Проект

Общее

Профиль

Cfengine » История » Редакция 12

Редакция 11 (Андрей Волков, 2013-02-27 18:03) → Редакция 12/13 (Андрей Волков, 2013-03-04 13:09)

h1. Cfengine 

 h2. Документация 

 h3. Выдержки 

 > User defined classes are mostly defined in bundles, but they are used as a signalling mechanism between promises 

 > Classes promises define new classes based on combinations of old ones. This is how to make complex decisions in CFEngine, with readable results. It is like defining aliases for class combinations. 

 > Another type of class definition happens when you define classes based on the outcome of a promise 
 > classes => if_repaired("signal_class"); 

 > CFEngine built-in words, and identifiers of your choosing (the names of variables, bundles, body templates and classes) may only contain the usual alphanumeric and underscore characters (‘a-zA-Z0-9 ̇’). All other ‘literal’ data must be quoted. 

 > CFEngine normally runs as user ”root” 

 > The comment attribute (which can be added to any promise) has no actual function other than to provide more information to the user in error tracing and auditing. 

 > All literal strings (e.g. ”true”) in CFEngine 3 must be quoted. 

 > All function-like objects (e.g. users(”..”)) are either builtin special functions or parameterized templates which contain the ‘meat’ of the right hand side. 

 > A few types, such as vars, classes and reports are common to all the different component bundles. 

 > When writing promises, get into the habit of giving every promise a comment that explains its intention. Also, give related promises handles, or labels that can be used to refer to them. 

 > Body parts exist to hide complex parameter information in reusable containers. The right hand side of some attribute assignments use body containers to reduce the amount of in-line information and preserve readability. You cannot choose where to use bodies: either they are used or they are not used for a particular kind of attribute. 

 > Notice also that classes can be used in bodies so that you can hide environmental adaptations. 

 > CFEngine variables have two meta-types: scalars and lists. A scalar is a single value, a list is a collection of scalars. Each scalar may have one of three types: string, int or real. 
 >  
 > Integer constants may use suffixes to represent large numbers. 
 >  
 > * k = value times 1000. 
 > * K = value times 1024. 
 > * m = value times 1000ˆ2 
 > * M = value times 1024ˆ2 
 > * g = value times 1000ˆ3 
 > * G = value times 1024ˆ3 
 > * % meaning percent, in limited contexts 
 > * inf = a constant representing an unlimited value. 

 > As of CFEngine core version 3.1.0, the value ‘cf_null’ may be used as a NULL value within lists. This value is ignored in list variable expansion. 
 > vars: 
 > "empty_list" slist => { "cf_null" }; 

 > It is wise to avoid class-variable dependency as much as possible 

 > CFEngine executes agent promise bundles in the strict order defined by the bundlesequence 

 > Within a bundle, the promise types are executed in a round-robin fashion according to so-called 'normal ordering'. The actual sequence continues for up to three iterations of the following, converging towards a final state: 
 > * vars 
 > * classes 
 > * outputs 
 > * interfaces 
 > * files 
 > * packages 
 > * guest_environments 
 > * methods 
 > * processes 
 > * services 
 > * commands 
 > * storage 
 > * databases 
 > * reports 

 > Within edit_line bundles in files promises, the normal ordering is: 
 > * vars 
 > * classes 
 > * delete_lines 
 > * field_edits 
 > * insert_lines 
 > * replace_patterns 
 > * reports 

 h2. Дополнительно 

 h3. /usr/share/vim/vimfiles/syntax/cfengine.vim 

 <pre> 
 " Vim syntax file 
 " Language:       Cfengine version 3.3 
 " Maintainer:     Andrey Volkov <volkov@ekb-info.ru> 
 " Last Change:    Tuesday February 26 2013  
 " Location: 
 " 
 " This is my first attempt at a syntax file.    Feel free to send me correctsion 
 " or improvements.    I'll give you a credit. 
 " 
 " USAGE 
 " There is already a vim file that uses 'cf' as a file extention.    You can use 
 " cfengine for your cfengine file extentions or identify via your vimrc file: 
 " au BufRead,BufNewFile *.cf set ft=cfengine 
 " 
 " For version 5.x: Clear all syntax items 
 " For version 6.x: Quit when a syntax file was already loaded 
 if version < 600 
     syntax clear 
 elseif exists ("b:current_syntax") 
     finish 
 endif 

