About promises.cf for clients.

temp...@gmail.com

unread,

Jan 12, 2019, 10:56:29 PM1/12/19

to help-cfengine

Does the promises.cf has to be written for each client?

Because once the input directory is wiped when bootstrapped, I could copy the promises.cf from server to client manually. Then I noticed when I run cfagent -v it doesn't copy the input directory instead it copies masterfiles.

So rather than copying the promises.cf from policy hub, I wrote a simple promises.cf for the client in which I've defined bundle agent copy_from to copy the policy hub input directory files to the client machine. Now the problem seems to be that cf-agent doesn't execute the copied inputs files so I wonder if I have to write bundle agent shellcommands to run cf-agent -f input_files.cf ?

Here is the promises.cf for the client I've written. This copies the files but cf-agent doesn't execute the cf files.

body common control {
bundlesequence => { "mycopy" };
inputs => { "/var/cfengine/masterfiles/lib/files.cf" };
}

body server control {
#       skipverify      => { "10.10.10.*" };
        allowconnects   => { "10.10.10.*" };
        allowallconnects        => { "10.10.10.*" };
        logallconnections       => "true";
        bindtointerface => "10.10.10.58";
        cfruncommand    => "$(sys.workdir)/bin/cf-agent";
        allowusers      => { "root" };
}

bundle server access_rules()
{
access:
"/var/cfengine/inputs"
admit => { "10.10.10.*" };
"/var/cfengine/masterfiles"
admit => { "10.10.10.*" };
}

bundle agent mycopy
{
files:

"/var/cfengine/inputs/cf.amanda.conf"
copy_from => remote_dcp("/var/cfengine/inputs/cf.amanda.conf","10.10.10.58");
}

Aleksey Tsalolikhin

unread,

Jan 13, 2019, 9:28:03 AM1/13/19

to temp...@gmail.com, help-cfengine

No, promises.cf does not have to be written for each client

Could you please go through the CFEngine Primer at https://digitalelf.net/cf-primer/ ? Slide https://digitalelf.net/cf-primer/#(51) particularly, which shows the data flow from policy distribution point (the CFEngine server) to all hosts running the CFEngine agent.

Best,

Aleksey

--

Achieve real learning. Email trai...@verticalsysadmin.com.

--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.
To post to this group, send email to help-c...@googlegroups.com.
Visit this group at https://groups.google.com/group/help-cfengine.
For more options, visit https://groups.google.com/d/optout.

temp...@gmail.com

unread,

Jan 14, 2019, 12:13:36 AM1/14/19

to help-cfengine

Alright. Can you share a sample promises.cf file? I know there is one in /var/cfengine/masterfiles/promises.cf but I'm looking for a client version of promises.cf that you might have written.

Aleksey Tsalolikhin

unread,

Jan 14, 2019, 8:43:16 AM1/14/19

to temp...@gmail.com, help-cfengine

We use the one from /var/cfengine/masterfiles/promises.cf

It distributed to all hosts.

Site customizations go under services/.

To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengine+unsubscribe@googlegroups.com.

To post to this group, send email to help-c...@googlegroups.com.
Visit this group at https://groups.google.com/group/help-cfengine.
For more options, visit https://groups.google.com/d/optout.

--

temp...@gmail.com

unread,

Jan 15, 2019, 1:11:52 AM1/15/19

to help-cfengine

I copied the /var/cfengine/masterfiles/promises.cf onto the client machine and then ran cf-agent -v command but that did not copy any input files from the master host. Am I missing something?

Aleksey Tsalolikhin

unread,

Jan 15, 2019, 1:19:18 AM1/15/19

to temp...@gmail.com, help-cfengine

Did you run "cf-agent -B master" where master is the master host?

To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengine+unsubscribe@googlegroups.com.

To post to this group, send email to help-c...@googlegroups.com.
Visit this group at https://groups.google.com/group/help-cfengine.
For more options, visit https://groups.google.com/d/optout.

Ole Herman Schumacher Elgesem

unread,

Jan 15, 2019, 5:04:41 AM1/15/19

to temp...@gmail.com, help-cfengine, Aleksey Tsalolikhin

First of all, is there a good reason why you don’t want to use the default masterfiles?

Typically you install and bootstrap a policy server and clients, without making changes to the default masterfiles policy. In this policy, update.cf will copy all your policy from /var/cfengine/masterfiles (on server) to /var/cfengine/inputs (on clients). promises.cf will perform all other configuration tasks, making changes to system, files, permissions, users, etc.

Once that works, you can add your own custom policy to /var/cfengine/masterfiles/services. The default update.cf policy will distribute this for you, and all you have to do is to enable the policy to run. You can do this by adding it to inputs and bundle sequence in an augments file [1] or using autorun [2]. As much as possible you should try to not edit the default policy files.

What you’re trying to do isn’t impossible, but it’s much easier to follow the default setup and tutorials to get started. The resource Aleksey linked is a good place to start:

https://digitalelf.net/cf-primer/

As Aleksey points out, you might not have bootstrapped [3] the client to the policy server. As to why exactly your policy is not doing what you’re expecting, you probably need to read logs, or show them to us here. To get verbose logging output from the server, kill it and restart it in foreground:

cf-serverd --verbose --no-fork

And similarly for agent:

cf-agent --verbose --no-lock

This will give you a lot of information about what the binaries are doing, and why.

Ole Herman

CFEngine core developer

[1] https://docs.cfengine.com/docs/3.12/reference-language-concepts-augments.html

[2] https://cfengine.com/company/blog-detail/modular-policies-with-autorun-and-the-augments_file/

[3] https://docs.cfengine.com/docs/3.12/guide-installation-and-configuration-secure-bootstrap.html

Message has been deleted

temp...@gmail.com

unread,

Jan 15, 2019, 7:20:40 AM1/15/19

to help-cfengine

The log file got cut off. Here is the pastebin.com link to the log file. https://pastebin.com/Yk7Aqj2S

temp...@gmail.com

unread,

Jan 15, 2019, 7:21:10 AM1/15/19

to help-cfengine

The log file got cut off. Here is the pastebin.com link to the log file. https://pastebin.com/Yk7Aqj2S

Ole Herman Schumacher Elgesem

unread,

Jan 15, 2019, 7:45:50 AM1/15/19

to temp...@gmail.com, help-cfengine

Did you read the rest of my answer?

It looks like you are not executing the correct promises.cf file. “mycopy" is not mentioned in your verbose output. cf-agent runs /var/cfengine/inputs/promises.cf by default, and there is likely nothing which copies policy from masterfiles to inputs.

Did you bootstrap first, as Aleksey and I suggested?

-Ole Herman

temp...@gmail.com

unread,

Jan 17, 2019, 4:06:38 AM1/17/19

to help-cfengine

I did bootstrap and masterfiles does copy to inputs directory.

The two things I'm trying to achieve is:

copy master server /var/cfengine/inputs/ to /var/cfengine/inputs onto client.
Execute all copied input files (*.cf) on the client machine.

digitalelf.net doesn't have any examples about to how to do that.

Marco Marongiu

unread,

Jan 17, 2019, 4:44:41 AM1/17/19

to help-c...@googlegroups.com

On 17/01/19 10:06, temp...@gmail.com wrote:
> # copy master server /var/cfengine/inputs/ to /var/cfengine/inputs
> onto client.
CFEngine is not designed to work that way: all clients (including the
policy server) copy policy server's /var/cfengine/masterfiles into their
/var/cfengine/inputs.

Stop putting effort in trying CFEngine do what it's not suppose to do.
Float downstream, not upstream: do things the way they are supposed to
be done and you'll save yourself time and frustration.

Just my opinion

Ciao
-- bronto

Aleksey Tsalolikhin

unread,

Jan 18, 2019, 1:07:03 PM1/18/19

to temp...@gmail.com, help-cfengine

> I did bootstrap already. It does copies /var/cfengine/masterfiles to /var/cfengine/inputs on client but the /var/cfengine/inputs/ are not copied to client.

Good then you're done. That is how it is supposed to work. if you want to distribute a policy change then publish it in masterfiles. :)

On Tuesday, January 15, 2019, <temp...@gmail.com> wrote:

I did bootstrap already. It does copies /var/cfengine/masterfiles to /var/cfengine/inputs on client but the /var/cfengine/inputs/ are not copied to client.

Here is the client log.

