diff --git a/techniques/system/common/1.0/metadata.xml b/techniques/system/common/1.0/metadata.xml
index 007bdd1ff..dc3a2a72f 100644
--- a/techniques/system/common/1.0/metadata.xml
+++ b/techniques/system/common/1.0/metadata.xml
@@ -76,12 +76,6 @@ along with this program. If not, see .
true
-
- true
-
-
- true
-
true
diff --git a/techniques/system/common/1.0/promises.st b/techniques/system/common/1.0/promises.st
index 0ae7aabeb..d8f6107c3 100644
--- a/techniques/system/common/1.0/promises.st
+++ b/techniques/system/common/1.0/promises.st
@@ -195,8 +195,6 @@ bundle agent startup
action => immediate;
}
-# startExecution and endExecution have migrated to rudder-stdlib-core.st
-
##########################################################
# Check for "disable-agent" file and cleanly stop and
# warn about this if it is present
@@ -760,3 +758,27 @@ bundle edit_line ensure_rsyslogd_on_suse
}
&endif&
+#
+# Insert the standard Rudder disclaimer into a file
+#
+bundle edit_line rudder_common_disclaimer
+{
+ vars:
+ "file_edit_header" string => "${rudder_parameters.rudder_file_edit_header}";
+
+ defaults:
+ "file_edit_header" string => "#############################################################
+### This file is protected by your Rudder infrastructure. ###
+### Manually editing the file might lead your Rudder ###
+### infrastructure to change back the server's ###
+### configuration and/or to raise a compliance alert. ###
+#############################################################
+",
+ if_match_regex => "${const.dollar}{rudder_parameters.rudder_file_edit_header}";
+
+ insert_lines:
+ "${file_edit_header}"
+ location => start,
+ insert_type => "preserve_block";
+}
+
diff --git a/techniques/system/common/1.0/rudder-stdlib-core.cf b/techniques/system/common/1.0/rudder-stdlib-core.cf
deleted file mode 100644
index 3e7435884..000000000
--- a/techniques/system/common/1.0/rudder-stdlib-core.cf
+++ /dev/null
@@ -1,285 +0,0 @@
-#####################################################################################
-# Copyright 2012-2014 Normation SAS
-#####################################################################################
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, Version 3.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-#
-#####################################################################################
-#
-# Rudder Promise Body and Bundle Library - core part
-#
-# This library includes standardized bundles and bodies to be used as part of the
-# "best practices" in the Techniques writing, for classes and reporting only.
-# Other bodies and bundles should be included in rudder-stdlib.st
-#
-
-##################################################
-# classes bodies
-##################################################
-
-#
-# Automatically defines classes bases on a given prefix
-# The classes are defined based on the romises outcome
-#
-body classes rudder_common_classes(prefix)
-{
- promise_kept => { "${prefix}_kept" , "${prefix}_ok" };
- promise_repaired => { "${prefix}_repaired", "${prefix}_ok" };
- repair_failed => { "${prefix}_failed" , "${prefix}_error" };
- repair_denied => { "${prefix}_denied" , "${prefix}_error" };
- repair_timeout => { "${prefix}_timeout" , "${prefix}_error" };
-}
-
-#
-# Automatically defines classes bases on a given prefix
-# The classes are defined based on the promises outcome
-# Same as above but persist classes for ${persist} mins
-#
-body classes rudder_common_classes_persist(prefix, persist)
-{
- promise_kept => { "${prefix}_kept" , "${prefix}_ok" };
- promise_repaired => { "${prefix}_repaired", "${prefix}_ok" };
- repair_failed => { "${prefix}_failed" , "${prefix}_error" };
- repair_denied => { "${prefix}_denied" , "${prefix}_error" };
- repair_timeout => { "${prefix}_timeout" , "${prefix}_error" };
-
- persist_time => ${persist};
-}
-
-#
-# Always define a class, with the given persist time
-# Define the class for ${persist} minutes
-#
-body classes rudder_always_classes_persist(always, persist)
-{
- promise_kept => { "${always}" };
- promise_repaired => { "${always}" };
- repair_failed => { "${always}" };
- repair_denied => { "${always}" };
- repair_timeout => { "${always}" };
-
- persist_time => "${persist}";
-}
-
-
-################################################
-# Reporting bundles
-################################################
-
-#
-# Create and send a report to the server
-# This bundle takes 6 parameters :
-# technique_name : the name of the technique, human readable
-# status : the status of the Component, among the following values
-# result_na
-# result_success
-# result_error
-# result_repaired
-# log_repaired (for logging only)
-# log_warn (for logging only)
-# log_info (for logging only)
-# log_debug (for logging only)
-# log_trace (for logging only)
-# identifier : the identifier of the current Rule and Directive
-# component_name : the name of the component within the Technique
-# component_key : the value of the component reference variable (or None if undefined)
-# message : An explanation message understandable by a human
-#
-bundle agent rudder_common_report(technique_name, status, identifier, component_name, component_key, message)
-{
- methods:
- "report" usebundle => rudder_common_report_index("${technique_name}", "${status}", "${identifier}", "${component_name}", "${component_key}", "${message}", "");
-}
-
-#
-# Create and send a report to the server
-# This bundle takes 7 parameters :
-# technique_name : the name of the technique, human readable
-# status : the status of the Component, among the following values
-# result_na
-# result_success
-# result_error
-# result_repaired
-# log_repaired (for logging only)
-# log_warn (for logging only)
-# log_info (for logging only)
-# log_debug (for logging only)
-# log_trace (for logging only)
-# identifier : the identifier of the current Rule and Directive
-# component_name : the name of the component within the Technique
-# component_key : the value of the component reference variable (or None if undefined)
-# message : An explanation message understandable by a human
-# index : the current index, that will distinguish two identical reports and ensure they are both sent
-bundle agent rudder_common_report_index(technique_name, status, identifier, component_name, component_key, message, index)
-{
- vars:
- !(dry_run|global_dry_run)::
- "new_status" string => "${status}";
- (dry_run|global_dry_run)::
- # map result needed for direct calls to rudder_common_report
- # A quick remark: the mapping result_error > audit_noncompliant is not complete, as the case n errors + 1 repaired leads to result_error in enforce but it leads to audit_error in audit (error wins in enforce, but repair wins in audit)
- "new_status" string => ifelse(strcmp("${status}", "result_na"), "audit_na",
- strcmp("${status}", "result_success"), "audit_compliant",
- strcmp("${status}", "result_repaired"), "audit_error",
- strcmp("${status}", "result_error"), "audit_noncompliant", "${status}");
-
- classes:
-
- "pass2" expression => "pass1";
- "pass1" expression => "any";
-
- pass2::
- "report_repaired" expression => strcmp("${status}", "result_repaired");
-
- !changes_only::
- "log_reports" expression => "full_compliance|reports_disabled";
-
- changes_only::
- "log_reports" or => {
- strcmp("${status}", "result_error") ,
- strcmp("${status}", "result_repaired") ,
- strcmp("${status}", "log_warn") ,
- strcmp("${status}", "log_repaired") ,
- strcmp("${status}", "audit_noncompliant") ,
- strcmp("${status}", "audit_error") ,
- };
-
- methods:
- # If we need to send a report, make sure we have sent the "StartRun" message first
- log_reports.!start_run_message_sent::
- "Send start message"
- usebundle => startExecution,
- action => immediate;
-
- # This case should NEVER happen. If it ever happens, it is a bug in CFEngine or ncf that lead to changing something in dry-run mode.
- # Hence, as we are facing a severe bug and we want to avoid changing more things, we define an abort class after displaying an error message .
- (dry_run|global_dry_run).report_repaired::
- "abort" usebundle => _abort("repaired_during_dryrun", "Repaired previous component while in dry-run mode, this is a bug. Aborting immediately."),
- action => immediate;
-
- reports:
- log_reports::
- "@@${technique_name}@@${new_status}@@${identifier}@@${component_name}@@${component_key}@@${g.execRun}##${g.uuid}@#${message}"
- comment => "Reporting for ${technique_name} message ${message} for index ${index}";
-}
-
-
-#
-# Automatically create reports based on existing classes starting by
-# class_prefix (as defined by the body classes rudder_common_classes)
-# Takes 6 parameters
-# technique_name : the name of the technique, human readable
-# class_prefix : the prefix of a set of classes to reporting on (suffixes with "kept", "repaired", "error" or "noop")
-# identifier : the identifier of the current Rule and Directive
-# component_name : the name of the component within the Technique
-# component_key : the value of the component reference variable (None if it does not exists)
-# message_prefix : The begining of an explanation message understandable by a human
-#
-bundle agent rudder_common_reports_generic(technique_name, class_prefix, identifier, component_name, component_key, message_prefix)
-{
- methods:
- "report"
- usebundle => rudder_common_reports_generic_index("${technique_name}", "${class_prefix}", "${identifier}", "${component_name}", "${component_key}", "${message_prefix}", "");
-}
-
-#
-# Automatically create reports based on existing classes starting by
-# class_prefix (as defined by the body classes rudder_common_classes)
-# Takes 7 parameters
-# technique_name : the name of the technique, human readable
-# class_prefix : the prefix of a set of classes to reporting on (suffixes with "kept", "repaired" or "error")
-# identifier : the identifier of the current Rule and Directive
-# component_name : the name of the component within the Technique
-# component_key : the value of the component reference variable (None if it does not exists)
-# message_prefix : The begining of an explanation message understandable by a human
-# index : the current index, that will distinguish two identical reports and ensure they are both sent
-#
-bundle agent rudder_common_reports_generic_index(technique_name, class_prefix, identifier, component_name, component_key, message_prefix, index)
-{
-
- methods:
- # This case should NEVER happen. If it ever happens, it is a bug in CFEngine or ncf that lead to changing something in dry-run mode.