 syn case ignore 
 syn keyword cfengineBuiltin agent common server executor reporter monitor runagent action classes contained 

 syn keyword cfengineBuiltin abortbundleclasses abortclasses about_topics aces acl acl_directory_inherit contained 
 syn keyword cfengineBuiltin acl_method acl_type action_policy addclasses admit affects agent agentaccess contained 
 syn keyword cfengineBuiltin agentfacility aggregation_point allclassesreport allowallconnects contained 
 syn keyword cfengineBuiltin allow_blank_fields allowconnects allowusers alwaysvalidate args associates contained 
 syn keyword cfengineBuiltin association atime audit auditing authorize auto_scaling background contained 
 syn keyword cfengineBuiltin background_children backward_relationship before_after belongs_to contained 
 syn keyword cfengineBuiltin binarypaddingchar bindtointerface bsdflags build_directory bundlesequence contained 
 syn keyword cfengineBuiltin cancel_kept cancel_notkept cancel_repaired causes certainty cfruncommand contained 
 syn keyword cfengineBuiltin changes chdir check_foreign check_root checksum_alert_time childlibpath chroot contained 
 syn keyword cfengineBuiltin collapse_destination_dir command comment compare contain copy_backup copy_from contained 
 syn keyword cfengineBuiltin copylink_patterns copy_patterns copy_size create csv2xml ctime database_columns contained 
 syn keyword cfengineBuiltin database_operation database_rows database_server database_type data_type contained 
 syn keyword cfengineBuiltin db_server_connection_db db_server_host db_server_owner db_server_password contained 
 syn keyword cfengineBuiltin db_server_type defaultcopytype default_repository default_timeout delete contained 
 syn keyword cfengineBuiltin delete_if_contains_from_list delete_if_match_from_list contained 
 syn keyword cfengineBuiltin delete_if_not_contains_from_list delete_if_not_match_from_list contained 
 syn keyword cfengineBuiltin delete_if_not_startwith_from_list delete_if_startwith_from_list delete_select contained 
 syn keyword cfengineBuiltin deny denybadclocks denyconnects depends_on depth depth_search determines contained 
 syn keyword cfengineBuiltin dirlinks disable disable_mode disable_suffix dist document_root domain dryrun contained 
 syn keyword cfengineBuiltin dynamicaddresses edit_backup editbinaryfilesize edit_defaults edit_field contained 
 syn keyword cfengineBuiltin editfilesize edit_fstab edit_line edit_template edit_xml contained 
 syn keyword cfengineBuiltin empty_file_before_editing encrypt env_addresses env_baseline env_cpus env_disk contained 
 syn keyword cfengineBuiltin environment environment_host environment_interface environment_resources contained 
 syn keyword cfengineBuiltin environment_state environment_type env_memory env_name env_network env_spec contained 
 syn keyword cfengineBuiltin error_bars exclamation exclude_dirs exclude_hosts exec_command exec_group contained 
 syn keyword cfengineBuiltin exec_owner exec_program exec_regex exec_timeout executorfacility expand_scalars contained 
 syn keyword cfengineBuiltin expireafter export_zenoss extend_fields extraction_regex contained 
 syn keyword cfengineBuiltin failed_returncodes federation field_operation field_separator field_value contained 
 syn keyword cfengineBuiltin file_result files_auto_define file_select files_single_copy file_to_print contained 
 syn keyword cfengineBuiltin file_types findertype fips_mode first_last force_ipv4 force_update forgetrate contained 
 syn keyword cfengineBuiltin forward_relationship freespace friend_pattern generalizations generate_manual contained 
 syn keyword cfengineBuiltin goal_patterns graph_directory graph_output groups handle hash hashupdates contained 
 syn keyword cfengineBuiltin histograms history_type host_licenses_paid hostnamekeys hosts html_banner contained 
 syn keyword cfengineBuiltin html_embed html_footer hub_schedule id_prefix ifelapsed ifencrypted ifvarclass contained 
 syn keyword cfengineBuiltin ignore_missing_bundles ignore_missing_inputs include_basedir include_dirs contained 
 syn keyword cfengineBuiltin include_end_delimiter include_start_delimiter inform inputs in_range_define contained 
 syn keyword cfengineBuiltin insert_if_contains_from_list insert_if_match_from_list contained 
 syn keyword cfengineBuiltin insert_if_not_contains_from_list insert_if_not_match_from_list contained 
 syn keyword cfengineBuiltin insert_if_not_startwith_from_list insert_if_startwith_from_list insert_select contained 
 syn keyword cfengineBuiltin insert_type intermittency involves ipv4_address ipv4_netmask ipv6_address contained 
 syn keyword cfengineBuiltin is_caused_by is_connected_to is_determined_by is_followed_by is_located_in contained 
 syn keyword cfengineBuiltin is_part_of is_preceded_by issymlinkto kept_returncodes keycacheTTL knowledge contained 
 syn keyword cfengineBuiltin lastseen lastseenexpireafter leaf_name link_children linkcopy_patterns contained 
