diff --git a/content/examples/example-snippets/aborting_execution.cf b/content/examples/example-snippets/aborting_execution.cf index 55ae1c064..da9b6a2c9 100644 --- a/content/examples/example-snippets/aborting_execution.cf +++ b/content/examples/example-snippets/aborting_execution.cf @@ -1,34 +1,33 @@ body common control { - bundlesequence => { "testbundle" }; - version => "1.2.3"; + bundlesequence => { "testbundle" }; + version => "1.2.3"; } ########################################### - body agent control { - abortbundleclasses => { "invalid.Hr16" }; + abortbundleclasses => { "invalid.Hr16" }; } ########################################### - bundle agent testbundle { vars: - "userlist" slist => { "xyz", "mark", "jeang", "jonhenrik", "thomas", "eben" }; + "userlist" + slist => { "xyz", "mark", "jeang", "jonhenrik", "thomas", "eben" }; methods: - "any" usebundle => subtest("$(userlist)"); + "any" usebundle => subtest("$(userlist)"); } ########################################### - bundle agent subtest(user) { classes: - "invalid" not => regcmp("[a-z][a-z][a-z][a-z]","$(user)"); + "invalid" not => regcmp("[a-z][a-z][a-z][a-z]", "$(user)"); reports: !invalid:: "User name $(user) is valid at 4 letters"; + invalid:: "User name $(user) is invalid"; } diff --git a/content/examples/example-snippets/acl_file_example.cf b/content/examples/example-snippets/acl_file_example.cf index 073b3c55b..857500f74 100644 --- a/content/examples/example-snippets/acl_file_example.cf +++ b/content/examples/example-snippets/acl_file_example.cf @@ -1,38 +1,35 @@ body common control { - bundlesequence => { "acls" }; + bundlesequence => { "acls" }; } ######################################### - bundle agent acls { files: - "/media/flash/acl/test_dir" - + "/media/flash/acl/test_dir" depth_search => include_base, acl => template; } ######################################### - body acl template { - acl_method => "overwrite"; - acl_type => "posix"; - acl_directory_inherit => "parent"; - aces => { "user:*:r(wwx),-r:allow", "group:*:+rw:allow", "mask:x:allow", "all:r"}; + acl_method => "overwrite"; + acl_type => "posix"; + acl_directory_inherit => "parent"; + aces => { + "user:*:r(wwx),-r:allow", "group:*:+rw:allow", "mask:x:allow", "all:r" + }; } ######################################### - body acl win { - acl_method => "overwrite"; - acl_type => "ntfs"; - acl_directory_inherit => "nochange"; - aces => { "user:Administrator:rw", "group:Bad:rwx(Dpo):deny" }; + acl_method => "overwrite"; + acl_type => "ntfs"; + acl_directory_inherit => "nochange"; + aces => { "user:Administrator:rw", "group:Bad:rwx(Dpo):deny" }; } ######################################### - body depth_search include_base { - include_basedir => "true"; + include_basedir => "true"; } diff --git a/content/examples/example-snippets/acl_generic_example.cf b/content/examples/example-snippets/acl_generic_example.cf index d6ba77471..192ce2334 100644 --- a/content/examples/example-snippets/acl_generic_example.cf +++ b/content/examples/example-snippets/acl_generic_example.cf @@ -1,27 +1,23 @@ body common control { - bundlesequence => { "acls" }; + bundlesequence => { "acls" }; } ######################################### - bundle agent acls { files: - "/media/flash/acl/test_dir" - + "/media/flash/acl/test_dir" depth_search => include_base, acl => test; } ######################################### - body acl test { - acl_type => "generic"; - aces => {"user:bob:rwx", "group:staff:rx", "all:r"}; + acl_type => "generic"; + aces => { "user:bob:rwx", "group:staff:rx", "all:r" }; } ######################################### - body depth_search include_base { - include_basedir => "true"; + include_basedir => "true"; } diff --git a/content/examples/example-snippets/acl_secret_example.cf b/content/examples/example-snippets/acl_secret_example.cf index 6cd322b2d..2ca3ffe26 100644 --- a/content/examples/example-snippets/acl_secret_example.cf +++ b/content/examples/example-snippets/acl_secret_example.cf @@ -1,28 +1,25 @@ body common control { - bundlesequence => { "acls" }; + bundlesequence => { "acls" }; } ######################################### - bundle agent acls { files: windows:: "c:\Secret" - acl => win, - depth_search => include_base, - comment => "Secure the secret directory from unauthorized access"; + acl => win, + depth_search => include_base, + comment => "Secure the secret directory from unauthorized access"; } ######################################### - body acl win { - acl_method => "overwrite"; - aces => { "user:Administrator:rwx" }; + acl_method => "overwrite"; + aces => { "user:Administrator:rwx" }; } ######################################### - body depth_search include_base { - include_basedir => "true"; + include_basedir => "true"; } diff --git a/content/examples/example-snippets/active_directory_example.cf b/content/examples/example-snippets/active_directory_example.cf index 316e9732a..e3d277624 100644 --- a/content/examples/example-snippets/active_directory_example.cf +++ b/content/examples/example-snippets/active_directory_example.cf @@ -7,40 +7,43 @@ # to the resources we want to read. # ######################################################################### - bundle agent active_directory { vars: - # NOTE: Edit this to your domain, e.g. "corp", may also need more DC's after it - "domain_name" string => "cftesting"; - "user_name" string => "Guest"; - - - # NOTE: We can also extract data from remote Domain Controllers + # NOTE: Edit this to your domain, e.g. "corp", may also need more DC's after it + "domain_name" string => "cftesting"; + "user_name" string => "Guest"; + # NOTE: We can also extract data from remote Domain Controllers dummy.DomainController:: - "domain_controller" string => "localhost"; + "domain_controller" string => "localhost"; + + "userlist" + slist => ldaplist( + "ldap://$(domain_controller)", + "CN=Users,DC=$(domain_name),DC=com", + "(objectClass=user)", + "sAMAccountName", + "subtree", + "none" + ); - "userlist" slist => ldaplist( - "ldap://$(domain_controller)", - "CN=Users,DC=$(domain_name),DC=com", - "(objectClass=user)", - "sAMAccountName", - "subtree", - "none"); classes: dummy.DomainController:: - "gotuser" expression => ldaparray( - "userinfo", - "ldap://$(domain_controller)", - "CN=$(user_name),CN=Users,DC=$(domain_name),DC=com", - "(name=*)", - "subtree", - "none"); + "gotuser" + expression => ldaparray( + "userinfo", + "ldap://$(domain_controller)", + "CN=$(user_name),CN=Users,DC=$(domain_name),DC=com", + "(name=*)", + "subtree", + "none" + ); reports: dummy.DomainController:: 'Username is "$(userlist)"'; + dummy.gotuser:: "Got user data; $(userinfo[name]) has logged on $(userinfo[logonCount]) times"; } diff --git a/content/examples/example-snippets/active_directory_show_users_example.cf b/content/examples/example-snippets/active_directory_show_users_example.cf index 3069a4451..d974dad27 100644 --- a/content/examples/example-snippets/active_directory_show_users_example.cf +++ b/content/examples/example-snippets/active_directory_show_users_example.cf @@ -2,20 +2,23 @@ # Note: Anonymous LDAP binding must be allowed, and the Anonymous user # must have read access to CN=Users and CN=theusername # Run the agent in verbose mode to see the data - bundle agent ldap { classes: - "gotdata" expression => ldaparray( - "myarray", - "ldap://cf-win2003", - "CN=Test Pilot,CN=Users,DC=domain,DC=cf-win2003", - "(name=*)", - "subtree", - "none"); + "gotdata" + expression => ldaparray( + "myarray", + "ldap://cf-win2003", + "CN=Test Pilot,CN=Users,DC=domain,DC=cf-win2003", + "(name=*)", + "subtree", + "none" + ); + reports: gotdata:: "Got user data"; + !gotdata:: "Did not get user data"; } diff --git a/content/examples/example-snippets/active_list_users_directory_example.cf b/content/examples/example-snippets/active_list_users_directory_example.cf index 3336f9310..8795a89af 100644 --- a/content/examples/example-snippets/active_list_users_directory_example.cf +++ b/content/examples/example-snippets/active_list_users_directory_example.cf @@ -1,17 +1,19 @@ # List users from Active Directory through LDAP # Note: Anonymous LDAP binding must be allowed, and the Anonymous user # must have read access to CN=Users - bundle agent ldap { vars: - "userlist" slist => ldaplist( - "ldap://cf-win2003", - "CN=Users,DC=domain,DC=cf-win2003", - "(objectClass=user)", - "sAMAccountName", - "subtree", - "none"); + "userlist" + slist => ldaplist( + "ldap://cf-win2003", + "CN=Users,DC=domain,DC=cf-win2003", + "(objectClass=user)", + "sAMAccountName", + "subtree", + "none" + ); + reports: - 'Username: "$(userlist)"'; + 'Username: "$(userlist)"'; } diff --git a/content/examples/example-snippets/add_lines_to_a_file.cf b/content/examples/example-snippets/add_lines_to_a_file.cf index 6247cb163..aba05707e 100644 --- a/content/examples/example-snippets/add_lines_to_a_file.cf +++ b/content/examples/example-snippets/add_lines_to_a_file.cf @@ -1,15 +1,14 @@ body common control { - any:: - bundlesequence => { "insert" }; + any:: + bundlesequence => { "insert" }; } ####################################################### - bundle agent insert { vars: - "lines" string => - " + "lines" + string => " One potato Two potato Three potatoe @@ -17,7 +16,7 @@ bundle agent insert "; files: - "/tmp/test_insert" + "/tmp/test_insert" create => "true", edit_line => append_if_no_line("$(insert.lines)"); } diff --git a/content/examples/example-snippets/add_lines_to_a_file_1.cf b/content/examples/example-snippets/add_lines_to_a_file_1.cf index 090b51bba..bee05b124 100644 --- a/content/examples/example-snippets/add_lines_to_a_file_1.cf +++ b/content/examples/example-snippets/add_lines_to_a_file_1.cf @@ -1,18 +1,16 @@ body common control { - any:: - bundlesequence => { "insert" }; + any:: + bundlesequence => { "insert" }; } ####################################################### - bundle agent insert { vars: - "lines" slist => { "One potato", "Two potato", - "Three potatoe", "Four" }; + "lines" slist => { "One potato", "Two potato", "Three potatoe", "Four" }; files: - "/tmp/test_insert" + "/tmp/test_insert" create => "true", edit_line => append_if_no_line("@(insert.lines)"); } diff --git a/content/examples/example-snippets/add_software_packages_to_the_system.cf b/content/examples/example-snippets/add_software_packages_to_the_system.cf index 147ed5976..02d4891da 100644 --- a/content/examples/example-snippets/add_software_packages_to_the_system.cf +++ b/content/examples/example-snippets/add_software_packages_to_the_system.cf @@ -1,36 +1,28 @@ -# # Package management -# - body common control { - inputs => { "$(sys.libdir)/packages.cf" } - bundlesequence => { "packages" }; + inputs => { "$(sys.libdir)/packages.cf" } + bundlesequence => { "packages" }; } ############################################# - bundle agent packages { vars: - "match_package" slist => { - "apache2", - "apache2-mod_php5", - "apache2-prefork", - "php5" - }; + "match_package" + slist => { "apache2", "apache2-mod_php5", "apache2-prefork", "php5" }; packages: solaris:: "$(match_package)" - package_policy => "add", - package_method => solaris; + package_policy => "add", + package_method => solaris; redhat|SuSE:: "$(match_package)" - package_policy => "add", - package_method => yum_rpm; + package_policy => "add", + package_method => yum_rpm; methods: - # equivalent in 3.6, no OS choices - "" usebundle => ensure_present($(match_package)); + # equivalent in 3.6, no OS choices + "" usebundle => ensure_present($(match_package)); } diff --git a/content/examples/example-snippets/add_users.cf b/content/examples/example-snippets/add_users.cf index b48da1516..72302f391 100644 --- a/content/examples/example-snippets/add_users.cf +++ b/content/examples/example-snippets/add_users.cf @@ -1,35 +1,26 @@ bundle agent addusers { vars: - - # Add some users - - - "pw[mark]" string => "mark:x:1000:100:Mark Burgess:/home/mark:/bin/bash"; - "pw[fred]" string => "fred:x:1001:100:Right Said:/home/fred:/bin/bash"; - "pw[jane]" string => "jane:x:1002:100:Jane Doe:/home/jane:/bin/bash"; - - "users" slist => getindices("pw"); + # Add some users + "pw[mark]" string => "mark:x:1000:100:Mark Burgess:/home/mark:/bin/bash"; + "pw[fred]" string => "fred:x:1001:100:Right Said:/home/fred:/bin/bash"; + "pw[jane]" string => "jane:x:1002:100:Jane Doe:/home/jane:/bin/bash"; + "users" slist => getindices("pw"); files: + "/etc/passwd" edit_line => append_users_starting("addusers.pw"); - "/etc/passwd" - edit_line => append_users_starting("addusers.pw"); - - # "/etc/shadow" - - # edit_line => append_users_starting("$(users):defaultpasswd:::::::"); - - - "/etc/group" - edit_line => append_user_field("users","4","@(addusers.users)"); - - "/home/$(users)/." + # "/etc/shadow" + # edit_line => append_users_starting("$(users):defaultpasswd:::::::"); + "/etc/group" + edit_line => append_user_field("users", "4", "@(addusers.users)"); + "/home/$(users)/." create => "true", - perms => mog("755","$(users)","users"); - - # equivalent to ALL of the above in 3.6 (see documentation) + perms => mog("755", "$(users)", "users"); + # equivalent to ALL of the above in 3.6 (see documentation) users: - "$(users)" policy => "present", shell => "/bin/bash"; + "$(users)" + policy => "present", + shell => "/bin/bash"; } diff --git a/content/examples/example-snippets/add_users_1.cf b/content/examples/example-snippets/add_users_1.cf index adad60c90..cf4f81c22 100644 --- a/content/examples/example-snippets/add_users_1.cf +++ b/content/examples/example-snippets/add_users_1.cf @@ -1,39 +1,27 @@ bundle agent addusers { vars: - - # Add some users - - - "pw[mark]" string => "mark:x:1000:100:Mark Burgess:/home/mark:/bin/bash"; - "pw[fred]" string => "fred:x:1001:100:Right Said:/home/fred:/bin/bash"; - "pw[jane]" string => "jane:x:1002:100:Jane Doe:/home/jane:/bin/bash"; - - "users" slist => getindices("pw"); + # Add some users + "pw[mark]" string => "mark:x:1000:100:Mark Burgess:/home/mark:/bin/bash"; + "pw[fred]" string => "fred:x:1001:100:Right Said:/home/fred:/bin/bash"; + "pw[jane]" string => "jane:x:1002:100:Jane Doe:/home/jane:/bin/bash"; + "users" slist => getindices("pw"); methods: - - "any" usebundle => user_add("$(users)","$(pw[$(users)])"); - + "any" usebundle => user_add("$(users)", "$(pw[$(users)])"); } -bundle agent user_add(x,pw) +bundle agent user_add(x, pw) { files: + "/etc/passwd" edit_line => append_users_starting("addusers.pw"); - "/etc/passwd" - edit_line => append_users_starting("addusers.pw"); - - # "/etc/shadow" - - # edit_line => append_users_starting("$(users):defaultpasswd:::::::"); - - - "/etc/group" - edit_line => append_user_field("users","4","@(addusers.users)"); - - "/home/$(users)/." + # "/etc/shadow" + # edit_line => append_users_starting("$(users):defaultpasswd:::::::"); + "/etc/group" + edit_line => append_user_field("users", "4", "@(addusers.users)"); + "/home/$(users)/." create => "true", - perms => mog("755","$(users)","users"); + perms => mog("755", "$(users)", "users"); } diff --git a/content/examples/example-snippets/add_users_to_passwd_and_group.cf b/content/examples/example-snippets/add_users_to_passwd_and_group.cf index 3af119fec..2e519621f 100644 --- a/content/examples/example-snippets/add_users_to_passwd_and_group.cf +++ b/content/examples/example-snippets/add_users_to_passwd_and_group.cf @@ -1,25 +1,23 @@ body common control { - bundlesequence => { "addpasswd" }; - inputs => { "cf_std_library.cf" }; + bundlesequence => { "addpasswd" }; + inputs => { "cf_std_library.cf" }; } bundle agent addpasswd { vars: - # want to set these values by the names of their array keys - - "pwd[mark]" string => "mark:x:1000:100:Mark Burgess:/home/mark:/bin/bash"; - "pwd[fred]" string => "fred:x:1001:100:Right Said:/home/fred:/bin/bash"; - "pwd[jane]" string => "jane:x:1002:100:Jane Doe:/home/jane:/bin/bash"; - - "users" slist => getindices("pwd"); + # want to set these values by the names of their array keys + "pwd[mark]" string => "mark:x:1000:100:Mark Burgess:/home/mark:/bin/bash"; + "pwd[fred]" string => "fred:x:1001:100:Right