From e9f130b804977590a89bddb3283726340a3f5445 Mon Sep 17 00:00:00 2001 From: Nick Anderson Date: Sun, 2 Nov 2025 08:48:52 -0600 Subject: [PATCH] Added documentation for special control variables These were added back in 3.18 but documentation was overlooked. The MPF began leveraging one of the variables in 3.21 for inventory. --- content/reference/components/_index.markdown | 28 ++- .../reference/components/cf-agent.markdown | 124 +++++++--- .../reference/components/cf-execd.markdown | 43 +++- content/reference/components/cf-hub.markdown | 23 +- .../reference/components/cf-monitord.markdown | 16 ++ .../reference/components/cf-runagent.markdown | 18 ++ .../reference/components/cf-serverd.markdown | 97 +++++++- .../special-variables/_index.markdown | 27 ++- .../special-variables/control_agent.markdown | 212 ++++++++++++++++++ .../special-variables/control_common.markdown | 56 +++++ .../control_executor.markdown | 86 +++++++ .../special-variables/control_hub.markdown | 38 ++++ .../control_monitor.markdown | 38 ++++ .../control_runagent.markdown | 68 ++++++ .../special-variables/control_server.markdown | 146 ++++++++++++ 15 files changed, 968 insertions(+), 52 deletions(-) create mode 100644 content/reference/special-variables/control_agent.markdown create mode 100644 content/reference/special-variables/control_common.markdown create mode 100644 content/reference/special-variables/control_executor.markdown create mode 100644 content/reference/special-variables/control_hub.markdown create mode 100644 content/reference/special-variables/control_monitor.markdown create mode 100644 content/reference/special-variables/control_runagent.markdown create mode 100644 content/reference/special-variables/control_server.markdown diff --git a/content/reference/components/_index.markdown b/content/reference/components/_index.markdown index b02d8d537..f19ed1486 100644 --- a/content/reference/components/_index.markdown +++ b/content/reference/components/_index.markdown @@ -126,6 +126,8 @@ vars: } ``` +**See also:** [`default:control_common.bundlesequence`](/reference/special-variables/control_common/#defaultcontrol_commonbundlesequence) + **History:** The default to `{ "main" }` was introduced in version 3.7.0, so if you expect your policies to be run by older version, you'll need an explicit `bundlesequence`. @@ -163,6 +165,8 @@ body common control In this example, bwlimit is set to 10MBytes/sec = 80Mbit/s meaning that CFEngine would only consume up to ~80% of any 100Mbit ethernet interface. +**See also:** [`default:control_common.bwlimit`](/reference/special-variables/control_common/#defaultcontrol_commonbwlimit) + ### cache_system_functions **Description:** Controls the caching of the results of system @@ -295,6 +299,10 @@ This authorizes the bundlesequence to contain possibly undefined bundles cause a fatal error in parsing, and a transition to failsafe mode. +**See also:** [`default:control_common.ignore_missing_bundles`](/reference/special-variables/control_common/#defaultcontrol_commonignore_missing_bundles) + +**History:** Added in CFEngine 3.0.0 + ### ignore_missing_inputs **Description:** If any input files do not exist, ignore and continue @@ -320,6 +328,10 @@ not found. ignore_missing_inputs => "true"; ``` +**See also:** [`default:control_common.ignore_missing_inputs`](/reference/special-variables/control_common/#defaultcontrol_commonignore_missing_inputs) + +**History:** Added in CFEngine 3.0.0 + ### inputs **Description:** The `inputs` slist contains additional filenames to parse for promises. @@ -345,7 +357,7 @@ inputs => { } ``` -**See also:** [`inputs`][file control#inputs] in `body file control` +**See also:** [`inputs`][file control#inputs] in `body file control`, [`default:control_common.inputs`](/reference/special-variables/control_common/#defaultcontrol_commoninputs) **Notes:** @@ -362,6 +374,8 @@ again with path `/x/./y/z.cf`, the duplicate file will be rejected regardless of any path tricks or symbolic links. The contents are hashed, so the same file can't be included twice. +**History:** Added in CFEngine 3.0.0 + ### lastseenexpireafter **Description:** The value of `lastseenexpireafter` is the number of minutes @@ -385,7 +399,9 @@ lastseenexpireafter => "72"; } ``` -**See also:** [hostsseen()][hostsseen], [cf-hub][cf-hub] +**See also:** [hostsseen()][hostsseen], [cf-hub][cf-hub], [`default:control_common.lastseenexpireafter`](/reference/special-variables/control_common/#defaultcontrol_commonlastseenexpireafter) + +**History:** Added in CFEngine 3.0.0 ### output_prefix @@ -460,7 +476,7 @@ body common control using the [`body copy_from protocol_version`][files#protocol_version] attribute. When undefined (the default) peers automatically negotiate the latest protocol version. -**See also:** [`body copy_from protocol_version`][files#protocol_version], `allowlegacyconnects`, [`allowtlsversion`][cf-serverd#allowtlsversion], [`allowciphers`][cf-serverd#allowciphers], [`tls_min_version`][Components#tls_min_version], [`tls_ciphers`][Components#tls_ciphers], [`encrypt`][files#encrypt], [`logencryptedtransfers`][cf-serverd#logencryptedtransfers], [`ifencrypted`][access#ifencrypted] +**See also:** [`body copy_from protocol_version`][files#protocol_version], `allowlegacyconnects`, [`allowtlsversion`][cf-serverd#allowtlsversion], [`allowciphers`][cf-serverd#allowciphers], [`tls_min_version`][Components#tls_min_version], [`tls_ciphers`][Components#tls_ciphers], [`encrypt`][files#encrypt], [`logencryptedtransfers`][cf-serverd#logencryptedtransfers], [`ifencrypted`][access#ifencrypted], [`default:control_common.protocol_version`](/reference/special-variables/control_common/#defaultcontrol_commonprotocol_version) **History:** @@ -597,6 +613,8 @@ body common control } ``` +**See also:** [`default:control_common.system_log_level`](/reference/special-variables/control_common/#defaultcontrol_commonsystem_log_level) + **History:** - Introduced in 3.19.0, 3.18.1 @@ -619,7 +637,7 @@ body common control } ``` -**See also:** [`protocol_version`][Components#protocol_version], [`allowciphers`][cf-serverd#allowciphers], [`tls_min_version`][Components#tls_min_version], [`allowtlsversion`][cf-serverd#allowtlsversion], [`encrypt`][files#encrypt], [`logencryptedtransfers`][cf-serverd#logencryptedtransfers], [`ifencrypted`][access#ifencrypted] +**See also:** [`protocol_version`][Components#protocol_version], [`allowciphers`][cf-serverd#allowciphers], [`tls_min_version`][Components#tls_min_version], [`allowtlsversion`][cf-serverd#allowtlsversion], [`encrypt`][files#encrypt], [`logencryptedtransfers`][cf-serverd#logencryptedtransfers], [`ifencrypted`][access#ifencrypted], [`default:control_common.tls_ciphers`](/reference/special-variables/control_common/#defaultcontrol_commontls_ciphers) **History:** Introduced in CFEngine 3.7.0 @@ -637,7 +655,7 @@ body common control } ``` -**See also:** [`protocol_version`][Components#protocol_version], [`allowciphers`][cf-serverd#allowciphers], [`tls_ciphers`][Components#tls_ciphers], [`allowtlsversion`][cf-serverd#allowtlsversion], [`encrypt`][files#encrypt], [`ifencrypted`][access#ifencrypted], [`logencryptedtransfers`][cf-serverd#logencryptedtransfers] +**See also:** [`protocol_version`][Components#protocol_version], [`allowciphers`][cf-serverd#allowciphers], [`tls_ciphers`][Components#tls_ciphers], [`allowtlsversion`][cf-serverd#allowtlsversion], [`encrypt`][files#encrypt], [`ifencrypted`][access#ifencrypted], [`logencryptedtransfers`][cf-serverd#logencryptedtransfers], [`default:control_common.tls_min_version`](/reference/special-variables/control_common/#defaultcontrol_commontls_min_version) **History:** Introduced in CFEngine 3.7.0 diff --git a/content/reference/components/cf-agent.markdown b/content/reference/components/cf-agent.markdown index 8902bcf0d..3789a38ae 100644 --- a/content/reference/components/cf-agent.markdown +++ b/content/reference/components/cf-agent.markdown @@ -221,6 +221,8 @@ bundle agent subtest(user) } ``` +**See also:** [`default:control_agent.abortbundleclasses`](/reference/special-variables/control_agent/#defaultcontrol_agentabortbundleclasses) + ### abortclasses **Description:** The `abortclasses` slist contains regular expressions that @@ -285,6 +287,8 @@ error: Fatal CFEngine error: cf-agent aborted on defined class 'should_not_conti **Note:** CFEngine class expressions are **not** supported. To handle class expressions, simply create an alias for the expression with a single name. +**See also:** [`default:control_agent.abortclasses`](/reference/special-variables/control_agent/#defaultcontrol_agentabortclasses) + ### addclasses **Description:** The `addclasses` slist contains classes to be defined @@ -316,6 +320,8 @@ Classes here are added unequivocally to the system. If classes are used to predicate