Проект

Общее

Профиль

Cfengine » История » Версия 12

Андрей Волков, 2013-03-04 13:09

1 1 Андрей Волков
h1. Cfengine
2
3 2 Андрей Волков
h2. Документация
4
5
h3. Выдержки
6
7 6 Андрей Волков
> User defined classes are mostly defined in bundles, but they are used as a signalling mechanism between promises
8 3 Андрей Волков
9 6 Андрей Волков
> Classes promises define new classes based on combinations of old ones. This is how to make complex decisions in CFEngine, with readable results. It is like defining aliases for class combinations.
10 1 Андрей Волков
11 3 Андрей Волков
> Another type of class definition happens when you define classes based on the outcome of a promise
12 1 Андрей Волков
> classes => if_repaired("signal_class");
13
14 6 Андрей Волков
> CFEngine built-in words, and identifiers of your choosing (the names of variables, bundles, body templates and classes) may only contain the usual alphanumeric and underscore characters (‘a-zA-Z0-9 ̇’). All other ‘literal’ data must be quoted.
15 1 Андрей Волков
16
> CFEngine normally runs as user ”root”
17
18 6 Андрей Волков
> The comment attribute (which can be added to any promise) has no actual function other than to provide more information to the user in error tracing and auditing.
19
20
> All literal strings (e.g. ”true”) in CFEngine 3 must be quoted.
21
22
> All function-like objects (e.g. users(”..”)) are either builtin special functions or parameterized templates which contain the ‘meat’ of the right hand side.
23
24
> A few types, such as vars, classes and reports are common to all the different component bundles.
25
26
> When writing promises, get into the habit of giving every promise a comment that explains its intention. Also, give related promises handles, or labels that can be used to refer to them.
27
28
> Body parts exist to hide complex parameter information in reusable containers. The right hand side of some attribute assignments use body containers to reduce the amount of in-line information and preserve readability. You cannot choose where to use bodies: either they are used or they are not used for a particular kind of attribute.
29 5 Андрей Волков
30 7 Андрей Волков
> Notice also that classes can be used in bodies so that you can hide environmental adaptations.
31
32 8 Андрей Волков
> CFEngine variables have two meta-types: scalars and lists. A scalar is a single value, a list is a collection of scalars. Each scalar may have one of three types: string, int or real.
33
> 
34
> Integer constants may use suffixes to represent large numbers.
35
> 
36
> * k = value times 1000.
37
> * K = value times 1024.
38
> * m = value times 1000ˆ2
39
> * M = value times 1024ˆ2
40
> * g = value times 1000ˆ3
41
> * G = value times 1024ˆ3
42
> * % meaning percent, in limited contexts
43
> * inf = a constant representing an unlimited value.
44
45 9 Андрей Волков
> As of CFEngine core version 3.1.0, the value ‘cf_null’ may be used as a NULL value within lists. This value is ignored in list variable expansion.
46
> vars:
47
> "empty_list" slist => { "cf_null" };
48
49 10 Андрей Волков
> It is wise to avoid class-variable dependency as much as possible
50
51
> CFEngine executes agent promise bundles in the strict order defined by the bundlesequence
52
53
> Within a bundle, the promise types are executed in a round-robin fashion according to so-called 'normal ordering'. The actual sequence continues for up to three iterations of the following, converging towards a final state:
54
> * vars
55
> * classes
56
> * outputs
57
> * interfaces
58
> * files
59
> * packages
60 11 Андрей Волков
> * guest_environments
61
> * methods
62
> * processes
63
> * services
64
> * commands
65
> * storage
66
> * databases
67
> * reports
68
69
> Within edit_line bundles in files promises, the normal ordering is:
70
> * vars
71
> * classes
72
> * delete_lines
73
> * field_edits
74
> * insert_lines
75
> * replace_patterns
76
> * reports
77 10 Андрей Волков
78 2 Андрей Волков
h2. Дополнительно
79
80 1 Андрей Волков
h3. /usr/share/vim/vimfiles/syntax/cfengine.vim
81
82
<pre>
83
" Vim syntax file
84
" Language:     Cfengine version 3.3
85
" Maintainer:   Andrey Volkov <volkov@ekb-info.ru>
86
" Last Change:  Tuesday February 26 2013 
87
" Location:
88
"
89
" This is my first attempt at a syntax file.  Feel free to send me correctsion
90
" or improvements.  I'll give you a credit.