Said:/home/fred:/bin/bash"; + "pwd[jane]" string => "jane:x:1002:100:Jane Doe:/home/jane:/bin/bash"; + "users" slist => getindices("pwd"); files: - "/etc/passwd" + "/etc/passwd" create => "true", edit_line => append_users_starting("addpasswd.pwd"); - "/etc/group" - edit_line => append_user_field("users","4","@(addpasswd.users)"); + "/etc/group" + edit_line => append_user_field("users", "4", "@(addpasswd.users)"); } diff --git a/content/examples/example-snippets/add_variable_definitions_to_a_file.cf b/content/examples/example-snippets/add_variable_definitions_to_a_file.cf index ddfc95e50..f3ad36cb1 100644 --- a/content/examples/example-snippets/add_variable_definitions_to_a_file.cf +++ b/content/examples/example-snippets/add_variable_definitions_to_a_file.cf @@ -1,29 +1,19 @@ body common control { - bundlesequence => { "setvars" }; - inputs => { "cf_std_library.cf" }; + bundlesequence => { "setvars" }; + inputs => { "cf_std_library.cf" }; } - bundle agent setvars { vars: - - # want to set these values by the names of their array keys - - - "rhs[lhs1]" string => " Mary had a little pig"; - "rhs[lhs2]" string => "Whose Fleece was white as snow"; - "rhs[lhs3]" string => "And everywhere that Mary went"; - - # oops, now change pig -> lamb - - + # want to set these values by the names of their array keys + "rhs[lhs1]" string => " Mary had a little pig"; + "rhs[lhs2]" string => "Whose Fleece was white as snow"; + "rhs[lhs3]" string => "And everywhere that Mary went"; + # oops, now change pig -> lamb files: - - "/tmp/system" - + "/tmp/system" create => "true", edit_line => set_variable_values("setvars.rhs"); - } diff --git a/content/examples/example-snippets/add_variable_definitions_to_a_file_1.cf b/content/examples/example-snippets/add_variable_definitions_to_a_file_1.cf index 634f1dc5c..0a2c622ed 100644 --- a/content/examples/example-snippets/add_variable_definitions_to_a_file_1.cf +++ b/content/examples/example-snippets/add_variable_definitions_to_a_file_1.cf @@ -1,29 +1,19 @@ body common control { - bundlesequence => { "setvars" }; - inputs => { "cf_std_library.cf" }; + bundlesequence => { "setvars" }; + inputs => { "cf_std_library.cf" }; } - bundle agent setvars { vars: - - # want to set these values by the names of their array keys - - - "rhs[net/ipv4/tcp_syncookies]" string => "1"; - "rhs[net/ipv4/icmp_echo_ignore_broadcasts]" string => "1"; - "rhs[net/ipv4/ip_forward]" string => "1"; - - # oops, now change pig -> lamb - - + # want to set these values by the names of their array keys + "rhs[net/ipv4/tcp_syncookies]" string => "1"; + "rhs[net/ipv4/icmp_echo_ignore_broadcasts]" string => "1"; + "rhs[net/ipv4/ip_forward]" string => "1"; + # oops, now change pig -> lamb files: - - "/etc/sysctl" - + "/etc/sysctl" create => "true", edit_line => set_variable_values("setvars.rhs"); - } diff --git a/content/examples/example-snippets/all_hosts_the_same.cf b/content/examples/example-snippets/all_hosts_the_same.cf index 0c8ae6188..cc8ac73b4 100644 --- a/content/examples/example-snippets/all_hosts_the_same.cf +++ b/content/examples/example-snippets/all_hosts_the_same.cf @@ -1,57 +1,44 @@ body common control { - bundlesequence => { "central" }; + bundlesequence => { "central" }; } - ############################################ - bundle agent central { vars: - "policy_server" string => "myhost.domain.tld"; - "mypackages" slist => { - "nagios", - "gcc", - "apache2", - "php5" - }; + "policy_server" string => "myhost.domain.tld"; + "mypackages" slist => { "nagios", "gcc", "apache2", "php5" }; files: - # Password management can be very simple if all hosts are identical - - "/etc/passwd" - comment => "Distribute a password file", - perms => mog("644","root","root"), - copy_from => secure_cp("/home/mark/LapTop/words/RoadAhead","$(policy_server)"); + # Password management can be very simple if all hosts are identical + "/etc/passwd" + comment => "Distribute a password file", + perms => mog("644", "root", "root"), + copy_from => secure_cp( + "/home/mark/LapTop/words/RoadAhead", "$(policy_server)" + ); packages: - "$(mypackages)" + "$(mypackages)" package_policy => "add", package_method => generic; - - # Add more promises below ... - + # Add more promises below ... } - ######################################################### # Server config ######################################################### - body server control { - allowconnects => { "127.0.0.1" , "::1", "10.20.30.0/24" }; - allowallconnects => { "127.0.0.1" , "::1", "10.20.30.0/24" }; - trustkeysfrom => { "127.0.0.1" , "::1", "10.20.30.0/24" }; - # allowusers + allowconnects => { "127.0.0.1", "::1", "10.20.30.0/24" }; + allowallconnects => { "127.0.0.1", "::1", "10.20.30.0/24" }; + trustkeysfrom => { "127.0.0.1", "::1", "10.20.30.0/24" }; + # allowusers } ######################################################### - bundle server my_access_rules() { access: - # myhost.domain.tld makes this file available to 10.20.30* - + # myhost.domain.tld makes this file available to 10.20.30* myhost_domain_tld:: - "/etc/passwd" - admit => { "127.0.0.1", "10.20.30.0/24" }; + "/etc/passwd" admit => { "127.0.0.1", "10.20.30.0/24" }; } diff --git a/content/examples/example-snippets/application_baseline.cf b/content/examples/example-snippets/application_baseline.cf index 71a40dae1..96815c6a2 100644 --- a/content/examples/example-snippets/application_baseline.cf +++ b/content/examples/example-snippets/application_baseline.cf @@ -8,31 +8,43 @@ # and act upon or report any anomalies. # ######################################################################### - bundle agent app_baseline { methods: windows:: "any" usebundle => detect_adobereader; - } ### - bundle agent detect_adobereader { vars: windows:: - "value1" string => registryvalue("HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat Reader\9.0\Installer", "ENU_GUID"); - "value2" string => registryvalue("HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat Reader\9.0\Installer", "VersionMax"); - "value3" string => registryvalue("HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat Reader\9.0\Installer", "VersionMin"); + "value1" + string => registryvalue( + "HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat Reader\9.0\Installer", + "ENU_GUID" + ); + + "value2" + string => registryvalue( + "HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat Reader\9.0\Installer", + "VersionMax" + ); + + "value3" + string => registryvalue( + "HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat Reader\9.0\Installer", + "VersionMin" + ); classes: windows:: - "is_correct" and => { - strcmp($(value1), "{AC76BA86-7AD7-1033-7B44-A93000000001}"), - strcmp($(value2), "90003"), - islessthan($(value3), "10001" ) - }; + "is_correct" + and => { + strcmp($(value1), "{AC76BA86-7AD7-1033-7B44-A93000000001}"), + strcmp($(value2), "90003"), + islessthan($(value3), "10001"), + }; reports: windows.!is_correct:: diff --git a/content/examples/example-snippets/array_example.cf b/content/examples/example-snippets/array_example.cf index 707a76bb4..ffeb82220 100644 --- a/content/examples/example-snippets/array_example.cf +++ b/content/examples/example-snippets/array_example.cf @@ -1,20 +1,21 @@ body common control { - bundlesequence => { "array" }; + bundlesequence => { "array" }; } bundle common g { vars: - "array[1]" string => "one"; - "array[2]" string => "two"; + "array[1]" string => "one"; + "array[2]" string => "two"; } bundle agent array { vars: - "localarray[1]" string => "one"; - "localarray[2]" string => "two"; + "localarray[1]" string => "one"; + "localarray[2]" string => "two"; + reports: linux:: "Global $(g.array[1]) and $(localarray[2])"; diff --git a/content/examples/tutorials/file_compare_test.cf b/content/examples/tutorials/file_compare_test.cf index 1ead33da5..b4fe8e5d9 100644 --- a/content/examples/tutorials/file_compare_test.cf +++ b/content/examples/tutorials/file_compare_test.cf @@ -1,217 +1,195 @@ -body common control { - - inputs => { - "libraries/cfengine_stdlib.cf", - }; - +body common control +{ + inputs => { "libraries/cfengine_stdlib.cf" }; } bundle agent robot { reports: -" 77777777777"; -" 77777777777777"; -" 777 7777 777"; -" 7777777777777"; -" 777777777777"; -" 777 7777 77"; -" "; -" ZZZZ ZZZ ZZZZ ZZZ ZZZZ"; -" ZZZZZ ZZZZZZZZZZZZZZ ZZZZZ "; -" ZZZZZZZ ZZZZZZZZZZZZZ ZZZZZZZ"; -" ZZZZ ------------- ZZZZZZ"; -" ZZZZZ !CFENGINE! ZZZZZ"; -" ZZZZ ------------- ZZZZZ"; -" ZZZZZ ZZZZZZZZZZZZZZ ZZZZZ"; -" ZZZ ZZZZZZZZZZZZZ ZZZ"; -" ZZZZZ ZZZZZZZZZZZZZ ZZZZZ"; -" ..?ZZZ+,,,,, ZZZZZZZZZZZZZZ ZZZZZ"; -" ...ZZZZ~ ,:: ZZZZZZZZZZZZZ ZZZZ"; -" ..,ZZZZZ,:::::: ZZZZZ"; -" ZZZ ZZZ"; -" ~ ===+"; -" ZZZZZZZZZZZZZI??"; -" ZZZZZZZZZZZZZ$???"; -" 7Z$+ ZZ ZZZ???II"; -" ZZZZZ+ ZZZZZIIII"; -" ZZZZZ ZZZZZ III77"; -" +++ +$ZZ??? ZZZ"; -" +++??ZZZZZIIIIZZZZZ"; -" ????ZZZZZIIIIZZZZZ"; -" ??IIZZZZ 7777ZZZ"; -" IIZZZZZ 77ZZZZZ"; -" I$ZZZZ $ZZZZ"; - - + " 77777777777"; + " 77777777777777"; + " 777 7777 777"; + " 7777777777777"; + " 777777777777"; + " 777 7777 77"; + " "; + " ZZZZ ZZZ ZZZZ ZZZ ZZZZ"; + " ZZZZZ ZZZZZZZZZZZZZZ ZZZZZ "; + " ZZZZZZZ ZZZZZZZZZZZZZ ZZZZZZZ"; + " ZZZZ ------------- ZZZZZZ"; + " ZZZZZ !CFENGINE! ZZZZZ"; + " ZZZZ ------------- ZZZZZ"; + " ZZZZZ ZZZZZZZZZZZZZZ ZZZZZ"; + " ZZZ ZZZZZZZZZZZZZ ZZZ"; + " ZZZZZ ZZZZZZZZZZZZZ ZZZZZ"; + " ..?ZZZ+,,,,, ZZZZZZZZZZZZZZ ZZZZZ"; + " ...ZZZZ~ ,:: ZZZZZZZZZZZZZ ZZZZ"; + " ..,ZZZZZ,:::::: ZZZZZ"; + " ZZZ ZZZ"; + " ~ ===+"; + " ZZZZZZZZZZZZZI??"; + " ZZZZZZZZZZZZZ$???"; + " 7Z$+ ZZ ZZZ???II"; + " ZZZZZ+ ZZZZZIIII"; + " ZZZZZ ZZZZZ III77"; + " +++ +$ZZ??? ZZZ"; + " +++??ZZZZZIIIIZZZZZ"; + " ????ZZZZZIIIIZZZZZ"; + " ??IIZZZZ 7777ZZZ"; + " IIZZZZZ 77ZZZZZ"; + " I$ZZZZ $ZZZZ"; } bundle common global_vars { - vars: - - "gccexec" string => getenv("GCC_BIN",255); - "rmexec" string => getenv("RM_BIN",255); - - "aoutbin" string => getenv("AOUT_BIN",255); - "workdir" string => getenv("WORK_DIR",255); - - "aoutexec" string => "$(workdir)/$(aoutbin)"; - - "file1name" string => getenv("CFE_FILE1",255); - "file2name" string => getenv("CFE_FILE2",255); - - "file1" string => "$(workdir)/$(file1name)"; - "file2" string => "$(workdir)/$(file2name)"; - - classes: - "gclass" expression => "any"; + vars: + "gccexec" string => getenv("GCC_BIN", 255); + "rmexec" string => getenv("RM_BIN", 255); + "aoutbin" string => getenv("AOUT_BIN", 255); + "workdir" string => getenv("WORK_DIR", 255); + "aoutexec" string => "$(workdir)/$(aoutbin)"; + "file1name" string => getenv("CFE_FILE1", 255); + "file2name" string => getenv("CFE_FILE2", 255); + "file1" string => "$(workdir)/$(file1name)"; + "file2" string => "$(workdir)/$(file2name)"; + classes: + "gclass" expression => "any"; } - bundle agent