- # Hence, as we are facing a severe bug and we want to avoid changing more things, we define an abort class after displaying an error message .
- "abort" usebundle => _abort("repaired_during_dryrun", "Repaired previous component while in dry-run mode, this is a bug. Aborting immediately."),
- action => immediate,
- ifvarclass => "(dry_run|global_dry_run).${class_prefix}_repaired";
-
- !(dry_run|global_dry_run)::
- "na"
- usebundle => rudder_common_report_index("${technique_name}", "result_na", "${identifier}", "${component_name}", "${component_key}", "${message_prefix} was not applicable", "${index}"),
- ifvarclass => "${class_prefix}_noop.!${class_prefix}_kept.!${class_prefix}_repaired.!${class_prefix}_error";
-
- "success"
- usebundle => rudder_common_report_index("${technique_name}", "result_success", "${identifier}", "${component_name}", "${component_key}", "${message_prefix} was correct", "${index}"),
- ifvarclass => "${class_prefix}_kept.!${class_prefix}_repaired.!${class_prefix}_error";
-
- "repaired"
- usebundle => rudder_common_report_index("${technique_name}", "result_repaired", "${identifier}", "${component_name}", "${component_key}", "${message_prefix} was repaired", "${index}"),
- ifvarclass => "${class_prefix}_repaired.!${class_prefix}_error";
-
- "error"
- usebundle => rudder_common_report_index("${technique_name}", "result_error", "${identifier}", "${component_name}", "${component_key}", "${message_prefix} could not be repaired", "${index}"),
- ifvarclass => "${class_prefix}_error";
-
- dry_run|global_dry_run::
- "na"
- usebundle => rudder_common_report_index("${technique_name}", "audit_na", "${identifier}", "${component_name}", "${component_key}", "${message_prefix} was not applicable", "${index}"),
- ifvarclass => "${class_prefix}_noop.!${class_prefix}_kept.!${class_prefix}_repaired.!${class_prefix}_error";
-
- "success"
- usebundle => rudder_common_report_index("${technique_name}", "audit_compliant", "${identifier}", "${component_name}", "${component_key}", "${message_prefix} was correct", "${index}"),
- ifvarclass => "${class_prefix}_kept.!${class_prefix}_repaired.!${class_prefix}_error";
-
- "noncompliant"
- usebundle => rudder_common_report_index("${technique_name}", "audit_noncompliant", "${identifier}", "${component_name}", "${component_key}", "${message_prefix} was not correct", "${index}"),
- ifvarclass => "${class_prefix}_error.!${class_prefix}_repaired";
-
- "unexpected error"
- usebundle => rudder_common_report_index("${technique_name}", "audit_error", "${identifier}", "${component_name}", "${component_key}", "${message_prefix} was repaired but should have been run in dry-run mode", "${index}"),
- ifvarclass => "${class_prefix}_repaired";
-
-}
-
-bundle agent startExecution
-{
- vars:
- second_pass:: # This is necessary to work around a CFEngine bug that causes this to be defined all the time
- # Define a global class to show we have sent a "StartRun" report
- "dummy_string" string => "dummy_content",
- classes => always("start_run_message_sent");
-
- classes:
- # Dummy class to work around a CFEngine bug
- "second_pass" expression => "any";
-
- reports:
- cfengine_3::
- # Send the report and define a persistant class to store the last "heartbeat" time
- "@@Common@@control@@rudder@@run@@0@@start@@${g.rudder_node_config_id}@@${g.execRun}##${g.uuid}@#Start execution"
- classes => rudder_always_classes_persist("heartbeat_sent", "${g.heartbeat_interval}");
-}
-
-bundle agent endExecution
-{
- reports:
- start_run_message_sent::
- "@@Common@@control@@rudder@@run@@0@@end@@${g.rudder_node_config_id}@@${g.execRun}##${g.uuid}@#End execution";
-
- rudder_promises_generated_error|no_update::
- "*********************************************************************************
-* rudder-agent could not get an updated configuration from the policy server. *
-* This can be caused by a network issue, an unavailable server, or if this *
-* node was deleted from the Rudder root server. *
-* Any existing configuration policy will continue to be applied without change. *
-*********************************************************************************";
-}
diff --git a/techniques/system/common/1.0/rudder-stdlib.cf b/techniques/system/common/1.0/rudder-stdlib.cf
deleted file mode 100644
index 1d9f513bd..000000000
--- a/techniques/system/common/1.0/rudder-stdlib.cf
+++ /dev/null
@@ -1,128 +0,0 @@
-#####################################################################################
-# Copyright 2012 Normation SAS
-#####################################################################################