91
"
92
" USAGE
93
" There is already a vim file that uses 'cf' as a file extention.  You can use
94
" cfengine for your cfengine file extentions or identify via your vimrc file:
95
" au BufRead,BufNewFile *.cf set ft=cfengine
96
"
97
" For version 5.x: Clear all syntax items
98
" For version 6.x: Quit when a syntax file was already loaded
99
if version < 600
100
    syntax clear
101
elseif exists ("b:current_syntax")
102
    finish
103
endif
104
105
syn case ignore
106
syn keyword cfengineBuiltin agent common server executor reporter monitor runagent action classes contained
107
108
syn keyword cfengineBuiltin abortbundleclasses abortclasses about_topics aces acl acl_directory_inherit contained
109
syn keyword cfengineBuiltin acl_method acl_type action_policy addclasses admit affects agent agentaccess contained
110
syn keyword cfengineBuiltin agentfacility aggregation_point allclassesreport allowallconnects contained
111
syn keyword cfengineBuiltin allow_blank_fields allowconnects allowusers alwaysvalidate args associates contained
112
syn keyword cfengineBuiltin association atime audit auditing authorize auto_scaling background contained
113
syn keyword cfengineBuiltin background_children backward_relationship before_after belongs_to contained
114
syn keyword cfengineBuiltin binarypaddingchar bindtointerface bsdflags build_directory bundlesequence contained
115
syn keyword cfengineBuiltin cancel_kept cancel_notkept cancel_repaired causes certainty cfruncommand contained
116
syn keyword cfengineBuiltin changes chdir check_foreign check_root checksum_alert_time childlibpath chroot contained
117
syn keyword cfengineBuiltin collapse_destination_dir command comment compare contain copy_backup copy_from contained
118
syn keyword cfengineBuiltin copylink_patterns copy_patterns copy_size create csv2xml ctime database_columns contained
119
syn keyword cfengineBuiltin database_operation database_rows database_server database_type data_type contained
120
syn keyword cfengineBuiltin db_server_connection_db db_server_host db_server_owner db_server_password contained
121
syn keyword cfengineBuiltin db_server_type defaultcopytype default_repository default_timeout delete contained
122
syn keyword cfengineBuiltin delete_if_contains_from_list delete_if_match_from_list contained
123
syn keyword cfengineBuiltin delete_if_not_contains_from_list delete_if_not_match_from_list contained
124
syn keyword cfengineBuiltin delete_if_not_startwith_from_list delete_if_startwith_from_list delete_select contained
125
syn keyword cfengineBuiltin deny denybadclocks denyconnects depends_on depth depth_search determines contained
126
syn keyword cfengineBuiltin dirlinks disable disable_mode disable_suffix dist document_root domain dryrun contained
127
syn keyword cfengineBuiltin dynamicaddresses edit_backup editbinaryfilesize edit_defaults edit_field contained
128
syn keyword cfengineBuiltin editfilesize edit_fstab edit_line edit_template edit_xml contained
129
syn keyword cfengineBuiltin empty_file_before_editing encrypt env_addresses env_baseline env_cpus env_disk contained
130
syn keyword cfengineBuiltin environment environment_host environment_interface environment_resources contained
131
syn keyword cfengineBuiltin environment_state environment_type env_memory env_name env_network env_spec contained
132
syn keyword cfengineBuiltin error_bars exclamation exclude_dirs exclude_hosts exec_command exec_group contained
133
syn keyword cfengineBuiltin exec_owner exec_program exec_regex exec_timeout executorfacility expand_scalars contained
134
syn keyword cfengineBuiltin expireafter export_zenoss extend_fields extraction_regex contained
135
syn keyword cfengineBuiltin failed_returncodes federation field_operation field_separator field_value contained
136
syn keyword cfengineBuiltin file_result files_auto_define file_select files_single_copy file_to_print contained
137
syn keyword cfengineBuiltin file_types findertype fips_mode first_last force_ipv4 force_update forgetrate contained
138
syn keyword cfengineBuiltin forward_relationship freespace friend_pattern generalizations generate_manual contained
139
syn keyword cfengineBuiltin goal_patterns graph_directory graph_output groups handle hash hashupdates contained
140
syn keyword cfengineBuiltin histograms history_type host_licenses_paid hostnamekeys hosts html_banner contained
141
syn keyword cfengineBuiltin html_embed html_footer hub_schedule id_prefix ifelapsed ifencrypted ifvarclass contained