 syn keyword cfengineBuiltin link_from link_type location logallconnections logencryptedtransfers log_failed contained 
 syn keyword cfengineBuiltin log_kept log_level log_priority log_repaired log_string mailfrom mailmaxlines contained 
 syn keyword cfengineBuiltin mailto manual_source_directory maproot match_range match_value max_children contained 
 syn keyword cfengineBuiltin maxconnections max_file_size measurement_class meta mode module monitor contained 
 syn keyword cfengineBuiltin monitorfacility mount mountfilesystems mount_options mount_server mount_source contained 
 syn keyword cfengineBuiltin mount_type move_obstructions mtime needs newname nonalphanumfiles no_output contained 
 syn keyword cfengineBuiltin not_matching number_of_lines occurrences out_of_range_define contained 
 syn keyword cfengineBuiltin output_directory output_level output_prefix output_to_file owners contained 
 syn keyword cfengineBuiltin package_add_command package_architectures package_arch_regex package_changes contained 
 syn keyword cfengineBuiltin package_delete_command package_delete_convention package_file_repositories contained 
 syn keyword cfengineBuiltin package_installed_regex package_list_arch_regex package_list_command contained 
 syn keyword cfengineBuiltin package_list_name_regex package_list_update_command contained 
 syn keyword cfengineBuiltin package_list_update_ifelapsed package_list_version_regex package_method contained 
 syn keyword cfengineBuiltin package_multiline_start package_name_convention package_name_regex contained 
 syn keyword cfengineBuiltin package_noverify_regex package_noverify_returncode package_patch_arch_regex contained 
 syn keyword cfengineBuiltin package_patch_command package_patch_installed_regex package_patch_list_command contained 
 syn keyword cfengineBuiltin package_patch_name_regex package_patch_version_regex package_policy contained 
 syn keyword cfengineBuiltin package_select package_update_command package_verify_command package_version contained 
 syn keyword cfengineBuiltin package_version_regex path_name pathtype perms persistence persist_time pgid contained 
 syn keyword cfengineBuiltin pid port portnumber ppid precedents preserve preview printfile priority contained 
 syn keyword cfengineBuiltin process_count process_owner process_result process_select process_stop contained 
 syn keyword cfengineBuiltin promise_kept promise_repaired promiser_type provides purge qualifiers contained 
 syn keyword cfengineBuiltin query_engine query_output recognize_join refresh_processes contained 
 syn keyword cfengineBuiltin registry_exclude rename repair_denied repaired_returncodes repair_failed contained 
 syn keyword cfengineBuiltin repair_timeout repchar replace_value replace_with report_changes report_diffs contained 
 syn keyword cfengineBuiltin report_level report_output reports report_to_file repository representation contained 
 syn keyword cfengineBuiltin represents require_comments resource_type restart_class rlist rmdeadlinks contained 
 syn keyword cfengineBuiltin rmdirs rotate rsize rxdirs scan_arrivals schedule search_bsdflags search_groups contained 
 syn keyword cfengineBuiltin search_mode search_owners search_size secureinput select_class select_end contained 
 syn keyword cfengineBuiltin select_field select_line_matching select_line_number select_region select_start contained 
 syn keyword cfengineBuiltin sensiblecount sensible_count sensiblesize sensible_size server serverfacility contained 
 syn keyword cfengineBuiltin servers service_args service_autostart_policy service_bundle contained 
 syn keyword cfengineBuiltin service_dependence_chain service_dependencies service_method service_policy contained 
 syn keyword cfengineBuiltin service_type showstate signals site_classes skipidentify skipverify contained 
 syn keyword cfengineBuiltin smtpserver source specify_inherit_aces splaytime sql_connection_db sql_database contained 
 syn keyword cfengineBuiltin sql_owner sql_passwd sql_server sql_type start_fields_from_zero status stealth contained 
 syn keyword cfengineBuiltin stime_range stream_type style_sheet suspiciousnames synonyms syslog contained 
 syn keyword cfengineBuiltin syslog_host syslog_port tcpdump tcpdumpcommand tcp_ip threads timeout contained 
 syn keyword cfengineBuiltin timer_policy time_stamps timezone touch track_growing_file track_value contained 
 syn keyword cfengineBuiltin transformer traverse_links trustkey trustkeysfrom ttime_range tty type_check contained 
 syn keyword cfengineBuiltin umask units unmount update_hashes usebundle uses useshell value_kept contained 
 syn keyword cfengineBuiltin value_notkept value_repaired value_separator verbose verify version contained 
 syn keyword cfengineBuiltin view_projections volume vsize when_linking_children when_no_source contained 
 syn keyword cfengineBuiltin whitespace_policy xdev xorcontained 