[root@logshost inputs]# cf-agent --verbose --no-lock
verbose: Could not open extension plugin 'cfengine-enterprise.so' from '/var/cfengine/lib/cfengine-enterprise.so': (not installed)
verbose: CFEngine Core 3.13.0
verbose: ----------------------------------------------------------------
verbose: Initialization preamble
verbose: ----------------------------------------------------------------
verbose: Default port for cfengine is 5308
verbose: Work directory is /var/cfengine
verbose: Making sure that internal directories are private...
verbose: Checking integrity of the trusted workdir
verbose: Checking integrity of the state database
verbose: Checking integrity of the module directory
verbose: Checking integrity of the PKI directory
verbose: Loaded private key at '/var/cfengine/ppkeys/localhost.priv'
verbose: Loaded public key '/var/cfengine/ppkeys/localhost.pub'
verbose: Reference time set to 'Tue Jan 15 04:13:57 2019'
verbose: CFEngine Core 3.13.0 - ready
verbose: ----------------------------------------------------------------
verbose: Environment discovery
verbose: ----------------------------------------------------------------
verbose: Host name is: logshost
verbose: Operating System Type is linux
verbose: Operating System Release is 3.10.0-693.el7.x86_64
verbose: Architecture = x86_64
verbose: CFEngine detected operating system description is linux
verbose: The time is now Tue Jan 15 04:13:57 2019
verbose: Additional hard class defined as: 64_bit
verbose: Additional hard class defined as: linux_3_10_0_693_el7_x86_64
verbose: Additional hard class defined as: linux_x86_64
verbose: Additional hard class defined as: linux_x86_64_3_10_0_693_el7_x86_64
verbose: GNU autoconf class from compile time: compiled_on_linux_gnu
verbose: Address given by nameserver: 10.49.64.59
verbose: No interface exception file /var/cfengine/inputs/ignore_interfaces.rx
verbose: Interface 1: lo
verbose: Interface 2: ens224
verbose: IP address of host set to 10.49.64.59
verbose: Trying to locate my IPv6 address
verbose: Reading netstat info from /proc/net/netstat
verbose: Reading (null) info from /proc/net/route
verbose: Reading (null) info from /proc/net/snmp6
verbose: Reading (null) info from /proc/net/ipv6_route
verbose: Reading (null) info from /proc/net/if_inet6
verbose: Reading interfaces_data info from /proc/net/dev
verbose: Looking for environment from cf-monitord...
verbose: Loading environment...
verbose: Environment data loaded
verbose: This appears to be a redhat (or redhat-based) system.
verbose: Looking for redhat linux info in 'CentOS Linux release 7.4.1708 (Core) '
verbose: Found 4 processors
verbose: Loading persistent classes
verbose: Persistent class 'cfengine_out_high_ldt' for 6 more minutes
verbose: Persistent class 'cpu0_high_ldt' for 8 more minutes
verbose: Persistent class 'cpu1_high_ldt' for 8 more minutes
verbose: Persistent class 'cpu2_high_ldt' for 8 more minutes
verbose: Persistent class 'cpu3_high_ldt' for 8 more minutes
verbose: Persistent class 'cpu_high_ldt' for 8 more minutes
verbose: Persistent class 'io_writes_high_ldt' for 8 more minutes
verbose: Persistent class 'io_writtendata_high_ldt' for 8 more minutes
verbose: Persistent class 'loadavg_high_ldt' for 8 more minutes
verbose: Persistent class 'otherprocs_high_ldt' for 8 more minutes
verbose: Persistent class 'smtp_out_high_ldt' for 8 more minutes
verbose: This agent is bootstrapped to: 10.49.64.58
verbose: Loading JSON augments from '/var/cfengine/inputs/def.json' (input dir '/var/cfengine/inputs', input file '/var/cfengine/inputs/promises.cf'
verbose: could not load JSON augments from '/var/cfengine/inputs/def.json'
verbose: >> Detected change in /var/cfengine/inputs
verbose: Quick search detected file changes
verbose: Input file is changed since last validation, validating it
verbose: Verifying the syntax of the inputs...
verbose: Checking policy with command '"/var/cfengine/bin/cf-promises" -c "/var/cfengine/inputs/promises.cf"'
verbose: Saved policy validated marker file '/var/cfengine/masterfiles/cf_promises_validated'
verbose: ----------------------------------------------------------------
verbose: Loading policy
verbose: ----------------------------------------------------------------
verbose: BEGIN parsing file: /var/cfengine/inputs/promises.cf
verbose: END   parsing file: /var/cfengine/inputs/promises.cf
verbose: C:     + Global class: specific_linux_os
verbose: SET common package_module: $(package_module_knowledge.platform_default)
verbose: BEGIN parsing file: /var/cfengine/inputs/controls/def.cf
verbose: END   parsing file: /var/cfengine/inputs/controls/def.cf
verbose: Skipping promise 'acl' because constraint 'ifvarclass => and(isvariable("override_data_acl"),"!feature_def_json_preparse")' is not met
verbose: Skipping promise 'trustkeysfrom' because constraint 'ifvarclass => and(isvariable("override_data_trustkeysfrom"),"!feature_def_json_preparse")' is not met
verbose: Skipping promise 'control_agent_default_repository' because constraint 'if => mpf_control_agent_default_repository' is not met
verbose: mergedata: argument 'default:def.control_common_bundlesequence_end' does not resolve to a container or a list or a CFEngine array
verbose: mergedata: argument 'default:def.control_common_bundlesequence_end' does not resolve to a container or a list or a CFEngine array
verbose: getvalues: argument 'default:def.tbse' does not resolve to a container or a list or a CFEngine array
verbose: some: argument 'default:def.control_agent_files_single_copy' does not resolve to a container or a list or a CFEngine array
verbose: Skipping promise 'control_agent_files_single_copy' because constraint 'ifvarclass => not(some(".*","control_agent_files_single_copy"))' is not met
verbose: C:     + Global class: cfengine_internal_rotate_logs
verbose: C:     + Global class: cfengine_internal_agent_email
verbose: C:     + Global class: mpf_stdlib_use_posix_utils
verbose: Skipping promise 'augments_inputs' because constraint 'ifvarclass => not(isvariable("augments_inputs"))' is not met
verbose: Skipping promise 'domain' because constraint 'ifvarclass => not(isvariable("domain"))' is not met
verbose: Skipping promise 'mailto' because constraint 'ifvarclass => not(isvariable("mailto"))' is not met
verbose: Skipping promise 'mailfrom' because constraint 'ifvarclass => not(isvariable("mailfrom"))' is not met
verbose: Skipping promise 'smtpserver' because constraint 'ifvarclass => not(isvariable("smtpserver"))' is not met
verbose: Skipping promise 'acl' because constraint 'ifvarclass => and(isvariable("override_data_acl"),"!feature_def_json_preparse")' is not met
verbose: Skipping promise 'acl' because constraint 'ifvarclass => and(not(isvariable("override_data_acl")),not(isvariable("acl")))' is not met
verbose: Skipping promise 'trustkeysfrom' because constraint 'ifvarclass => and(isvariable("override_data_trustkeysfrom"),"!feature_def_json_preparse")' is not met
verbose: Skipping promise 'trustkeysfrom' because constraint 'ifvarclass => and(not(isvariable("override_data_trustkeysfrom")),not(isvariable("trustkeysfrom")))' is not met
verbose: Skipping promise 'control_agent_default_repository' because constraint 'if => mpf_control_agent_default_repository' is not met
verbose: Skipping promise 'control_agent_maxconnections' because constraint 'ifvarclass => not(isvariable("control_agent_maxconnections"))' is not met
verbose: mergedata: argument 'default:def.control_common_bundlesequence_end' does not resolve to a container or a list or a CFEngine array
verbose: mergedata: argument 'default:def.control_common_bundlesequence_end' does not resolve to a container or a list or a CFEngine array
verbose: getvalues: argument 'default:def.tbse' does not resolve to a container or a list or a CFEngine array
verbose: some: argument 'default:def.control_agent_files_single_copy' does not resolve to a container or a list or a CFEngine array
verbose: Skipping promise 'control_agent_files_single_copy' because constraint 'ifvarclass => not(some(".*","control_agent_files_single_copy"))' is not met
verbose: Skipping promise 'control_server_maxconnections' because constraint 'ifvarclass => not(isvariable("control_server_maxconnections"))' is not met
verbose: Skipping promise 'max_client_history_size' because constraint 'unless => isvariable("max_client_history_size")' is not met
verbose: Skipping promise 'lldpctl_json' because constraint 'if => isvariable("def.lldpctl_json")' is not met
verbose: C:     + Global class: disable_inventory_lsb
verbose: C:     + Global class: disable_inventory_LLDP
verbose: C:     + Global class: disable_inventory_cmdb
verbose: Skipping promise 'lldpctl_json' because constraint 'if => isvariable("def.lldpctl_json")' is not met
verbose: BEGIN parsing file: /var/cfengine/inputs/controls/def_inputs.cf
verbose: END   parsing file: /var/cfengine/inputs/controls/def_inputs.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/inventory/any.cf
verbose: END   parsing file: /var/cfengine/inputs/inventory/any.cf
verbose: Skipping promise 'cmdb' because constraint 'ifvarclass => fileexists("$(file)")' is not met
verbose: Skipping promise 'cmdb_string' because constraint 'ifvarclass => isvariable("cmdb")' is not met
verbose: Skipping iteration since variable 'bkeys' resolves to an empty list
verbose: Skipping iteration since variable 'bkeys' resolves to an empty list
verbose: BEGIN parsing file: /var/cfengine/inputs/inventory/linux.cf
verbose: END   parsing file: /var/cfengine/inputs/inventory/linux.cf
verbose: Skipping promise 'dgw_ipv4_iface' because constraint 'ifvarclass => strcmp("$(proc_routes[$(routeidx)][1])","00000000")' is not met
verbose: Skipping promise 'dgw_ipv4_iface' because constraint 'ifvarclass => strcmp("$(proc_routes[$(routeidx)][1])","00000000")' is not met
verbose: Skipping promise 'dgw_ipv4_iface' because constraint 'ifvarclass => strcmp("$(proc_routes[$(routeidx)][1])","00000000")' is not met
verbose: Skipping promise 'dgw_ipv4_iface' because constraint 'ifvarclass => strcmp("$(proc_routes[$(routeidx)][1])","00000000")' is not met
verbose: C:     + Global class: has_os_release
verbose: C:     + Global class: has_proc_1_cmdline
verbose: Skipping promise 'dgw_ipv4_iface' because constraint 'ifvarclass => strcmp("$(proc_routes[$(routeidx)][1])","00000000")' is not met
verbose: Skipping promise 'dgw_ipv4_iface' because constraint 'ifvarclass => strcmp("$(proc_routes[$(routeidx)][1])","00000000")' is not met
verbose: Skipping promise 'dgw_ipv4_iface' because constraint 'ifvarclass => strcmp("$(proc_routes[$(routeidx)][1])","00000000")' is not met
