Download - What is new in CFEngine 3.6
![Page 1: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/1.jpg)
www.cfengine.com
What is new in CFEngine 3.6
![Page 2: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/2.jpg)
What is new
• User promises• TLS protocol• Math expressions• Dynamic inputs• New language functions• Tags• Data containers• File templating
![Page 3: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/3.jpg)
User promises
![Page 4: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/4.jpg)
User promises
• A new promise type• Manage local users on hosts• Make promises about user
characteristics• UID
• Group membership
• Home directory
• Password
• Shell
• Description
![Page 5: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/5.jpg)
User promises - Example
bundle agent my_bundle {
users:
“joe”
policy => “present”,
group_primary => “users”,
groups_secondary => { “printers”,
“db_users” },
home_dir => “/nfs/home/joe”,
home_bundle => setup_home_dir(“joe”);
}
![Page 6: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/6.jpg)
TLS protocol
![Page 7: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/7.jpg)
TLS protocol
• Industry standard security protocol• All traffic is fully encrypted• Transparent to the user• Old protocol
• Deprecated, but still supported
• Can be turned off after upgrade is complete
![Page 8: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/8.jpg)
Math expressions
![Page 9: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/9.jpg)
Math expressions
• New math evaluation function: eval()• Works on strings• String contains expression to evaluate
• Example: eval(“ceil($(sys.cpus) / 4)”)
• Previously required shell script
![Page 10: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/10.jpg)
Math expressions
• Accepts common math operators: +, -, *, /
• Some less common ones too: ^, **, %
• Many common math functions• ceil, floor, log10, log2, log, sqrt, sin, cos, tan, asin, acos, atan, abs, step
• Mathematical constants• e, log2e, log10e, ln2, ln10, pi, pi_2, pi_4, 1_pi, 2_pi, 2_srqtpi, sqrt2, sqrt1_2
• SI-units: K, M, G, T, P
![Page 11: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/11.jpg)
Dynamic inputs
![Page 12: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/12.jpg)
Dynamic inputs
• 3.5:• Input files can only be defined in promises.cf
• Inconvenient; all file additions require editing promises.cf
• 3.6:• file control bodies can contain input files
• Body can be specified once per file• body file control {
inputs => “input_file.cf”;
}
![Page 13: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/13.jpg)
Dynamic inputs - Example
• promises.cfbody common control {
inputs => { “input_file.cf” };
}
• input_file.cfbody file control {
inputs => { “nested_input_file.cf” };
}
![Page 14: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/14.jpg)
New language functions
![Page 15: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/15.jpg)
New language functions
• findfiles(glob1, glob2, ...)• Returns a list of files that match glob pattern
• makerule(target, sources)• Determines whether target needs to be rebuilt from sources
• Inspired by the Unix make program
• packagesmatching(...)• Returns list of installed packages
• List can be filtered by name, version and architecture
![Page 16: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/16.jpg)
New language functions
• canonifyuniquely(test)• Convert a string into a legal class name
• Unlike canonify, name is guaranteed to be unique.
