-
Notifications
You must be signed in to change notification settings - Fork 4
/
words_of_wisdom
127 lines (127 loc) · 12.5 KB
/
words_of_wisdom
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
# Words of wisdom that the bot might say.
Don't write your own CFEngine policy, use existing frameworks and save time.
A self healing infrastructure means more uninterrupted vacation time.
Use vim_cf3 to edit your CFEngine policy in VIM: https://github.com/neilhwatson/vim_cf3
Use cfengine.el to edit your CFEngine in Emacs: comes with Emacs, or use https://github.com/cfengine/core/blob/master/contrib/cfengine.el
Use the cfengine layer in spacemacs to edit policy. Have the best of both vim and emacs: http://spacemacs.org/layers/+tools/cfengine/README.html
A mistake in your CFEngine policy is a mistake duplicated over a thousand hosts. Fully test your policy.
A well crafted cron script can rescue a broken CFEngine agent.
Third party CFEngine consultants: http://www.verticalsysadmin.com/cfengine/ps.htm
A CFEngine blog: http://watson-wilson.ca/blog/tag/cfengine/
A CFEngine blog: http://www.cmdln.org/tags/cfengine/
A CFEngine blog: http://syslog.me/tag/cfengine/
A primer on autorunning your CFEngine policies: https://digitalelf.net/2014/07/a-primer-on-cfengine-3-dot-6-autorun/
Promising a whole file is better than promising a portion of it.
The CFEngine mailing list: https://groups.google.com/forum/#!forum/help-cfengine
When writing promises think of the end state and not the procedure to get there.
If you write your own CFEngine policy make it as reusable as possible.
Use comments, handles, and promisees to document your promises.
Embrace normal ordering, do not try to change it.
Like crond, CFEngine's environment when it starts a shell process is different than your shell environment. Test commands promises carefully.
The program cf-promises is a syntax checker and more. See cf-promises --help.
Central promise reporting is available through CFEngine addons CFEngine Enterprise, Rudder, and Delta Reporting. Search topics for more info.
Ask me for help.
Ask me about CFEngine best practices, and learn from CFEngine Champions.
CFEngine Enterprise is free up to 25 hosts.
Idempotence and convergence are the two fundamental CFEngine promise properties.
CFEngine is built on the foundation of promise theory.
Promise syntax: "promiser string" -> "optional promisee" attribute1 => "value1", attribute2 => "value2", ...;
These promise attributes are universal and can apply to any promise: `ifvarclass` `if` `unless` `comment` `handle` `meta`
New in 3.7: "mycontainer" data => '{ ... JSON data ... }'; # no need for parsejson()
New in 3.7: string_mustache() to create a string from a Mustache template.
New in 3.7: in Mustache templates, {{@}} is the iteration key.
New in 3.7: in Mustache templates, {{%variable}} serializes a variable as multi-line JSON and {{$variable}} in a single line.
New in 3.7: JSON output is canonical (keys in maps are always sorted).
New in 3.7: new packages promises with pluggable backends. See https://docs.cfengine.com/latest/reference-standard-library-package_modules.html for the package module protocol.
New in 3.7: YAML support, see readyaml() and parseyaml() and readdata().
New in 3.7: readdata("filename", "auto|YAML|JSON|CSV") will use the file extension in auto mode.
New in 3.7: CSV read into data container with readcsv()
New in 3.7: if (same as ifvarclass) and unless universal promise attributes.
New in 3.7: @if macro to exclude a portion of text from parsing based on the CFEngine version.
New in 3.7: data_expand() function to expand variable references in a data container.
New in 3.7: def.json to make changing the defaults really easy.