packages { vars: - - "match_package" slist => { - "gcc" - }; + "match_package" slist => { "gcc" }; packages: - "$(match_package)" + "$(match_package)" package_policy => "add", package_method => yum; reports: - gclass:: - "Package gcc installed"; - "*********************************"; - + "Package gcc installed"; + "*********************************"; } bundle agent create_aout_source_file { - # This bundle creates the source file that will be compiled in bundle agent create_aout. # See that bunlde's comments for more information. - vars: - # An slist is used here instead of a straight forward string because it doesn't seem possible to create # line endings using \n when using a string to insert text into a file. - - "c" slist => {"#include ","#include ","#include ","#include ","void main()","{char file1[255];strcpy(file1,\"$(global_vars.file1)\");char file2[255];strcpy(file2,\"$(global_vars.file2)\");struct stat time1;int i = lstat(file1, &time1);struct stat time2;int j = lstat(file2, &time2);if (time1.st_mtime < time2.st_mtime){printf(\"Newer\");}else{if(time1.st_mtim.tv_nsec < time2.st_mtim.tv_nsec){printf(\"Newer\");}else{printf(\"Not newer\");}}}"}; + "c" + slist => { + "#include ", + "#include ", + "#include ", + "#include ", + "void main()", + "{char file1[255];strcpy(file1,\"$(global_vars.file1)\");char file2[255];strcpy(file2,\"$(global_vars.file2)\");struct stat time1;int i = lstat(file1, &time1);struct stat time2;int j = lstat(file2, &time2);if (time1.st_mtime < time2.st_mtime){printf(\"Newer\");}else{if(time1.st_mtim.tv_nsec < time2.st_mtim.tv_nsec){printf(\"Newer\");}else{printf(\"Not newer\");}}}", + }; files: - "$(global_vars.workdir)/a.c" + "$(global_vars.workdir)/a.c" perms => system, create => "true", edit_line => insert_name("@(c)"); reports: "The source file $(global_vars.workdir)/a.c has been created. It will be used to compile the binary a.out, which will provide more accurate file stats to compare two files than the built in CFEngine functionality for comparing file stats, including modification time. This information will be used to determine of the second of the two files being compared is newer or not."; - "*********************************"; - + "*********************************"; } bundle edit_line insert_name(name) { - insert_lines: - "$(name)"; + insert_lines: + "$(name)"; } bundle agent create_aout { - - classes: - + classes: "doesfileacexist" expression => fileexists("$(global_vars.workdir)/a.c"); "doesaoutexist" expression => fileexists("$(global_vars.aoutbin)"); vars: - # Removes any previous binary - "rmaout" string => execresult("$(global_vars.rmexec) $(global_vars.aoutexec)","noshell"); + "rmaout" + string => execresult( + "$(global_vars.rmexec) $(global_vars.aoutexec)", "noshell" + ); + + doesfileacexist:: + "compilestr" + string => "$(global_vars.gccexec) $(global_vars.workdir)/a.c -o $(global_vars.aoutexec)"; - doesfileacexist:: - "compilestr" string => "$(global_vars.gccexec) $(global_vars.workdir)/a.c -o $(global_vars.aoutexec)"; - "gccaout" string => execresult("$(compilestr)","noshell"); + "gccaout" string => execresult("$(compilestr)", "noshell"); reports: doesfileacexist:: "gcc output: $(gccaout)"; "Creating aout using $(compilestr)"; - !doesfileacexist:: + + !doesfileacexist:: "Cannot compile a.out, $(global_vars.workdir)/a.c does not exist."; - doesaoutexist:: - "The binary application aout has been compiled from the source in the create_aout_source_file bundle. It uses the stat library to compare two files, determine if the modified times are different, and whether the second file is newer than the first. The difference between this application and using CFEngine's built in support for getting file stats (e.g. filestat, isnewerthan), which provides file modification time accurate to a second. However, in order to better compare two files might sometimes require parts of a second as well. The stat library provides the extra support for retrieving the additional information required to get better accuracy (down to parts of a second), and is utilized by the binary application a.out that is compiled within the create_aout bundle."; - "*********************************"; + doesaoutexist:: + "The binary application aout has been compiled from the source in the create_aout_source_file bundle. It uses the stat library to compare two files, determine if the modified times are different, and whether the second file is newer than the first. The difference between this application and using CFEngine's built in support for getting file stats (e.g. filestat, isnewerthan), which provides file modification time accurate to a second. However, in order to better compare two files might sometimes require parts of a second as well. The stat library provides the extra support for retrieving the additional information required to get better accuracy (down to parts of a second), and is utilized by the binary application a.out that is compiled within the create_aout bundle."; + "*********************************"; } - bundle agent test_delete { - files: - "$(global_vars.file1)" - delete => tidy; + "$(global_vars.file1)" delete => tidy; } bundle agent delete_file(fname) { - files: - "$(fname)" - delete => tidy; + "$(fname)" delete => tidy; + reports: "Deleted $(fname)"; } body contain del_file { - useshell => "useshell"; - } bundle