definition, then they must be defined in terms of global hard classes. +**See also:** [`default:control_agent.addclasses`](/reference/special-variables/control_agent/#defaultcontrol_agentaddclasses) + ### agentaccess **Description:** A `agentaccess` slist contains user names that are @@ -335,6 +341,8 @@ rather than a security measure. agentaccess => { "mark", "root", "sudo" }; ``` +**See also:** [`default:control_agent.agentaccess`](/reference/special-variables/control_agent/#defaultcontrol_agentagentaccess) + ### agentfacility **Type:** (menu option) @@ -367,7 +375,7 @@ agentfacility => "LOG_USER"; This is ignored on Windows, as CFEngine Enterprise creates event logs. -**See also:** Manual pages for syslog. +**See also:** Manual pages for syslog, [`default:control_agent.agentfacility`](/reference/special-variables/control_agent/#defaultcontrol_agentagentfacility) ### allclassesreport @@ -398,6 +406,8 @@ a more convenient way to retrieve a list of set classes at execution time. **History:** Was introduced in 3.2.4, Enterprise 2.1.4 (2011) +**See also:** [`default:control_agent.allclassesreport`](/reference/special-variables/control_agent/#defaultcontrol_agentallclassesreport) + ### alwaysvalidate **Description:** The `alwaysvalidate` menu option policy is a true/false @@ -427,6 +437,8 @@ will force a revalidation of the input. **History:** Was introduced in version 3.1.2,Enterprise 2.0.1 (2010) +**See also:** [`default:control_agent.alwaysvalidate`](/reference/special-variables/control_agent/#defaultcontrol_agentalwaysvalidate) + ### auditing **Deprecated:** This menu option policy is deprecated, does @@ -455,6 +467,8 @@ be given as the argument, not the device name. bindtointerface => "192.168.1.1"; ``` +**See also:** [`default:control_agent.bindtointerface`](/reference/special-variables/control_agent/#defaultcontrol_agentbindtointerface) + ### checksum_alert_time **Description:** The value of checksum_alert_time represents the @@ -479,6 +493,8 @@ body agent control } ``` +**See also:** [`default:control_agent.checksum_alert_time`](/reference/special-variables/control_agent/#defaultcontrol_agentchecksum_alert_time) + ### childlibpath **Description:** The `childlibpath` string contains the LD_LIBRARY_PATH @@ -500,6 +516,8 @@ body agent control } ``` +**See also:** [`default:control_agent.childlibpath`](/reference/special-variables/control_agent/#defaultcontrol_agentchildlibpath) + ### copyfrom_restrict_keys This attribute restricts `cf-agent` to copying files from hosts that have a key explicitly defined in this list. @@ -516,7 +534,7 @@ body agent control } ``` -**See also:** `admit_keys`, `controls/cf_agent.cf` +**See also:** `admit_keys`, `controls/cf_agent.cf`, [`default:control_agent.copyfrom_restrict_keys`](/reference/special-variables/control_agent/#defaultcontrol_agentcopyfrom_restrict_keys) **History:** @@ -555,7 +573,7 @@ stored in an alternative repository as `_usr_local_etc_postfix.conf.cfsaved`. If unset then backups are stored in the same directory as the original file with an identifying suffix. -**See also:** [`edit_backup` in `body edit_defaults`][files#edit_backup], [`copy_backup` in `body copy_from`][files#copy_backup] +**See also:** [`edit_backup` in `body edit_defaults`][files#edit_backup], [`copy_backup` in `body copy_from`][files#copy_backup], [`default:control_agent.default_repository`](/reference/special-variables/control_agent/#defaultcontrol_agentdefault_repository) ### default_timeout @@ -576,7 +594,7 @@ body agent control } ``` -**See also:** [body `copy_from` timeout][files#timeout], [`cf-runagent` timeout][cf-runagent#timeout] +**See also:** [body `copy_from` timeout][files#timeout], [`cf-runagent` timeout][cf-runagent#timeout], [`default:control_agent.default_timeout`](/reference/special-variables/control_agent/#defaultcontrol_agentdefault_timeout) **Notes:** @@ -609,6 +627,8 @@ body agent control } ``` +**See also:** [`default:control_agent.defaultcopytype`](/reference/special-variables/control_agent/#defaultcontrol_agentdefaultcopytype) + ### dryrun **Description:** The `dryrun` menu option, if set, makes no changes to @@ -627,6 +647,8 @@ body agent control } ``` +**See also:** [`default:control_agent.dryrun`](/reference/special-variables/control_agent/#defaultcontrol_agentdryrun) + ### editbinaryfilesize **Description:** The value of `editbinaryfilesize` represents the limit @@ -654,6 +676,8 @@ body agent control When setting limits, the limit on editing binary files should generally be set higher than for text files. +**See also:** [`default:control_agent.editbinaryfilesize`](/reference/special-variables/control_agent/#defaultcontrol_agenteditbinaryfilesize) + ### editfilesize **Description:** The value of `editfilesize` is the limit on maximum text @@ -677,6 +701,8 @@ body agent control } ``` +**See also:** [`default:control_agent.editfilesize`](/reference/special-variables/control_agent/#defaultcontrol_agenteditfilesize) + ### environment **Description:** The `environment` slist contains environment variables @@ -717,31 +743,7 @@ Some interactive programs insist on values being set, for example: environment => { "LANG=C" }; ``` -### expireafter - -**Description:** The value of `expireafter` is a global default for time -before on-going promise repairs are interrupted. - -This represents the locking time after which CFEngine will attempt to -kill and restart its attempt to keep a promise. - -**Type:** `int` - -**Allowed input range:** `0,99999999999` - -**Default value:** 1 min - -**Example:** - -```cf3 -body action example -{ - ifelapsed => "120"; # 2 hours - expireafter => "240"; # 4 hours -} -``` - -**See also:** [`body action expireafter`][Promise types#expireafter], [`body contain exec_timeout`][commands#exec_timeout], [`body executor control agent_expireafter`][cf-execd#agent_expireafter] +**See also:** [`default:control_agent.environment`](/reference/special-variables/control_agent/#defaultcontrol_agentenvironment) ### evaluation_order @@ -774,6 +776,32 @@ body agent control - Introduced in CFEngine 3.27.0 +### expireafter + +**Description:** The value of `expireafter` is a global default for time +before on-going promise repairs are interrupted. + +This represents the locking time after which CFEngine will attempt to +kill and restart its attempt to keep a promise. + +**Type:** `int` + +**Allowed input range:** `0,99999999999` + +**Default value:** 1 min + +**Example:** + +```cf3 +body action example +{ + ifelapsed => "120"; # 2 hours + expireafter => "240"; # 4 hours +} +``` + +**See also:** [`body action expireafter`][Promise types#expireafter], [`body contain exec_timeout`][commands#exec_timeout], [`body executor control agent_expireafter`][cf-execd#agent_expireafter] + ### files_auto_define **Description:** The `files_auto_define` slist contains a list of regular expressions matching filenames. When a file matching one of these regular expressions is **copied to** classes prefixed with `auto_` are defined. @@ -795,6 +823,8 @@ automatically. {{< CFEngine_include_example(files_auto_define.cf) >}} +**See also:** [`default:control_agent.files_auto_define`](/reference/special-variables/control_agent/#defaultcontrol_agentfiles_auto_define) + ### files_single_copy **Description:** The `files_single_copy` slist contains filenames to be @@ -820,6 +850,8 @@ body agent control } ``` +**See also:** [`default:control_agent.files_single_copy`](/reference/special-variables/control_agent/#defaultcontrol_agentfiles_single_copy) + ### hashupdates **Description:** The `hashupdates` determines whether stored hashes are @@ -842,6 +874,8 @@ body agent control } ``` +**See also:** [`default:control_agent.hashupdates`](/reference/special-variables/control_agent/#defaultcontrol_agenthashupdates) + ### hostnamekeys **Deprecated:** Host identification is now handled transparently. @@ -924,6 +958,8 @@ body agent control } ``` +**See also:** [`default:control_agent.inform`](/reference/special-variables/control_agent/#defaultcontrol_agentinform) + ### intermittency **Deprecated:** This attribute does nothing and is kept for backward @@ -960,7 +996,7 @@ body agent control } ``` -**See also:** [`background` in action bodies][Promise types#background] +**See also:** [`background` in action bodies][Promise types#background], [`default:control_agent.max_children`](/reference/special-variables/control_agent/#defaultcontrol_agentmax_children) ### maxconnections @@ -989,6 +1025,8 @@ body agent control Watch out for kernel limitations for maximum numbers of open file descriptors which can limit this. +**See also:** [`default:control_agent.maxconnections`](/reference/special-variables/control_agent/#defaultcontrol_agentmaxconnections) + ### mountfilesystems **Description:** The `mountfilesystems` menu option policy determines @@ -1010,6 +1048,8 @@ body agent control } ``` +**See also:** [`default:control_agent.mountfilesystems`](/reference/special-variables/control_agent/#defaultcontrol_agentmountfilesystems) + ### nonalphanumfiles **Description:** The `nonalphanumfiles` menu option policy determines @@ -1030,6 +1070,8 @@ body agent control } ``` +**See also:** [`default:control_agent.nonalphanumfiles`](/reference/special-variables/control_agent/#defaultcontrol_agentnonalphanumfiles) + ### refresh_processes **Description:** The `refresh_processes` slist contains bundles to reload @@ -1063,6 +1105,8 @@ efficiency of the agent. **History:** Was introduced in version 3.1.3, Enterprise 2.0.2 (2010) +**See also:** [`default:control_agent.refresh_processes`](/reference/special-variables/control_agent/#defaultcontrol_agentrefresh_processes) + ### repchar **Description:** The `repchar` string represents a character used to @@ -1085,6 +1129,8 @@ body agent control **Notes:** +**See also:** [`default:control_agent.repchar`](/reference/special-variables/control_agent/#defaultcontrol_agentrepchar) + ### report_class_log **Description:** The `report_class_log` option enables logging of classes set by @@ -1132,6 +1178,8 @@ The following classes are excluded from logging: - `from_cfexecd` - Life cycle (`Lcycle_0`, `GMT_Lcycle_3`) +**See also:** [`default:control_agent.report_class_log`](/reference/special-variables/control_agent/#defaultcontrol_agentreport_class_log) + ### secureinput **Description:** The `secureinput` menu option policy checks whether @@ -1153,6 +1201,8 @@ body agent control } ``` +**See also:** [`default:control_agent.secureinput`](/reference/special-variables/control_agent/#defaultcontrol_agentsecureinput) + ### select_end_match_eof **Description:** When `true` this sets the default behavior for `edit_line` @@ -1197,6 +1247,8 @@ body agent control } ``` +**See also:** [`default:control_agent.sensiblecount`](/reference/special-variables/control_agent/#defaultcontrol_agentsensiblecount) + ### sensiblesize **Description:** The value of `sensiblesize` represents the minimum @@ -1217,6 +1269,8 @@ body agent control } ``` +**See also:** [`default:control_agent.sensiblesize`](/reference/special-variables/control_agent/#defaultcontrol_agentsensiblesize) + ### skipidentify **Description:** The `skipidentify` menu option policy determines whether @@ -1241,6 +1295,8 @@ body agent control } ``` +**See also:** [`default:control_agent.skipidentify`](/reference/special-variables/control_agent/#defaultcontrol_agentskipidentify) + ### suspiciousnames **Description:** The `suspiciousnames` slist contains names to skip and warn @@ -1262,6 +1318,8 @@ body agent control } ``` +**See also:** [`default:control_agent.suspiciousnames`](/reference/special-variables/control_agent/#defaultcontrol_agentsuspiciousnames) + ### syslog **Deprecated:** This menu option policy is deprecated as of 3.6.0. It performs @@ -1285,6 +1343,10 @@ body agent control } ``` +**See also:** [`default:control_agent.timezone`][control_agent#default:control_agent.timezone] + +**History:** Introduced in CFEngine 3.0.0 + ### track_value **Deprecated:** This menu option policy is deprecated as of 3.6.0. It performs @@ -1311,3 +1373,5 @@ body agent control verbose => "true"; } ``` + +**See also:** [`default:control_agent.verbose`](/reference/special-variables/control_agent/#defaultcontrol_agentverbose) diff --git a/content/reference/components/cf-execd.markdown b/content/reference/components/cf-execd.markdown index 19c267fc1..1c05f6746 100644 --- a/content/reference/components/cf-execd.markdown +++ b/content/reference/components/cf-execd.markdown @@ -83,7 +83,9 @@ number of simultaneous agents that are running. For example, if you set it to `120` and you are using a 5-minute agent schedule, a maximum of 120 / 5 = 24 agents should be enforced. -**See also:** [`body action expireafter`][Promise types#expireafter], [`body contain exec_timeout`][commands#exec_timeout], [`body agent control expireafter`][cf-agent#expireafter] +**See also:** [`body action expireafter`][Promise types#expireafter], [`body contain exec_timeout`][commands#exec_timeout], [`body agent control expireafter`][cf-agent#expireafter], [`default:control_executor.agent_expireafter`](/reference/special-variables/control_executor/#defaultcontrol_executoragent_expireafter) + +**History:** Added in CFEngine 3.0.0 ### executorfacility @@ -117,6 +119,8 @@ executorfacility => "LOG_USER"; } ``` +**See also:** [`default:control_executor.executorfacility`](/reference/special-variables/control_executor/#defaultcontrol_executorexecutorfacility) + ### exec_command **Description:** The full path and command to the executable run by @@ -135,6 +139,8 @@ symbols may be used if desired. exec_command => "$(sys.workdir)/bin/cf-agent -f update.cf && $(sys.workdir)/bin/cf-agent"; +**See also:** [`default:control_executor.exec_command`](/reference/special-variables/control_executor/#defaultcontrol_executorexec_command) + ### mailfilter_exclude **Description:** List of [anchored][anchored] regular expressions that, if @@ -164,6 +170,8 @@ body executor control } ``` +**See also:** [`default:control_executor.mailfilter_exclude`](/reference/special-variables/control_executor/#defaultcontrol_executormailfilter_exclude) + **History:** Introduced in CFEngine 3.9. ### mailfilter_include @@ -194,6 +202,8 @@ body executor control } ``` +**See also:** [`default:control_executor.mailfilter_include`](/reference/special-variables/control_executor/#defaultcontrol_executormailfilter_include) + **History:** Introduced in CFEngine 3.9. ### mailfrom @@ -213,6 +223,10 @@ body executor control } ``` +**See also:** [`default:control_executor.mailfrom`](/reference/special-variables/control_executor/#defaultcontrol_executormailfrom) + +**History:** Added in CFEngine 3.0.0 + ### mailmaxlines **Description:** Maximum number of lines of output to send by email @@ -237,6 +251,10 @@ mailmaxlines => "100"; } ``` +**See also:** [`default:control_executor.mailmaxlines`](/reference/special-variables/control_executor/#defaultcontrol_executormailmaxlines) + +**History:** Added in CFEngine 3.0.0 + ### mailsubject **Description:** The subject in the mail sent by CFEngine. @@ -257,6 +275,10 @@ body executor control } ``` +**See also:** [`default:control_executor.mailsubject`](/reference/special-variables/control_executor/#defaultcontrol_executormailsubject) + +**History:** Added in CFEngine 3.0.0 + ### mailto **Description:** Email-address CFEngine mail is sent to @@ -276,6 +298,10 @@ body executor control } ``` +**See also:** [`default:control_executor.mailto`](/reference/special-variables/control_executor/#defaultcontrol_executormailto) + +**History:** Added in CFEngine 3.0.0 + ### schedule **Description:** The class schedule used by cf-execd for activating @@ -310,6 +336,10 @@ schedule => { "Min00", "(Evening|Night).Min15", "Min30", "(Evening|Night).Min45" } ``` +**See also:** [`default:control_executor.schedule`](/reference/special-variables/control_executor/#defaultcontrol_executorschedule) + +**History:** Added in CFEngine 3.0.0 + ### smtpserver **Description:** Name or IP of a willing smtp server for sending @@ -332,6 +362,10 @@ body executor control } ``` +**See also:** [`default:control_executor.smtpserver`](/reference/special-variables/control_executor/#defaultcontrol_executorsmtpserver) + +**History:** Added in CFEngine 3.0.0 + ### splaytime **Description:** Time in minutes to splay this host based on its name @@ -370,8 +404,9 @@ body executor control } ``` -**See also:** The [`splayclass()`][splayclass] function for a task-specific -means for setting splay times. +**See also:** [`splayclass()`][splayclass], [`default:control_executor.splaytime`](/reference/special-variables/control_executor/#defaultcontrol_executorsplaytime) + +**History:** Added in CFEngine 3.0.0 ### runagent_socket_allow_users @@ -396,7 +431,7 @@ body executor control } ``` -**See also:** [`cf-runagent`][cf-runagent] +**See also:** [`cf-runagent`][cf-runagent], [`default:control_executor.runagent_socket_allow_users`](/reference/special-variables/control_executor/#defaultcontrol_executorrunagent_socket_allow_users) **History:** diff --git a/content/reference/components/cf-hub.markdown b/content/reference/components/cf-hub.markdown index e0bdd76b8..c4b6c8da3 100644 --- a/content/reference/components/cf-hub.markdown +++ b/content/reference/components/cf-hub.markdown @@ -31,13 +31,6 @@ avoid reporting on data generated by test or extraordinary executions. ## Control promises -```cf3 -body hub control -{ -export_zenoss => "/var/www/reports/summary.z"; -} -``` - ### exclude_hosts **Description:** A list of IP addresses of hosts to exclude from @@ -65,6 +58,8 @@ currently not supported. **History:** Was introduced in 3.3.0, Enterprise 2.1.1 (2011) +**See