Cfengine¶
Документация¶
Выдержки¶
User defined classes are mostly defined in bundles, but they are used as a signalling mechanism between promises
Classes promises define new classes based on combinations of old ones. This is how to make complex decisions in CFEngine, with readable results. It is like defining aliases for class combinations.
Another type of class definition happens when you define classes based on the outcome of a promise
classes => if_repaired("signal_class");
CFEngine built-in words, and identifiers of your choosing (the names of variables, bundles, body templates and classes) may only contain the usual alphanumeric and underscore characters (‘a-zA-Z0-9 ̇’). All other ‘literal’ data must be quoted.
CFEngine normally runs as user ”root”
The comment attribute (which can be added to any promise) has no actual function other than to provide more information to the user in error tracing and auditing.
All literal strings (e.g. ”true”) in CFEngine 3 must be quoted.
All function-like objects (e.g. users(”..”)) are either builtin special functions or parameterized templates which contain the ‘meat’ of the right hand side.
A few types, such as vars, classes and reports are common to all the different component bundles.
When writing promises, get into the habit of giving every promise a comment that explains its intention. Also, give related promises handles, or labels that can be used to refer to them.
Body parts exist to hide complex parameter information in reusable containers. The right hand side of some attribute assignments use body containers to reduce the amount of in-line information and preserve readability. You cannot choose where to use bodies: either they are used or they are not used for a particular kind of attribute.
Notice also that classes can be used in bodies so that you can hide environmental adaptations.
CFEngine variables have two meta-types: scalars and lists. A scalar is a single value, a list is a collection of scalars. Each scalar may have one of three types: string, int or real.
Integer constants may use suffixes to represent large numbers.
- k = value times 1000.
- K = value times 1024.
- m = value times 1000ˆ2
- M = value times 1024ˆ2
- g = value times 1000ˆ3
- G = value times 1024ˆ3
- % meaning percent, in limited contexts
- inf = a constant representing an unlimited value.
As of CFEngine core version 3.1.0, the value ‘cf_null’ may be used as a NULL value within lists. This value is ignored in list variable expansion.
vars:
"empty_list" slist => { "cf_null" };
It is wise to avoid class-variable dependency as much as possible
CFEngine executes agent promise bundles in the strict order defined by the bundlesequence
Within a bundle, the promise types are executed in a round-robin fashion according to so-called 'normal ordering'. The actual sequence continues for up to three iterations of the following, converging towards a final state:
- vars
- classes
- outputs
- interfaces
- files
- packages
- guest_environments
- methods
- processes
- services
- commands
- storage
- databases
- reports
Within edit_line bundles in files promises, the normal ordering is:
- vars
- classes
- delete_lines
- field_edits
- insert_lines
- replace_patterns
- reports
A method promise is thus never considered repaired.
