Problems using package_modules

[Martin Opitz]

I have the following very short code:

bundle agent ntp
{
  processes:
      "/usr/sbin/ntpd"
        restart_class => "start_ntpd";

  packages:
    debian::
      "chrony"
        policy => "absent",
        package_module => apt_get;
    redhat::
      "chrony"
        policy => "absent",
        package_module => yum;

  commands:
    start_ntpd::
      "systemctl start ntp";
}

but have problems with the package section:

root@testnode:/var/lib/cfengine3/inputs# cf-agent
/var/lib/cfengine3/inputs/lib/ntp.cf:13:0: error: Undefined body apt_get with type package_module
/var/lib/cfengine3/inputs/lib/ntp.cf:17:0: error: Undefined body yum with type package_module
   error: Policy failed validation with command '"/var/lib/cfengine3/bin/cf-promises" -c "/var/lib/cfengine3/inputs/promises.cf"'
   error: Failsafe condition triggered. Interactive session detected, skipping failsafe.cf execution.
   error: Error reading CFEngine policy. Exiting...

Just saw that the cfengine3 debian package is pretty old:

||/ Name                  Version         Architektur     Beschreibung
+++-=====================-===============-===============-===============================================
ii  cfengine3             3.9.1-4.2       amd64           tool for configuring and maintaining network ma

[Bas van der Vlies]

Dear Martin,

Did you install the proper Master Policy Framerworl (MPF) for cfengine in `llb/packages.cf`:
* https://github.com/cfengine/masterfiles/blob/master/lib/packages.cf


There the proper bodies are defined and you also need the python modules:
* https://docs.cfengine.com/docs/3.9/reference-promise-types-packages.html

Second if you can update to the latest stable release 3.15. 3.9 is really very old

regards
--
Bas van der Vlies
| Operations, Support & Development | SURFsara | Science Park 140 | 1098 XG Amsterdam
| T +31 (0) 20 800 1300 | bas.van...@surf.nl | www.surf.nl |

> --
> You received this message because you are subscribed to the Google Groups "help-cfengine" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/help-cfengine/c35bd09c-7777-43b2-9f3c-304c4e8dd0f1n%40googlegroups.com.

[Martin Opitz]

Hi Bas,

i still have problems.

First, i upgraded to 3.15.2:

ii  cfengine-community  3.15.2-1.debia amd64          CFEngine 3 Community

Then, i installed the package.cf you suggested over the existing packages.cf:

-rw-r--r-- 1 root root 91105 Sep 23 09:39 /var/cfengine/share/CoreBase/masterfiles/lib/packages.cf
-rwxr-xr-x 1 root root 91105 Jul 16  2011 /var/cfengine/share/CoreBase/masterfiles/lib/packages.cf.orig

Still i have the error:

root@testnode:~# cf-agent
/var/cfengine/inputs/lib/ntp.cf:13:0: error: Undefined body apt_get with type package_module
/var/cfengine/inputs/lib/ntp.cf:17:0: error: Undefined body yum with type package_module
   error: Policy failed validation with command '"/var/cfengine/bin/cf-promises" -c "/var/cfengine/inputs/promises.cf"'

   error: Failsafe condition triggered. Interactive session detected, skipping failsafe.cf execution.
   error: Error reading CFEngine policy. Exiting...

[Vratislav Podzimek]

Hi Martin,

On Wed, 2020-09-23 at 00:55 -0700, Martin Opitz wrote:
> Hi Bas,
>
> i still have problems.
> First, i upgraded to 3.15.2:
> ii cfengine-community 3.15.2-1.debia amd64 CFEngine 3 Community
>
> Then, i installed the package.cf you suggested over the existing packages.cf:
> -rw-r--r-- 1 root root 91105 Sep 23 09:39 /var/cfengine/share/CoreBase/masterfiles/lib/packages.cf
> -rwxr-xr-x 1 root root 91105 Jul 16 2011 /var/cfengine/share/CoreBase/masterfiles/lib/packages.cf.orig
>
> Still i have the error:
> root@testnode:~# cf-agent
> /var/cfengine/inputs/lib/ntp.cf:13:0: error: Undefined body apt_get with type package_module
> /var/cfengine/inputs/lib/ntp.cf:17:0: error: Undefined body yum with type package_module
> error: Policy failed validation with command '"/var/cfengine/bin/cf-promises" -c "/var/cfengine/inputs/promises.cf"'
> error: Failsafe condition triggered. Interactive session detected, skipping failsafe.cf execution.
> error: Error reading CFEngine policy. Exiting...