also:** [`default:control_hub.exclude_hosts`](/reference/special-variables/control_hub/#defaultcontrol_hubexclude_hosts) + ### hub_schedule **Description:** List of classes indicating when pull collection round should be initiated. @@ -93,6 +88,8 @@ body hub control - Introduced in version 3.1.0b1, Enterprise 2.0.0b1 (2010) +**See also:** [`default:control_hub.hub_schedule`](/reference/special-variables/control_hub/#defaultcontrol_hubhub_schedule) + ### query_timeout **Description:** Timeout (s) for connecting to host when querying. @@ -132,6 +129,8 @@ If both are not specified (or `0`), the default is used. - Introduced in version 3.15.0 +**See also:** [`default:control_hub.query_timeout`](/reference/special-variables/control_hub/#defaultcontrol_hubquery_timeout) + ### port **Description:** Default port for contacting hosts @@ -193,10 +192,20 @@ client_history_timeout => 6; **History:** Was introduced in version 3.6.4 and is not compatible with older CFEngine versions. +**See also:** [`default:control_hub.client_history_timeout`](/reference/special-variables/control_hub/#defaultcontrol_hubclient_history_timeout) +**See also:** [`default:control_hub.port`](/reference/special-variables/control_hub/#defaultcontrol_hubport) + ## Deprecated attributes ### export_zenoss +```cf3 +body hub control +{ +export_zenoss => "/var/www/reports/summary.z"; +} +``` + **History:** - deprecated in 3.6.0 diff --git a/content/reference/components/cf-monitord.markdown b/content/reference/components/cf-monitord.markdown index 56b0c6ed8..fc552b3b8 100644 --- a/content/reference/components/cf-monitord.markdown +++ b/content/reference/components/cf-monitord.markdown @@ -200,6 +200,10 @@ forgetrate => "0.7"; } ``` +**See also:** [`default:control_monitor.forgetrate`](/reference/special-variables/control_monitor/#defaultcontrol_monitorforgetrate) + +**History:** Added in CFEngine 3.0.0 + ### histograms **Deprecated:** Ignored, kept for backward compatibility @@ -222,6 +226,8 @@ histograms => "true"; } ``` +**See also:** [`default:control_monitor.histograms`](/reference/special-variables/control_monitor/#defaultcontrol_monitorhistograms) + ### monitorfacility **Description:** Menu option for syslog facility @@ -250,6 +256,8 @@ histograms => "true"; monitorfacility => "LOG_USER"; } +**See also:** [`default:control_monitor.monitorfacility`](/reference/special-variables/control_monitor/#defaultcontrol_monitormonitorfacility) + ### tcpdump **Description:** true/false use tcpdump if found @@ -265,6 +273,10 @@ Interface with TCP stream if possible. tcpdump => "true"; } +**See also:** [`default:control_monitor.tcpdump`](/reference/special-variables/control_monitor/#defaultcontrol_monitortcpdump) + +**History:** Added in CFEngine 3.0.0 + ### tcpdumpcommand **Description:** Path to the tcpdump command on this system @@ -284,3 +296,7 @@ body monitor control tcpdumpcommand => "/usr/sbin/tcpdump -i eth1"; } ``` + +**See also:** [`default:control_monitor.tcpdumpcommand`](/reference/special-variables/control_monitor/#defaultcontrol_monitortcpdumpcommand) + +**History:** Added in CFEngine 3.0.0 diff --git a/content/reference/components/cf-runagent.markdown b/content/reference/components/cf-runagent.markdown index 43d1f6749..fc2721828 100644 --- a/content/reference/components/cf-runagent.markdown +++ b/content/reference/components/cf-runagent.markdown @@ -76,6 +76,8 @@ body runagent control } ``` +**See also:** [`default:control_runagent.hosts`](/reference/special-variables/control_runagent/#defaultcontrol_runagenthosts) + ### port **Description:** Default port for CFEngine server @@ -134,6 +136,9 @@ body copy_from example IPv6 should be harmless to most users unless you have a partially or misconfigured setup. +**See also:** [`default:control_runagent.force_ipv4`](/reference/special-variables/control_runagent/#defaultcontrol_runagentforce_ipv4) +**See also:** [`default:control_runagent.port`](/reference/special-variables/control_runagent/#defaultcontrol_runagentport) + ### trustkey **Description:** true/false automatically accept all keys on trust @@ -168,6 +173,8 @@ body copy_from example } ``` +**See also:** [`default:control_runagent.trustkey`](/reference/special-variables/control_runagent/#defaultcontrol_runagenttrustkey) + ### encrypt **Description:** true/false encrypt connections with servers @@ -190,6 +197,8 @@ body copy_from example } ``` +**See also:** [`default:control_runagent.encrypt`](/reference/special-variables/control_runagent/#defaultcontrol_runagentencrypt) + ### background_children **Description:** true/false parallelize connections to servers @@ -210,6 +219,8 @@ body runagent control } ``` +**See also:** [`default:control_runagent.background_children`](/reference/special-variables/control_runagent/#defaultcontrol_runagentbackground_children) + ### max_children **Description:** Maximum number of simultaneous connections to @@ -237,6 +248,8 @@ body runagent control } ``` +**See also:** [`default:control_runagent.max_children`](/reference/special-variables/control_runagent/#defaultcontrol_runagentmax_children) + ### output_to_file **Description:** true/false whether to send collected output to @@ -258,6 +271,8 @@ body runagent control } ``` +**See also:** [`default:control_runagent.output_to_file`](/reference/special-variables/control_runagent/#defaultcontrol_runagentoutput_to_file) + ### output_directory **Description:** Directory where the output is stored @@ -280,6 +295,8 @@ body runagent control **History:** Was introduced in version 3.2.0, Enterprise 2.1.0 (2011) +**See also:** [`default:control_runagent.output_directory`](/reference/special-variables/control_runagent/#defaultcontrol_runagentoutput_directory) + ### timeout **Description:** Connection timeout in seconds @@ -298,6 +315,7 @@ body runagent control ``` **See also:** [body `copy_from` timeout][files#timeout], [agent `default_timeout`][cf-agent#default_timeout] +**See also:** [`default:control_runagent.timeout`](/reference/special-variables/control_runagent/#defaultcontrol_runagenttimeout) ## Sockets diff --git a/content/reference/components/cf-serverd.markdown b/content/reference/components/cf-serverd.markdown index 9c54847ef..a5572e0ae 100644 --- a/content/reference/components/cf-serverd.markdown +++ b/content/reference/components/cf-serverd.markdown @@ -80,6 +80,10 @@ allowconnects => { }; ``` +**See also:** [`default:control_server.allowconnects`](/reference/special-variables/control_server/#defaultcontrol_serverallowconnects) + +**History:** Added in CFEngine 3.0.0 + ### allowallconnects **Description:** List of IP addresses that may have more than one @@ -112,6 +116,10 @@ allowallconnects => { }; ``` +**See also:** [`default:control_server.allowallconnects`](/reference/special-variables/control_server/#defaultcontrol_serverallowallconnects) + +**History:** Added in CFEngine 3.0.0 + ### allowlegacyconnects **Description:** List of hosts from which the server accepts connections @@ -138,7 +146,9 @@ specify a list of hosts allowed to use the legacy protocol. {{< CFEngine_promise_attribute() >}} -**See also:** [`protocol_version`][Components#protocol_version] +**See also:** [`protocol_version`][Components#protocol_version], [`default:control_server.allowlegacyconnects`](/reference/special-variables/control_server/#defaultcontrol_serverallowlegacyconnects) + +**History:** Added in CFEngine 3.0.0 ### allowciphers @@ -168,7 +178,8 @@ this does not do anything as the classic protocol does not support TLS ciphers. [`allowtlsversion`][cf-serverd#allowtlsversion], [`encrypt`][files#encrypt], [`logencryptedtransfers`][cf-serverd#logencryptedtransfers], -[`ifencrypted`][access#ifencrypted] +[`ifencrypted`][access#ifencrypted], +[`default:control_server.allowciphers`](/reference/special-variables/control_server/#defaultcontrol_serverallowciphers) **History:** Introduced in CFEngine 3.6.0 @@ -199,7 +210,8 @@ this attribute does not do anything. [`allowciphers`][cf-serverd#allowciphers], [`encrypt`][files#encrypt], [`logencryptedtransfers`][cf-serverd#logencryptedtransfers], -[`ifencrypted`][access#ifencrypted] +[`ifencrypted`][access#ifencrypted], +[`default:control_server.allowtlsversion`](/reference/special-variables/control_server/#defaultcontrol_serverallowtlsversion) **History:** Introduced in CFEngine 3.7.0 @@ -222,6 +234,29 @@ correspond to system identities on the server-side system. allowusers => { "cfengine", "root" }; ``` +**See also:** [`default:control_server.allowusers`](/reference/special-variables/control_server/#defaultcontrol_serverallowusers) + +**History:** Added in CFEngine 3.0.0 + +### auditing + +**Description:** The `auditing` menu option policy is a true/false flag to determine whether connections to cf-serverd will be audited. + +**Type:** [`boolean`][boolean] + +**Default value:** false + +**Example:** + +```cf3 +body server control +{ + auditing => "true"; +} +``` + +**See also:** [`default:control_server.auditing`](/reference/special-variables/control_server/#defaultcontrol_serverauditing) + ### bindtointerface **Description:** IP of the interface to which the server should bind @@ -258,6 +293,27 @@ Connection to fe80:470:1d:a2f::2 5308 port [tcp/cfengine] succeeded! ^C ``` +**See also:** [`default:control_server.bindtointerface`](/reference/special-variables/control_server/#defaultcontrol_serverbindtointerface) + +### dynamicaddresses + +**Description:** The `dynamicaddresses` slist contains IP addresses which should be allowed to re-connect from different IP addresses. + +**Type:** `slist` + +**Allowed input range:** (arbitrary string) + +**Example:** + +```cf3 +body server control +{ + dynamicaddresses => { "192.168.1.100", "2001:db8::1" }; +} +``` + +**See also:** [`default:control_server.dynamicaddresses`](/reference/special-variables/control_server/#defaultcontrol_serverdynamicaddresses) + ### cfruncommand **Description:** Path to the cf-agent command or cf-execd wrapper for @@ -384,6 +440,8 @@ bundle server my_access_rules() **Note:** In the [Masterfiles Policy Framework][Masterfiles Policy Framework], `body server control` and default access rules are found in `controls/cf_serverd.cf`. +**See also:** [`default:control_server.call_collect_interval`](/reference/special-variables/control_server/#defaultcontrol_servercall_collect_interval) + **History:** Was introduced in Enterprise 3.0.0 (2012) ### collect_window @@ -401,6 +459,8 @@ open to a hub to attempt a report transfer before it is closed **Default value:** 30. +**See also:** [`default:control_server.collect_window`](/reference/special-variables/control_server/#defaultcontrol_servercollect_window) + **History:** Was introduced in Enterprise 3.0.0 (2012) ### denybadclocks @@ -517,6 +577,10 @@ maxconnections => "1000"; } ``` +**See also:** [`default:control_server.maxconnections`](/reference/special-variables/control_server/#defaultcontrol_servermaxconnections) + +**History:** Added in CFEngine 3.0.0 + ### port **Description:** Default port for the CFEngine server @@ -554,6 +618,10 @@ this could change in the future. Changing the standard port number is not recommended practice. You should not do it without a good reason. +**See also:** [`default:control_server.port`](/reference/special-variables/control_server/#defaultcontrol_serverport) + +**History:** Added in CFEngine 3.0.0 + ### serverfacility **Description:** Menu option for syslog facility level @@ -638,6 +706,29 @@ trustkeysfrom => { "10.0.1.1", "192.168.0.0/16"}; } ``` +**See also:** [`default:control_server.trustkeysfrom`](/reference/special-variables/control_server/#defaultcontrol_servertrustkeysfrom) + +**History:** Added in CFEngine 3.0.0 + +### hostnamekeys + +**Description:** The `hostnamekeys` menu option policy determines whether to label ppkeys by hostname not IP address. This represents a server side choice to base key associations on host names rather than IP address. This is useful for hosts with dynamic addresses. + +**Type:** [`boolean`][boolean] + +**Default value:** false + +**Example:** + +```cf3 +body server control +{ + hostnamekeys => "true"; +} +``` + +**See also:** [`default:control_server.hostnamekeys`](/reference/special-variables/control_server/#defaultcontrol_serverhostnamekeys) + ### listen **Description:** true/false enable server daemon to listen on defined diff --git a/content/reference/special-variables/_index.markdown b/content/reference/special-variables/_index.markdown index 704dc9ec0..27dcc7095 100644 --- a/content/reference/special-variables/_index.markdown +++ b/content/reference/special-variables/_index.markdown @@ -28,6 +28,30 @@ CFEngine includes the following **special variables**: Variables defined for embedding unprintable values or values with special meanings in strings. +- [control_agent][control_agent] + Variables from `body agent control` attributes available as special variables. + +- [control_common][control_common] + Variables from `body common control` attributes available as special variables. + +- [control_executor][control_executor] + Variables from `body executor control` attributes available as special variables. + +- [control_hub][control_hub] + Variables from `body hub control` attributes available as special variables. + +- [control_monitor][control_monitor] + Variables from `body monitor control` attributes available as special variables. + +- [control_runagent][control_runagent] + Variables from `body runagent control` attributes available as special variables. + +- [control_server][control_server] + Variables from `body server control` attributes available as special variables. + +- [def][def] + Variables with some default value that can be defined by [augments file][Augments] or in policy. + - [edit][edit] Variables used to access information about editing promises during their execution. @@ -40,8 +64,5 @@ CFEngine includes the following **special variables**: - [sys][sys] Variables defined in order to automate discovery of system values. -- [def][def] - Variables with some default value that can be defined by [augments file][Augments] or in policy. - - [this][this] Variables used to access information about promises during their execution. diff --git a/content/reference/special-variables/control_agent.markdown b/content/reference/special-variables/control_agent.markdown new file mode 100644 index 000000000..9687ace58 --- /dev/null +++ b/content/reference/special-variables/control_agent.markdown @@ -0,0 +1,212 @@ +--- +layout: default +title: control_agent +aliases: + - "/reference-special-variables-default:control_agent.html" +--- + +Variables in the `default:control_agent` context are automatically created from attributes defined in `body agent control` following the pattern `default:default:control_agent.`. + +### default:control_agent.abortbundleclasses + +Defines a list of regular expressions that match classes which if defined lead to termination of current bundle. If no list is defined, then a default of `abortbundle` is used. + +**See also:** [`abortbundleclasses` in `body agent control`][cf-agent#abortbundleclasses] + +### default:control_agent.abortclasses + +Defines a list of regular expressions that result in cf-agent terminating itself upon definition of a matching class. + +**See also:** [`abortclasses` in `body agent control`][cf-agent#abortclasses] + +### default:control_agent.agentfacility + +Controls the syslog facility used by `cf-agent`. Valid values are `LOG_USER`, `LOG_DAEMON`, `LOG_LOCAL0` through `LOG_LOCAL7`. + +**See also:** [`agentfacility` in `body agent control`][cf-agent#agentfacility] + +### default:control_agent.default_repository + +Defines the default repository for file backups. When this variable is set, backup files will be placed in this location instead of the same directory as the edited file. + +**See also:** [`default_repository` in `body agent control`][cf-agent#default_repository] + +### default:control_agent.files_single_copy + +Specifies a list of regular expressions that when matched will prevent the agent from performing subsequent copy operations on the same file. + +**See also:** [`files_single_copy` in `body agent control`][cf-agent#files_single_copy] + +### default:control_agent.maxconnections + +Controls the maximum number of connections that cf-agent will open simultaneously. + +**See also:** [`maxconnections` in `body agent control`][cf-agent#maxconnections] + +### default:control_agent.timezone + +Defines the timezone setting for the agent. Note that this variable provides the value for policy authors to implement their own timezone-related policy; it does not enforce timezone settings automatically. + +**See also:** [`timezone` in `body agent control`][cf-agent#timezone] + +### default:control_agent.agentaccess + +Contains a list of user names that are allowed to execute cf-agent. + +**See also:** [`agentaccess` in `body agent control`][cf-agent#agentaccess] + +### default:control_agent.allclassesreport + +Determines whether to generate the `allclasses.txt` report. If set to true, the `state/allclasses.txt` file will be written to disk during agent execution. + +**See also:** [`allclassesreport` in `body agent control`][cf-agent#allclassesreport] + +### default:control_agent.alwaysvalidate + +A true/false flag that determines whether configurations will always be checked before executing, or only after updates. When set, `cf-agent` will force a revalidation of the input. + +**See also:** [`alwaysvalidate` in `body agent control`][cf-agent#alwaysvalidate] + +### default:control_agent.bindtointerface + +Describes the interface to be used for outgoing connections. On multi-homed hosts, this defines the IP