verbose: Skipping promise 'dgw_ipv4_iface' because constraint 'ifvarclass => strcmp("$(proc_routes[$(routeidx)][1])","00000000")' is not met
verbose: BEGIN parsing file: /var/cfengine/inputs/inventory/lsb.cf
verbose: END   parsing file: /var/cfengine/inputs/inventory/lsb.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/inventory/redhat.cf
verbose: END   parsing file: /var/cfengine/inputs/inventory/redhat.cf
verbose: C:     + Global class: redhat_derived
verbose: returnszero ran 'python -V 2>&1 | grep ^Python | cut -d' ' -f 2 | ( IFS=. read v1 v2 v3 ; [ $v1 -ge 3 ] || [ $v1 -eq 2 -a $v2 -ge 4 ] )' successfully and it returned zero
verbose: Caching result for function 'returnszero("python -V 2>&1 | grep ^Python | cut -d' ' -f 2 | ( IFS=. read v1 v2 v3 ; [ $v1 -ge 3 ] || [ $v1 -eq 2 -a $v2 -ge 4 ] )","useshell")'
verbose: C:     + Global class: cfe_yum_package_module_supported
verbose: BEGIN parsing file: /var/cfengine/inputs/inventory/os.cf
verbose: END   parsing file: /var/cfengine/inputs/inventory/os.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/sketches/meta/api-runfile.cf
verbose: END   parsing file: /var/cfengine/inputs/sketches/meta/api-runfile.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/cfe_internal/core/limit_robot_agents.cf
verbose: END   parsing file: /var/cfengine/inputs/cfe_internal/core/limit_robot_agents.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/cfe_internal/CFE_cfengine.cf
verbose: END   parsing file: /var/cfengine/inputs/cfe_internal/CFE_cfengine.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/cfe_internal/core/main.cf
verbose: END   parsing file: /var/cfengine/inputs/cfe_internal/core/main.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/cfe_internal/core/log_rotation.cf
verbose: END   parsing file: /var/cfengine/inputs/cfe_internal/core/log_rotation.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/cfe_internal/core/host_info_report.cf
verbose: END   parsing file: /var/cfengine/inputs/cfe_internal/core/host_info_report.cf
verbose: Cannot open the installed packages inventory '/var/cfengine/state/software_packages.csv' - This is not necessarily an error. Either the inventory policy has not been included, or it has not had time to have an effect yet or you are usingnew package promise and check for legacy promise is made.A future call may still succeed. (fopen: No such file or directory)
verbose: BEGIN parsing file: /var/cfengine/inputs/cfe_internal/core/watchdog/watchdog.cf
verbose: END   parsing file: /var/cfengine/inputs/cfe_internal/core/watchdog/watchdog.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/controls/cf_serverd.cf
verbose: END   parsing file: /var/cfengine/inputs/controls/cf_serverd.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/controls/cf_execd.cf
verbose: END   parsing file: /var/cfengine/inputs/controls/cf_execd.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/controls/cf_monitord.cf
verbose: END   parsing file: /var/cfengine/inputs/controls/cf_monitord.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/controls/cf_agent.cf
verbose: END   parsing file: /var/cfengine/inputs/controls/cf_agent.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/controls/cf_runagent.cf
verbose: END   parsing file: /var/cfengine/inputs/controls/cf_runagent.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/stdlib.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/stdlib.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/commands.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/commands.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/guest_environments.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/guest_environments.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/reports.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/reports.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/packages.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/packages.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/paths.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/paths.cf
verbose: C:     + Global class: _have_bin_env
verbose: C:     + Global class: _have_bin_systemctl
verbose: C:     + Global class: _stdlib_has_path_groupadd
verbose: C:     + Global class: _stdlib_has_path_iptables_save
verbose: C:     + Global class: _stdlib_has_path_ifconfig
verbose: C:     + Global class: _stdlib_has_path_groupdel
verbose: C:     + Global class: _stdlib_has_path_egrep
verbose: C:     + Global class: _stdlib_has_path_getfacl
verbose: C:     + Global class: _stdlib_has_path_createrepo
verbose: C:     + Global class: _stdlib_has_path_logger
verbose: C:     + Global class: _stdlib_has_path_mailx
verbose: C:     + Global class: _stdlib_has_path_service
verbose: C:     + Global class: _stdlib_has_path_ethtool
verbose: C:     + Global class: _stdlib_has_path_free
verbose: C:     + Global class: _stdlib_has_path_diff
verbose: C:     + Global class: _stdlib_has_path_curl
verbose: C:     + Global class: _stdlib_has_path_netstat
verbose: C:     + Global class: _stdlib_has_path_virtualenv
verbose: C:     + Global class: _stdlib_has_path_rpm
verbose: C:     + Global class: _stdlib_has_path_cat
verbose: C:     + Global class: _stdlib_has_path_sysctl
verbose: C:     + Global class: _stdlib_has_path_tr
verbose: C:     + Global class: _stdlib_has_path_hostname
verbose: C:     + Global class: _stdlib_has_path_bc
verbose: C:     + Global class: _stdlib_has_path_dc
verbose: C:     + Global class: _stdlib_has_path_svc
verbose: C:     + Global class: _stdlib_has_path_echo
verbose: C:     + Global class: _stdlib_has_path_crontab
verbose: C:     + Global class: _stdlib_has_path_nologin
verbose: C:     + Global class: _stdlib_has_path_test
verbose: C:     + Global class: _stdlib_has_path_npm
verbose: C:     + Global class: _stdlib_has_path_cksum
verbose: C:     + Global class: _stdlib_has_path_ip
verbose: C:     + Global class: _stdlib_has_path_userdel
verbose: C:     + Global class: _stdlib_has_path_awk
verbose: C:     + Global class: _stdlib_has_path_ping
verbose: C:     + Global class: _stdlib_has_path_lsof
verbose: C:     + Global class: _stdlib_has_path_env
verbose: C:     + Global class: _stdlib_has_path_dig
verbose: C:     + Global class: _stdlib_has_path_perl
verbose: C:     + Global class: _stdlib_has_path_cut
verbose: C:     + Global class: _stdlib_has_path_domainname
verbose: C:     + Global class: _stdlib_has_path_wc
verbose: C:     + Global class: _stdlib_has_path_tar
verbose: C:     + Global class: _stdlib_has_path_pgrep
verbose: C:     + Global class: _stdlib_has_path_useradd
verbose: C:     + Global class: _stdlib_has_path_pip
verbose: C:     + Global class: _stdlib_has_path_find
verbose: C:     + Global class: _stdlib_has_path_init
verbose: C:     + Global class: _stdlib_has_path_df
verbose: C:     + Global class: _stdlib_has_path_grep
verbose: C:     + Global class: _stdlib_has_path_printf
verbose: C:     + Global class: _stdlib_has_path_realpath
verbose: C:     + Global class: _stdlib_has_path_shadow
verbose: C:     + Global class: _stdlib_has_path_sort
verbose: C:     + Global class: _stdlib_has_path_systemctl
verbose: C:     + Global class: _stdlib_has_path_yum
verbose: C:     + Global class: _stdlib_has_path_chkconfig
verbose: C:     + Global class: _stdlib_has_path_ls
verbose: C:     + Global class: _stdlib_has_path_crontabs
verbose: C:     + Global class: _stdlib_has_path_lsattr
verbose: C:     + Global class: _stdlib_has_path_wget
verbose: C:     + Global class: _stdlib_has_path_getent
verbose: C:     + Global class: _stdlib_has_path_sed
verbose: C:     + Global class: _stdlib_has_path_iptables
verbose: C:     + Global class: _stdlib_has_path_git
verbose: C:     + Global class: _stdlib_path_exists_groupadd
verbose: C:     + Global class: _stdlib_path_exists_iptables_save
verbose: C:     + Global class: _stdlib_path_exists_ifconfig
verbose: C:     + Global class: _stdlib_path_exists_groupdel
verbose: C:     + Global class: _stdlib_path_exists_egrep
verbose: C:     + Global class: _stdlib_path_exists_getfacl
verbose: C:     + Global class: _stdlib_path_exists_logger
verbose: C:     + Global class: _stdlib_path_exists_mailx
verbose: C:     + Global class: _stdlib_path_exists_service
verbose: C:     + Global class: _stdlib_path_exists_ethtool
verbose: C:     + Global class: _stdlib_path_exists_free
verbose: C:     + Global class: _stdlib_path_exists_diff
verbose: C:     + Global class: _stdlib_path_exists_curl
verbose: C:     + Global class: _stdlib_path_exists_netstat
verbose: C:     + Global class: _stdlib_path_exists_rpm
verbose: C:     + Global class: _stdlib_path_exists_cat
verbose: C:     + Global class: _stdlib_path_exists_sysctl
verbose: C:     + Global class: _stdlib_path_exists_tr
verbose: C:     + Global class: _stdlib_path_exists_hostname
verbose: C:     + Global class: _stdlib_path_exists_svc
verbose: C:     + Global class: _stdlib_path_exists_echo
verbose: C:     + Global class: _stdlib_path_exists_crontab
verbose: C:     + Global class: _stdlib_path_exists_nologin
verbose: C:     + Global class: _stdlib_path_exists_test
verbose: C:     + Global class: _stdlib_path_exists_cksum
verbose: C:     + Global class: _stdlib_path_exists_ip
verbose: C:     + Global class: _stdlib_path_exists_userdel
verbose: C:     + Global class: _stdlib_path_exists_awk
verbose: C:     + Global class: _stdlib_path_exists_ping
verbose: C:     + Global class: _stdlib_path_exists_lsof
verbose: C:     + Global class: _stdlib_path_exists_env
verbose: C:     + Global class: _stdlib_path_exists_dig
verbose: C:     + Global class: _stdlib_path_exists_perl
verbose: C:     + Global class: _stdlib_path_exists_cut
verbose: C:     + Global class: _stdlib_path_exists_domainname
verbose: C:     + Global class: _stdlib_path_exists_wc
verbose: C:     + Global class: _stdlib_path_exists_tar
verbose: C:     + Global class: _stdlib_path_exists_pgrep
verbose: C:     + Global class: _stdlib_path_exists_useradd
verbose: C:     + Global class: _stdlib_path_exists_find
verbose: C:     + Global class: _stdlib_path_exists_init
verbose: C:     + Global class: _stdlib_path_exists_df
verbose: C:     + Global class: _stdlib_path_exists_grep
verbose: C:     + Global class: _stdlib_path_exists_printf
verbose: C:     + Global class: _stdlib_path_exists_realpath
verbose: C:     + Global class: _stdlib_path_exists_shadow
verbose: C:     + Global class: _stdlib_path_exists_sort
verbose: C:     + Global class: _stdlib_path_exists_systemctl
verbose: C:     + Global class: _stdlib_path_exists_yum
verbose: C:     + Global class: _stdlib_path_exists_chkconfig