agent do_files_exist_1 - { - classes: - "doesfile1exist" expression => fileexists("$(global_vars.file1)"); "doesfile2exist" expression => fileexists("$(global_vars.file2)"); methods: - doesfile1exist:: + "any" usebundle => delete_file("$(global_vars.file1)"); - "any" usebundle => delete_file("$(global_vars.file1)"); doesfile2exist:: - "any" usebundle => delete_file("$(global_vars.file2)"); - reports: + "any" usebundle => delete_file("$(global_vars.file2)"); + reports: !doesfile1exist:: "$(global_vars.file1) does not exist."; - doesfile1exist:: + + doesfile1exist:: "$(global_vars.file1) did exist. Call to delete it was made."; !doesfile2exist:: "$(global_vars.file2) does not exist."; - doesfile2exist:: - "$(global_vars.file2) did exist. Call to delete it was made."; + doesfile2exist:: + "$(global_vars.file2) did exist. Call to delete it was made."; } - bundle agent create_file_1 { - files: - "$(global_vars.file1)" + "$(global_vars.file1)" perms => system, create => "true"; @@ -219,146 +197,128 @@ bundle agent create_file_1 "$(global_vars.file1) has been created"; } - bundle agent outer_bundle_1 { - files: - - "$(global_vars.file1)" - create => "false", - edit_line => inner_bundle_1; + files: + "$(global_vars.file1)" + create => "false", + edit_line => inner_bundle_1; } - # Copies file bundle agent copy_a_file { files: - - "$(global_vars.file2)" - copy_from => local_cp("$(global_vars.file1)"); + "$(global_vars.file2)" copy_from => local_cp("$(global_vars.file1)"); reports: - "$(global_vars.file1) has been copied to $(global_vars.file2)"; - "*********************************"; + "$(global_vars.file1) has been copied to $(global_vars.file2)"; + "*********************************"; } bundle agent do_files_exist_2 - { - methods: - "any" usebundle => does_file_exist($(global_vars.file1)); "any" usebundle => does_file_exist($(global_vars.file2)); - } bundle agent does_file_exist(filename) { vars: - "filestat" string => filestat("$(filename)","mtime"); + "filestat" string => filestat("$(filename)", "mtime"); classes: - "fileexists" expression => fileexists("$(filename)"); + "fileexists" expression => fileexists("$(filename)"); reports: - fileexists:: - "$(filename) exists. Last Modified Time = $(filestat)."; !fileexists:: - "$(filename) does not exist"; } bundle agent list_file_1 { - methods: "any" usebundle => file_content($(global_vars.file1)); - "any" usebundle => file_content($(global_vars.file2)); + "any" usebundle => file_content($(global_vars.file2)); + reports: "*********************************"; - } bundle agent exec_aout { - classes: "doesaoutexist" expression => fileexists("$(global_vars.aoutbin)"); vars: doesaoutexist:: - "aout" string => execresult("$(global_vars.aoutexec)","noshell"); + "aout" string => execresult("$(global_vars.aoutexec)", "noshell"); reports: doesaoutexist:: - "*********************************"; - "$(global_vars.aoutbin) determined that $(global_vars.file2) is $(aout) than $(global_vars.file1)"; - "*********************************"; - !doesaoutexist:: - "Executable $(global_vars.aoutbin) does not exist."; + "*********************************"; + "$(global_vars.aoutbin) determined that $(global_vars.file2) is $(aout) than $(global_vars.file1)"; + "*********************************"; + !doesaoutexist:: + "Executable $(global_vars.aoutbin) does not exist."; } bundle agent stat { - classes: - "doesfile1exist" expression => fileexists("$(global_vars.file1)"); "doesfile2exist" expression => fileexists("$(global_vars.file2)"); vars: - doesfile1exist:: + "file1" string => "$(global_vars.file1)"; + "file2" string => "$(global_vars.file2)"; - "file1" string => "$(global_vars.file1)"; - "file2" string => "$(global_vars.file2)"; + "file1_stat" + string => execresult("/usr/bin/stat -c \"%y\" $(file1)", "noshell"); - "file1_stat" string => execresult("/usr/bin/stat -c \"%y\" $(file1)","noshell"); - "file1_split1" slist => string_split($(file1_stat)," ",3); - "file1_split2" string => nth("file1_split1",1); - "file1_split3" slist => string_split($(file1_split2),"\.",3); - "file1_split4" string => nth("file1_split3",1); + "file1_split1" slist => string_split($(file1_stat), " ", 3); + "file1_split2" string => nth("file1_split1", 1); + "file1_split3" slist => string_split($(file1_split2), "\.", 3); + "file1_split4" string => nth("file1_split3", 1); - "file2_stat" string => execresult("/usr/bin/stat -c \"%y\" $(file2)","noshell"); - "file2_split1" slist => string_split($(file2_stat)," ",3); - "file2_split2" string => nth("file2_split1",1); - "file2_split3" slist => string_split($(file2_split2),"\.",3); - "file2_split4" string => nth("file2_split3",1); + "file2_stat" + string => execresult("/usr/bin/stat -c \"%y\" $(file2)", "noshell"); - methods: + "file2_split1" slist => string_split($(file2_stat), " ", 3); + "file2_split2" string => nth("file2_split1", 1); + "file2_split3" slist => string_split($(file2_split2), "\.", 3); + "file2_split4" string => nth("file2_split3", 1); - "any" usebundle => exec_aout(); + methods: + "any" usebundle => exec_aout(); reports: doesfile1exist:: "Parts of a second extracted extracted from stat for $(file1): $(file1_split4). Full stat output for $(file1): $(file1_stat)"; "Parts of a second extracted extracted from stat for $(file2): $(file2_split4). Full stat output for $(file2): $(file2_stat)"; - "Using