Is packages.cf somewhere in 'inputs'? You can try running 'cf-agent --verbose' or 'cf-agent --debug'
to see if it actually processes the file.

--
Vratislav

[Martin Opitz]

Even in debug mode, the packages.cf does not appear:

# "/var/cfengine/bin/cf-promises" -d -c "/var/cfengine/inputs/promises.cf" | grep /var/cfengine/share

/var/cfengine/inputs/lib/ntp.cf:13:0: error: Undefined body apt_get with type package_module
/var/cfengine/inputs/lib/ntp.cf:17:0: error: Undefined body yum with type package_module

[Vratislav Podzimek]

On Wed, 2020-09-23 at 01:45 -0700, Martin Opitz wrote:
> Even in debug mode, the packages.cf does not appear:
>
> # "/var/cfengine/bin/cf-promises" -d -c "/var/cfengine/inputs/promises.cf" | grep /var/cfengine/share
> /var/cfengine/inputs/lib/ntp.cf:13:0: error: Undefined body apt_get with type package_module
> /var/cfengine/inputs/lib/ntp.cf:17:0: error: Undefined body yum with type package_module

What does
grep -R 'packages\.cf' /var/cfengine/inputs
say? It should be somewhere in the 'inputs' lists.

--
Vratislav

[Martin Opitz]

Hi,

as you suggested, i put the packages.cf module in my input list:

body common control
{
  bundlesequence => { "my_test", "ntp" };
  inputs => {
    "/var/cfengine/share/CoreBase/masterfiles/controls/def.cf",
    "/var/cfengine/share/CoreBase/masterfiles/lib/packages.cf",
    "$(sys.libdir)/my_test.cf",
    "$(sys.libdir)/ntp.cf"
  };
}

Now the apt_get module is running.

But it gives me an error:

verbose: B: *****************************************************************
 verbose: B: BEGIN bundle ntp
 verbose: B: *****************************************************************
 verbose: Using new package promise.
 verbose: P: .........................................................
 verbose: P: BEGIN promise 'promise_ntp_cf_11' of type "packages" (pass 1)
 verbose: P:    Promiser/affected object: 'chrony'
 verbose: P:    Part of bundle: ntp
 verbose: P:    Base context class: debian
 verbose: P:    Stack path: /default/ntp/packages/'chrony'[1]
 verbose: Command '/var/cfengine/modules/packages/apt_get supports-api-version' returned with non zero return code: 1
    info: Error occurred while getting supported API version.
   error: unsupported package module wrapper API version: -1
   error: Some error occurred while contacting package module - promise: chrony

For reference: the promise looks:

bundle agent ntp
{
  processes:
      "/usr/sbin/ntpd"
        restart_class => "start_ntpd";

  packages:
    debian::
      "chrony"
        policy => "absent",
        package_module => apt_get;

[Vratislav Podzimek]

What if you run '/var/cfengine/modules/packages/apt_get supports-api-version' manually? I guess
there is some other problem. Probably with the /var/cfengine/bin/python symlink, we have seen issues
with that recently.

Are you using the update.cf MPF policy for updating/fetching policy?

--
Vratislav

[Martin Opitz]

Hi Vratislav,

the problem was indeed the missing /var/cfengine/bin/python, i have now established a link to /usr/bin/python and now it works.

Thank you for pointing this out.

I didn't know about update.cf, should i use it to upgrade my clients?

[Vratislav Podzimek]

On Thu, 2020-09-24 at 02:16 -0700, Martin Opitz wrote:
> Hi Vratislav,
>
> the problem was indeed the missing /var/cfengine/bin/python, i have now established a link to /usr/bin/python and now it works.
> Thank you for pointing this out.
>
> I didn't know about update.cf, should i use it to upgrade my clients?

It's the default mechanism for distributing policy and keeping it in sync. We recommend using it,
but there are people who prefer other mechanisms. And sometimes we forget about people not using it,
like in this case of the Python symlink...

--
Vratislav