verbose: C:     + Global class: _stdlib_path_exists_ls
verbose: C:     + Global class: _stdlib_path_exists_crontabs
verbose: C:     + Global class: _stdlib_path_exists_lsattr
verbose: C:     + Global class: _stdlib_path_exists_wget
verbose: C:     + Global class: _stdlib_path_exists_getent
verbose: C:     + Global class: _stdlib_path_exists_sed
verbose: C:     + Global class: _stdlib_path_exists_iptables
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/files.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/files.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/common.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/common.cf
verbose: Skipping loading of duplicate policy file /var/cfengine/inputs/lib/common.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/users.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/users.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/bundles.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/bundles.cf
verbose: length: argument 'default:run_ifdefined.bundlesfound' does not resolve to a container or a list or a CFEngine array
verbose: length: argument 'default:run_ifdefined.bundlesfound' does not resolve to a container or a list or a CFEngine array
verbose: Skipping loading of duplicate policy file /var/cfengine/inputs/lib/paths.cf
verbose: Skipping loading of duplicate policy file /var/cfengine/inputs/lib/files.cf
verbose: Skipping loading of duplicate policy file /var/cfengine/inputs/lib/commands.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/databases.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/databases.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/monitor.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/monitor.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/cfe_internal.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/cfe_internal.cf
verbose: Skipping iteration since variable 'files' resolves to an empty list
verbose: maparray: argument 'default:cfe_internal_cleanup_agent_reports.reports_size' does not resolve to a container or a list or a CFEngine array
verbose: maparray: argument 'default:cfe_internal_cleanup_agent_reports.reports_size' does not resolve to a container or a list or a CFEngine array
verbose: Skipping loading of duplicate policy file /var/cfengine/inputs/lib/common.cf
verbose: Skipping loading of duplicate policy file /var/cfengine/inputs/lib/commands.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/testing.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/testing.cf
verbose: Skipping iteration since variable 'passed' resolves to an empty list
verbose: Skipping iteration since variable 'failed' resolves to an empty list
verbose: Skipping iteration since variable 'skipped' resolves to an empty list
verbose: Skipping iteration since variable 'todo' resolves to an empty list
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/services.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/services.cf
verbose: Skipping loading of duplicate policy file /var/cfengine/inputs/lib/common.cf
verbose: Skipping loading of duplicate policy file /var/cfengine/inputs/lib/paths.cf
verbose: Skipping loading of duplicate policy file /var/cfengine/inputs/lib/paths.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/cfengine_enterprise_hub_ha.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/cfengine_enterprise_hub_ha.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/edit_xml.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/edit_xml.cf
verbose: Skipping loading of duplicate policy file /var/cfengine/inputs/lib/files.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/storage.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/storage.cf
verbose: Skipping loading of duplicate policy file /var/cfengine/inputs/lib/common.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/cfe_internal_hub.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/cfe_internal_hub.cf
verbose: Skipping iteration since variable 'index' resolves to an empty list
verbose: Skipping iteration since variable 'index' resolves to an empty list
verbose: Skipping loading of duplicate policy file /var/cfengine/inputs/lib/common.cf
verbose: Skipping loading of duplicate policy file /var/cfengine/inputs/lib/commands.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/lib/processes.cf
verbose: END   parsing file: /var/cfengine/inputs/lib/processes.cf
verbose: BEGIN parsing file: /var/cfengine/inputs/services/main.cf
verbose: END   parsing file: /var/cfengine/inputs/services/main.cf
verbose: Running full policy integrity checks
verbose: ----------------------------------------------------------------
verbose: PREFIX LEGEND:
verbose: V: variable or parameter new definition in scope
verbose: C: class/context new definition
verbose: B: bundle start/end execution marker
verbose: P: promise execution output
verbose: A: accounting output
verbose: T: time measurement for stated object (promise or bundle)
verbose: ----------------------------------------------------------------
verbose: ----------------------------------------------------------------
verbose: BEGIN Discovered hard classes:
verbose: C: discovered hard class 10_49_64_59
verbose: C: discovered hard class 127_0_0_1
verbose: C: discovered hard class 4_cpus
verbose: C: discovered hard class 64_bit
verbose: C: discovered hard class Day15
verbose: C: discovered hard class GMT_Afternoon
verbose: C: discovered hard class GMT_Day15
verbose: C: discovered hard class GMT_Hr12
verbose: C: discovered hard class GMT_Hr12_Q1
verbose: C: discovered hard class GMT_January
verbose: C: discovered hard class GMT_Lcycle_0
verbose: C: discovered hard class GMT_Min10_15
verbose: C: discovered hard class GMT_Min13
verbose: C: discovered hard class GMT_Q1
verbose: C: discovered hard class GMT_Tuesday
verbose: C: discovered hard class GMT_Yr2019
verbose: C: discovered hard class Hr04
verbose: C: discovered hard class Hr04_Q1
verbose: C: discovered hard class Hr4
verbose: C: discovered hard class January
verbose: C: discovered hard class Lcycle_0
verbose: C: discovered hard class Min10_15
verbose: C: discovered hard class Min13
verbose: C: discovered hard class Night
verbose: C: discovered hard class PK_MD5_9d5f9a68e20ae69ea03dd5bc8d03e2d0
verbose: C: discovered hard class Q1
verbose: C: discovered hard class Tuesday
verbose: C: discovered hard class Yr2019
verbose: C: discovered hard class agent
verbose: C: discovered hard class any
verbose: C: discovered hard class centos
verbose: C: discovered hard class centos_7
verbose: C: discovered hard class centos_7_4
verbose: C: discovered hard class cfengine
verbose: C: discovered hard class cfengine_3
verbose: C: discovered hard class cfengine_3_13
verbose: C: discovered hard class cfengine_3_13_0
verbose: C: discovered hard class cfengine_in_high
verbose: C: discovered hard class cfengine_out_low
verbose: C: discovered hard class community_edition
verbose: C: discovered hard class compiled_on_linux_gnu
verbose: C: discovered hard class cpu0_high
verbose: C: discovered hard class cpu0_high_ldt
verbose: C: discovered hard class cpu1_high
verbose: C: discovered hard class cpu1_high_ldt
verbose: C: discovered hard class cpu2_high
verbose: C: discovered hard class cpu2_high_ldt
verbose: C: discovered hard class cpu3_high
verbose: C: discovered hard class cpu3_high_ldt
verbose: C: discovered hard class cpu_high
verbose: C: discovered hard class cpu_high_ldt
verbose: C: discovered hard class diskfree_high
verbose: C: discovered hard class entropy_misc_in_low
verbose: C: discovered hard class entropy_misc_out_low
verbose: C: discovered hard class entropy_postgresql_in_low
verbose: C: discovered hard class entropy_postgresql_out_low
verbose: C: discovered hard class entropy_smtp_in_high
verbose: C: discovered hard class entropy_smtp_out_low
verbose: C: discovered hard class entropy_ssh_in_high
verbose: C: discovered hard class feature
verbose: C: discovered hard class feature_curl
verbose: C: discovered hard class feature_def
verbose: C: discovered hard class feature_def_json
verbose: C: discovered hard class feature_def_json_preparse
verbose: C: discovered hard class feature_tls
verbose: C: discovered hard class feature_tls_1
verbose: C: discovered hard class feature_tls_1_0
verbose: C: discovered hard class feature_tls_1_1
verbose: C: discovered hard class feature_tls_1_2
verbose: C: discovered hard class feature_tls_1_3
verbose: C: discovered hard class feature_xml
verbose: C: discovered hard class feature_yaml
verbose: C: discovered hard class inform_mode
verbose: C: discovered hard class io_readdata_high
verbose: C: discovered hard class io_writes_high_ldt
verbose: C: discovered hard class io_writes_normal
verbose: C: discovered hard class io_writtendata_high
verbose: C: discovered hard class io_writtendata_high_ldt
verbose: C: discovered hard class ipv4_10
verbose: C: discovered hard class ipv4_10_49
verbose: C: discovered hard class ipv4_10_49_64
verbose: C: discovered hard class ipv4_10_49_64_59
verbose: C: discovered hard class ipv4_127
verbose: C: discovered hard class ipv4_127_0
verbose: C: discovered hard class ipv4_127_0_0
verbose: C: discovered hard class ipv4_127_0_0_1
verbose: C: discovered hard class linux
verbose: C: discovered hard class linux_3_10_0_693_el7_x86_64
verbose: C: discovered hard class linux_x86_64
verbose: C: discovered hard class linux_x86_64_3_10_0_693_el7_x86_64
verbose: C: discovered hard class linux_x86_64_3_10_0_693_el7_x86_64__1_SMP_Tue_Aug_22_21_09_27_UTC_2017
verbose: C: discovered hard class loadavg_high
verbose: C: discovered hard class loadavg_high_ldt
verbose: C: discovered hard class logshost
verbose: C: discovered hard class mac_00_0c_29_5e_ca_64
verbose: C: discovered hard class mem_cached_high_normal
verbose: C: discovered hard class mem_free_high_normal
verbose: C: discovered hard class mem_freeswap_high_normal
verbose: C: discovered hard class mem_swap_high_normal
verbose: C: discovered hard class mem_total_high_normal
verbose: C: discovered hard class net_iface_ens224
verbose: C: discovered hard class net_iface_lo
verbose: C: discovered hard class otherprocs_high
verbose: C: discovered hard class otherprocs_high_ldt
verbose: C: discovered hard class redhat
verbose: C: discovered hard class rootprocs_high_normal
verbose: C: discovered hard class smtp_in_high
verbose: C: discovered hard class smtp_out_high
verbose: C: discovered hard class smtp_out_high_ldt
verbose: C: discovered hard class ssh_in_high
verbose: C: discovered hard class systemd
verbose: C: discovered hard class users_high