Watch Mark Burgesses CFEngine in a day training https://www.youtube.com/watch?v=zviHfjKz1nM
New in 3.8: body inheritance https://docs.cfengine.com/docs/3.8/reference-promise-types.html#inherit_from
New in 3.8: HTTP GET support in url_get() function https://docs.cfengine.com/docs/3.8/reference-functions-url_get.html
New in 3.8: @if feature syntax to include policy based on whether a feature was compiled in https://docs.cfengine.com/docs/3.8/reference-macros.html#features
New in 3.8: module protocol allows class persistence `^persistence=<minutes>` https://docs.cfengine.com/docs/3.8/reference-promise-types-commands.html#module
New in 3.8: stdlib has simpler, easier results classes body https://docs.cfengine.com/docs/3.8/reference-standard-library-common.html#results
New in 3.8: stage your masterfiles from Git or Subversion with https://github.com/cfengine/core/tree/master/contrib/masterfiles-stage
New in 3.8: class expressions can separate with spaces: `linux . Friday` https://docs.cfengine.com/docs/3.8/reference-language-concepts-classes.html#operators-and-precedence
New in 3.8: def.json parsed in C, **before** any policy evaluation
Changed in 3.8: `sys.libdir` and `sys.local_libdir` no longer include the version, because @if is now available
Changed in 3.8 and 3.7.2: cf-agent, cf-execd, cf-promises, cf-runagent and cf-serverd honor multiple -D, -N and -s arguments
Changed in 3.8: the JSON parser now supports unquoted strings as keys e.g. { mykey: 123 }
New in 3.9: namespaced classes can be specified on the command line
New in 3.9: mapdata("canonify", "$(this)", mycontainer_or_list) canonifies a container or list https://docs.cfengine.com/docs/master/reference-functions-mapdata.html
New in 3.9: processexists() and findprocesses() functions
New in 3.9: regex_replace() function to do PCRE search and replace https://docs.cfengine.com/docs/master/reference-functions-regex_replace.html
Changed in 3.9: returnszero() no longer outputs the output of a command (use -I to see it)
New in 3.9: iprange() can look at a specific interface only https://docs.cfengine.com/docs/master/reference-functions-iprange.html
New in 3.9: symbolic file modes can use "="
New in 3.9: FreeBSD ports package manager
New in 3.9: AIX nimclient package manager
New in 3.9: FIFOs can be managed from policy
New in 3.9: /proc/net networking parsed to data containers: sys.inet, sys.inet6, sys.interface_data
New in 3.9: /proc/net networking connections parsed with network_connections() functions
New in 3.9: sys.ip2iface reverse map from IP address to interface
New in 3.9: mapdata("json_pipe", "jq invocation", mycontainer_or_list) transforms a container or list through a JSON pipe tool like jq https://docs.cfengine.com/docs/master/reference-functions-mapdata.html
Changed in 3.9: "true" is always defined and "false" is never defined in a context expression.
New in 3.9: callstack_callers() and callstack_promisers() functions
New in 3.9: In Mustache templates, {{#-top-}} and {{/-top-}} iterate over the top level element in a container
New in 3.9: new -w argument to override the workdir for testing
New in 3.9: mailfilter_include and mailfilter_exclude in body executor to control cf-execd e-mail verbosity
New in 3.9: file_make_mustache bundle to render mustache templates
New in 3.9: cf-agent, cf-execd, cf-promises, cf-runagent and cf-serverd honor multiple -D, -N and -s arguments
New in 3.9: printfile bodies in the stdlib
New in 3.9: results classes body in the stdlib
New in 3.9: cf-runagent --remote-bundles and cf-serverd "bundle" access promise
New in 3.9: commands promise "arglist" attribute to give arguments as slist, augmenting "args" attribute
New in 3.9: reference variables in inline JSON, for example: mergedata('[ thing, { "mykey": otherthing[123] } ]') will look up "thing" and "otherthing"
New in 3.9: inline JSON can be used in almost all functions that so far took only slists, e.g. product() and sort()
New in 3.9: almost all functions that take or return slists or data containers can be wrapped: sort(variablesmatching(...))
Changed in 3.9: new package promises are the default
New in 3.9: bodydefault:<promise_type>_<body_type> body will be used by all promises of type <promise_type> unless another body is explicitly used.
Changed in 3.9: eval() function arguments mode and options are now optional, defaulting to infix math.
Changed in 3.9: sort() function argument is now optional, defaulting to "lex".