142
syn keyword cfengineBuiltin ignore_missing_bundles ignore_missing_inputs include_basedir include_dirs contained
143
syn keyword cfengineBuiltin include_end_delimiter include_start_delimiter inform inputs in_range_define contained
144
syn keyword cfengineBuiltin insert_if_contains_from_list insert_if_match_from_list contained
145
syn keyword cfengineBuiltin insert_if_not_contains_from_list insert_if_not_match_from_list contained
146
syn keyword cfengineBuiltin insert_if_not_startwith_from_list insert_if_startwith_from_list insert_select contained
147
syn keyword cfengineBuiltin insert_type intermittency involves ipv4_address ipv4_netmask ipv6_address contained
148
syn keyword cfengineBuiltin is_caused_by is_connected_to is_determined_by is_followed_by is_located_in contained
149
syn keyword cfengineBuiltin is_part_of is_preceded_by issymlinkto kept_returncodes keycacheTTL knowledge contained
150
syn keyword cfengineBuiltin lastseen lastseenexpireafter leaf_name link_children linkcopy_patterns contained
151
syn keyword cfengineBuiltin link_from link_type location logallconnections logencryptedtransfers log_failed contained
152
syn keyword cfengineBuiltin log_kept log_level log_priority log_repaired log_string mailfrom mailmaxlines contained
153
syn keyword cfengineBuiltin mailto manual_source_directory maproot match_range match_value max_children contained
154
syn keyword cfengineBuiltin maxconnections max_file_size measurement_class meta mode module monitor contained
155
syn keyword cfengineBuiltin monitorfacility mount mountfilesystems mount_options mount_server mount_source contained
156
syn keyword cfengineBuiltin mount_type move_obstructions mtime needs newname nonalphanumfiles no_output contained
157
syn keyword cfengineBuiltin not_matching number_of_lines occurrences out_of_range_define contained
158
syn keyword cfengineBuiltin output_directory output_level output_prefix output_to_file owners contained
159
syn keyword cfengineBuiltin package_add_command package_architectures package_arch_regex package_changes contained
160
syn keyword cfengineBuiltin package_delete_command package_delete_convention package_file_repositories contained
161
syn keyword cfengineBuiltin package_installed_regex package_list_arch_regex package_list_command contained
162
syn keyword cfengineBuiltin package_list_name_regex package_list_update_command contained
163
syn keyword cfengineBuiltin package_list_update_ifelapsed package_list_version_regex package_method contained
164
syn keyword cfengineBuiltin package_multiline_start package_name_convention package_name_regex contained
165
syn keyword cfengineBuiltin package_noverify_regex package_noverify_returncode package_patch_arch_regex contained
166
syn keyword cfengineBuiltin package_patch_command package_patch_installed_regex package_patch_list_command contained
167
syn keyword cfengineBuiltin package_patch_name_regex package_patch_version_regex package_policy contained
168
syn keyword cfengineBuiltin package_select package_update_command package_verify_command package_version contained
169
syn keyword cfengineBuiltin package_version_regex path_name pathtype perms persistence persist_time pgid contained
170
syn keyword cfengineBuiltin pid port portnumber ppid precedents preserve preview printfile priority contained
171
syn keyword cfengineBuiltin process_count process_owner process_result process_select process_stop contained
172
syn keyword cfengineBuiltin promise_kept promise_repaired promiser_type provides purge qualifiers contained
173
syn keyword cfengineBuiltin query_engine query_output recognize_join refresh_processes contained
174
syn keyword cfengineBuiltin registry_exclude rename repair_denied repaired_returncodes repair_failed contained
175
syn keyword cfengineBuiltin repair_timeout repchar replace_value replace_with report_changes report_diffs contained
176
syn keyword cfengineBuiltin report_level report_output reports report_to_file repository representation contained
177
syn keyword cfengineBuiltin represents require_comments resource_type restart_class rlist rmdeadlinks contained
178
syn keyword cfengineBuiltin rmdirs rotate rsize rxdirs scan_arrivals schedule search_bsdflags search_groups contained
179
syn keyword cfengineBuiltin search_mode search_owners search_size secureinput select_class select_end contained
180
syn keyword cfengineBuiltin select_field select_line_matching select_line_number select_region select_start contained
181