verbose: C: discovered hard class verbose_mode
verbose: C: discovered hard class x86_64
verbose: END Discovered hard classes
verbose: ----------------------------------------------------------------
verbose: BEGIN initial soft classes:
verbose: C: added soft class _have_bin_env
verbose: C: added soft class _have_bin_systemctl
verbose: C: added soft class _stdlib_has_path_awk
verbose: C: added soft class _stdlib_has_path_bc
verbose: C: added soft class _stdlib_has_path_cat
verbose: C: added soft class _stdlib_has_path_chkconfig
verbose: C: added soft class _stdlib_has_path_cksum
verbose: C: added soft class _stdlib_has_path_createrepo
verbose: C: added soft class _stdlib_has_path_crontab
verbose: C: added soft class _stdlib_has_path_crontabs
verbose: C: added soft class _stdlib_has_path_curl
verbose: C: added soft class _stdlib_has_path_cut
verbose: C: added soft class _stdlib_has_path_dc
verbose: C: added soft class _stdlib_has_path_df
verbose: C: added soft class _stdlib_has_path_diff
verbose: C: added soft class _stdlib_has_path_dig
verbose: C: added soft class _stdlib_has_path_domainname
verbose: C: added soft class _stdlib_has_path_echo
verbose: C: added soft class _stdlib_has_path_egrep
verbose: C: added soft class _stdlib_has_path_env
verbose: C: added soft class _stdlib_has_path_ethtool
verbose: C: added soft class _stdlib_has_path_find
verbose: C: added soft class _stdlib_has_path_free
verbose: C: added soft class _stdlib_has_path_getent
verbose: C: added soft class _stdlib_has_path_getfacl
verbose: C: added soft class _stdlib_has_path_git
verbose: C: added soft class _stdlib_has_path_grep
verbose: C: added soft class _stdlib_has_path_groupadd
verbose: C: added soft class _stdlib_has_path_groupdel
verbose: C: added soft class _stdlib_has_path_hostname
verbose: C: added soft class _stdlib_has_path_ifconfig
verbose: C: added soft class _stdlib_has_path_init
verbose: C: added soft class _stdlib_has_path_ip
verbose: C: added soft class _stdlib_has_path_iptables
verbose: C: added soft class _stdlib_has_path_iptables_save
verbose: C: added soft class _stdlib_has_path_logger
verbose: C: added soft class _stdlib_has_path_ls
verbose: C: added soft class _stdlib_has_path_lsattr
verbose: C: added soft class _stdlib_has_path_lsof
verbose: C: added soft class _stdlib_has_path_mailx
verbose: C: added soft class _stdlib_has_path_netstat
verbose: C: added soft class _stdlib_has_path_nologin
verbose: C: added soft class _stdlib_has_path_npm
verbose: C: added soft class _stdlib_has_path_perl
verbose: C: added soft class _stdlib_has_path_pgrep
verbose: C: added soft class _stdlib_has_path_ping
verbose: C: added soft class _stdlib_has_path_pip
verbose: C: added soft class _stdlib_has_path_printf
verbose: C: added soft class _stdlib_has_path_realpath
verbose: C: added soft class _stdlib_has_path_rpm
verbose: C: added soft class _stdlib_has_path_sed
verbose: C: added soft class _stdlib_has_path_service
verbose: C: added soft class _stdlib_has_path_shadow
verbose: C: added soft class _stdlib_has_path_sort
verbose: C: added soft class _stdlib_has_path_svc
verbose: C: added soft class _stdlib_has_path_sysctl
verbose: C: added soft class _stdlib_has_path_systemctl
verbose: C: added soft class _stdlib_has_path_tar
verbose: C: added soft class _stdlib_has_path_test
verbose: C: added soft class _stdlib_has_path_tr
verbose: C: added soft class _stdlib_has_path_useradd
verbose: C: added soft class _stdlib_has_path_userdel
verbose: C: added soft class _stdlib_has_path_virtualenv
verbose: C: added soft class _stdlib_has_path_wc
verbose: C: added soft class _stdlib_has_path_wget
verbose: C: added soft class _stdlib_has_path_yum
verbose: C: added soft class _stdlib_path_exists_awk
verbose: C: added soft class _stdlib_path_exists_cat
verbose: C: added soft class _stdlib_path_exists_chkconfig
verbose: C: added soft class _stdlib_path_exists_cksum
verbose: C: added soft class _stdlib_path_exists_crontab
verbose: C: added soft class _stdlib_path_exists_crontabs
verbose: C: added soft class _stdlib_path_exists_curl
verbose: C: added soft class _stdlib_path_exists_cut
verbose: C: added soft class _stdlib_path_exists_df
verbose: C: added soft class _stdlib_path_exists_diff
verbose: C: added soft class _stdlib_path_exists_dig
verbose: C: added soft class _stdlib_path_exists_domainname
verbose: C: added soft class _stdlib_path_exists_echo
verbose: C: added soft class _stdlib_path_exists_egrep
verbose: C: added soft class _stdlib_path_exists_env
verbose: C: added soft class _stdlib_path_exists_ethtool
verbose: C: added soft class _stdlib_path_exists_find
verbose: C: added soft class _stdlib_path_exists_free
verbose: C: added soft class _stdlib_path_exists_getent
verbose: C: added soft class _stdlib_path_exists_getfacl
verbose: C: added soft class _stdlib_path_exists_grep
verbose: C: added soft class _stdlib_path_exists_groupadd
verbose: C: added soft class _stdlib_path_exists_groupdel
verbose: C: added soft class _stdlib_path_exists_hostname
verbose: C: added soft class _stdlib_path_exists_ifconfig
verbose: C: added soft class _stdlib_path_exists_init
verbose: C: added soft class _stdlib_path_exists_ip
verbose: C: added soft class _stdlib_path_exists_iptables
verbose: C: added soft class _stdlib_path_exists_iptables_save
verbose: C: added soft class _stdlib_path_exists_logger
verbose: C: added soft class _stdlib_path_exists_ls
verbose: C: added soft class _stdlib_path_exists_lsattr
verbose: C: added soft class _stdlib_path_exists_lsof
verbose: C: added soft class _stdlib_path_exists_mailx
verbose: C: added soft class _stdlib_path_exists_netstat
verbose: C: added soft class _stdlib_path_exists_nologin
verbose: C: added soft class _stdlib_path_exists_perl
verbose: C: added soft class _stdlib_path_exists_pgrep
verbose: C: added soft class _stdlib_path_exists_ping
verbose: C: added soft class _stdlib_path_exists_printf
verbose: C: added soft class _stdlib_path_exists_realpath
verbose: C: added soft class _stdlib_path_exists_rpm
verbose: C: added soft class _stdlib_path_exists_sed
verbose: C: added soft class _stdlib_path_exists_service
verbose: C: added soft class _stdlib_path_exists_shadow
verbose: C: added soft class _stdlib_path_exists_sort
verbose: C: added soft class _stdlib_path_exists_svc
verbose: C: added soft class _stdlib_path_exists_sysctl
verbose: C: added soft class _stdlib_path_exists_systemctl
verbose: C: added soft class _stdlib_path_exists_tar
verbose: C: added soft class _stdlib_path_exists_test
verbose: C: added soft class _stdlib_path_exists_tr
verbose: C: added soft class _stdlib_path_exists_useradd
verbose: C: added soft class _stdlib_path_exists_userdel
verbose: C: added soft class _stdlib_path_exists_wc
verbose: C: added soft class _stdlib_path_exists_wget
verbose: C: added soft class _stdlib_path_exists_yum
verbose: C: added soft class cfe_yum_package_module_supported
verbose: C: added soft class cfengine_internal_agent_email
verbose: C: added soft class cfengine_internal_rotate_logs
verbose: C: added soft class cfengine_out_high_ldt
verbose: C: added soft class disable_inventory_LLDP
verbose: C: added soft class disable_inventory_cmdb
verbose: C: added soft class disable_inventory_lsb
verbose: C: added soft class has_os_release
verbose: C: added soft class has_proc_1_cmdline
verbose: C: added soft class mpf_stdlib_use_posix_utils
verbose: C: added soft class redhat_derived
verbose: C: added soft class specific_linux_os
verbose: END initial soft classes
verbose: ----------------------------------------------------------------
verbose: Preliminary variable/class-context convergence
verbose: ----------------------------------------------------------------
verbose: Skipping promise 'augments_inputs' because constraint 'ifvarclass => not(isvariable("augments_inputs"))' is not met
verbose: Skipping promise 'domain' because constraint 'ifvarclass => not(isvariable("domain"))' is not met
verbose: Skipping promise 'mailto' because constraint 'ifvarclass => not(isvariable("mailto"))' is not met
verbose: Skipping promise 'mailfrom' because constraint 'ifvarclass => not(isvariable("mailfrom"))' is not met
verbose: Skipping promise 'smtpserver' because constraint 'ifvarclass => not(isvariable("smtpserver"))' is not met
verbose: Skipping promise 'acl' because constraint 'ifvarclass => and(isvariable("override_data_acl"),"!feature_def_json_preparse")' is not met
verbose: Skipping promise 'acl' because constraint 'ifvarclass => and(not(isvariable("override_data_acl")),not(isvariable("acl")))' is not met
verbose: Skipping promise 'trustkeysfrom' because constraint 'ifvarclass => and(isvariable("override_data_trustkeysfrom"),"!feature_def_json_preparse")' is not met
verbose: Skipping promise 'trustkeysfrom' because constraint 'ifvarclass => and(not(isvariable("override_data_trustkeysfrom")),not(isvariable("trustkeysfrom")))' is not met
verbose: Skipping promise 'control_agent_default_repository' because constraint 'if => mpf_control_agent_default_repository' is not met
verbose: Skipping promise 'control_agent_maxconnections' because constraint 'ifvarclass => not(isvariable("control_agent_maxconnections"))' is not met
verbose: mergedata: argument 'default:def.control_common_bundlesequence_end' does not resolve to a container or a list or a CFEngine array
verbose: mergedata: argument 'default:def.control_common_bundlesequence_end' does not resolve to a container or a list or a CFEngine array
verbose: getvalues: argument 'default:def.tbse' does not resolve to a container or a list or a CFEngine array
verbose: some: argument 'default:def.control_agent_files_single_copy' does not resolve to a container or a list or a CFEngine array
verbose: Skipping promise 'control_agent_files_single_copy' because constraint 'ifvarclass => not(some(".*","control_agent_files_single_copy"))' is not met
verbose: Skipping promise 'control_server_maxconnections' because constraint 'ifvarclass => not(isvariable("control_server_maxconnections"))' is not met
verbose: Skipping promise 'max_client_history_size' because constraint 'unless => isvariable("max_client_history_size")' is not met
verbose: Skipping promise 'lldpctl_json' because constraint 'if => isvariable("def.lldpctl_json")' is not met
verbose: Skipping iteration since variable 'ckeys' resolves to an empty list
verbose: Skipping promise 'cmdb' because constraint 'ifvarclass => fileexists("$(file)")' is not met
verbose: Skipping promise 'cmdb_string' because constraint 'ifvarclass => isvariable("cmdb")' is not met
verbose: Skipping iteration since variable 'bkeys' resolves to an empty list