Changed in 3.9: returnszero() no longer outputs the output of a command
Changed in 3.9: "maxbytes" argument of readjson() and readyaml() is now optional, defaulting to maxint
Changed in 3.9: connections without TLS protocol are rejected by default
Changed in 3.9: Policy files specified in the "inputs" section of def.json are not auto-loaded (specify them directly with @(def.inputs))
Changed in 3.9: filestat(path, "linktarget") now follows non-absolute links and returns full path of target
Changed in 3.9: (bootstrap|failsafe)_mode during update.cf when triggered from failsafe.cf
Changed in 3.9: readintlist(), readreallist(), readstringlist(): parsing an empty file is not a failure, just an empty list
New in 3.9: classes: "foo"; # no need for "expression => 'any'"--this is always defined
New in 3.10: eval() supports < <= > >=
New in 3.10: testing jUnit and TAP bundles in the standard library
New in 3.10: isipinsubnet() function to see if an IP matches a subnet
New in 3.10: edit_line body contains_literal_string in standard library
New in 3.10: variablesmatching_as_data() function like variablesmatching() but returns all data *contents* in a container
New in 3.10: specify agent maxconnections and append to bundlesequence via def.json
New in 3.10: getuserinfo() function to describe a user account
New in 3.10: sys.user_data container for user starting agent (same format as getuserinfo())
New in 3.10: allow maplist(), maparray(), and mapdata() to evaluate function calls during iteration, behaving like a true functional map
Changed in 3.10: iteration engine improvements and cf_null eradicated (test your old policies!)
Changed in 3.10: services promises can use any string as the service state
Changed in 3.10: strict transport security enabled
Changed in 3.10: getvariablemetatags() and getclassmetatags() take an optional second argument to get a specific tag key
Changed in 3.10: sys.user_data container for user starting agent.
Changed in 3.10: allow ifelse(FALSE, $(x), "something else") to work, even if x is not defined
New in 3.11: `with` attribute added to help avoid unnecessary intermediary variables
- 3.7 LTS released July 17th 2015, supported until August 31st 2018. https://cfengine.com/extended-support/
- 3.10 LTS released December 28th 2016, supported until December 28th 2019. https://cfengine.com/extended-support/
- 3.12 LTS released June 28th 2019, supported until June 28th 2021. https://cfengine.com/extended-support/
- New in 3.12: More specific augments can be merged on top of the default using the `augments` key. https://docs.cfengine.com/docs/3.12/reference-language-concepts-augments.html
- New in 3.12: Policy entry specific bundlesequnce with `__main__` bundles. https://docs.cfengine.com/docs/3.12/reference-language-concepts-bundles.html#library-main-bundles
- New in 3.12: `hash_to_int()` policy function for decentralized grouping and orchestration. https://docs.cfengine.com/docs/master/reference-functions-hash_to_int.html
- New in 3.12: `missing_ok` attribute in `copy_from` bodies allows remote files to be treated as a promise KEPT. https://docs.cfengine.com/docs/3.12/reference-promise-types-files.html#missing_ok
- New in 3.12: `sys.policy_entry_basename` variable containing the first policy file read by the agent. https://docs.cfengine.com/docs/3.12/reference-special-variables-sys.html#sys-policy_entry_basename
- New in 3.12: `sys.policy_entry_dirname` variable containing the full path to the directory containing the first policy file read by the agent. https://docs.cfengine.com/docs/3.12/reference-special-variables-sys.html#sys-policy_entry_dirname
- New in 3.12: `sys.policy_entry_filename` variables containing the full path to the first policy file read by the agent. https://docs.cfengine.com/docs/3.12/reference-special-variables-sys.html#sys-policy_entry_filename
- New in 3.12: `inline_mustache` `template_method` allows specification of mustache templates without requiring an external template file.https://docs.cfengine.com/docs/3.12/reference-promise-types-files.html#template_data
- New in 3.12: `cf-net` component for interacting with the CFEngine network protocol via CLI. https://docs.cfengine.com/docs/3.12/reference-components-cf-net.html
- New in 3.12: `--log-level` option allows easier specification of the desired log level.
- New in 3.12: Custom `measurements` type promises are available in cfengine community.
- New in 3.12: `max_bytes` parameter to file reading functions is now optional and defaults to `inf`
- New in 3.12: `/etc/os-release` is used for classification for better support of newer Linux distributions.
- New in 3.12: Many MPF tunables have been exposed via augments to avoid making changes to vendored policy and to make policy framework upgrades easier. https://docs.cfengine.com/docs/3.12/reference-masterfiles-policy-framework.html#configuration