Действия
Cfengine¶
Документация¶
Выдержки¶
User defined classes are mostly defined in bundles, but they are used as a signalling mechanism between promises
Classes promises define new classes based on combinations of old ones. This is how to make complex decisions in CFEngine, with readable results. It is like defining aliases for class combinations.
Another type of class definition happens when you define classes based on the outcome of a promise
classes => if_repaired("signal_class");
CFEngine built-in words, and identifiers of your choosing (the names of variables, bundles, body templates and classes) may only contain the usual alphanumeric and underscore characters (‘a-zA-Z0-9 ̇’). All other ‘literal’ data must be quoted.
CFEngine normally runs as user ”root”
The comment attribute (which can be added to any promise) has no actual function other than to provide more information to the user in error tracing and auditing.
All literal strings (e.g. ”true”) in CFEngine 3 must be quoted.
All function-like objects (e.g. users(”..”)) are either builtin special functions or parameterized templates which contain the ‘meat’ of the right hand side.
A few types, such as vars, classes and reports are common to all the different component bundles.
When writing promises, get into the habit of giving every promise a comment that explains its intention. Also, give related promises handles, or labels that can be used to refer to them.
Body parts exist to hide complex parameter information in reusable containers. The right hand side of some attribute assignments use body containers to reduce the amount of in-line information and preserve readability. You cannot choose where to use bodies: either they are used or they are not used for a particular kind of attribute.
Notice also that classes can be used in bodies so that you can hide environmental adaptations.
CFEngine variables have two meta-types: scalars and lists. A scalar is a single value, a list is a collection of scalars. Each scalar may have one of three types: string, int or real.
Integer constants may use suffixes to represent large numbers.
- k = value times 1000.
- K = value times 1024.
- m = value times 1000ˆ2
- M = value times 1024ˆ2
- g = value times 1000ˆ3
- G = value times 1024ˆ3
- % meaning percent, in limited contexts
- inf = a constant representing an unlimited value.
As of CFEngine core version 3.1.0, the value ‘cf_null’ may be used as a NULL value within lists. This value is ignored in list variable expansion.
vars:
"empty_list" slist => { "cf_null" };
It is wise to avoid class-variable dependency as much as possible
CFEngine executes agent promise bundles in the strict order defined by the bundlesequence
Within a bundle, the promise types are executed in a round-robin fashion according to so-called 'normal ordering'. The actual sequence continues for up to three iterations of the following, converging towards a final state:
- vars
- classes
- outputs
- interfaces
- files
- packages
- guest_environments
- methods
- processes
- services
- commands
- storage
- databases
- reports
Within edit_line bundles in files promises, the normal ordering is:
- vars
- classes
- delete_lines
- field_edits
- insert_lines
- replace_patterns
- reports
A method promise is thus never considered repaired.
Дополнительно¶
/usr/share/vim/vimfiles/syntax/cfengine.vim¶
" Vim syntax file
" Language: Cfengine version 3.3
" Maintainer: Andrey Volkov <volkov@ekb-info.ru>
" Last Change: Tuesday February 26 2013
" Location:
"
" This is my first attempt at a syntax file. Feel free to send me correctsion
" or improvements. I'll give you a credit.