address of the interface for server traffic. + +**See also:** [`bindtointerface` in `body agent control`][cf-agent#bindtointerface] + +### default:control_agent.checksum_alert_time + +Represents the persistence time for the checksum_alert class. When checksum changes trigger an alert, this value determines the longevity of that class. + +**See also:** [`checksum_alert_time` in `body agent control`][cf-agent#checksum_alert_time] + +### default:control_agent.childlibpath + +Contains the LD_LIBRARY_PATH for child processes. This string sets the internal `LD_LIBRARY_PATH` environment of the agent. + +**See also:** [`childlibpath` in `body agent control`][cf-agent#childlibpath] + +### default:control_agent.copyfrom_restrict_keys + +Restricts `cf-agent` to copying files from hosts that have a key explicitly defined in this list. + +**See also:** [`copyfrom_restrict_keys` in `body agent control`][cf-agent#copyfrom_restrict_keys] + +### default:control_agent.defaultcopytype + +Sets the global default policy for comparing source and image in copy transactions. Possible values include: mtime, atime, ctime, digest, hash, binary. + +**See also:** [`defaultcopytype` in `body agent control`][cf-agent#defaultcopytype] + +### default:control_agent.dryrun + +A boolean flag that if set, makes no changes to the system, and will only report what it needs to do. + +**See also:** [`dryrun` in `body agent control`][cf-agent#dryrun] + +### default:control_agent.editbinaryfilesize + +Represents the limit on maximum binary file size to be edited. This is a global setting for the file-editing safety-net for binary files. + +**See also:** [`editbinaryfilesize` in `body agent control`][cf-agent#editbinaryfilesize] + +### default:control_agent.editfilesize + +The limit on maximum text file size to be edited. This is a global setting for the file-editing safety-net. + +**See also:** [`editfilesize` in `body agent control`][cf-agent#editfilesize] + +### default:control_agent.environment + +Contains environment variables to be inherited by children. This sets the runtime environment of the agent process. + +**See also:** [`environment` in `body agent control`][cf-agent#environment] + +### default:control_agent.files_auto_define + +Contains a list of regular expressions matching filenames. When a file matching one of these regular expressions is copied, classes prefixed with `auto_` are defined. + +**See also:** [`files_auto_define` in `body agent control`][cf-agent#files_auto_define] + +### default:control_agent.hashupdates + +Determines whether stored hashes are updated when change is detected in source. If 'true' the stored reference value is updated as soon as a warning message has been given. + +**See also:** [`hashupdates` in `body agent control`][cf-agent#hashupdates] + +### default:control_agent.inform + +Sets the default output level 'permanently' within the class context indicated. It is equivalent to the command line option '-I'. + +**See also:** [`inform` in `body agent control`][cf-agent#inform] + +### default:control_agent.max_children + +Represents the maximum number of background tasks that should be allowed concurrently. For the agent it represents the number of background jobs allowed concurrently. + +**See also:** [`max_children` in `body agent control`][cf-agent#max_children] + +### default:control_agent.mountfilesystems + +Determines whether to mount any filesystems promised. It issues the generic command to mount file systems defined in the file system table. + +**See also:** [`mountfilesystems` in `body agent control`][cf-agent#mountfilesystems] + +### default:control_agent.nonalphanumfiles + +Determines whether to warn about filenames with no alphanumeric content. This test is applied in all recursive/depth searches. + +**See also:** [`nonalphanumfiles` in `body agent control`][cf-agent#nonalphanumfiles] + +### default:control_agent.refresh_processes + +Contains bundles to reload the process table before verifying the bundles named in this list (lazy evaluation). + +**See also:** [`refresh_processes` in `body agent control`][cf-agent#refresh_processes] + +### default:control_agent.repchar + +Represents a character used to canonize pathnames in the file repository. Default value is `_`. + +**See also:** [`repchar` in `body agent control`][cf-agent#repchar] + +### default:control_agent.report_class_log + +Enables logging of classes set by cf-agent. Each class set by cf-agent will be logged at the end of agent execution. + +**See also:** [`report_class_log` in `body agent control`][cf-agent#report_class_log] + +### default:control_agent.secureinput + +Checks whether input files are writable by unauthorized users. If this is set, the agent will not accept an input file that is not owned by a privileged user. + +**See also:** [`secureinput` in `body agent control`][cf-agent#secureinput] + +### default:control_agent.sensiblecount + +Represents the minimum number of files a mounted filesystem is expected to have. Default value is 2 files. + +**See also:** [`sensiblecount` in `body agent control`][cf-agent#sensiblecount] + +### default:control_agent.sensiblesize + +Represents the minimum number of bytes a mounted filesystem is expected to have. Default value is 1000 bytes. + +**See also:** [`sensiblesize` in `body agent control`][cf-agent#sensiblesize] + +### default:control_agent.skipidentify + +Determines whether to send an IP/name during server connection because address resolution is broken. Causes the agent to ignore its missing DNS credentials. + +**See also:** [`skipidentify` in `body agent control`][cf-agent#skipidentify] + +### default:control_agent.suspiciousnames + +Contains names to skip and warn about if found during any file search. If CFEngine sees these names during recursive (depth) file searches, it will skip them and output a warning message. + +**See also:** [`suspiciousnames` in `body agent control`][cf-agent#suspiciousnames] + +### default:control_agent.verbose + +Determines whether to switch on verbose standard output. It is equivalent to (and when present, overrides) the command line option '-v'. + +**See also:** [`verbose` in `body agent control`][cf-agent#verbose] diff --git a/content/reference/special-variables/control_common.markdown b/content/reference/special-variables/control_common.markdown new file mode 100644 index 000000000..7dbd7ecec --- /dev/null +++ b/content/reference/special-variables/control_common.markdown @@ -0,0 +1,56 @@ +--- +layout: default +title: control_common +aliases: + - "/reference-special-variables-default:control_common.html" +--- + +Variables in the `default:control_common` context are automatically created from attributes defined in `body common control` following the pattern `default:default:control_common.`. + +### default:control_common.bundlesequence + +Allows appending bundles to the end of the default bundlesequence. This makes it possible to extend the execution order without modifying the core policy. + +**See also:** [`bundlesequence` in `body common control`][Components#bundlesequence] + +### default:control_common.ignore_missing_bundles + +Controls whether errors should be ignored when a bundle specified in body common control bundlesequence is not found. Valid values are "true" or "false". + +**See also:** [`ignore_missing_bundles` in `body common control`][Components#ignore_missing_bundles] + +### default:control_common.ignore_missing_inputs + +Controls whether errors should be ignored when a file specified in body common control inputs is not found. Valid values are "true" or "false". + +**See also:** [`ignore_missing_inputs` in `body common control`][Components#ignore_missing_inputs] + +### default:control_common.lastseenexpireafter + +Configures the number of minutes after which last-seen entries in `cf_lastseen.lmdb` are purged. The default value is typically 1 week (10080 minutes). + +**See also:** [`lastseenexpireafter` in `body common control`][Components#lastseenexpireafter] + +### default:control_common.protocol_version + +Restricts the protocol to a specified version instead of negotiating the newest protocol available. Valid values include "1", "classic", "2", "tls", "3", "cookie", "4", "filestream", "latest". + +**See also:** [`protocol_version` in `body common control`][Components#protocol_version] + +### default:control_common.system_log_level + +Controls the minimum log level required for log messages to go to the system log (e.g. syslog, Windows Event Log). Valid values are "critical", "error", "warning", "notice", "info". + +**See also:** [`system_log_level` in `body common control`][Components#system_log_level] + +### default:control_common.tls_ciphers + +Specifies the ciphers that should be used for outgoing connections by cf-agent. + +**See also:** [`tls_ciphers` in `body common control`][Components#tls_ciphers] + +### default:control_common.tls_min_version + +Specifies the minimum TLS version that should be used for outgoing connections by cf-agent. + +**See also:** [`tls_min_version` in `body common control`][Components#tls_min_version] diff --git a/content/reference/special-variables/control_executor.markdown b/content/reference/special-variables/control_executor.markdown new file mode 100644 index 000000000..9d1f4c56f --- /dev/null +++ b/content/reference/special-variables/control_executor.markdown @@ -0,0 +1,86 @@ +--- +layout: default +title: control_executor +aliases: + - "/reference-special-variables-default:control_executor.html" +--- + +Variables in the `default:control_executor` context are automatically created from attributes defined in `body executor control` following the pattern `default:default:control_executor.