What is new in
CFEngine 3.6

www.cfengine.com
What is new
•
•
•
•
•
•
•
•

User promises
TLS protocol
Math expressions
Dynamic inputs
New language functions
Tags
Data c...
User promises
User promises
• A new promise type
• Manage local users on hosts
• Make promises about user
characteristics
• UID
• Group ...
User promises - Example
bundle agent my_bundle {
users:
“joe”
policy => “present”,
group_primary => “users”,
groups_second...
TLS protocol
TLS protocol
•
•
•
•

Industry standard security protocol
All traffic is fully encrypted
Transparent to the user
Old proto...
Math expressions
Math expressions
• New math evaluation function: eval()
• Works on strings
• String contains expression to evaluate
• Exam...
Math expressions
• Accepts common math operators: +, -, *, /
• Some less common ones too: ^, **, %
• Many common math func...
Dynamic inputs
Dynamic inputs
• 3.5:
• Input files can only be defined in promises.cf
• Inconvenient; all file additions require editing ...
Dynamic inputs - Example
• promises.cf
body common control {
inputs => { “input_file.cf” };
}

• input_file.cf
body file c...
New language
functions
New language functions
• findfiles(glob1, glob2, ...)
• Returns a list of files that match glob pattern

• makerule(target...
New language functions
• canonifyuniquely(test)
• Convert a string into a legal class name
• Unlike canonify, name is guar...
bundlesequence - Example
•

bundle common global {
vars:
“policies” slist => findfiles
(“/var/cfengine/inputs/*.cf”);
“bun...
New language functions
• Plenty of others
• data_readstringarray

• readjson

• data_readstringarrayidx

• storejson

• da...
Tags
Tags
• Labels that you can attach to bundles
and promises
• Certain functions can filter based on tags
• bundlesmatching
•...
Tags - Example
•

bundle agent my_bundle {
meta:

### Bundle tags

“tags” => { “experimental” };
vars:

### Variable tags
...
Data containers
Data containers
• Structured containers (JSON)
• “container” data => parsejson('[
{ “user”: “joe”,

“groups”: “users” },

...
Data containers
• Can read JSON files
• readjson(filename, maxbytes)

• Or fields from a text file
• data_readstringarray
...
Data containers - Example
•

records.txt:
• joe,/nfs/home/joe,Joe Smith
jack,/home/jack,Jack Jensen

•

Resulting JSON aft...
Data containers - Example
•

records.txt:
• joe,/nfs/home/joe,Joe Smith
jack,/home/jack,Jack Jensen

•

policy.cf:
• vars:...
File templating
File templating
• New templating engine: Mustache
• Based on the Mustache templating
language
• http://mustache.github.io/
File templating - Example
• promises.cf:
• files:
"/etc/motd"
edit_line => motd_edit,
edit_defaults => empty;
}
bundle edi...
File templating - Example
• promises.cf:
• files:
"/etc/motd"
edit_template => "template.mustache",
template_method => "mu...
Miscellaneous
•

cf-serverd allows distinct key/IP/hostname access
controls

•

New “shortcut” constraint in server policy...
Questions?

www.cfengine.com
Questions?
•
•
•
•
•
•
•
•

User promises
TLS protocol
Math expressions
Dynamic inputs
New language functions
Tags
Data co...
Thank you!

www.cfengine.com
Upcoming SlideShare
Loading in …5
×

What is new in CFEngine 3.6

1,100 views
921 views

Published on

This talk will introduce new CFEngine 3.6 features, we have these bullet points:

User promises
TLS protocol
Math expressions
Dynamic inputs
New language functions
Tags
Data containers
File templating

Presentation by Kristian Amlie of CFEngine

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,100
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