syn keyword cfengineBuiltin sensiblecount sensible_count sensiblesize sensible_size server serverfacility contained
182
syn keyword cfengineBuiltin servers service_args service_autostart_policy service_bundle contained
183
syn keyword cfengineBuiltin service_dependence_chain service_dependencies service_method service_policy contained
184
syn keyword cfengineBuiltin service_type showstate signals site_classes skipidentify skipverify contained
185
syn keyword cfengineBuiltin smtpserver source specify_inherit_aces splaytime sql_connection_db sql_database contained
186
syn keyword cfengineBuiltin sql_owner sql_passwd sql_server sql_type start_fields_from_zero status stealth contained
187
syn keyword cfengineBuiltin stime_range stream_type style_sheet suspiciousnames synonyms syslog contained
188
syn keyword cfengineBuiltin syslog_host syslog_port tcpdump tcpdumpcommand tcp_ip threads timeout contained
189
syn keyword cfengineBuiltin timer_policy time_stamps timezone touch track_growing_file track_value contained
190
syn keyword cfengineBuiltin transformer traverse_links trustkey trustkeysfrom ttime_range tty type_check contained
191
syn keyword cfengineBuiltin umask units unmount update_hashes usebundle uses useshell value_kept contained
192
syn keyword cfengineBuiltin value_notkept value_repaired value_separator verbose verify version contained
193
syn keyword cfengineBuiltin view_projections volume vsize when_linking_children when_no_source contained
194
syn keyword cfengineBuiltin whitespace_policy xdev xorcontained
195
196
syn match   cfengineBody         /^\s*body [^ ]\+ / contains=cfengineBuiltin
197
syn match   cfengineBundle       /^\s*bundle [^ ]\+ / contains=cfengineBuiltin
198
syn keyword TODO todo contained
199
syn match   cfengineComment      /#.*/ contains=TODO
200
syn match   cfengineSetVar       /\s*[0-9a-z_]\+\s*=>/ contains=cfengineBuiltin,cfengineType,cfengineIdentifier
201
syn match   cfengineIdentifier   /\s=>\s/ contained
202
" For actions e.g. reports:, commands:
203
syn match   cfengineAction       /[^:#]\+:\s*$/
204
syn match   cfengineClass        /[^:#]\+::\s*$/
205
" Escape sequences in regexes
206
syn match   cfengineEsc          /\\\\[sSdD+][\+\*]*/ contained
207
" Array indexes contained in [].  Does not seems to be working.
208
syn region  cfengineArray        start=/\[/ end=/\]/ contained contains=cfengineVar
209
" Variables wrapped in {} or ()
210
syn region  cfengineVar          start=/[$@][(]/ end=/[)]/ contained contains=cfengineVar,cfengineArray
211
syn region  cfengineString       start=/\z\("\|'\)/ skip=/\\\z1/ end=/\z1/ contains=cfengineVar,cfengineArray,cfengineEsc
212
syn keyword cfengineType         int ilist slist float not and or xor string expression real rlist policy
213
syn keyword cfengineOnOff        on off yes no true false  
214
215
if version >= 508 || !exists("did_cfg_syn_inits")
216
    if version < 508
217
        let did_cfg_syn_inits = 1
218
        command -nargs=+ HiLink hi link <args>
219
    else
220
        command -nargs=+ HiLink hi def link <args>
221
    endif
222
    HiLink cfengineBody          Function
223
    HiLink cfengineBundle        Function
224
    HiLink cfengineBuiltin     Keyword
225
    HiLink cfengineComment	    Comment
226
    HiLink cfengineIdentifier    Identifier
227
    HiLink cfengineAction        Underlined
228
    HiLink cfengineClass         Statement
229
    HiLink cfengineEsc           Special
230
    HiLink cfengineArray         Special
231
    HiLink cfengineVar           Special
232
    HiLink cfengineString        String
233
    HiLink cfengineType          Type
234
    HiLink cfengineOnOff         Boolean
235
236
    delcommand HiLink
237
endif
238
let b:current_syntax = "cfengine"
239
240
" CREDITS
241
" Andrey Volkov <volkov@ekb-info.ru>
242
" Neil Watson <neil@watson-wilson.ca>
243
" Aleksey Tsalolikhin
244
" John Coleman of Yale U
245
" Matt Lesko
246
</pre>
247
248
h3. /usr/share/vim/vimfiles/ftdetect/cfengine.vim
249
250
<pre>
251
au BufNewFile,BufRead /*var/cfengine/inputs/* set filetype=cfengine
252
au BufNewFile,BufRead /*var/cfengine/masterfiles/* set filetype=cfengine
253
</pre>
254 12 Андрей Волков
255
h2. Принудительные операции
256
257
h3. Валидация и синхронизация hub-client
258
259
h4. Перегенерируем /var/cfengine/masterfiles/cf_promises_validated на hub
260
261
hub: *cf-agent -K -f failsafe.cf*
262
263
h4. Синхронизируем hub:/var/cfengine/masterfiles -> client:/var/cfengine/inputs
264
265
client: *cf-agent -K -f failsafe.cf*