`. + +### default:control_executor.agent_expireafter + +Controls the number of minutes after no data has been received by cf-execd from a cf-agent process before that cf-agent process is killed. + +**See also:** [`agent_expireafter` in `body executor control`][cf-execd#agent_expireafter] + +### default:control_executor.exec_command + +Defines the command that cf-execd runs when the schedule criteria are met. This is typically the command to run cf-agent. + +**See also:** [`exec_command` in `body executor control`][cf-execd#exec_command] + +### default:control_executor.mailfrom + +Specifies the email address that cf-execd uses as the sender when sending email notifications. + +**See also:** [`mailfrom` in `body executor control`][cf-execd#mailfrom] + +### default:control_executor.mailfilter_exclude + +Defines a list of regular expressions that match lines to be excluded from emails sent by cf-execd. + +**See also:** [`mailfilter_exclude` in `body executor control`][cf-execd#mailfilter_exclude] + +### default:control_executor.mailfilter_include + +Defines a list of regular expressions that match lines to be included in emails sent by cf-execd. + +**See also:** [`mailfilter_include` in `body executor control`][cf-execd#mailfilter_include] + +### default:control_executor.mailmaxlines + +Controls the maximum number of lines of output that cf-execd will email when sending notifications. + +**See also:** [`mailmaxlines` in `body executor control`][cf-execd#mailmaxlines] + +### default:control_executor.mailsubject + +Controls the subject of emails sent by cf-execd when output differs from the previous execution. + +**See also:** [`mailsubject` in `body executor control`][cf-execd#mailsubject] + +### default:control_executor.splaytime + +Defines the maximum number of minutes cf-execd should wait before executing exec_command, allowing for distribution of load over time. + +**See also:** [`splaytime` in `body executor control`][cf-execd#splaytime] + +### default:control_executor.runagent_socket_allow_users + +On Enterprise hubs, defines a list of users who should be allowed access to cf-execd runagent sockets. + +**See also:** [`runagent_socket_allow_users` in `body executor control`][cf-execd#runagent_socket_allow_users] + +### default:control_executor.executorfacility + +Menu option for syslog facility level. Valid values are LOG_USER, LOG_DAEMON, LOG_LOCAL0 through LOG_LOCAL7. See the syslog manual pages for more information. + +**See also:** [`executorfacility` in `body executor control`][cf-execd#executorfacility] + +### default:control_executor.mailto + +Email-address CFEngine mail is sent to. The address to whom email is sent if an smtp host is configured. + +**See also:** [`mailto` in `body executor control`][cf-execd#mailto] + +### default:control_executor.schedule + +The class schedule used by cf-execd for activating cf-agent. The list should contain class expressions comprised of classes which are visible to the `cf-execd` daemon. In principle, any defined class expression will cause the daemon to wake up and schedule the execution of the `cf-agent`. In practice, the classes listed in the list are usually date- and time-based. + +**See also:** [`schedule` in `body executor control`][cf-execd#schedule] + +### default:control_executor.smtpserver + +Name or IP of a willing smtp server for sending email. This should point to a standard port 25 server without encryption. If you are running secured or encrypted email then you should run a mail relay on localhost and point this to localhost. + +**See also:** [`smtpserver` in `body executor control`][cf-execd#smtpserver] diff --git a/content/reference/special-variables/control_hub.markdown b/content/reference/special-variables/control_hub.markdown new file mode 100644 index 000000000..8be0f368b --- /dev/null +++ b/content/reference/special-variables/control_hub.markdown @@ -0,0 +1,38 @@ +--- +layout: default +title: control_hub +aliases: + - "/reference-special-variables-default:control_hub.html" +--- + +Variables in the `default:control_hub` context are automatically created from attributes defined in `body hub control` following the pattern `default:default:control_hub.`. + +### default:control_hub.exclude_hosts + +Defines a list of hosts or network ranges to exclude from hub-initiated report collection. This is useful for excluding community agents, hosts behind NAT, or hosts using client-initiated reporting. + +**See also:** [`exclude_hosts` in `body hub control`][cf-hub#exclude_hosts] + +### default:control_hub.hub_schedule + +Specifies the schedule for Enterprise hub-initiated pull collection as a list of classes that should trigger collection when defined. + +**See also:** [`hub_schedule` in `body hub control`][cf-hub#hub_schedule] + +### default:control_hub.port + +Defines the port on which cf-hub listens for connections for report collection. + +**See also:** [`port` in `body hub control`][cf-hub#port] + +### default:control_hub.query_timeout + +Configures the timeout (in seconds) for cf-hub outgoing connections. A value of "0" uses the binary default. + +**See also:** [`query_timeout` in `body hub control`][cf-hub#query_timeout] + +### default:control_hub.client_history_timeout + +Controls the maximum age (in hours) of old reports that cf-hub will collect from clients. This prevents a build-up of reports that could cause a condition where the client is never able to send all reports within the collection window. + +**See also:** [`client_history_timeout` in `body hub control`][cf-hub#client_history_timeout] diff --git a/content/reference/special-variables/control_monitor.markdown b/content/reference/special-variables/control_monitor.markdown new file mode 100644 index 000000000..2aa53d8e5 --- /dev/null +++ b/content/reference/special-variables/control_monitor.markdown @@ -0,0 +1,38 @@ +--- +layout: default +title: control_monitor +aliases: + - "/reference-special-variables-default:control_monitor.html" +--- + +Variables in the `default:control_monitor` context are automatically created from attributes defined in `body monitor control` following the pattern `default:default:control_monitor.`. + +### default:control_monitor.forgetrate + +Controls the rate at which cf-monitord forgets historical monitoring data. A value between 0 and 1 determines how quickly older observations decay in significance. + +**See also:** [`forgetrate` in `body monitor control`][cf-monitord#forgetrate] + +### default:control_monitor.histograms + +Determines whether cf-monitord should generate histograms for monitoring data. Setting this to true enables histogram-based data collection. + +**See also:** [`histograms` in `body monitor control`][cf-monitord#histograms] + +### default:control_monitor.monitorfacility + +Controls the syslog facility level used by cf-monitord. Valid values are LOG_USER, LOG_DAEMON, LOG_LOCAL0 through LOG_LOCAL7. + +**See also:** [`monitorfacility` in `body monitor control`][cf-monitord#monitorfacility] + +### default:control_monitor.tcpdump + +Enables or disables tcpdump-based network monitoring in cf-monitord. + +**See also:** [`tcpdump` in `body monitor control`][cf-monitord#tcpdump] + +### default:control_monitor.tcpdumpcommand + +Specifies the command used for tcpdump-based network monitoring when tcpdump is enabled. + +**See also:** [`tcpdumpcommand` in `body monitor control`][cf-monitord#tcpdumpcommand] diff --git a/content/reference/special-variables/control_runagent.markdown b/content/reference/special-variables/control_runagent.markdown new file mode 100644 index 000000000..ab620bc1d --- /dev/null +++ b/content/reference/special-variables/control_runagent.markdown @@ -0,0 +1,68 @@ +--- +layout: default +title: control_runagent +aliases: + - "/reference-special-variables-default:control_runagent.html" +--- + +Variables in the `default:control_runagent` context are automatically created from attributes defined in `body runagent control` following the pattern `default:default:control_runagent.