trouble with example from the Zamboni book

[Howie Carter]

Hi Folks,


I'm trying to get up to speed with cfengine3, after being a cfengine2 user for many a year...I've got 3.10 community edition installed on a server host, and have a few clients bootstrapped to it.

I've written a simple policy to control permissions on temp files on those hosts, that's working great.

Now, I am trying to do something more complicated-I've got a policy to edit sshd_config based on the example shown on page 78 of the book; here's my version:

bundle agent sshdconfig
{
    vars:
        #We're only editing sshd_config here...
        "files[sshd]"    string => "/etc/ssh/sshd_config";

        #SSHD entries to set
        "sshd[X11Forwarding]"    string => "yes";
        "sshd[AllowGroups]"        string => "root admin sw";

    methods:
        "sshd"            usebundle => edit_sshd;
}


bundle agent edit_sshd
{
    files:
         "$(sshdconfig.files[sshd])"
          handle => "edit_sshd",
          comment => "Set desired sshd params",
          edit_line => set_config_values("sshdconfig.sshd"),
          classes => if_repaired("restart_sshd");

    commands:
         restart.sshd.!no_restarts::
         "systemctl reload sshd.service"
         handle => "sshd_restart",
         comment => "Comment!";
}

If I try to run this standalone, I get the following:

[root@cfg01 ~]# cf-agent -KI -f ./sshd.cf
./sshd.cf:24:0: error: Undefined body if_repaired with type classes
./sshd.cf:23:0: error: Undefined bundle set_config_values with type edit_line
   error: Policy failed validation with command '"/var/cfengine/bin/cf-promises" -c "./sshd.cf"'
   error: Failsafe condition triggered. Interactive session detected, skipping failsafe.cf execution.
   error: Error reading CFEngine policy. Exiting...

This makes me think I'm not including something that this policy needs, even as a standalone....

Any insight would be appreciated!

Thanks!!

-Howie

[Beto]

You need to ensure you have a "common" bundle that defines the cfengine libraries that contain the missing promise bodies.  See the section on bodies in "Bundles, Bodies, and Namespaces" in the Zamboni book.

[Nick Anderson]

Hi Howie,

> I'm trying to get up to speed with cfengine3, after being a cfengine2 user

> for many a year…I've got 3.10 community edition installed on a server

> host, and have a few clients bootstrapped to it.

Welcome to cfengine 3. :)

> If I try to run this standalone, I get the following:
>
> [root@cfg01 ~]# cf-agent -KI -f ./sshd.cf

> ./sshd.cf:24:0: error: Undefined body if_repaired with type classes
> ./sshd.cf:23:0: error: Undefined bundle set_configvalues with type
> edit_line

> error: Policy failed validation with command
> '"/var/cfengine/bin/cf-promises" -c "./sshd.cf"'
> error: Failsafe condition triggered. Interactive session detected,
> skipping failsafe.cf execution.

> error: Error reading CFEngine policy. Exiting…

> This makes me think I'm not including something that this policy needs,

> even as a standalone….

Yes, you used the if_reparied body and the set_config_values bundle from the
stdlib. The next error that you don't see is that you will need to specify the
bundlesequence manually if you are trying to run it.

You can use inputs in body file control to load another policy file. For example:

Listing 1: Example loading stdlib with body file control

body file control{ inputs => {"$(sys.libdir)/stdlib.cf"}; }
bundle agent example
# @brief Example loading stdlib with body file control
{
  reports:
    "Running CFEngine $(sys.cf_version)";
}

Then run the example bundle in the above snippet you would run the agent and
specify the bundlesequence with -b or --bundlesequence.

cf-agent -KIf ./example.cf -b example

I hope this helps.

–
Nick Anderson
Doer of things, CFEngine

[Aleksey Tsalolikhin]

Yay!  Welcome to CFEngine 3.  

In addition to Diego's excellent book, you may like to look at some examples in www.cfenginetutorial.org

--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengine+unsubscribe@googlegroups.com.
To post to this group, send email to help-c...@googlegroups.com.
Visit this group at https://groups.google.com/group/help-cfengine.
For more options, visit https://groups.google.com/d/optout.

ᐧ

[Diego Zamboni]

Hi Howie,

Welcome to CFEngine 3! I hope you are finding the book useful :)

As others have mentioned, your policy is missing a “body common control” definition (you can also use “body file control” as Nick said) which indicates the libraries to load and the bundles to execute. In the book, this is mentioned in page 75 under “Running these policies”, where the following code is shown (calling “configfiles”, which is the entry point for all config-file-editing bundles in the example):

body common control
{
inputs => { "/var/cfengine/inputs/libraries/cfengine_stdlib.cf" };

bundlesequence => { "configfiles" };
}

Hope this helps!

—Diego

--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.

To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.

[Howie Carter]

Diego, Nick, all-thanks for the replies!

I found that if I was to add:

body file control
{
    inputs => { "$(sys.libdir)/stdlib.cf" };
}

...to my file, and call it via "cf-agent -KI -f ./sshd.cf -b sshdconfig"; then it worked as desired.

Now, to get it to edit different parts of sshd_config, depending on the name of the machine it runs on!

(I am sure to have more questions...)

Thanks all!

-Howie

[Nick Anderson]

Using body file control instead of body common control allows that policy file to be run either standalone or when included into a larger policy set since there can be only one body common control. 

To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengine+unsubscribe@googlegroups.com.

[Bas van der Vlies]

On 03/08/2017 19:35, Howie Carter wrote:
> Diego, Nick, all-thanks for the replies!
>
> I found that if I was to add:
>
> body file control
> {
> inputs => { "$(sys.libdir)/stdlib.cf" };
> }
>
> ...to my file, and call it via "cf-agent -KI -f ./sshd.cf -b
> sshdconfig"; then it worked as desired.
>
> Now, to get it to edit different parts of sshd_config, depending on the
> name of the machine it runs on!
>

There is a library for generating config files, sshd_config is one of
them, more will be added:
* https://github.com/basvandervlies/cf_surfsara_lib
*
http://cfgmgmtcamp.eu/schedule/cfengine/augments-def-json-bas-van-der-vlies.html
(def.json for host(s)

maybe it is useful for you ;-)




--
---
Bas van der Vlies
| Operations, Support & Development | SURFsara | Science Park 140 | 1098
XG Amsterdam
| T +31 (0) 20 800 1300 | bas.van...@surfsara.nl | www.surfsara.nl |