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, Version 3.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-#
-#####################################################################################
-#
-# Rudder Promise Body and Bundle Library
-#
-# This library includes standardized bundles and bodies to be used as part of the
-# "best practices" in the Techniques writing
-#
-
-##################################################
-# files bundles
-##################################################
-
-#
-# Insert the standard Rudder disclaimer into a file
-#
-bundle edit_line rudder_common_disclaimer
-{
- vars:
- "file_edit_header" string => "${rudder_parameters.rudder_file_edit_header}";
-
- defaults:
- "file_edit_header" string => "#############################################################
-### This file is protected by your Rudder infrastructure. ###
-### Manually editing the file might lead your Rudder ###
-### infrastructure to change back the server's ###
-### configuration and/or to raise a compliance alert. ###
-#############################################################
-",
- if_match_regex => "${const.dollar}{rudder_parameters.rudder_file_edit_header}";
-
- insert_lines:
- "${file_edit_header}"
- location => start,
- insert_type => "preserve_block";
-}
-
-# Select lines for deletion
-# Select the lines that are not in the list (complete line match)
-body delete_select rudder_delete_if_not_in_list(lines_to_delete)
-{
- delete_if_not_match_from_list => { @{lines_to_delete} };
-}
-#
-# Select files older than X months
-#
-body file_select rudder_common_months_old(months)
-{
- mtime => irange(0,ago(0,"${months}",0,0,0,0));
- file_result => "mtime";
-}
-
-#
-# Select files older than X days
-#
-body file_select rudder_common_days_old(days)
-{
- mtime => irange(0,ago(0,0,"${days}",0,0,0));
- file_result => "mtime";
-}
-
-#
-# Select files older than X hours
-#
-body file_select rudder_common_hours_old(hours)
-{
- mtime => irange(0,ago(0,0,0,"${hours}",0,0));
- file_result => "mtime";
-}
-
-#
-# Select files older than X minutes
-#
-body file_select rudder_common_minutes_old(minutes)
-{
- mtime => irange(0,ago(0,0,0,0,"${minutes}",0));
- file_result => "mtime";
-}
-
-# enforce content of section
-bundle edit_line rudder_ensure_section_content(section_start, section_end, content)
-{
- vars:
- "csection" string => canonify("${section_start}");
- "escaped_section_start" string => escape(${section_start});
- "escaped_section_end" string => escape(${section_end});
-
- classes:
- # Detect if section is already there
- "has_${csection}" expression => regline("${escaped_section_start}", "${edit.filename}");
-
- delete_lines:
- ".*"
- select_region => rudder_section_selector("${escaped_section_start}", "${escaped_section_end}"),
- ifvarclass => "has_${csection}";
-
- insert_lines:
- # Insert new, empty section if it doesn't exist already.
- "${section_start}
-${section_end}"
- insert_type => "preserve_block",
- ifvarclass => "!has_${csection}";
-
- # Insert missing lines into the section
- "${content}"
- select_region => rudder_section_selector("${escaped_section_start}", "${escaped_section_end}");
-}
-
-body select_region rudder_section_selector(section_start, section_end)
-{
- select_start => "${section_start}";
- select_end => "${section_end}";
-}
diff --git a/techniques/system/server-roles/1.0/integrity-check.cf b/techniques/system/server-roles/1.0/integrity-check.cf
index ceac26271..648d5b42a 100644
--- a/techniques/system/server-roles/1.0/integrity-check.cf
+++ b/techniques/system/server-roles/1.0/integrity-check.cf
@@ -38,7 +38,7 @@ bundle agent root_integrity_check
"${g.rudder_configuration_repository}/.git/index.lock"
delete => tidy,
- file_select => rudder_common_minutes_old("5"),
+ file_select => ncf_minutes_old("5"),
classes => rudder_common_classes("rudder_git_lock"),
comment => "Delete the git locking file in the configuration-repository if older than 5 minutes";
diff --git a/techniques/systemSettings/remoteAccess/sshConfiguration/5.0/bodies.st b/techniques/systemSettings/remoteAccess/sshConfiguration/5.0/bodies.st
index 198eb148d..4021da655 100644
--- a/techniques/systemSettings/remoteAccess/sshConfiguration/5.0/bodies.st
+++ b/techniques/systemSettings/remoteAccess/sshConfiguration/5.0/bodies.st
@@ -27,7 +27,7 @@ bundle edit_line rudder_openssh_server_parameters_configuration(parameter_name,
delete_lines:
"${parameter_name}.*"
- delete_select => rudder_delete_if_not_in_list("@{this.entries}");
+ delete_select => ncf_delete_if_not_in_list("@{this.entries}");
insert_lines:
"${entries}";