Did you know that CFEngine has namespaces? Let’s see how they can facilitate policy sharing while avoiding “duplicate definitions of bundle” errors. Most of the Masterfiles Policy Framework (MPF) and policy examples for CFEngine use the default namespace. However, body file control allows you to specify a namespace that applies for the rest of the file or until it’s set again by another body file control.

Found a bug, asking for help? Use cf-support to collect info quickly. cf-support was born from interactions supporting Enterprise customers to streamline data collection and was introduced in late 2022 with the release of 3.18.31 and 3.21.02. Furthermore, it was featured on The Agent is In3 episode 21 Troubleshooting with cf-support. It gathers various details about the system and creates an archive that you can attach to your ticket.

Editing and copying large files or large numbers of files is slow. For a configuration management tool, it is probably one of the slowest things we do, apart from waiting for other programs to finish or waiting for network communication. In this blog post, we look at how to copy files. More specifically, the most performant approaches available on modern Linux systems. We are working on implementing these techniques so CFEngine and all your policy will copy files more efficiently.

Did you know you can include one policy file from another? Traditionally you specify the files you want to make up a policy set using inputs in body common control found in your policy entry (promises.cf by default). body file control lets you specify additional inputs from any file that’s included in the policy and those files can include other files. Let’s check out a contrived example.

Two modules are available for this task: allow-all-hosts and allow-hosts. The first module, allow-all-hosts, configures the most open situation which is to accept hosts from anywhere. This is only recommended in network restricted environments such as a local machine’s virtual machine network or other such closed down situations.

Ever want to run just a one or a few select bundles from your policy? While developing policy it’s common to run cf-agent -KI so that you can quickly iterate on changes and the run the policy without locks. But if you are focused on select bundles you may not need the full policy to run, you can use the --bundlesequence option to specify one or more bundles overriding the bundlesequence defined in body common control. Let’s check out an example using the Masterfiles Policy Framework (MPF).

Ever wanted to make sure a promise only runs if some other promise has succeeded? Consider this contrived example with two reports type promises, It's Friday! and I love CFEngine Feature Friday. Per normal ordering1, these two promises will be emitted in the written order. /tmp/feature-friday-7.cf command output If we want them in the opposite order, we could either change the order or define classes based on the results of the promises.

Will your policy work? cf-promises can check the CFEngine policy for syntax errors and give you an overview of the host’s context. It’s always a good idea to check your policy for syntax errors. Consider this policy file: /tmp/feature-friday-6.cf Can you spot the error? Let’s see if cf-promises can help: command output The output tells us that there is a syntax error near line 6, column 2. A semicolon (;) was expected but instead, a closing curly brace (}) was found.

Do you maintain multiple policy sets? Do you leverage policy written by others? Ever wished for an easier way to upgrade your policy framework? cfbs can help to improve all of these cases.