`. + +### default:control_runagent.background_children + +Controls whether child processes spawned by cf-runagent should run in the background. + +**See also:** [`background_children` in `body runagent control`][cf-runagent#background_children] + +### default:control_runagent.encrypt + +Controls whether communication between cf-runagent and remote hosts should be encrypted. + +**See also:** [`encrypt` in `body runagent control`][cf-runagent#encrypt] + +### default:control_runagent.force_ipv4 + +Forces cf-runagent to use IPv4 connections even when IPv6 is available. + +**See also:** [`force_ipv4` in `body runagent control`][cf-runagent#force_ipv4] + +### default:control_runagent.hosts + +Defines a list of hosts that cf-runagent will attempt to connect to for remote execution. + +**See also:** [`hosts` in `body runagent control`][cf-runagent#hosts] + +### default:control_runagent.max_children + +Controls the maximum number of concurrent child processes that cf-runagent will spawn. + +**See also:** [`max_children` in `body runagent control`][cf-runagent#max_children] + +### default:control_runagent.output_directory + +Specifies the directory where output files from remote executions should be stored when output_to_file is enabled. + +**See also:** [`output_directory` in `body runagent control`][cf-runagent#output_directory] + +### default:control_runagent.output_to_file + +Controls whether output from remote executions should be saved to files rather than displayed on the console. + +**See also:** [`output_to_file` in `body runagent control`][cf-runagent#output_to_file] + +### default:control_runagent.port + +Defines the port number that cf-runagent uses for connections to remote hosts. + +**See also:** [`port` in `body runagent control`][cf-runagent#port] + +### default:control_runagent.timeout + +Sets the timeout (in seconds) for connections to remote hosts. Connections that exceed this timeout will be terminated. + +**See also:** [`timeout` in `body runagent control`][cf-runagent#timeout] + +### default:control_runagent.trustkey + +Controls whether cf-runagent should automatically trust new keys from remote hosts during the connection process. + +**See also:** [`trustkey` in `body runagent control`][cf-runagent#trustkey] diff --git a/content/reference/special-variables/control_server.markdown b/content/reference/special-variables/control_server.markdown new file mode 100644 index 000000000..37cd7f609 --- /dev/null +++ b/content/reference/special-variables/control_server.markdown @@ -0,0 +1,146 @@ +--- +layout: default +title: control_server +aliases: + - "/reference-special-variables-default:control_server.html" +--- + +Variables in the `default:control_server` context are automatically created from attributes defined in `body server control` following the pattern `default:default:control_server.`. + +### default:control_server.allowallconnects + +Defines a list of IP addresses or subnets that are allowed to have more than one connection to cf-serverd simultaneously. + +**See also:** [allowallconnects in body server control][cf-serverd#Control promises] + +### default:control_server.allowconnects + +Defines a list of IP addresses or subnets which restricts hosts that are allowed to connect to cf-serverd. This is the first layer of access control in cf-serverd. + +**See also:** [allowconnects in body server control][cf-serverd#Control promises] + +### default:control_server.allowciphers + +Specifies the ciphers that cf-serverd is allowed to use for better security. + +**See also:** [allowciphers in body server control][cf-serverd#Control promises] + +### default:control_server.allowlegacyconnects + +Defines a list of networks that are allowed to connect using the classic/legacy protocol (for clients using protocol versions prior to 3.7.0). + +**See also:** [allowlegacyconnects in body server control][cf-serverd#Control promises] + +### default:control_server.allowtlsversion + +Specifies the minimum TLS version that cf-serverd will accept for connections. + +**See also:** [allowtlsversion in body server control][cf-serverd#Control promises] + +### default:control_server.call_collect_interval + +Configures the interval (in minutes) at which agents will try to report their data to the hub in client initiated reporting mode. + +**See also:** [call_collect_interval in body server control][cf-serverd#Control promises] + +### default:control_server.collect_window + +Controls how long (in seconds) cf-serverd holds an open connection for client initiated reporting. After this time, the connection is closed. + +**See also:** [collect_window in body server control][cf-serverd#Control promises] + +### default:control_server.maxconnections + +Configures the maximum number of connections allowed by cf-serverd. Should be set greater than the number of hosts bootstrapped. + +**See also:** [maxconnections in body server control][cf-serverd#Control promises] + +### default:control_server.port + +Defines the port on which cf-serverd listens for connections. + +**See also:** [port in body server control][cf-serverd#Control promises] + +### default:control_server.allowusers + +Contains a list of usernames who may execute requests from this server. + +**See also:** [`allowusers` in `body server control`][cf-serverd#allowusers] + +### default:control_server.auditing + +A true/false flag to determine whether connections to cf-serverd will be audited. Type: option (boolean). Allowed values: true,false,yes,no,on,off. + +**See also:** [`auditing` in `body server control`][cf-serverd#auditing] + +### default:control_server.bindtointerface + +IP of the interface to which the server should bind on multi-homed hosts. Type: string. Allowed range: (empty). + +**See also:** [`bindtointerface` in `body server control`][cf-serverd#bindtointerface] + +### default:control_server.cfruncommand + +Specifies the command used by cf-runagent to execute cf-agent. Type: string. Allowed range: .+. + +**See also:** [`cfruncommand` in `body server control`][cf-serverd#cfruncommand] + +### default:control_server.denybadclocks + +Controls whether hosts with clocks that are out of sync may connect to the server. Type: option (boolean). Allowed values: true,false,yes,no,on,off. + +**See also:** [`denybadclocks` in `body server control`][cf-serverd#denybadclocks] + +### default:control_server.denyconnects + +Contains a list of IP addresses or subnets that are not allowed to connect to cf-serverd. Type: slist. Allowed range: (empty). + +**See also:** [`denyconnects` in `body server control`][cf-serverd#denyconnects] + +### default:control_server.dynamicaddresses + +Contains IP addresses which should be allowed to re-connect from different IP addresses. Type: slist. Allowed range: (empty). + +**See also:** [`dynamicaddresses` in `body server control`][cf-serverd#dynamicaddresses] + +### default:control_server.hostnamekeys + +Determines whether to label ppkeys by hostname not IP address. This represents a server side choice to base key associations on host names rather than IP address. Type: option (boolean). Allowed values: true,false,yes,no,on,off. + +**See also:** [`hostnamekeys` in `body server control`][cf-serverd#hostnamekeys] + +### default:control_server.listen + +Enables server daemon to listen on defined port. Type: option (boolean). Allowed values: true,false,yes,no,on,off. + +**See also:** [`listen` in `body server control`][cf-serverd#listen] + +### default:control_server.logallconnections + +Controls whether to log all connections to cf-serverd. Type: option (boolean). Allowed values: true,false,yes,no,on,off. + +**See also:** [`logallconnections` in `body server control`][cf-serverd#logallconnections] + +### default:control_server.logencryptedtransfers + +Controls whether to log encrypted file transfers. Type: option (boolean). Allowed values: true,false,yes,no,on,off. + +**See also:** [`logencryptedtransfers` in `body server control`][cf-serverd#logencryptedtransfers] + +### default:control_server.serverfacility + +Controls the syslog facility used by `cf-serverd`. Valid values are `LOG_USER`, `LOG_DAEMON`, `LOG_LOCAL0` through `LOG_LOCAL7`. + +**See also:** [`serverfacility` in `body server control`][cf-serverd#serverfacility] + +### default:control_server.skipverify + +Contains a list of IP addresses or subnets from which to skip verification of source IP address. Type: slist. Allowed range: (empty). + +**See also:** [`skipverify` in `body server control`][cf-serverd#skipverify] + +### default:control_server.trustkeysfrom + +Contains a list of IP addresses or subnets from which keys will be trusted automatically. Type: slist. Allowed range: (empty). + +**See also:** [`trustkeysfrom` in `body server control`][cf-serverd#trustkeysfrom]