verbose: Skipping iteration since variable 'bkeys' resolves to an empty list
verbose: Skipping promise 'dgw_ipv4_iface' because constraint 'ifvarclass => strcmp("$(proc_routes[$(routeidx)][1])","00000000")' is not met
verbose: Skipping promise 'dgw_ipv4_iface' because constraint 'ifvarclass => strcmp("$(proc_routes[$(routeidx)][1])","00000000")' is not met
verbose: Skipping promise 'dgw_ipv4_iface' because constraint 'ifvarclass => strcmp("$(proc_routes[$(routeidx)][1])","00000000")' is not met
verbose: Skipping promise 'dgw_ipv4_iface' because constraint 'ifvarclass => strcmp("$(proc_routes[$(routeidx)][1])","00000000")' is not met
verbose: Skipping promise 'cf-serverd' because constraint 'if => (server_controls_repaired|runagent_controls_repaired)' is not met
verbose: Skipping promise 'cf-monitord' because constraint 'if => monitor_controls_repaired' is not met
verbose: Cannot open the installed packages inventory '/var/cfengine/state/software_packages.csv' - This is not necessarily an error. Either the inventory policy has not been included, or it has not had time to have an effect yet or you are usingnew package promise and check for legacy promise is made.A future call may still succeed. (fopen: No such file or directory)
verbose: Skipping promise 'DEBUG $(this.bundle): This bundle does not support Windows' because constraint 'ifvarclass => windows.(DEBUG|DEBUG_$(this.bundle))' is not met
verbose: Skipping promise 'DEBUG $(this.bundle): sorry, can't do file-based installs on $(sys.os)' because constraint 'ifvarclass => (DEBUG|DEBUG_$(this.bundle)).filebased.!suse.!debian.!redhat.!aix.!solaris_pkgadd' is not met
verbose: Embedded function argument does not resolve to a name - probably too many evaluation levels for 'escape'
verbose: Embedded function argument does not resolve to a name - probably too many evaluation levels for 'escape'
verbose: Embedded function argument does not resolve to a name - probably too many evaluation levels for 'escape'
verbose: Embedded function argument does not resolve to a name - probably too many evaluation levels for 'escape'
verbose: Embedded function argument does not resolve to a name - probably too many evaluation levels for 'escape'
verbose: Embedded function argument does not resolve to a name - probably too many evaluation levels for 'escape'
verbose: Embedded function argument does not resolve to a name - probably too many evaluation levels for 'escape'
verbose: Skipping promise '$(line)' because constraint 'ifvarclass => replace_$(cline)_reached' is not met
verbose: Skipping promise 'DEBUG $(this.bundle): deleting $(file) with delete => tidy' because constraint 'ifvarclass => DEBUG|DEBUG_$(this.bundle)' is not met
verbose: Skipping promise 'DEBUG $(this.bundle): copying directory $(from) to $(to)' because constraint 'ifvarclass => DEBUG|DEBUG_$(this.bundle)' is not met
verbose: Skipping promise 'DEBUG $(this.bundle): copying file $(from) to $(to)' because constraint 'ifvarclass => DEBUG|DEBUG_$(this.bundle)' is not met
verbose: Skipping promise 'DEBUG $(this.bundle): creating $(file) with contents '$(str)'' because constraint 'ifvarclass => (DEBUG|DEBUG_$(this.bundle)).(!summarize)' is not met
verbose: Skipping promise 'DEBUG $(this.bundle): creating $(file) with contents '$(summary)'' because constraint 'ifvarclass => (DEBUG|DEBUG_$(this.bundle)).(summarize)' is not met
verbose: Skipping promise 'DEBUG $(this.bundle): creating $(file) with contents '$(str)', mode '$(mode)', owner '$(owner)' and group '$(group)'' because constraint 'ifvarclass => (DEBUG|DEBUG_$(this.bundle)).(!summarize)' is not met
verbose: Skipping promise 'DEBUG $(this.bundle): creating $(file) with contents '$(summary)', mode '$(mode)', owner '$(owner)' and group '$(group)'' because constraint 'ifvarclass => (DEBUG|DEBUG_$(this.bundle)).(summarize)' is not met
verbose: mergedata: argument 'default:file_make_mustache.state' does not resolve to a container or a list or a CFEngine array
verbose: Skipping promise 'DEBUG $(this.bundle): rendering $(file) with template '$(template)'' because constraint 'ifvarclass => DEBUG|DEBUG_$(this.bundle)' is not met
verbose: mergedata: argument 'default:file_make_mustache_with_perms.state' does not resolve to a container or a list or a CFEngine array
verbose: Skipping promise 'DEBUG $(this.bundle): rendering $(file) with template '$(template)'' because constraint 'ifvarclass => DEBUG|DEBUG_$(this.bundle)' is not met
verbose: Skipping promise 'DEBUG $(this.bundle): creating empty $(file) with 0 size' because constraint 'ifvarclass => DEBUG|DEBUG_$(this.bundle)' is not met
verbose: Skipping promise 'DEBUG $(this.bundle): $(link) will be a hard link to $(target)' because constraint 'ifvarclass => DEBUG|DEBUG_$(this.bundle)' is not met
verbose: Skipping promise 'DEBUG $(this.bundle): $(link) will be a symlink to $(target)' because constraint 'ifvarclass => DEBUG|DEBUG_$(this.bundle)' is not met
verbose: Skipping promise '$(this.bundle): $(method) $(host):$(port)/$(uri) got 200 OK' because constraint 'ifvarclass => url_ok_$(chost)' is not met
verbose: Skipping promise '$(this.bundle): $(method) $(host):$(port)/$(uri) did *not* get 200 OK' because constraint 'ifvarclass => url_not_ok_$(chost)' is not met
verbose: length: argument 'default:run_ifdefined.bundlesfound' does not resolve to a container or a list or a CFEngine array
verbose: length: argument 'default:run_ifdefined.bundlesfound' does not resolve to a container or a list or a CFEngine array
verbose: Skipping promise 'any' because constraint 'ifvarclass => strcmp("1","$(count)")' is not met
verbose: Skipping promise 'diff_files' because constraint 'unless => isvariable("$(this.promiser)")' is not met
verbose: Skipping promise 'promise_log_files' because constraint 'unless => isvariable("$(this.promiser)")' is not met
verbose: Skipping promise 'previous_state_files' because constraint 'unless => isvariable("$(this.promiser)")' is not met
verbose: Skipping promise 'untracked_files' because constraint 'unless => isvariable("$(this.promiser)")' is not met
verbose: Skipping iteration since variable 'files' resolves to an empty list
verbose: maparray: argument 'default:cfe_internal_cleanup_agent_reports.reports_size' does not resolve to a container or a list or a CFEngine array
verbose: maparray: argument 'default:cfe_internal_cleanup_agent_reports.reports_size' does not resolve to a container or a list or a CFEngine array
verbose: length: argument 'default:cfe_internal_cleanup_agent_reports.tmpmap' does not resolve to a container or a list or a CFEngine array
verbose: Skipping promise '$(const.n)ok $(message)' because constraint 'ifvarclass => tap.testing_$(classname)' is not met
verbose: Skipping promise '$(const.n)not ok $(message)' because constraint 'ifvarclass => tap.testing_$(classname)_failed' is not met
verbose: Skipping iteration since variable 'passed' resolves to an empty list
verbose: Skipping iteration since variable 'failed' resolves to an empty list
verbose: Skipping iteration since variable 'skipped' resolves to an empty list
verbose: Skipping iteration since variable 'todo' resolves to an empty list
verbose: reglist: argument 'default:standard_services.systemd_service_info' does not resolve to a container or a list or a CFEngine array
verbose: reglist: argument 'default:standard_services.systemd_service_info' does not resolve to a container or a list or a CFEngine array
verbose: reglist: argument 'default:standard_services.systemd_service_info' does not resolve to a container or a list or a CFEngine array
verbose: reglist: argument 'default:standard_services.systemd_service_info' does not resolve to a container or a list or a CFEngine array
verbose: reglist: argument 'default:standard_services.systemd_service_info' does not resolve to a container or a list or a CFEngine array
verbose: reglist: argument 'default:standard_services.systemd_service_info' does not resolve to a container or a list or a CFEngine array
verbose: reglist: argument 'default:standard_services.systemd_service_info' does not resolve to a container or a list or a CFEngine array
verbose: Skipping promise '$(default[cmd][$(default[init])])' because constraint 'ifvarclass => and(not(isvariable("startcommand[$(service)]")),not(isvariable("baseinit[$(service)]")),canonify("start_$(service)"),"no_inits_set")' is not met
verbose: Skipping promise '$(default[cmd][$(inits)])' because constraint 'ifvarclass => and(not(isvariable("startcommand[$(service)]")),not(isvariable("baseinit[$(service)]")),canonify("start_$(service)"),canonify("$(inits)_set"))' is not met
verbose: Skipping promise '$(default[cmd][$(inits)])' because constraint 'ifvarclass => and(not(isvariable("startcommand[$(service)]")),not(isvariable("baseinit[$(service)]")),canonify("start_$(service)"),canonify("$(inits)_set"))' is not met
verbose: Skipping promise '$(default[cmd][$(inits)])' because constraint 'ifvarclass => and(not(isvariable("startcommand[$(service)]")),not(isvariable("baseinit[$(service)]")),canonify("start_$(service)"),canonify("$(inits)_set"))' is not met
verbose: Skipping promise '$(default[cmd][$(inits)])' because constraint 'ifvarclass => and(not(isvariable("startcommand[$(service)]")),not(isvariable("baseinit[$(service)]")),canonify("start_$(service)"),canonify("$(inits)_set"))' is not met
verbose: Skipping promise 'DEBUG $(this.bundle): Using init system $(inits)' because constraint 'ifvarclass => and("DEBUG|DEBUG_$(this.bundle)",and(canonify("$(inits)_set")))' is not met
verbose: Skipping promise 'DEBUG $(this.bundle): Using init system $(inits)' because constraint 'ifvarclass => and("DEBUG|DEBUG_$(this.bundle)",and(canonify("$(inits)_set")))' is not met
verbose: Skipping promise 'DEBUG $(this.bundle): Using init system $(inits)' because constraint 'ifvarclass => and("DEBUG|DEBUG_$(this.bundle)",and(canonify("$(inits)_set")))' is not met
verbose: Skipping promise 'DEBUG $(this.bundle): Using init system $(inits)' because constraint 'ifvarclass => and("DEBUG|DEBUG_$(this.bundle)",and(canonify("$(inits)_set")))' is not met
verbose: Skipping promise 'DEBUG $(this.bundle): No init system is set, using $(default[init])' because constraint 'ifvarclass => (DEBUG|DEBUG_$(this.bundle)).(no_inits_set)' is not met
verbose: Skipping promise 'DEBUG $(this.bundle): The service $(service) needs to be started' because constraint 'ifvarclass => and("DEBUG|DEBUG_$(this.bundle)",and(canonify("start_$(service)")))' is not met
verbose: Skipping promise 'DEBUG $(this.bundle): The default service pattern was used: $(default[pattern])' because constraint 'ifvarclass => and("DEBUG|DEBUG_$(this.bundle)

