default body changes

15 views
Skip to first unread message

Martin Gehrke

unread,
Mar 31, 2017, 3:16:54 PM3/31/17
to help-cfengine

Is there way to set a default changes body so I don’t have to specify it every time there is a file promise? Or is there a default?

 

        “/some/dir/.”

                handle => canonify("$(this.bundle)$(this.promiser)"),

                perms => system_owned("0444"),

                create => "true",

                edit_template => “/path/to/mustache/template.mustache",

                template_method => "mustache",

                changes => diff;

 

 

From: help-c...@googlegroups.com [mailto:help-c...@googlegroups.com] On Behalf Of bofh...@gmail.com
Sent: Thursday, March 30, 2017 4:00 PM
To: help-cfengine <help-c...@googlegroups.com>
Subject: [help-cfengine] Bundle aborted on defined class

 

Is it possible to eliminate the output of "Bundle aborted on defined class...." when a bundle is aborted using the abortbundleclasses?  I have these messages going into /var/log/messages every five minutes.

Thank you in advance,
Robin

--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.
To post to this group, send email to help-c...@googlegroups.com.
Visit this group at https://groups.google.com/group/help-cfengine.
For more options, visit https://groups.google.com/d/optout.

Nick Anderson

unread,
Mar 31, 2017, 3:34:53 PM3/31/17
to help-cfengine, Martin...@twosigma.com


On Friday, March 31, 2017 at 2:16:54 PM UTC-5, Martin Gehrke wrote:

Is there way to set a default changes body so I don’t have to specify it every time there is a file promise? Or is there a default?

 

        “/some/dir/.”

                handle => canonify("$(this.bundle)$(this.promiser)"),

                perms => system_owned("0444"),

                create => "true",

                edit_template => “/path/to/mustache/template.mustache",

                template_method => "mustache",

                changes => diff;

 

 

From: help-c...@googlegroups.com [mailto:help-cfengine@googlegroups.com] On Behalf Of bofh...@gmail.com
Sent: Thursday, March 30, 2017 4:00 PM
To: help-cfengine <help-cfengine@googlegroups.com>
Subject: [help-cfengine] Bundle aborted on defined class

 

Is it possible to eliminate the output of "Bundle aborted on defined class...." when a bundle is aborted using the abortbundleclasses?  I have these messages going into /var/log/messages every five minutes.

Thank you in advance,
Robin

--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.

To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengine+unsubscribe@googlegroups.com.

Martin Gehrke

unread,
Mar 31, 2017, 3:40:37 PM3/31/17
to Nick Anderson, help-cfengine

Thanks nick. We just have this same line 100+ times.

Hey Martin,

 

To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.

Nick Anderson

unread,
Mar 31, 2017, 4:52:29 PM3/31/17
to Martin Gehrke, Nick Anderson, help-cfengine

> Is there way to set a default changes body so I don’t have to specify
> it every time there is a file promise? Or is there a default?

If you have a really common pattern that you use across your entire
policy like this:

bundle agent main
{
  files:
      "/tmp/dir1/."
        handle => canonify("$(this.bundle)$(this.promiser)"),
        perms => system_owned("0444"),
        create => "true",
        edit_template => “/path/to/mustache/template.mustache",
        template_method => "mustache",
        changes => diff;


      "/tmp/dir2/."
        handle => canonify("$(this.bundle)$(this.promiser)"),
        perms => system_owned("0444"),
        create => "true",
        edit_template => “/path/to/mustache/template.mustache",
        template_method => "mustache",
        changes => diff;
}







You may want to consider leveraging default bodies to help reduce the

amount of written policy, and improve consistency between promises.







body agent control
{
  inform => "true";
} 
body file control
{
        namespace => "bodydefault";
}

body perms files_perms
# @brief Set the file owner and group to the system default
# @param mode the access permission in octal format
#
# **Example:**
#
# ```cf3
# files:
#     "/etc/passwd" perms => system_owned("0644");
# ```
{
        mode   => "0444";
        owners => { "root" };

    freebsd|openbsd|netbsd|darwin::
        groups => { "wheel" };

    linux::
        groups => { "root" };

    solaris::
        groups => { "sys" };
}

body changes files_changes
# @brief Detect file content changes using sha256
# and report the diff to CFEngine Enterprise
{
        hash           => "sha256";
        report_changes => "content";
        report_diffs   => "true";
        update_hashes  => "yes";
}

body file control
{
        namespace => "default";
}
  bundle agent main
  {
    files:
        "/tmp/dir1/file"
          handle => canonify("$(this.bundle)$(this.promiser)")
,
          create => "true",
          edit_template => "$(this.promise_filename)",
          template_method => "mustache";

        "/tmp/dir2/file"
          handle => canonify("$(this.bundle)$(this.promiser)")
,
          create => "true",
          edit_template => "$(this.promise_filename)",
          template_method => "mustache";
  }







I get this output:





info: Created file '/tmp/dir1/file', mode 0444
info: Updated rendering of '/tmp/dir1/file' from mustache template '/root/./defaultbodies.cf'
info: Created file '/tmp/dir2/file', mode 0444
info: Updated rendering of '/tmp/dir2/file' from mustache template '/root/./defaultbodies.cf'





Unfortunately it looks like this can't yet be combined with

body

inheritance. Because the following isn't working for me.







body file control
{
        namespace => "bodydefault";
}

body perms files_perms
# @brief Set the file owner and group to the system default
# @param mode the access permission in octal format
#
# **Example:**
#
# ```cf3
# files:
#     "/etc/passwd" perms => system_owned("0644");
# ```
{
  inherit_from => default:system_owned("0444");
}

body changes files_changes
# @brief Detect file content changes using sha256
# and report the diff to CFEngine Enterprise
{
  inherit_from => default:changes;
}

body file control
{
        namespace => "default";
}
  bundle agent main
  {
    files:
        "/tmp/dir1/file"
          handle => canonify("$(this.bundle)$(this.promiser)")
,
          create => "true",
          edit_template => "$(this.promise_filename)",
          template_method => "mustache";

        "/tmp/dir2/file"
          handle => canonify("$(this.bundle)$(this.promiser)")
,
          create => "true",
          edit_template => "$(this.promise_filename)",
          template_method => "mustache";
  }







I get:





error: ./default_bodies.cf:0:0: In attribute 'inherit_from', Unknown function. Given attribute value 'default:system_owned("0444")'
error: Fatal CFEngine error: Cannot continue





And default bodies are only defaults for bodies so as you probably noticed,

edit_template, template_method, handle, aren't covered.






In enterprise promise handles are automatically generated. And I think

that behavior moved out to core already. There is an open feature

request (CFE-1634) to implement a default for

template_method. And I don't see any proposals for defaulting key

values generically or edit_template specifically. Perhaps it would

make sense to add something in edit_defaults for these. Since

edit_defaults is a body it could be defaulted, but I believe the

attributes in edit_defaults are currently specific to line based

editing, so I don't know if it would be a good match for template

related defaults or not.







Nick Anderson

Doer of things, CFEngine




Reply all
Reply to author
Forward
0 new messages