Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
What is new in
CFEngine 3.6

www.cfengine.com
What is new
•
•
•
•
•
•
•
•

User promises
TLS protocol
Math expressions
Dynamic inputs
New language functions
Tags
Data c...
User promises
User promises
• A new promise type
• Manage local users on hosts
• Make promises about user
characteristics
• UID
• Group ...
User promises - Example
bundle agent my_bundle {
users:
“joe”
policy => “present”,
group_primary => “users”,
groups_second...
TLS protocol
TLS protocol
•
•
•
•

Industry standard security protocol
All traffic is fully encrypted
Transparent to the user
Old proto...
Math expressions
Math expressions
• New math evaluation function: eval()
• Works on strings
• String contains expression to evaluate
• Exam...
Math expressions
• Accepts common math operators: +, -, *, /
• Some less common ones too: ^, **, %
• Many common math func...
Dynamic inputs
Dynamic inputs
• 3.5:
• Input files can only be defined in promises.cf
• Inconvenient; all file additions require editing ...
Dynamic inputs - Example
• promises.cf
body common control {
inputs => { “input_file.cf” };
}

• input_file.cf
body file c...
New language
functions
New language functions
• findfiles(glob1, glob2, ...)
• Returns a list of files that match glob pattern

• makerule(target...
New language functions
• canonifyuniquely(test)
• Convert a string into a legal class name
• Unlike canonify, name is guar...
bundlesequence - Example
•

bundle common global {
vars:
“policies” slist => findfiles
(“/var/cfengine/inputs/*.cf”);
“bun...
New language functions
• Plenty of others
• data_readstringarray

• readjson

• data_readstringarrayidx

• storejson

• da...
Tags
Tags
• Labels that you can attach to bundles
and promises
• Certain functions can filter based on tags
• bundlesmatching
•...
Tags - Example
•

bundle agent my_bundle {
meta:

### Bundle tags

“tags” => { “experimental” };
vars:

### Variable tags
...
Data containers
Data containers
• Structured containers (JSON)
• “container” data => parsejson('[
{ “user”: “joe”,

“groups”: “users” },

...
Data containers
• Can read JSON files
• readjson(filename, maxbytes)

• Or fields from a text file
• data_readstringarray
...
Data containers - Example
•

records.txt:
• joe,/nfs/home/joe,Joe Smith
jack,/home/jack,Jack Jensen

•

Resulting JSON aft...
Data containers - Example
•

records.txt:
• joe,/nfs/home/joe,Joe Smith
jack,/home/jack,Jack Jensen

•

policy.cf:
• vars:...
File templating
File templating
• New templating engine: Mustache
• Based on the Mustache templating
language
• http://mustache.github.io/
File templating - Example
• promises.cf:
• files:
"/etc/motd"
edit_line => motd_edit,
edit_defaults => empty;
}
bundle edi...
File templating - Example
• promises.cf:
• files:
"/etc/motd"
edit_template => "template.mustache",
template_method => "mu...
Miscellaneous
•

cf-serverd allows distinct key/IP/hostname access
controls

•

New “shortcut” constraint in server policy...
Questions?

www.cfengine.com
Questions?
•
•
•
•
•
•
•
•

User promises
TLS protocol
Math expressions
Dynamic inputs
New language functions
Tags
Data co...
Thank you!

www.cfengine.com
Upcoming SlideShare
Loading in …5
×

What is new in CFEngine 3.6

1,251 views

Published on

This talk will introduce new CFEngine 3.6 features, we have these bullet points:

User promises
TLS protocol
Math expressions
Dynamic inputs
New language functions
Tags
Data containers
File templating