the binary Linux application stat to compare two files can help determine if the modified times between two files are different. The difference between the stat application using its additional flags and using CFEngine's built in support for getting and comparing file stats (e.g. filestat, isnewerthan) is that normally the accuracy is only to the second of the file's modified time. In order to better compare two files requires parts of a second as well, which the stat command can provide with some additional flags. Unfortunately the information must be extracted from the middle of a string, which is what the stat bundle accomplishes using the string_split and nth functions."; - "*********************************"; - !doesfile1exist:: - "stat: $(global_vars.file1) and probably $(global_vars.file2) do not exist."; + "Using the binary Linux application stat to compare two files can help determine if the modified times between two files are different. The difference between the stat application using its additional flags and using CFEngine's built in support for getting and comparing file stats (e.g. filestat, isnewerthan) is that normally the accuracy is only to the second of the file's modified time. In order to better compare two files requires parts of a second as well, which the stat command can provide with some additional flags. Unfortunately the information must be extracted from the middle of a string, which is what the stat bundle accomplishes using the string_split and nth functions."; + "*********************************"; + !doesfile1exist:: + "stat: $(global_vars.file1) and probably $(global_vars.file2) do not exist."; } bundle agent outer_bundle_2 { - files: - - "$(global_vars.file2)" - create => "false", - edit_line => inner_bundle_2; - + files: + "$(global_vars.file2)" + create => "false", + edit_line => inner_bundle_2; } bundle edit_line inner_bundle_1 { vars: - "msg" string => "Helloz to World!"; insert_lines: @@ -366,72 +326,69 @@ bundle edit_line inner_bundle_1 reports: "inserted $(msg) into $(global_vars.file1)"; - } bundle edit_line inner_bundle_2 { - replace_patterns: - - "Helloz to World!" - replace_with => hello_world; - - reports: - "Text in $(global_vars.file2) has been replaced"; + replace_patterns: + "Helloz to World!" replace_with => hello_world; + reports: + "Text in $(global_vars.file2) has been replaced"; } body replace_with hello_world { - replace_value => "Hello World"; - occurrences => "all"; + replace_value => "Hello World"; + occurrences => "all"; } - bundle agent list_file_2 { - methods: - - "any" usebundle => file_content($(global_vars.file1)); - "any" usebundle => file_content($(global_vars.file2)); + "any" usebundle => file_content($(global_vars.file1)); + "any" usebundle => file_content($(global_vars.file2)); classes: + "ok" + expression => isgreaterthan( + filestat("$(global_vars.file2)", "mtime"), + filestat("$(global_vars.file1)", "mtime") + ); - "ok" expression => isgreaterthan(filestat("$(global_vars.file2)","mtime"),filestat("$(global_vars.file1)","mtime")); - "newer" expression => isnewerthan("$(global_vars.file2)","$(global_vars.file1)"); + "newer" + expression => isnewerthan( + "$(global_vars.file2)", "$(global_vars.file1)" + ); reports: "*********************************"; - ok:: - "Using isgreaterthan+filestat determined that $(global_vars.file2) was modified later than $(global_vars.file1)."; - !ok:: - "Using isgreaterthan+filestat determined that $(global_vars.file2) was not modified later than $(global_vars.file1)."; - newer:: - "Using isnewerthan determined that $(global_vars.file2) was modified later than $(global_vars.file1)."; - !newer:: - "Using isnewerthan determined that $(global_vars.file2) was not modified later than $(global_vars.file1)."; + ok:: + "Using isgreaterthan+filestat determined that $(global_vars.file2) was modified later than $(global_vars.file1)."; + + !ok:: + "Using isgreaterthan+filestat determined that $(global_vars.file2) was not modified later than $(global_vars.file1)."; + newer:: + "Using isnewerthan determined that $(global_vars.file2) was modified later than $(global_vars.file1)."; + + !newer:: + "Using isnewerthan determined that $(global_vars.file2) was not modified later than $(global_vars.file1)."; } bundle agent file_content(filename) { - vars: - - "file_content" string => readfile( "$(filename)" , "0" ); - "file_stat" string => filestat("$(filename)","mtime"); + "file_content" string => readfile("$(filename)", "0"); + "file_stat" string => filestat("$(filename)", "mtime"); reports: - "Contents of $(filename) = $(file_content). Last Modified Time = $(file_stat)."; - #"The report on contents will only show new content and modifications. Even if the method is called more than once, if the evaluation is exactly the same as the previous call then there will be no report (possibly because the bundle is not evaluated a second time?)."; - - + "Contents of $(filename) = $(file_content). Last Modified Time = $(file_stat)."; + #"The report on contents will only show new content and modifications. Even if the method is called more than once, if the evaluation is exactly the same as the previous call then there will be no report (possibly because the bundle is not evaluated a second time?)."; } body perms system { - mode => "0640"; + mode => "0640"; } -