"
" USAGE
" There is already a vim file that uses 'cf' as a file extention. You can use
" cfengine for your cfengine file extentions or identify via your vimrc file:
" au BufRead,BufNewFile *.cf set ft=cfengine
"
" For version 5.x: Clear all syntax items
" For version 6.x: Quit when a syntax file was already loaded
if version < 600
syntax clear
elseif exists ("b:current_syntax")
finish
endif
syn case ignore
syn keyword cfengineBuiltin agent common server executor reporter monitor runagent action classes contained
syn keyword cfengineBuiltin abortbundleclasses abortclasses about_topics aces acl acl_directory_inherit contained
syn keyword cfengineBuiltin acl_method acl_type action_policy addclasses admit affects agent agentaccess contained
syn keyword cfengineBuiltin agentfacility aggregation_point allclassesreport allowallconnects contained
syn keyword cfengineBuiltin allow_blank_fields allowconnects allowusers alwaysvalidate args associates contained
syn keyword cfengineBuiltin association atime audit auditing authorize auto_scaling background contained
syn keyword cfengineBuiltin background_children backward_relationship before_after belongs_to contained
syn keyword cfengineBuiltin binarypaddingchar bindtointerface bsdflags build_directory bundlesequence contained
syn keyword cfengineBuiltin cancel_kept cancel_notkept cancel_repaired causes certainty cfruncommand contained
syn keyword cfengineBuiltin changes chdir check_foreign check_root checksum_alert_time childlibpath chroot contained
syn keyword cfengineBuiltin collapse_destination_dir command comment compare contain copy_backup copy_from contained
syn keyword cfengineBuiltin copylink_patterns copy_patterns copy_size create csv2xml ctime database_columns contained
syn keyword cfengineBuiltin database_operation database_rows database_server database_type data_type contained
syn keyword cfengineBuiltin db_server_connection_db db_server_host db_server_owner db_server_password contained
syn keyword cfengineBuiltin db_server_type defaultcopytype default_repository default_timeout delete contained
syn keyword cfengineBuiltin delete_if_contains_from_list delete_if_match_from_list contained
syn keyword cfengineBuiltin delete_if_not_contains_from_list delete_if_not_match_from_list contained
syn keyword cfengineBuiltin delete_if_not_startwith_from_list delete_if_startwith_from_list delete_select contained
syn keyword cfengineBuiltin deny denybadclocks denyconnects depends_on depth depth_search determines contained
syn keyword cfengineBuiltin dirlinks disable disable_mode disable_suffix dist document_root domain dryrun contained
syn keyword cfengineBuiltin dynamicaddresses edit_backup editbinaryfilesize edit_defaults edit_field contained
syn keyword cfengineBuiltin editfilesize edit_fstab edit_line edit_template edit_xml contained
syn keyword cfengineBuiltin empty_file_before_editing encrypt env_addresses env_baseline env_cpus env_disk contained
syn keyword cfengineBuiltin environment environment_host environment_interface environment_resources contained
syn keyword cfengineBuiltin environment_state environment_type env_memory env_name env_network env_spec contained
syn keyword cfengineBuiltin error_bars exclamation exclude_dirs exclude_hosts exec_command exec_group contained
syn keyword cfengineBuiltin exec_owner exec_program exec_regex exec_timeout executorfacility expand_scalars contained
syn keyword cfengineBuiltin expireafter export_zenoss extend_fields extraction_regex contained
syn keyword cfengineBuiltin failed_returncodes federation field_operation field_separator field_value contained
syn keyword cfengineBuiltin file_result files_auto_define file_select files_single_copy file_to_print contained
syn keyword cfengineBuiltin file_types findertype fips_mode first_last force_ipv4 force_update forgetrate contained
syn keyword cfengineBuiltin forward_relationship freespace friend_pattern generalizations generate_manual contained
syn keyword cfengineBuiltin goal_patterns graph_directory graph_output groups handle hash hashupdates contained
syn keyword cfengineBuiltin histograms history_type host_licenses_paid hostnamekeys hosts html_banner contained