Presentation by Kristian Amlie of CFEngine

Published in: Technology, Education
  • Be the first to comment

  • Be the first to like this

What is new in CFEngine 3.6

  1. 1. What is new in CFEngine 3.6 www.cfengine.com
  2. 2. What is new • • • • • • • • User promises TLS protocol Math expressions Dynamic inputs New language functions Tags Data containers File templating
  3. 3. User promises
  4. 4. User promises • A new promise type • Manage local users on hosts • Make promises about user characteristics • UID • Group membership • Home directory • Password • Shell • Description
  5. 5. User promises - Example bundle agent my_bundle { users: “joe” policy => “present”, group_primary => “users”, groups_secondary => { “printers”, “db_users” }, home_dir => “/nfs/home/joe”, home_bundle => setup_home_dir(“joe”); }
  6. 6. TLS protocol
  7. 7. TLS protocol • • • • Industry standard security protocol All traffic is fully encrypted Transparent to the user Old protocol • Deprecated, but still supported • Can be turned off after upgrade is complete
  8. 8. Math expressions
  9. 9. Math expressions • New math evaluation function: eval() • Works on strings • String contains expression to evaluate • Example: eval(“ceil($(sys.cpus) / 4)”) • Previously required shell script
  10. 10. Math expressions • Accepts common math operators: +, -, *, / • Some less common ones too: ^, **, % • Many common math functions • ceil, floor, log10, log2, log, sqrt, sin, cos, tan, asin, acos, atan, abs, step • Mathematical constants • e, log2e, log10e, ln2, ln10, pi, pi_2, pi_4, 1_pi, 2_pi, 2_srqtpi, sqrt2, sqrt1_2 • SI-units: K, M, G, T, P
  11. 11. Dynamic inputs
  12. 12. Dynamic inputs • 3.5: • Input files can only be defined in promises.cf • Inconvenient; all file additions require editing promises.cf • 3.6: • file control bodies can contain input files • Body can be specified once per file • body file control { inputs => “input_file.cf”; }
  13. 13. Dynamic inputs - Example • promises.cf body common control { inputs => { “input_file.cf” }; } • input_file.cf body file control { inputs => { “nested_input_file.cf” }; }
  14. 14. New language functions
  15. 15. New language functions • findfiles(glob1, glob2, ...) • Returns a list of files that match glob pattern • makerule(target, sources) • Determines whether target needs to be rebuilt from sources • Inspired by the Unix make program • packagesmatching(...) • Returns list of installed packages • List can be filtered by name, version and architecture
  16. 16. New language functions • canonifyuniquely(test) • Convert a string into a legal class name • Unlike canonify, name is guaranteed to be unique. • Useful when making class names from a list of files • bundlesmatching(regex, tag1, ...) • Returns bundles matching criteria • Result can be used in a methods promise • Very powerful together with findfiles
  17. 17. bundlesequence - Example • bundle common global { vars: “policies” slist => findfiles (“/var/cfengine/inputs/*.cf”); “bundles” slist => bundlesmatching (“.*”, “production”); } body common control { inputs => { @(global.policies) }; bundlesequence => { @(global.bundles) }; }
  18. 18. New language functions • Plenty of others • data_readstringarray • readjson • data_readstringarrayidx • storejson • datastate • string_downcase • datatype • string_head • getclassmetatags • string_length • getvariablemetatags • string_reverse • max • string_tail • mean • string_upcase • mergedata • variablesmatching • min • variance • parsejson
  19. 19. Tags
  20. 20. Tags • Labels that you can attach to bundles and promises • Certain functions can filter based on tags • bundlesmatching • classesmatching • variablesmatching
  21. 21. Tags - Example • bundle agent my_bundle { meta: ### Bundle tags “tags” => { “experimental” }; vars: ### Variable tags “db_server” string => “106.54.21.90”, meta => { “mysql”, “trusted” }; classes: ### Class tags “experimental” expression => “any”, meta => { “tier_spec” }; }
  22. 22. Data containers
  23. 23. Data containers • Structured containers (JSON) • “container” data => parsejson('[ { “user”: “joe”, “groups”: “users” }, { “user”: “jack”, “groups”: “admins” }, ]'); • reports: “$(container[1][user])”; • --> R: jack
  24. 24. Data containers • Can read JSON files • readjson(filename, maxbytes) • Or fields from a text file • data_readstringarray (filename, comment, split, maxentries, maxbytes) • data_readstringarrayidx (filename, comment, split, maxentries, maxbytes) • Convert back to JSON • storejson(data_container)
  25. 25. Data containers - Example • records.txt: • joe,/nfs/home/joe,Joe Smith jack,/home/jack,Jack Jensen • Resulting JSON after data_readstringarrayidx • [ [ “joe”, “/nfs/home/joe”, “Joe Smith” ], [ “jack”, “/home/jack”, “Jack Jensen” ] ]
  26. 26. Data containers - Example • records.txt: • joe,/nfs/home/joe,Joe Smith jack,/home/jack,Jack Jensen • policy.cf: • vars: “users” data => data_readstringarrayidx (“records.txt”, “”, “,”, 10, 4000); “index” slist => getindices(“users”); users: “$(users[$(index)][0])” home_dir => “$(users[$(index)][1])”, description => “$(users[$(index)][2])”, policy => “present”;
  27. 27. File templating
  28. 28. File templating • New templating engine: Mustache • Based on the Mustache templating language • http://mustache.github.io/
  29. 29. File templating - Example • promises.cf: • files: "/etc/motd" edit_line => motd_edit, edit_defaults => empty; } bundle edit_line motd_edit { insert_lines: “Welcome to this CFEngine managed machine.”; “This machine pulls policy from $(sys.policy_hub).”; } • Result: • Welcome to this CFEngine managed machine. This machine pulls policy from 10.80.80.1.
  30. 30. File templating - Example • promises.cf: • files: "/etc/motd" edit_template => "template.mustache", template_method => "mustache"; • template.mustache: • Welcome to this CFEngine managed machine. This machine pulls policy from {{vars.sys.policy_hub}}. • Result: • Welcome to this CFEngine managed machine. This machine pulls policy from 10.80.80.1.
  31. 31. Miscellaneous • cf-serverd allows distinct key/IP/hostname access controls • New “shortcut” constraint in server policy allows non-absolute paths in copy_from promises • New log format • Many new built-in variables: • sys.uptime, sys.masterdir, this.promiser_ppid, ... • LMDB replaces Tokyo Cabinet as database backend • Calls to execresult and returnszero are now cached instead of executing repeatedly
  32. 32. Questions? www.cfengine.com
  33. 33. Questions? • • • • • • • • User promises TLS protocol Math expressions Dynamic inputs New language functions Tags Data containers File templating www.cfengine.com
  34. 34. Thank you! www.cfengine.com

×