• Useful when making class names from a list of files
• bundlesmatching(regex, tag1, ...)• Returns bundles matching criteria
• Result can be used in a methods promise
• Very powerful together with findfiles
![Page 17: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/17.jpg)
bundlesequence - Example
• bundle common global {
vars:
“policies” slist => findfiles
(“/var/cfengine/inputs/*.cf”);
“bundles” slist => bundlesmatching
(“.*”, “production”);
}
body common control {
inputs => { @(global.policies) };
bundlesequence => { @(global.bundles) };
}
![Page 18: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/18.jpg)
New language functions
• Plenty of others• data_readstringarray
• data_readstringarrayidx
• datastate
• datatype
• getclassmetatags
• getvariablemetatags
• max
• mean
• mergedata
• min
• parsejson
• readjson
• storejson
• string_downcase
• string_head
• string_length
• string_reverse
• string_tail
• string_upcase
• variablesmatching
• variance
![Page 19: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/19.jpg)
Tags
![Page 20: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/20.jpg)
Tags
• Labels that you can attach to bundles and promises
• Certain functions can filter based on tags• bundlesmatching
• classesmatching
• variablesmatching
![Page 21: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/21.jpg)
Tags - Example
• bundle agent my_bundle {
meta: ### Bundle tags
“tags” => { “experimental” };
vars: ### Variable tags
“db_server” string => “106.54.21.90”,
meta => { “mysql”, “trusted” };
classes: ### Class tags
“experimental” expression => “any”,
meta => { “tier_spec” };
}
![Page 22: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/22.jpg)
Data containers
![Page 23: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/23.jpg)
Data containers
• Structured containers (JSON)• “container” data => parsejson('[
{ “user”: “joe”, “groups”: “users” },
{ “user”: “jack”, “groups”: “admins” },
]');
• reports:
“$(container[1][user])”;
• --> R: jack
![Page 24: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/24.jpg)
Data containers
• Can read JSON files• readjson(filename, maxbytes)
• Or fields from a text file• data_readstringarray
(filename, comment, split, maxentries, maxbytes)
• data_readstringarrayidx
(filename, comment, split, maxentries, maxbytes)
• Convert back to JSON• storejson(data_container)
![Page 25: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/25.jpg)
Data containers - Example
• records.txt:• joe,/nfs/home/joe,Joe Smith
jack,/home/jack,Jack Jensen
• Resulting JSON after data_readstringarrayidx• [
[ “joe”, “/nfs/home/joe”, “Joe Smith” ],
[ “jack”, “/home/jack”, “Jack Jensen” ]
]
![Page 26: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/26.jpg)
Data containers - Example
• records.txt:• joe,/nfs/home/joe,Joe Smith
jack,/home/jack,Jack Jensen
• policy.cf:• vars:
“users” data => data_readstringarrayidx
(“records.txt”, “”, “,”, 10, 4000);
“index” slist => getindices(“users”);
users:
“$(users[$(index)][0])”
home_dir => “$(users[$(index)][1])”,
description => “$(users[$(index)][2])”,
policy => “present”;
![Page 27: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/27.jpg)
File templating
![Page 28: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/28.jpg)
File templating
• New templating engine: Mustache• Based on the Mustache templating
language• http://mustache.github.io/
![Page 29: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/29.jpg)
File templating - Example
• promises.cf:• files:
"/etc/motd"
edit_line => motd_edit,
edit_defaults => empty;
}
bundle edit_line motd_edit
{
insert_lines:
“Welcome to this CFEngine managed machine.”;
“This machine pulls policy from $(sys.policy_hub).”;
}
• Result:• Welcome to this CFEngine managed machine.
This machine pulls policy from 10.80.80.1.
![Page 30: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/30.jpg)
File templating - Example
• promises.cf:• files:
"/etc/motd"
edit_template => "template.mustache",
template_method => "mustache";
• template.mustache:• Welcome to this CFEngine managed machine.
This machine pulls policy from {{vars.sys.policy_hub}}.
• Result:• Welcome to this CFEngine managed machine.
This machine pulls policy from 10.80.80.1.
![Page 31: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/31.jpg)
Miscellaneous
• cf-serverd allows distinct key/IP/hostname access controls
• New “shortcut” constraint in server policy allows non-absolute paths in copy_from promises
• New log format
• Many new built-in variables:• sys.uptime, sys.masterdir, this.promiser_ppid, ...
• LMDB replaces Tokyo Cabinet as database backend
• Calls to execresult and returnszero are now cached instead of executing repeatedly
![Page 32: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/32.jpg)
www.cfengine.com
Questions?
![Page 33: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/33.jpg)
www.cfengine.com
Questions?
• User promises• TLS protocol• Math expressions• Dynamic inputs• New language functions• Tags• Data containers• File templating
![Page 34: What is new in CFEngine 3.6](https://reader034.vdocuments.mx/reader034/viewer/2022052619/5558223ed8b42a25588b4c29/html5/thumbnails/34.jpg)
www.cfengine.com
Thank you!