Show posts tagged:
policy-language

Show notes: The agent is in - Episode 30 - Profiling CFEngine policy

Imagine having the power to identify the exact lines of your CFEngine policy that are slowing down your executions. In this episode, we’ll guide you through the art of profiling CFEngine policy for improved performance. In Episode 30 of “The agent is in,” Nick and team dives into the topic of profiling CFEngine policy. We explore tools and techniques to identify performance bottlenecks and optimize CFEngine deployments. The episode covers the following main points:

Posted by Nick Anderson
October 19, 2023

Show notes: The agent is in - Episode 28 - Automating CFEngine policy testing

Have you been interested in automating the testing of your CFEngine policy? Cody, Craig and Nick follow up on the Policy Examples episode and dive a bit deeper into testing. Nick walks through some policy and related tests that leverage lib/testing.cf from the Masterfiles Policy Framework and Craig walks through implementing a GitHub Workflow to run the tests in a Docker container for each Pull Request. Video The video recording is available on YouTube:

Posted by Nick Anderson
August 31, 2023

How can I get a list of specific key values from an array of objects in JSON?

This question was covered in The agent is in, Episode 27 - CFEngine Q&A: Policy questions. Given the following JSON, how can I get a list containing just the values of name? [ { "name": "Aurora", "description": "Illuminating" }, { "name": "Orion", "description": "Stellar" }, { "name": "Luna", "description": "Serene" }, { "name": "Phoenix", "description": "Resilient" }, { "name": "Atlas", "description": "Strong" } ] Using maparray() The most concise and direct way to achieve something like this is to use the maparray() function.

Posted by Nick Anderson
July 27, 2023

How can I test CFEngine Policy?

This question was covered in The agent is in, Episode 27 - CFEngine Q&A: Policy questions. Testing is an important part of the software life-cycle. Writing tests for your CFEngine policy can help to bring improved assurance that your policy behaves as expected. Follow along and write your first test policy. Test stages When writing tests there are three or four basic stages that typically need to be handled. Initialization - Set up the necessary conditions for the test, e.

Posted by Nick Anderson
July 27, 2023

Show notes: The agent is in - Episode 27 - CFEngine Q&A: Policy questions

Unlock the power of CFEngine with expert insights and get your burning policy questions. Cody, Craig and Nick discuss and answer CFEngine policy questions submitted by users. Video The video recording is available on YouTube: At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion. Questions These are the questions and policy used during the episode but each question has a separate blog post that goes into more detail.

Posted by Nick Anderson
July 27, 2023

Iterating on CFEngine policy for pinning packages in APT

I was chatting with someone recently about some security maintenance tasks and they were bemoaning that some software updates had turned into a yack shaving1. Updating this required updating that, required updating that on N hosts of varying platforms and flavors. So, they asked me how could they avoid updating a specific package and naturally I said, let’s just prototype some policy. The incipiency of said yak shaving was updating packages via apt, Debian flavored systems default package manager.

Posted by Nick Anderson
July 20, 2023

Show notes: The agent is in - Episode 24 - Pretty printer (cffmt) demo with Miek Gieben

Tired of hand crafting policy and arguing with people about spacing and alignment? Longing for regularity and easier scanning of your policy no matter who wrote it? Cody, Craig and Nick wrap up the second year of The agent is in with Miek Gieben, CFEngine Community user and author of cffmt, a formatted written in go for CFEngine policy files. Check out the discussion about opinionated formatting, possible future developments and other tooling to improve qualify of life as a CFEngineer.

Posted by Nick Anderson
April 27, 2023

Show notes: The agent is in - Episode 22 - Hackathon: Termux Services

Have a burning desire to run sshd or another service on your VR headset? Cody, Craig and Nick do time-boxed live hackathon working on developing CFEngine services promise type support for Termux. Watch Nick and Craig race to implement basic services support before the timer buzzes. Video The video recording is available on YouTube: At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees.

Posted by Nick Anderson
February 23, 2023

Guest blog post: Don't use your distro's package manager

I have stopped using my Linux distro’s package manager, and you should, too. Maybe I should clarify that. I don’t install software with my distro’s package manager any more. I still upgrade my system. I became influenced by a few different factors. Top among these is something required in certain industries called a change advisory board or committee. This requirement says that changes to production computers have to be reviewed and approved by all stakeholders in that computer’s operations.

Posted by Jeff Carlson
January 23, 2023

5 security hardening CFEngine policy examples

Throughout the security holiday calendar, we’ve looked at modules for enforcing security requirements. Writing the policy to achieve these security hardening goals is easy. By learning how, you can write policy (or modules) for any requirements, including those specific to your organization. In this blog post, we’ll take a look at five beginner-level examples to get you started, focusing on the most common resources to manage with CFEngine; files and packages.

December 19, 2022
Get in touch with us
to discuss how we can help!
Contact us
Sign up for
our newsletter
By signing up, you agree to your email address being stored and used to receive newsletters about CFEngine. We use tracking in our newsletter emails to improve our marketing content.