Дополнительно¶
/usr/share/vim/vimfiles/syntax/cfengine.vim¶
" Vim syntax file " Language: Cfengine version 3.3 " Maintainer: Andrey Volkov <volkov@ekb-info.ru> " Last Change: Tuesday February 26 2013 " Location: " " This is my first attempt at a syntax file. Feel free to send me correctsion " or improvements. I'll give you a credit. " " USAGE " There is already a vim file that uses 'cf' as a file extention. You can use " cfengine for your cfengine file extentions or identify via your vimrc file: " au BufRead,BufNewFile *.cf set ft=cfengine " " For version 5.x: Clear all syntax items " For version 6.x: Quit when a syntax file was already loaded if version < 600 syntax clear elseif exists ("b:current_syntax") finish endif syn case ignore syn keyword cfengineBuiltin agent common server executor reporter monitor runagent action classes contained syn keyword cfengineBuiltin abortbundleclasses abortclasses about_topics aces acl acl_directory_inherit contained syn keyword cfengineBuiltin acl_method acl_type action_policy addclasses admit affects agent agentaccess contained syn keyword cfengineBuiltin agentfacility aggregation_point allclassesreport allowallconnects contained syn keyword cfengineBuiltin allow_blank_fields allowconnects allowusers alwaysvalidate args associates contained syn keyword cfengineBuiltin association atime audit auditing authorize auto_scaling background contained syn keyword cfengineBuiltin background_children backward_relationship before_after belongs_to contained syn keyword cfengineBuiltin binarypaddingchar bindtointerface bsdflags build_directory bundlesequence contained syn keyword cfengineBuiltin cancel_kept cancel_notkept cancel_repaired causes certainty cfruncommand contained syn keyword cfengineBuiltin changes chdir check_foreign check_root checksum_alert_time childlibpath chroot contained syn keyword cfengineBuiltin collapse_destination_dir command comment compare contain copy_backup copy_from contained syn keyword cfengineBuiltin copylink_patterns copy_patterns copy_size create csv2xml ctime database_columns contained syn keyword cfengineBuiltin database_operation database_rows database_server database_type data_type contained syn keyword cfengineBuiltin db_server_connection_db db_server_host db_server_owner db_server_password contained syn keyword cfengineBuiltin db_server_type defaultcopytype default_repository default_timeout delete contained syn keyword cfengineBuiltin delete_if_contains_from_list delete_if_match_from_list contained syn keyword cfengineBuiltin delete_if_not_contains_from_list delete_if_not_match_from_list contained syn keyword cfengineBuiltin delete_if_not_startwith_from_list delete_if_startwith_from_list delete_select contained syn keyword cfengineBuiltin deny denybadclocks denyconnects depends_on depth depth_search determines contained syn keyword cfengineBuiltin dirlinks disable disable_mode disable_suffix dist document_root domain dryrun contained syn keyword cfengineBuiltin dynamicaddresses edit_backup editbinaryfilesize edit_defaults edit_field contained syn keyword cfengineBuiltin editfilesize edit_fstab edit_line edit_template edit_xml contained syn keyword cfengineBuiltin empty_file_before_editing encrypt env_addresses env_baseline env_cpus env_disk contained syn keyword cfengineBuiltin environment environment_host environment_interface environment_resources contained syn keyword cfengineBuiltin environment_state environment_type env_memory env_name env_network env_spec contained syn keyword cfengineBuiltin error_bars exclamation exclude_dirs exclude_hosts exec_command exec_group contained syn keyword cfengineBuiltin exec_owner exec_program exec_regex exec_timeout executorfacility expand_scalars contained syn keyword cfengineBuiltin expireafter export_zenoss extend_fields extraction_regex contained syn keyword cfengineBuiltin failed_returncodes federation field_operation field_separator field_value contained syn keyword cfengineBuiltin file_result files_auto_define file_select files_single_copy file_to_print contained syn keyword cfengineBuiltin file_types findertype fips_mode first_last force_ipv4 force_update forgetrate contained syn keyword cfengineBuiltin forward_relationship freespace friend_pattern generalizations generate_manual