From IT Mission Linux Tips, Hacks, Tutorials, Howtos - Itmission.org

Main: CFEngine-manual-policy-example

CFEngine manual policy example.


For CFEngine3, the Hello World policy would look like this:

Create a file with the following content - vi /var/cfengine/inputs/test.cf

body common control  
{
bundlesequence => { "test" };
}

bundle agent test
{
reports:
  cfengine_3::
      "Hello world!";
}

body common control 
{
bundlesequence => { "test" };
}

In this example, the body common control is used to control promise behavior by calling the bundle agent test, which is a collection of promise attributes:

bundle agent test  
{
reports:
  cfengine_3::
   "Hello world!";
}

This bundle structure contains a special type of promise known as reports: , which will automatically output `Hello World' if all conditions of the promise are kept. Finally, there is the cfengine_3:: class. This class is defined by CFEngine out of the box. When it's used in a promise, it checks to see that the CFEngine client is running version 3.

So, to summarize; the promise that you just wrote and executed checked that the version of CFEngine you are running is at version 3; and if it is at version 3, it sent the Hello World string to the command line.

Now that you have a better understanding of how the syntax works, we will go over the method we used to execute the policy. The policy that you wrote, test.cf was manually executed by the cf-agent binary. Prior to running the cf-agent command, you checked the promise syntax by running the cf-promises binary:

[[email protected] ~]# cf-promises -f /var/cfengine/inputs/test.cf
[[email protected] ~]#

Normally, cf-promises is automatically executed by cf-agent as part of its run time operations, where, by default, it verifies the configuration syntax in the promises.cf file. By adding the -f flag and specifying a file name and path, you directed cf-promises to check and verify the specified file only: test.cf. In addition, we chose to run the policy manually, which is why we invoked cf-agent from the command line:

[[email protected] ~]# cf-agent -f /var/cfengine/inputs/test.cf
R: Hello world!
[[email protected] ~]#

As a rule, CFEngine is fully automated and the cf-agent binary is started by the cf-execd daemon at a user specified interval (defaults to 5 minutes). Again, in this instance, the agent was manually started using the -f flag to execute the specified file.

Retrieved from http://www.itmission.org/Main/CFEngine-manual-policy-example
Page last modified on July 27, 2012, at 02:54 AM