 syn match     cfengineBody           /^\s*body [^ ]\+ / contains=cfengineBuiltin 
 syn match     cfengineBundle         /^\s*bundle [^ ]\+ / contains=cfengineBuiltin 
 syn keyword TODO todo contained 
 syn match     cfengineComment        /#.*/ contains=TODO 
 syn match     cfengineSetVar         /\s*[0-9a-z_]\+\s*=>/ contains=cfengineBuiltin,cfengineType,cfengineIdentifier 
 syn match     cfengineIdentifier     /\s=>\s/ contained 
 " For actions e.g. reports:, commands: 
 syn match     cfengineAction         /[^:#]\+:\s*$/ 
 syn match     cfengineClass          /[^:#]\+::\s*$/ 
 " Escape sequences in regexes 
 syn match     cfengineEsc            /\\\\[sSdD+][\+\*]*/ contained 
 " Array indexes contained in [].    Does not seems to be working. 
 syn region    cfengineArray          start=/\[/ end=/\]/ contained contains=cfengineVar 
 " Variables wrapped in {} or () 
 syn region    cfengineVar            start=/[$@][(]/ end=/[)]/ contained contains=cfengineVar,cfengineArray 
 syn region    cfengineString         start=/\z\("\|'\)/ skip=/\\\z1/ end=/\z1/ contains=cfengineVar,cfengineArray,cfengineEsc 
 syn keyword cfengineType           int ilist slist float not and or xor string expression real rlist policy 
 syn keyword cfengineOnOff          on off yes no true false   

 if version >= 508 || !exists("did_cfg_syn_inits") 
     if version < 508 
         let did_cfg_syn_inits = 1 
         command -nargs=+ HiLink hi link <args> 
     else 
         command -nargs=+ HiLink hi def link <args> 
     endif 
     HiLink cfengineBody            Function 
     HiLink cfengineBundle          Function 
     HiLink cfengineBuiltin       Keyword 
     HiLink cfengineComment 	     Comment 
     HiLink cfengineIdentifier      Identifier 
     HiLink cfengineAction          Underlined 
     HiLink cfengineClass           Statement 
     HiLink cfengineEsc             Special 
     HiLink cfengineArray           Special 
     HiLink cfengineVar             Special 
     HiLink cfengineString          String 
     HiLink cfengineType            Type 
     HiLink cfengineOnOff           Boolean 

     delcommand HiLink 
 endif 
 let b:current_syntax = "cfengine" 

 " CREDITS 
 " Andrey Volkov <volkov@ekb-info.ru> 
 " Neil Watson <neil@watson-wilson.ca> 
 " Aleksey Tsalolikhin 
 " John Coleman of Yale U 
 " Matt Lesko 
 </pre> 

 h3. /usr/share/vim/vimfiles/ftdetect/cfengine.vim 

 <pre> 
 au BufNewFile,BufRead /*var/cfengine/inputs/* set filetype=cfengine 
 au BufNewFile,BufRead /*var/cfengine/masterfiles/* set filetype=cfengine 
 </pre> 

 h2. Принудительные операции 

 h3. Валидация и синхронизация hub-client 

 h4. Перегенерируем /var/cfengine/masterfiles/cf_promises_validated на hub 

 hub: *cf-agent -K -f failsafe.cf* 

 h4. Синхронизируем hub:/var/cfengine/masterfiles -> client:/var/cfengine/inputs 

 client: *cf-agent -K -f failsafe.cf*