My 'favourite' CFEngine bugs
What follows is a list of CFEngine bugs, and work-arounds if I have them, that affect projects I'm working on and may also affect yours.
Vars policy is always 'free'.
Versions affect: 3.3.5 to 3.5.2
Variables are supposed to default to 'constant'. That is, its value cannot be changed after initial definition. If you wish to change this, you can set the variable promiser's policy to 'free' (see here). A bug has broken this behavior, causing all vars to be set to 'free'. I have no work around for this bug.
Variables inside arrays are not expanded.
Versions affected: 3.4.1 to 3.5.2
The Evolve free promise library makes liberal use of parameter CSV files that CFEngine interprets as arrays. If these CSV files contain variable names a bug prevents them from being expanded. For a work around you must populate a new array with the contents of the old array. The Evolve free promise library uses this workaround.
Cannot use arrays for method calls
Versions affected: 3.4.0 to 3.5.2
In theory usebundle can point to an array. A bug prevents this. The Evolve free library bundle "efl_bug2638" shows how to work around this.
Promise outcome logging does not work.
Versions affected: 3.4.0 to 3.5.2
Promise action bodies have log_string, and log_(repaired|kept|failed) attributes that allow you to log the outcome of any promise. Bugs prevent this logging of useful information. The work around I have is to reconcile outcome classes, from classes bodies, with the results of the action log. It is very messy involving external scripts.
Agent verbose logging: promiser expansion, process matching, and
promisee misplacement. ###
Versions affected: 3.5.0 to 3.5.2
CFEngine 3.5 introduced a better verbose output including time stamps and a more succinct output. Sadly this feature is too immature, containing multiple bugs. The expansion of variable promisers does not work. The promisee information is logged at the end of promise evaluation rather than at the beginning (you'll find the comment and handle at the beginning, but not promisees). Process matches in processes promises are shown before the promiser. Verbose logs are now more confusing than before. Legacy verbose logging, -lv, can help a little, but some bugs affect both logging forms.
Server verbose logging, file requests are not logged.
Versions affected: 3.5.0 to 3.5.2
Cf-server was also given the improved verbose logging. A bug prevents the server from logging file copy request from cf-agents, making common file copy debugging more difficult than before. Even the legacy verbose output is missing this information. There is no work around.
Repositories and old versions of CFEngine.
Versions affected: all but the latest.
New versions of CFEngine can have 'surprises'. Because of this, people like to keep using old versions and migrate slowly to newer versions. The CFEngine provided repositories only keep the latest version. If you want to pin and install a specific CFEngine version you'll need to create your own repository.
IPV6 only bootstrap
Versions affected: 3.4.0 to 3.5.2
IPV6 provides the end to end connectivity that IPV4 cannot. I've blogged about IPV6 including how to use and get IPV6. Evolve uses IPV6 in production and development. Many programs already fully support IPV6, but CFEngine is not yet one of them. Using the CFEngine policy that it comes packaged with, you cannot bootstrap an agent host to an IPV6 server. The work around is to edit the provided failsafe.cf file removing 'skipidentify' in the agent control body. Alternatively, bootstrap by hand, copying keys and inputs manually.
IPV6 only CFEngine Enterprise server
Versions affected: 3.4.0 to 3.5.2
In testing the other day I could not make the CFEngine Enterprise Mission Portal function on an IPV6 only host. It seems that the web application will not connect to the back-end database using IPV6. There is no workaround.
IPV6 website and repositories
Versions affected: All
CFEngine's website and package repositories have no IPV6 addresses. If you have IPV6 only hosts you'll need a 6to4 service, use Normation's mirror, or make your own mirror.