contained syn keyword cfengineBuiltin goal_patterns graph_directory graph_output groups handle hash hashupdates contained syn keyword cfengineBuiltin histograms history_type host_licenses_paid hostnamekeys hosts html_banner contained syn keyword cfengineBuiltin html_embed html_footer hub_schedule id_prefix ifelapsed ifencrypted ifvarclass contained syn keyword cfengineBuiltin ignore_missing_bundles ignore_missing_inputs include_basedir include_dirs contained syn keyword cfengineBuiltin include_end_delimiter include_start_delimiter inform inputs in_range_define contained syn keyword cfengineBuiltin insert_if_contains_from_list insert_if_match_from_list contained syn keyword cfengineBuiltin insert_if_not_contains_from_list insert_if_not_match_from_list contained syn keyword cfengineBuiltin insert_if_not_startwith_from_list insert_if_startwith_from_list insert_select contained syn keyword cfengineBuiltin insert_type intermittency involves ipv4_address ipv4_netmask ipv6_address contained syn keyword cfengineBuiltin is_caused_by is_connected_to is_determined_by is_followed_by is_located_in contained syn keyword cfengineBuiltin is_part_of is_preceded_by issymlinkto kept_returncodes keycacheTTL knowledge contained syn keyword cfengineBuiltin lastseen lastseenexpireafter leaf_name link_children linkcopy_patterns contained syn keyword cfengineBuiltin link_from link_type location logallconnections logencryptedtransfers log_failed contained syn keyword cfengineBuiltin log_kept log_level log_priority log_repaired log_string mailfrom mailmaxlines contained syn keyword cfengineBuiltin mailto manual_source_directory maproot match_range match_value max_children contained syn keyword cfengineBuiltin maxconnections max_file_size measurement_class meta mode module monitor contained syn keyword cfengineBuiltin monitorfacility mount mountfilesystems mount_options mount_server mount_source contained syn keyword cfengineBuiltin mount_type move_obstructions mtime needs newname nonalphanumfiles no_output contained syn keyword cfengineBuiltin not_matching number_of_lines occurrences out_of_range_define contained syn keyword cfengineBuiltin output_directory output_level output_prefix output_to_file owners contained syn keyword cfengineBuiltin package_add_command package_architectures package_arch_regex package_changes contained syn keyword cfengineBuiltin package_delete_command package_delete_convention package_file_repositories contained syn keyword cfengineBuiltin package_installed_regex package_list_arch_regex package_list_command contained syn keyword cfengineBuiltin package_list_name_regex package_list_update_command contained syn keyword cfengineBuiltin package_list_update_ifelapsed package_list_version_regex package_method contained syn keyword cfengineBuiltin package_multiline_start package_name_convention package_name_regex contained syn keyword cfengineBuiltin package_noverify_regex package_noverify_returncode package_patch_arch_regex contained syn keyword cfengineBuiltin package_patch_command package_patch_installed_regex package_patch_list_command contained syn keyword cfengineBuiltin package_patch_name_regex package_patch_version_regex package_policy contained syn keyword cfengineBuiltin package_select package_update_command package_verify_command package_version contained syn keyword cfengineBuiltin package_version_regex path_name pathtype perms persistence persist_time pgid contained syn keyword cfengineBuiltin pid port portnumber ppid precedents preserve preview printfile priority contained syn keyword cfengineBuiltin process_count process_owner process_result process_select process_stop contained syn keyword cfengineBuiltin promise_kept promise_repaired promiser_type provides purge qualifiers contained syn keyword cfengineBuiltin query_engine query_output recognize_join refresh_processes contained syn keyword cfengineBuiltin registry_exclude rename repair_denied repaired_returncodes repair_failed contained syn keyword cfengineBuiltin repair_timeout repchar replace_value replace_with report_changes report_diffs contained syn keyword cfengineBuiltin report_level report_output reports report_to_file repository representation contained syn keyword cfengineBuiltin represents require_comments resource_type restart_class