Here's an EFL bundle that simplifies access promises for cf-serverd. CFEngine users with a complex environment will especially benefit. --- The Evolve Thinking Free Library or EFL provides commonly used promise bundles that you can configure using simple CSV parameter files. You don't need a PHD in CFEngie to get things done.

Unlike EFL agent bundles the server bundle efl_server cannot be passed parameter files. The is a CFEngine limit. Instead variable 'efl_server_txt' in the bundle 'efl_c' defines the location of the parameter file to ${sys.workdir}/inputs/user_data/bundle_params/efl_server.txt. The file format has four columns from zero to three.

• Zero is the constraining class expression. The record is only promised if this class expression is true.

• One is the promiser directory that we are granting access to.

• Two is comma separated list of IP's or hostnames who we grant access to (see admit).

• Three is a free form promisee for documentation and searching.

  Context(0) ;; promiser directory(1) ;; Command separated admit list(2) ;; Promisee(3)

  am_policy_hub ;; ${sys.workdir}/masterfiles ;; 2001:470:1d:a2f::/64 ;; Bootstrapping and updates ettin ;; ${sys.workdir}/private/alix/ ;; 2001:470:1d:a2f::1 ;; 6in4 tunnel mercury ;; /var/www/blog1/ ;; ${sys.policy_hub} ;; Backups titan ;; /var/www/evolve/ ;; ${sys.policy_hub} ;; Backups any ;; ${sys.workdir}/drop/ ;; ${sys.policy_hub} ;; File transfers as needed

If you run cf-serverd -Fvl you'll see the access rules being applied.

cf3> *****************************************************************
cf3> BUNDLE efl_server
cf3> *****************************************************************
cf3>    =========================================================
cf3>    access in bundle efl_server (0)
cf3>    =========================================================
cf3> . . . . . . . . . . . . . . . . . . . . . . . . . . . . 
cf3> Skipping whole next promise (/var/www/evolve-wp/), as var-context titan is not relevant
cf3> . . . . . . . . . . . . . . . . . . . . . . . . . . . . 
cf3> . . . . . . . . . . . . . . . . . . . . . . . . . . . . 
cf3> Skipping whole next promise (/var/www/blog1/), as var-context mercury is not relevant
cf3> . . . . . . . . . . . . . . . . . . . . . . . . . . . . 
cf3> Summarize control promises
cf3> Granted access to paths :
cf3> Path '/var/cfengine/private/alix' (encrypt=0)
cf3> Admit: '2001:470:1d:a2f::1' root=
cf3> Path '/var/cfengine/drop' (encrypt=0)
cf3> Admit: '2001:470:1d:a2f::2' root=

When you upgrade CFEngine the upgrade offers new inputs like the sever bundle 'access_rules' in the file cf_server.cf. If you have access rules in that bundle you'll need to merge the old file with the upgrade's improved file. Using the efl_server bundle the data is separated from policy eliminating the need to merge policy files.

Using the edit_template feature in CFEngine allows you create service configuration files based on the knowledge of cf-agent. Context/class constraints and variables can be included inside a CFEngine template. Read on to learn more.

Continue reading Template configuration files using CFEngine...

What follows is a list of CFEngine bugs, and work-arounds if I have them, that affect projects I'm working on and may also affect yours.

Continue reading My 'favourite' CFEngine bugs...

EFL makes using CFEngine both simple and easy. EFL is a collection of data driven bundles that promise many common configuration states. Here are a few examples covering just a few bundles found in EFL.

Continue reading Make CFEngine simple using the Evolve Free Library...

Pull requests for CFEngine Core, at Github, and CFEngine's issue tracker show some interesting proposals for future versions of CFEngine. Here's a quick summary for you.

Continue reading Experimental and coming soon features in CFEngine...