Nick Anderson

unread,

Jan 18, 2019, 2:42:49 PM1/18/19

to Marco Marongiu, help-c...@googlegroups.com

Hi tempa475,

This is a long thread, so I am just going to respond to many different things at
once.

Does the promises.cf has to be written for each client?

No, that is not typical for cfengine. It's possible, but not typical.
Typically, a single promises.cf is shared with all hosts.

In the default model:

All hosts execute policy from sys.inputdir (usually /var/cfengine/inputs)
All hosts have an update policy (update.cf in the stock MPF)
By default, the update policy copies any files found in masterfiles (usually
/var/cfengine/masterfiles) on the hub aka policy server when it sees that
there is new policy available. This check for new policy available is really
simple, it sees if there is any difference between cf_promises_validated in
masterfiles on the hub and cf_promises_validated in inputs locally.

Aleksey mentioned:

CFEngine Primer slide 51 shows the data flow from policy distribution point

(the CFEngine server) to all hosts running the CFEngine agent.

Herman mentioned:

You bootstrap clients to the policy server (cf-agent --bootstrap MYPOLICYSERVER). This copies files from masterfiles (usually masterfiles is
hosted on a remote host), locally to inputs.
After bootstrapping, you can customize the policy, and changes will be
automatically distributed to the remote agents. Ideally, you can leverage
features like augments and autorun to add your own custom policies without
having to modify the stock files vendored as part of the MPF (Masterfiles
Policy Framework, documentation, repository) because the less you modify the
MPF, the easier it will be to upgrade to a newer version of the MPF.
If your failing to bootstrap, you may need to configure the generic ACL to
allow the remote host access to the policy. You may need to run cf-serverd (on
the hub/policy server) in foreground verbose to see why a remote host is
failing to access something (pkill cf-serverd && cf-serverd -Fv).

You Noted:

I did bootstrap already. It does copies var/cfengine/masterfiles to
/var/cfengine/inputs on client but the /var/cfengine/inputs are not copied to
client.

Yes, this is the expected default behavior. masterfiles is the default
distribution point, inputs is the default place where policy runs from, so
that's where the distributed files get copied to.

The two things I'm trying to achieve is:

copy master server var/cfengine/inputs to /var/cfengine/inputs onto

client.

Why do you want to copy /var/cfengine/inputs from the hub to the client? Why not
just follow the default model, make your edits in masterfiles, and let clients
pull it down naturally?

Execute all copied input files (*.cf) on the client machine.

I am going to nitpick on semantics here. .cf files contain bundles, which in
turn contain promises. You need to specify the bundles that should be run. There
are several ways to do this. While it's possible to make a bunch of standalone
policy files, it's not typical. Typically, .cf files are included together
into a larger set, e.g. promises.cf includes lib/stdlib.cf, and in turn it
includes lib/files.cf, lib/paths.cf, etc … Instead, I suggest thinking
about executing the bundles ( a single .cf file can contain multiple bundles,
you might want all bundles to run, or you might want a subset to run). For
simplicity, and for explicitness you can just stick to methods promises or
autorun for now.

digitalelf.net
https://www.google.com/url?q=https://digitalelf.net/cf-primer/&sa=D&sntz=1&usg=AFQjCNHbUJzCQIDL2Rx-xCuZnde8jSmnJw

doesn't have any examples about to how to do that.

I would not expect it to. It seems a very odd use case given the way things
typically work. Hubs/Policy Servers are typically clients of themselves. That is
to say, they copy from masterfiles locally to inputs locally. It's not clear why
you gain from copying hub inputs to client inputs, instead of copying from
masterfiles to inputs as a standard model. That being said, here is some rope
for you.

First, you would want to write a policy so that the hub will allow access to
/var/cfengine/inputs for your remote client. Create
/var/cfengine/masterfiles/services/my_access_rules.cf with the following
content.

Listing 1: /var/cfengine/masterfiles/services/my_access_rules.cf

bundle server my_access_rules
{
   access:
    policy_server|am_policy_hub::
      "/var/cfengine/inputs"
        handle => "share_hub_inputs",
        admit_ips => { "0.0.0.0/0" };
}

It's a server type bundle named my_access_rules, so it's only going to be
evaluated by the server component (cf-serverd). We make promises about sharing
files using the access promise type. We restrict our promise to hosts that
have the class policy_server or am_policy_hub defined (should be the case on
the hub if you bootstrapped to self, can also check cf-promises --show-classes, or force it by touching /var/cfengine/state/am_policy_hub).
Finally, we promise that /var/cfengine/inputs will admit anyone (who is
trusted) access and we give the promise a unique handle so it's easier to
reference share_hub_inputs.

This policy file needs to be integrated into the policy set. You can do this
without touching any vendored files, just use augments. Create
/var/cfengine/masterfiles/def.json with the following content.

{
  "inputs": [
    "services/my_access_rules.cf"
  ]
}

Now, the file will get added to the list of files and be processed by cf-serverd
when it starts (you will need to make sure it gets re-started after this file
has made it to /var/cfengine/inputs on the hub.

Next, you need to have a policy that copies /var/cfengine/inputs from the hub to
inputs locally. Create /var/cfengine/masterfiles/services/my_inputs_copied_from_hub_inputs.cf

Listing 2: /var/cfengine/masterfiles/services/my_inputs_copied_from_hub_inputs.cf

bundle agent my_inputs_copied_from_hub_inputs 
{
    files:
      !am_policy_hub|policy_server::
         "/var/cfengine/inputs/." 
           copy_from => my_hubs_inputs,
}
body copy_from my_hubs_inputs
{
    servers => { $(sys.policy_server) };
    path => "/var/cfengine/inputs/";
    compare => "digest";
}

This should run during the update policy. If it runs as part of the main policy
(promises.cf) then you will be overwriting files that you are in the middle of
evaluation. We can append to the update policy inputs and append to the update bundlesequence via augments. Edit
/var/cfengine/masterfiles/def.json as shown below.

Listing 3: /var/cfengine/masterfiles/def.json

{
  "inputs": [
    "services/my_access_rules.cf",
  ],
  "vars": {
     "update_inputs": [ "services/my_inputs_copied_from_hub_inputs.cf" ],
     "control_common_update_bundlesequence_end": [ "my_inputs_copied_from_hub_inputs" ]
 }
}

Marco Mentioned:

CFEngine is not designed to work that way: all clients (including the policy
server) copy policy server's /var/cfengine/masterfiles into their
/var/cfengine/inputs.

Well, that's the default model. There are reasons to stray from it, but usually
those reasons are supported with a bunch of environment specific details. And
CFEngine is designed to be flexible, so you can do it that way but you may end
up with a long mailing list thread with people trying to figure out why your
doing what your doing.

Stop putting effort in trying CFEngine do what it's not suppose to do. Float
downstream, not upstream: do things the way they are supposed to be done and
you'll save yourself time and frustration.

Yeah, we don't understand why your trying to stray from the default model.
Probably it would make your life easier to start with defaults, and customize as
necessary.

I can see you really want to have host specific stuff. I would recommend host
specific data combined with standard policy models (I find it easier to separate
that way), but you can just as easily have host specific policy files leveraging
the sys vars like sys.fqhost to determine the right file to load. I have done
host specific policy files before, it's not fun to manage in the long run. There
are good cases for it, but many times, there is a better way.

I think that you would really benefit from some training.

–
Nick Anderson| Doer of Things | (+1) 785-550-1767 | https://northern.tech

user

unread,

Oct 11, 2019, 8:28:39 AM10/11/19

to help-c...@googlegroups.com

I managed to get it working another way which is the right way I guess . I added the cf files to services/cflocal and then add the inputs to masterfiles promises.cf and bundle sequences to Masterfile promises.cf.

But I just started working on the method you mentioned without having to edit any masterfiles promises.

Can you explain this part" Now, the file will get added to the list of files and be processed by cf-serverd

when it starts (you will need to make sure it gets re-started after this file

has made it to /var/cfengine/inputs on the hub." How do I make sure it gets re-started?

