There is a feature proposal intended to make it easier to run individual policy files that are also part of a larger policy set.
Currently, main
is the default bundle used if no bundlesequence
is provided. This is very useful for small examples and for beginning to write a new policy. However, the bundle name must be changed in order to integrate multiple of them into the same policy set.
The proposal looks to introduce a feature similar to __main__
from python.
You can see a prototype of this feature on the dev mailing list here and a pull request including example usage here.
We would love to have your feedback in CFE-2788.
–
Nick Anderson
Doer of things, CFEngine
--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.
To post to this group, send email to help-c...@googlegroups.com.
Visit this group at https://groups.google.com/group/help-cfengine.
For more options, visit https://groups.google.com/d/optout.
Nick explained that pretty well. It doesn't seem possible to make use of ignore_missing_bundles and ignore_missing_inputs from body file control. You also cannot have multiple body common control files. I am attempting to load files dynamically and not care if they exist or not but it will error out if the file doesn't exist, e.g. $(sys.uqhost).cf. I believe I have come up with a work around to this issue though.
--
You received this message because you are subscribed to a topic in the Google Groups "help-cfengine" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/help-cfengine/4JAdzFLlEfY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to help-cfengin...@googlegroups.com.
To post to this group, send email to help-c...@googlegroups.com.
Visit this group at https://groups.google.com/group/help-cfengine.
For more options, visit https://groups.google.com/d/optout.
Cory Coager writes:
I seem to be running into some issues with "error: Duplicate definition of
bundle". Can you not reuse a bundle that's also part of
update.cf/promises.cf with bundle agent main? It seems to be
complaining about all of my bundle common that I use as a dependency for
every bundle. If that's the case I'll need to write a new main.cf file in
each bundle directory that's not part of update.cf/promises.cf. If I have
to do it that way I should be able to use "body common control" in main.cf
which would eliminate the issues with ignore_missing_bundles and
ignore_missing_inputs. Am I understanding this correctly?
Right, each bundle must be uniquely named. Also, if you are using the library
main bundle, there can not be any bundle named main
.
For example, this doesn't work:
bundle agent main { reports: "CFEngine $(sys.cf_version)"; } bundle agent __main__ { methods: "main"; }
/home/nickanderson/org/cfengine3-13734XRb:2:0: error: Duplicate definition of bundle main with type agent /home/nickanderson/org/cfengine3-13734XRb:7:0: error: Duplicate definition of bundle main with type agent error: There are syntax errors in policy files error: Policy failed validation with command '"/home/nickanderson/.cfagent/bin/cf-promises" -c "/home/nickanderson/org/cfengine3-13734XRb"' error: CFEngine was not able to get confirmation of promises from cf-promises, so going to failsafe error: CFEngine failsafe.cf: /home/nickanderson/.cfagent/inputs /home/nickanderson/.cfagent/inputs/failsafe.cf error: No suitable server found error: No suitable server found error: No suitable server found error: Method 'failsafe_cfe_internal_update' failed in some repairs notice: Q: ".../cf-agent" -f /": error: No suitable server found Q: ".../cf-agent" -f /": error: No suitable server found Q: ".../cf-agent" -f /": error: No suitable server found Q: ".../cf-agent" -f /": error: Method 'cfe_internal_update_policy_cpv' failed in some repairs R: Built-in failsafe policy triggered
Inputs is supposed to be smart enough that having the same file included from
multiple places will not be considered a duplicate bundle.
What is the name of the bundle that it's complaining about?
In how many different files does a bundle with that name exist?
–
Cory Coager writes:
Still having problems with this. When I switched to relative paths, a
normal cf-agent run showed a lot of "No such file or directory" errors,
e.g. var/cfengine/inputs../../path/to/bundle.cf. I think for this to
work I'll have to switch the body file control for main, update.cf and
promises.cf to all use absolute paths. Any issue with doing that? Is
there a better way?
I would imagine that the other places in policy that are using full paths, or
different variables could be updated instead of having to rely on absolute
paths.
Inspecting both sys.policy_entry* and sys.inputdir or sys.workdir vars and you
should be able to determine the paths a file needs so that it works in either
case.
–
--
To unsubscribe from this group and all its topics, send an email to help-cfengine+unsubscribe@googlegroups.com.
To unsubscribe from this group and all its topics, send an email to help-cfengin...@googlegroups.com.
To post to this group, send email to help-c...@googlegroups.com.
Visit this group at https://groups.google.com/group/help-cfengine.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "help-cfengine" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/help-cfengine/4JAdzFLlEfY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to help-cfengin...@googlegroups.com.
Cory Coager writes:
You mean $(sys.policy_entry_dirname)? Yes it is a full path:
var/cfengine/inputs/mystuff/dosomething1
However, I still need to go UP a directory to get to the dependency bundle:
/var/cfengine/inputs/mystuff/depend1/depend1.cf
so the relative path would be:
../depend1/depend1.cf
I mean do the relateive path from policy_entry: $(sys.policy_entry_dirname)/../depend1/depend1.cf
Still failscf-agent -KIC -f mystuff/dosomething1/dosomething1.cfR: depend1R: dosomething1cf-agent -KICerror: Can't stat file '/var/cfengine/inputs/../depend1/depend1.cf' for parsing. (stat: No such file or directory)error: Policy failed validation with command '"/var/cfengine/bin/cf-promises" -c "/var/cfengine/inputs/promises.cf"'error: Failsafe condition triggered. Interactive session detected, skipping failsafe.cf execution.error: Error reading CFEngine policy. Exiting...
--
Cory Coager writes:
I'm also not fond of main not reading in $(sys.inputdir)/def.json. I
realize you can put def.json in the same directory as the bundle. However,
when you are sharing variables in def across multiple bundles it doesn't
make sense to me to duplicate data in different places. Perhaps we can
modify def to attempt to fall back to read $(sys.inputdir)/def.json if
$(sys.policy_entry_dirname)/def.json doesn't exist? It appears that part
of def.json is written in C? My attempts to modify this behavior in
controls/def.cf have fallen in vain.
Just to clarify, cf-agent reads $(sys.policy_entry_dirname)/def.json
(not
sys.inputdir) and uses it, if it is present. Yes, augments is a feature
implemented in C. Originally, in 3.7 it was introduced as a feature implemented
in the MPF, but it was quickly moved directly inside the agent as a core feature
in order to improve its capabilities and behavior. The remnants in def.cf for
supporting that bridge time will be redacted before the next LTS release.
I have wondered how useful it would be to have an option to cf-agent that
disabled def.json and/or that allowed the user to specify a specific def.json
instead of the one next to the policy entry.