What is new in CFEngine 3.6

  1. 1. What is new in CFEngine 3.6 www.cfengine.com
  2. 2. What is new • • • • • • • • User promises TLS protocol Math expressions Dynamic inputs New language functions Tags Data containers File templating
  3. 3. User promises
  4. 4. User promises • A new promise type • Manage local users on hosts • Make promises about user characteristics • UID • Group membership • Home directory • Password • Shell • Description
  5. 5. User promises - Example bundle agent my_bundle { users: “joe” policy => “present”, group_primary => “users”, groups_secondary => { “printers”, “db_users” }, home_dir => “/nfs/home/joe”, home_bundle => setup_home_dir(“joe”); }
  6. 6. TLS protocol
  7. 7. TLS protocol • • • • Industry standard security protocol All traffic is fully encrypted Transparent to the user Old protocol • Deprecated, but still supported • Can be turned off after upgrade is complete
  8. 8. Math expressions
  9. 9. Math expressions • New math evaluation function: eval() • Works on strings • String contains expression to evaluate • Example: eval(“ceil($(sys.cpus) / 4)”) • Previously required shell script
  10. 10. Math expressions • Accepts common math operators: +, -, *, / • Some less common ones too: ^, **, % • Many common math functions • ceil, floor, log10, log2, log, sqrt, sin, cos, tan, asin, acos, atan, abs, step • Mathematical constants • e, log2e, log10e, ln2, ln10, pi, pi_2, pi_4, 1_pi, 2_pi, 2_srqtpi, sqrt2, sqrt1_2 • SI-units: K, M, G, T, P
  11. 11. Dynamic inputs
  12. 12. Dynamic inputs • 3.5: • Input files can only be defined in promises.cf • Inconvenient; all file additions require editing promises.cf • 3.6: • file control bodies can contain input files • Body can be specified once per file • body file control { inputs => “input_file.cf”; }
  13. 13. Dynamic inputs - Example • promises.cf body common control { inputs => { “input_file.cf” }; } • input_file.cf body file control { inputs => { “nested_input_file.cf” }; }
  14. 14. New language functions
  15. 15. New language functions • findfiles(glob1, glob2, ...) • Returns a list of files that match glob pattern • makerule(target, sources) • Determines whether target needs to be rebuilt from sources • Inspired by the Unix make program • packagesmatching(...) • Returns list of installed packages • List can be filtered by name, version and architecture
  16. 16. New language functions • canonifyuniquely(test) • Convert a string into a legal class name • Unlike canonify, name is guaranteed to be unique. • Useful when making class names from a list of files • bundlesmatching(regex, tag1, ...) • Returns bundles matching criteria • Result can be used in a methods promise • Very powerful together with findfiles
  17. 17. bundlesequence - Example • bundle common global { vars: “policies” slist => findfiles (“/var/cfengine/inputs/*.cf”); “bundles” slist => bundlesmatching (“.*”, “production”); } body common control { inputs => { @(global.policies) }; bundlesequence => { @(global.bundles) }; }
  18. 18. New language functions • Plenty of others • data_readstringarray • readjson • data_readstringarrayidx • storejson • datastate • string_downcase • datatype • string_head • getclassmetatags • string_length • getvariablemetatags • string_reverse • max • string_tail • mean • string_upcase • mergedata • variablesmatching • min • variance • parsejson
  19. 19. Tags
  20. 20. Tags • Labels that you can attach to bundles and promises • Certain functions can filter based on tags • bundlesmatching • classesmatching • variablesmatching
  21. 21. Tags - Example • bundle agent my_bundle { meta: ### Bundle tags “tags” => { “experimental” }; vars: ### Variable tags “db_server” string => “106.54.21.90”, meta => { “mysql”, “trusted” }; classes: ### Class tags “experimental” expression => “any”, meta => { “tier_spec” }; }
  22. 22. Data containers
  23. 23. Data containers • Structured containers (JSON) • “container” data => parsejson('[ { “user”: “joe”, “groups”: “users” }, { “user”: “jack”, “groups”: “admins” }, ]'); • reports: “$(container[1][user])”; • --> R: jack
  24. 24. Data containers • Can read JSON files • readjson(filename, maxbytes) • Or fields from a text file • data_readstringarray (filename, comment, split, maxentries, maxbytes) • data_readstringarrayidx (filename, comment, split, maxentries, maxbytes) • Convert back to JSON • storejson(data_container)
  25. 25. Data containers - Example • records.txt: • joe,/nfs/home/joe,Joe Smith jack,/home/jack,Jack Jensen • Resulting JSON after data_readstringarrayidx • [ [ “joe”, “/nfs/home/joe”, “Joe Smith” ], [ “jack”, “/home/jack”, “Jack Jensen” ] ]
  26. 26. Data containers - Example • records.txt: • joe,/nfs/home/joe,Joe Smith jack,/home/jack,Jack Jensen • policy.cf: • vars: “users” data => data_readstringarrayidx (“records.txt”, “”, “,”, 10, 4000); “index” slist => getindices(“users”); users: “$(users[$(index)][0])” home_dir => “$(users[$(index)][1])”, description => “$(users[$(index)][2])”, policy => “present”;
  27. 27. File templating
  28. 28. File templating • New templating engine: Mustache • Based on the Mustache templating language • http://mustache.github.io/
  29. 29. File templating - Example • promises.cf: • files: "/etc/motd" edit_line => motd_edit, edit_defaults => empty; } bundle edit_line motd_edit { insert_lines: “Welcome to this CFEngine managed machine.”; “This machine pulls policy from $(sys.policy_hub).”; } • Result: • Welcome to this CFEngine managed machine. This machine pulls policy from 10.80.80.1.
  30. 30. File templating - Example • promises.cf: • files: "/etc/motd" edit_template => "template.mustache", template_method => "mustache"; • template.mustache: • Welcome to this CFEngine managed machine. This machine pulls policy from {{vars.sys.policy_hub}}. • Result: • Welcome to this CFEngine managed machine. This machine pulls policy from 10.80.80.1.
  31. 31. Miscellaneous • cf-serverd allows distinct key/IP/hostname access controls • New “shortcut” constraint in server policy allows non-absolute paths in copy_from promises • New log format • Many new built-in variables: • sys.uptime, sys.masterdir, this.promiser_ppid, ... • LMDB replaces Tokyo Cabinet as database backend • Calls to execresult and returnszero are now cached instead of executing repeatedly
  32. 32. Questions? www.cfengine.com
  33. 33. Questions? • • • • • • • • User promises TLS protocol Math expressions Dynamic inputs New language functions Tags Data containers File templating www.cfengine.com
  34. 34. Thank you! www.cfengine.com

×