syn keyword cfengineBuiltin html_embed html_footer hub_schedule id_prefix ifelapsed ifencrypted ifvarclass contained
syn keyword cfengineBuiltin ignore_missing_bundles ignore_missing_inputs include_basedir include_dirs contained
syn keyword cfengineBuiltin include_end_delimiter include_start_delimiter inform inputs in_range_define contained
syn keyword cfengineBuiltin insert_if_contains_from_list insert_if_match_from_list contained
syn keyword cfengineBuiltin insert_if_not_contains_from_list insert_if_not_match_from_list contained
syn keyword cfengineBuiltin insert_if_not_startwith_from_list insert_if_startwith_from_list insert_select contained
syn keyword cfengineBuiltin insert_type intermittency involves ipv4_address ipv4_netmask ipv6_address contained
syn keyword cfengineBuiltin is_caused_by is_connected_to is_determined_by is_followed_by is_located_in contained
syn keyword cfengineBuiltin is_part_of is_preceded_by issymlinkto kept_returncodes keycacheTTL knowledge contained
syn keyword cfengineBuiltin lastseen lastseenexpireafter leaf_name link_children linkcopy_patterns contained
syn keyword cfengineBuiltin link_from link_type location logallconnections logencryptedtransfers log_failed contained
syn keyword cfengineBuiltin log_kept log_level log_priority log_repaired log_string mailfrom mailmaxlines contained
syn keyword cfengineBuiltin mailto manual_source_directory maproot match_range match_value max_children contained
syn keyword cfengineBuiltin maxconnections max_file_size measurement_class meta mode module monitor contained
syn keyword cfengineBuiltin monitorfacility mount mountfilesystems mount_options mount_server mount_source contained
syn keyword cfengineBuiltin mount_type move_obstructions mtime needs newname nonalphanumfiles no_output contained
syn keyword cfengineBuiltin not_matching number_of_lines occurrences out_of_range_define contained
syn keyword cfengineBuiltin output_directory output_level output_prefix output_to_file owners contained
syn keyword cfengineBuiltin package_add_command package_architectures package_arch_regex package_changes contained
syn keyword cfengineBuiltin package_delete_command package_delete_convention package_file_repositories contained
syn keyword cfengineBuiltin package_installed_regex package_list_arch_regex package_list_command contained
syn keyword cfengineBuiltin package_list_name_regex package_list_update_command contained
syn keyword cfengineBuiltin package_list_update_ifelapsed package_list_version_regex package_method contained
syn keyword cfengineBuiltin package_multiline_start package_name_convention package_name_regex contained
syn keyword cfengineBuiltin package_noverify_regex package_noverify_returncode package_patch_arch_regex contained
syn keyword cfengineBuiltin package_patch_command package_patch_installed_regex package_patch_list_command contained
syn keyword cfengineBuiltin package_patch_name_regex package_patch_version_regex package_policy contained
syn keyword cfengineBuiltin package_select package_update_command package_verify_command package_version contained
syn keyword cfengineBuiltin package_version_regex path_name pathtype perms persistence persist_time pgid contained
syn keyword cfengineBuiltin pid port portnumber ppid precedents preserve preview printfile priority contained
syn keyword cfengineBuiltin process_count process_owner process_result process_select process_stop contained
syn keyword cfengineBuiltin promise_kept promise_repaired promiser_type provides purge qualifiers contained
syn keyword cfengineBuiltin query_engine query_output recognize_join refresh_processes contained
syn keyword cfengineBuiltin registry_exclude rename repair_denied repaired_returncodes repair_failed contained
syn keyword cfengineBuiltin repair_timeout repchar replace_value replace_with report_changes report_diffs contained
syn keyword cfengineBuiltin report_level report_output reports report_to_file repository representation contained
syn keyword cfengineBuiltin represents require_comments resource_type restart_class rlist rmdeadlinks contained
syn keyword cfengineBuiltin rmdirs rotate rsize rxdirs scan_arrivals schedule search_bsdflags search_groups contained
