull suggests using cron cf-agent handles locking to avoid concurrent runs of the same playbooks A tiny Ansible project example Taking some first-step tips from 5 ways to harden a new system with Ansible let’s make a sample playbook project which patches Linux systems.