Also there is a syntax error in /var/cfengine/masterfiles/services/my_inputs_copied_from_hub_inputs.cf

verbose: Checking policy with command '"/var/cfengine/bin/cf-promises" -c "/var/cfengine/inputs/services/my_inputs_copied_from_hub_inputs.cf"'
/var/cfengine/inputs/services/my_inputs_copied_from_hub_inputs.cf:7:2: error: syntax error
}
^
/var/cfengine/inputs/services/my_inputs_copied_from_hub_inputs.cf:7:2: error: Expected attribute, got '}'

}
^
/var/cfengine/inputs/services/my_inputs_copied_from_hub_inputs.cf:7:2: error: Expected '=>', got '}'
}
^
/var/cfengine/inputs/services/my_inputs_copied_from_hub_inputs.cf:8:5: error: Invalid r-value type 'body'
body copy_from my_hubs_inputs
    ^
/var/cfengine/inputs/services/my_inputs_copied_from_hub_inputs.cf:8:5: error: Unknown constraint 'no lval' in promise type 'files'
body copy_from my_hubs_inputs
    ^
/var/cfengine/inputs/services/my_inputs_copied_from_hub_inputs.cf:8:15: error: Check previous line, Expected ';', got 'copy_from'
body copy_from my_hubs_inputs
              ^
/var/cfengine/inputs/services/my_inputs_copied_from_hub_inputs.cf:8:30: error: Expected promiser string, got 'my_hubs_inputs'
body copy_from my_hubs_inputs
                             ^
/var/cfengine/inputs/services/my_inputs_copied_from_hub_inputs.cf:9:2: error: Expected ';', got '{'
{
^
/var/cfengine/inputs/services/my_inputs_copied_from_hub_inputs.cf:10:12: error: Expected promiser string, got 'servers'
    servers => { $(sys.policy_server) };
           ^
/var/cfengine/inputs/services/my_inputs_copied_from_hub_inputs.cf:10:15: error: Expected ';', got '=>'
    servers => { $(sys.policy_server) };
              ^
/var/cfengine/inputs/services/my_inputs_copied_from_hub_inputs.cf:10:17: error: Expected promiser string, got '{'
    servers => { $(sys.policy_server) };
                ^
/var/cfengine/inputs/services/my_inputs_copied_from_hub_inputs.cf:10:38: error: Expected ';', got '$(sys.policy_server)'
    servers => { $(sys.policy_server) };
                                     ^
/var/cfengine/inputs/services/my_inputs_copied_from_hub_inputs.cf:10:41: error: Expected 'bundle' or 'body' keyword, wrong input ';'
    servers => { $(sys.policy_server) };
                                        ^
Too many errors
   error: Policy failed validation with command '"/var/cfengine/bin/cf-promises" -c "/var/cfengine/inputs/services/my_inputs_copied_from_hub_inputs.cf"'
   error: Failsafe condition triggered. Interactive session detected, skipping failsafe.cf execution.
   error: Error reading CFEngine policy. Exiting...

Content of my_inputs_copied_from_hub_inputs.cf:

user

unread,

Oct 12, 2019, 2:33:55 AM10/12/19

to help-cfengine

bundle agent my_inputs_copied_from_hub_inputs
{
    files:
      !am_policy_hub|policy_server::
         "/var/cfengine/inputs/."

copy_from => my_hubs_inputs;

}
body copy_from my_hubs_inputs
{
servers => { $(sys.policy_server) };
path => "/var/cfengine/inputs/";
compare => "digest";
}

cf-promises -c my_inputs_copied_from_hub_inputs.cf
my_inputs_copied_from_hub_inputs.cf:11:8: error: Unknown selection 'path' for body type 'copy_from'
    path => "/var/cfengine/inputs/";
       ^
   error: There are syntax errors in policy files

Looks like "Path" isn't accepted.

Version: CFEngine Core 3.11.0

Nick Anderson

unread,

Oct 12, 2019, 1:15:40 PM10/12/19

to help-cfengine

        I managed to get it working another way which is the right
        way I guess . I added the cf files to services/cflocal and
        then add the inputs to masterfiles promises.cf and bundle
        sequences to Masterfile promises.cf.

Yes, that is the traditional way to include other policy files.

        But I just started working on the method you mentioned
        without having to edit any masterfiles promises.

        Can you explain this part

        > Now, the file will get added to the list of files and be
        > processed by cf-serverd when it starts (you will need to
        > make sure it gets re-started after this file has made it
        > to /var/cfengine/inputs on the hub.

The missing context from that statement:

This policy file needs to be integrated into the policy set. You can
do this without touching any vendored files, just use augments. Create
`/var/cfengine/masterfiles/def.json' with the following content.

,----
| {
|   "inputs": [
|     "services/my_access_rules.cf"
|   ]
| }
`----

[Augments] is a way to set some variables and classes very early
during component execution. The [`inputs' key in augments] set the
variable `def.augments_inputs' and the MPF (Masterfiles Policy
Framework) will include the listed files by default. You can [search
the MPF] and find that [controls/def_inputs.cf] is where
`def.augments_inputs' is used to extend the set of files via a body
file control statement. And you can see in `promises.cf' that [bundle
common cfengine_controls] that [`def_inputs'] includes
`controls/def.cf' and `controls/def_inputs.cf' and that
[`cfengine_controls.def_inputs' is in turn listed in `inputs' of `body
common control'].

How do I make sure it gets re-started?

The daemon components (`cf-serverd', `cf-execd', `cf-monitord') will
re-load policy if they see that a policy file they are using has
changed. But since def.json is not a policy file, it's data, that
won't work. Making any policy change (even white space only) should
suffice to cause the daemons to re-load, but I would recommend
defining the `mpf_augments_control_enabled' class. As noted in the
documentation for configuring the MPF to automatically restart
components on relevant data change, the MPF contains policy that will
track the variable values used by the components and if it sees change
to a variable value, then it will restart the appropriate component.

Also there is a syntax error in
/var/cfengine/masterfiles/services/my_inputs_copied_from_hub_inputs.cf

,----

| verbose: Checking policy with command '"/var/cfengine/bin/cf-promises" -c "/var/cfengine/inputs/services/my_inputs_copied_from_hub_inputs.cf"'
| /var/cfengine/inputs/services/my_inputs_copied_from_hub_inputs.cf:7:2: error: syntax error
| }
| ^
| /var/cfengine/inputs/services/my_inputs_copied_from_hub_inputs.cf:7:2: error: Expected attribute, got '}'

`----

Note that errors output in a format like gcc,
`/path/to/file:LINE:COLUMN'. That tells us that the error was detected
around line 7, column 2. Quite frequently, you need to look to the
proceeding line to find the error.

Content of my_inputs_copied_from_hub_inputs.cf:

,----

| bundle agent my_inputs_copied_from_hub_inputs
| {
|     files:
|       !am_policy_hub|policy_server::
|          "/var/cfengine/inputs/."
|            copy_from => my_hubs_inputs,
| }
| body copy_from my_hubs_inputs
| {
|     servers => { $(sys.policy_server) };
|     path => "/var/cfengine/inputs/";
|     compare => "digest";
| }

`----

Looking at the policy on line 6, we can see that your promise does not
end with a `;', that's what's causing the syntax error.

These kinds of syntax errors are usually easy to spot if your editor
is configured for syntax highlighting. I use spacemacs (emacs with vim
keybindings) and the [cfengine layer on the develop branch]. Note how
it highlights where the error starts in the attached screenshot.

Learning CFEngine?
- Get the [Learning CFEngine book]
- Read [the docs]
- Reach out to the community on the [help mailing list/google group]
- Reach out to the community in [#cfengine on irc.freenode.net]
- Email [con...@cfengine.com] for Professional Services and Training
- Reach out to [a champion]

[Augments]
<https://docs.cfengine.com/docs/3.12/reference-language-concepts-augments.html>

[`inputs' key in augments]
<https://docs.cfengine.com/docs/3.12/reference-language-concepts-augments.html#inputs>

[search the MPF]
<https://github.com/cfengine/masterfiles/search?q=augments_inputs&unscoped_q=augments_inputs>

[controls/def_inputs.cf]
<https://github.com/cfengine/masterfiles/blob/da31954d6d145a87043c798657ffe8c45f69e84f/controls/def_inputs.cf>

[bundle common cfengine_controls]
<https://github.com/cfengine/masterfiles/blob/2052d9e815fee17ecda2cd518b3d1a2bbcd0965f/promises.cf.in#L237>

[`def_inputs']
<https://github.com/cfengine/masterfiles/blob/2052d9e815fee17ecda2cd518b3d1a2bbcd0965f/promises.cf.in#L242-L247>

[`cfengine_controls.def_inputs' is in turn listed in `inputs' of `body
common control']
<https://github.com/cfengine/masterfiles/blob/2052d9e815fee17ecda2cd518b3d1a2bbcd0965f/promises.cf.in#L32>

[cfengine layer on the develop branch]
<https://github.com/syl20bnr/spacemacs/tree/develop/layers/%2Btools/cfengine>

[Learning CFEngine book] <https://leanpub.com/learning-cfengine/>

[the docs] <https://docs.cfengine.com>

[help mailing list/google group]
<https://groups.google.com/forum/#!forum/help-cfengine>

[#cfengine on irc.freenode.net]
<https://kiwiirc.com/client/irc.cfengine.com/#cfengine>

[con...@cfengine.com] <mailto:con...@cfengine.com>

[a champion] <https://cfengine.com/engage/cfengine-champions/>

emacs-spacemacs-cfengine-layer-highlight-error-location-flycheck.png

Nick Anderson

unread,

Oct 12, 2019, 1:27:00 PM10/12/19

to help-cfengine

On Saturday, October 12, 2019 at 1:33:55 AM UTC-5, user wrote:

cf-promises -c my_inputs_copied_from_hub_inputs.cf
my_inputs_copied_from_hub_inputs.cf:11:8: error: Unknown selection 'path' for body type 'copy_from'
    path => "/var/cfengine/inputs/";
       ^
   error: There are syntax errors in policy files

Looks like "Path" isn't accepted.

Version: CFEngine Core 3.11.0

Reply all

Reply to author

Forward