syn keyword cfengineBuiltin search_mode search_owners search_size secureinput select_class select_end contained
syn keyword cfengineBuiltin select_field select_line_matching select_line_number select_region select_start contained
syn keyword cfengineBuiltin sensiblecount sensible_count sensiblesize sensible_size server serverfacility contained
syn keyword cfengineBuiltin servers service_args service_autostart_policy service_bundle contained
syn keyword cfengineBuiltin service_dependence_chain service_dependencies service_method service_policy contained
syn keyword cfengineBuiltin service_type showstate signals site_classes skipidentify skipverify contained
syn keyword cfengineBuiltin smtpserver source specify_inherit_aces splaytime sql_connection_db sql_database contained
syn keyword cfengineBuiltin sql_owner sql_passwd sql_server sql_type start_fields_from_zero status stealth contained
syn keyword cfengineBuiltin stime_range stream_type style_sheet suspiciousnames synonyms syslog contained
syn keyword cfengineBuiltin syslog_host syslog_port tcpdump tcpdumpcommand tcp_ip threads timeout contained
syn keyword cfengineBuiltin timer_policy time_stamps timezone touch track_growing_file track_value contained
syn keyword cfengineBuiltin transformer traverse_links trustkey trustkeysfrom ttime_range tty type_check contained
syn keyword cfengineBuiltin umask units unmount update_hashes usebundle uses useshell value_kept contained
syn keyword cfengineBuiltin value_notkept value_repaired value_separator verbose verify version contained
syn keyword cfengineBuiltin view_projections volume vsize when_linking_children when_no_source contained
syn keyword cfengineBuiltin whitespace_policy xdev xorcontained
syn match cfengineBody /^\s*body [^ ]\+ / contains=cfengineBuiltin
syn match cfengineBundle /^\s*bundle [^ ]\+ / contains=cfengineBuiltin
syn keyword TODO todo contained
syn match cfengineComment /#.*/ contains=TODO
syn match cfengineSetVar /\s*[0-9a-z_]\+\s*=>/ contains=cfengineBuiltin,cfengineType,cfengineIdentifier
syn match cfengineIdentifier /\s=>\s/ contained
" For actions e.g. reports:, commands:
syn match cfengineAction /[^:#]\+:\s*$/
syn match cfengineClass /[^:#]\+::\s*$/
" Escape sequences in regexes
syn match cfengineEsc /\\\\[sSdD+][\+\*]*/ contained
" Array indexes contained in []. Does not seems to be working.
syn region cfengineArray start=/\[/ end=/\]/ contained contains=cfengineVar
" Variables wrapped in {} or ()
syn region cfengineVar start=/[$@][(]/ end=/[)]/ contained contains=cfengineVar,cfengineArray
syn region cfengineString start=/\z\("\|'\)/ skip=/\\\z1/ end=/\z1/ contains=cfengineVar,cfengineArray,cfengineEsc
syn keyword cfengineType int ilist slist float not and or xor string expression real rlist policy
syn keyword cfengineOnOff on off yes no true false
if version >= 508 || !exists("did_cfg_syn_inits")
if version < 508
let did_cfg_syn_inits = 1
command -nargs=+ HiLink hi link <args>
else
command -nargs=+ HiLink hi def link <args>
endif
HiLink cfengineBody Function
HiLink cfengineBundle Function
HiLink cfengineBuiltin Keyword
HiLink cfengineComment Comment
HiLink cfengineIdentifier Identifier
HiLink cfengineAction Underlined
HiLink cfengineClass Statement
HiLink cfengineEsc Special
HiLink cfengineArray Special
HiLink cfengineVar Special
HiLink cfengineString String
HiLink cfengineType Type
HiLink cfengineOnOff Boolean
delcommand HiLink
endif
let b:current_syntax = "cfengine"
" CREDITS
" Andrey Volkov <volkov@ekb-info.ru>
" Neil Watson <neil@watson-wilson.ca>
" Aleksey Tsalolikhin
" John Coleman of Yale U
" Matt Lesko
/usr/share/vim/vimfiles/ftdetect/cfengine.vim¶
au BufNewFile,BufRead /*var/cfengine/inputs/* set filetype=cfengine au BufNewFile,BufRead /*var/cfengine/masterfiles/* set filetype=cfengine
Принудительные операции¶
Валидация и синхронизация hub-client¶
Перегенерируем /var/cfengine/masterfiles/cf_promises_validated на hub¶
hub: cf-agent -K -f failsafe.cf
Синхронизируем hub:/var/cfengine/masterfiles -> client:/var/cfengine/inputs¶
client: cf-agent -K -f failsafe.cf
Обновлено Андрей Волков около 11 лет назад · 13 изменени(я, ий)