"CFEngine: The agent is in" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.
Did you know you can use variables in class expressions? If you are reading this, you probably are already familiar with the ability to use class expressions to restrict the context of multiple promises. For example, here we have three reports type promises, all guarded by the class expression linux::.
Class expressions are powerful. They let you restrict the context for multiple promises in a single statement. What if you want to further control the context of a specific promise? Let’s take a look at a contrived example: /tmp/feature-friday-28-0.cf command output Here, we have a report showing the distribution we’re running through class expressions protecting the individual promises. We would see I love Linux! on Linux hosts.
When promises are actuated, a class can be defined based on its result. For example, if a promise modifies a file’s content, you could define a class that indicates it has been repaired. However, did you know that promises can have multiple outcomes concurrently? That’s right! Native promises (but not custom promises) can have multiple outcomes. For example, a promise can be both kept and repaired at the same time. Let’s take a look.
There’s a users promise type for managing local users. However, did you know there is also a custom one for managing local groups? You might have seen it mentioned in the CFEngine Build announcement, the blog post on Managing local groups, or in the announcement supporting custom bodies post. But let’s take another look. The easiest way to integrate the groups custom promise type is by using cfbs, simply cfbs add promise-type-groups in your project.
As a developer and user of CFEngine I want to use policy to manage the software on my systems so that I can switch operating systems, distributions, computers and have all my normal tools available wherever I go. Towards this end I searched for a Windows package manager and found one in winget. I showed a prototype in Agent Is In - Episode 37 - Windows package management as well as refined the whole process in Agent Is In - Episode 40 - Windows module workshop.
Generally, cf-agent runs as a privileged user. But did you know that you can also run as an unprivileged user? A major benefit of running cf-agent unprivileged is the ability to prototype policies during development. However, attempting to execute cf-agent as an unprivileged user without proper configuration will result in errors.
"CFEngine: The agent is in" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.
You probably know about the def.json Augments file. However, are you familiar with host_specific.json? The def.json Augments file is read, if it’s adjacent to the policy entry. As such, this file is generally distributed as part of the policy set. Its settings apply to all hosts that receive and run the policy. The host_specific.json Augments file, is on the other hand loaded from the $(sys.workdir)/data/ directory. And it is expected to be independent from the policy.
You have probably heard of cowsay, but have you heard of agentsay? Just in case you haven’t seen the greatness of cowsay, here is an example: command output If you look in core/contrib you will find agentsay among other goodies. It’s a Python script. You can use it to make an agent say something. command output Happy Friday!