Hi David,
We are now mostly 3.18 for binaries and for MPF. We need to begin the journey to 3.21.
For local reasons, our local policy currently replaces the MPF "services/main.cf" file (which is where bundle "main" is defined) with our own small replacement.
…
Having read Nick Anderson's blog post https://cfengine.com/blog/2022/renaming-bundle-agent-main-in-mpf/ it seems that the bundle name (in our replacement "services/main.cf" file) must be:
- "main" for client MPF 3.18 (and below)
- "mpf_main" for client MPF 3.21 (and above)
My primary question: Is my understanding of this correct?
Yes, that's correct at least from the MPF perspective. In 3.21 and above the default promises.cf
lists mpf_main
in the bundlesequence
instead of main
. Note that 3.18 clients are perfectly capable of running 3.21 MPF, so I think simply renaming your bundle from main
to mpf_main
is the easiest path there.
Secondary question (predicated on the first): to ensure resilient 3.18->3.21 transition, does the following look reasonable?
bundle agent main { methods: any:: "any" usebundle => "mpf_main"; }
bundle agent mpf_main
{ vars: any:: "bundlesequence" slist => { "policy_channels",
"dls_promises" };
methods:
any:: "any" usebundle => "$(bundlesequence)";
}
The intention here is that our common policy (starting at our "main.cf") can work reliably with potentially different client versions of MPF during this transitional phase.
Yes, I see no issue with doing it that way. If your following the standard upgrade flow where your running 3.18 binaries with 3.21 MPF this should not be necessary there is nothing special about the binary version that necessitates main
vs mpf_main
. If however you have some other deployment strategy and you are overlaying this single policy file into a 3.18 policy set running on some 3.18 clients and also overlaying into a 3.21 MPF running on some other clients then I think your suggestion is a good solution.