rlist rmdeadlinks contained syn keyword cfengineBuiltin rmdirs rotate rsize rxdirs scan_arrivals schedule search_bsdflags search_groups contained syn keyword cfengineBuiltin search_mode search_owners search_size secureinput select_class select_end contained syn keyword cfengineBuiltin select_field select_line_matching select_line_number select_region select_start contained syn keyword cfengineBuiltin sensiblecount sensible_count sensiblesize sensible_size server serverfacility contained syn keyword cfengineBuiltin servers service_args service_autostart_policy service_bundle contained syn keyword cfengineBuiltin service_dependence_chain service_dependencies service_method service_policy contained syn keyword cfengineBuiltin service_type showstate signals site_classes skipidentify skipverify contained syn keyword cfengineBuiltin smtpserver source specify_inherit_aces splaytime sql_connection_db sql_database contained syn keyword cfengineBuiltin sql_owner sql_passwd sql_server sql_type start_fields_from_zero status stealth contained syn keyword cfengineBuiltin stime_range stream_type style_sheet suspiciousnames synonyms syslog contained syn keyword cfengineBuiltin syslog_host syslog_port tcpdump tcpdumpcommand tcp_ip threads timeout contained syn keyword cfengineBuiltin timer_policy time_stamps timezone touch track_growing_file track_value contained syn keyword cfengineBuiltin transformer traverse_links trustkey trustkeysfrom ttime_range tty type_check contained syn keyword cfengineBuiltin umask units unmount update_hashes usebundle uses useshell value_kept contained syn keyword cfengineBuiltin value_notkept value_repaired value_separator verbose verify version contained syn keyword cfengineBuiltin view_projections volume vsize when_linking_children when_no_source contained syn keyword cfengineBuiltin whitespace_policy xdev xorcontained syn match cfengineBody /^\s*body [^ ]\+ / contains=cfengineBuiltin syn match cfengineBundle /^\s*bundle [^ ]\+ / contains=cfengineBuiltin syn keyword TODO todo contained syn match cfengineComment /#.*/ contains=TODO syn match cfengineSetVar /\s*[0-9a-z_]\+\s*=>/ contains=cfengineBuiltin,cfengineType,cfengineIdentifier syn match cfengineIdentifier /\s=>\s/ contained " For actions e.g. reports:, commands: syn match cfengineAction /[^:#]\+:\s*$/ syn match cfengineClass /[^:#]\+::\s*$/ " Escape sequences in regexes syn match cfengineEsc /\\\\[sSdD+][\+\*]*/ contained " Array indexes contained in []. Does not seems to be working. syn region cfengineArray start=/\[/ end=/\]/ contained contains=cfengineVar " Variables wrapped in {} or () syn region cfengineVar start=/[$@][(]/ end=/[)]/ contained contains=cfengineVar,cfengineArray syn region cfengineString start=/\z\("\|'\)/ skip=/\\\z1/ end=/\z1/ contains=cfengineVar,cfengineArray,cfengineEsc syn keyword cfengineType int ilist slist float not and or xor string expression real rlist policy syn keyword cfengineOnOff on off yes no true false if version >= 508 || !exists("did_cfg_syn_inits") if version < 508 let did_cfg_syn_inits = 1 command -nargs=+ HiLink hi link <args> else command -nargs=+ HiLink hi def link <args> endif HiLink cfengineBody Function HiLink cfengineBundle Function HiLink cfengineBuiltin Keyword HiLink cfengineComment Comment HiLink cfengineIdentifier Identifier HiLink cfengineAction Underlined HiLink cfengineClass Statement HiLink cfengineEsc Special HiLink cfengineArray Special HiLink cfengineVar Special HiLink cfengineString String HiLink cfengineType Type HiLink cfengineOnOff Boolean delcommand HiLink endif let b:current_syntax = "cfengine" " CREDITS " Andrey Volkov <volkov@ekb-info.ru> " Neil Watson <neil@watson-wilson.ca> " Aleksey Tsalolikhin " John Coleman of Yale U " Matt Lesko
/usr/share/vim/vimfiles/ftdetect/cfengine.vim¶
au BufNewFile,BufRead /*var/cfengine/inputs/* set filetype=cfengine au BufNewFile,BufRead /*var/cfengine/masterfiles/* set filetype=cfengine
Принудительные операции¶
Валидация и синхронизация hub-client¶
Перегенерируем /var/cfengine/masterfiles/cf_promises_validated на hub¶
hub: cf-agent -K -f failsafe.cf
Синхронизируем hub:/var/cfengine/masterfiles -> client:/var/cfengine/inputs¶
client: cf-agent -K -f failsafe.cf
Обновлено Андрей Волков почти 12 года назад · 13 изменени(я, ий)