Generally, cf-agent runs as a privileged user. But did you know that you can also run as an unprivileged user? A major benefit of running cf-agent unprivileged is the ability to prototype policies during development. However, attempting to execute cf-agent as an unprivileged user without proper configuration will result in errors.

You probably know about the def.json Augments file. However, are you familiar with host_specific.json? The def.json Augments file is read, if it’s adjacent to the policy entry. As such, this file is generally distributed as part of the policy set. Its settings apply to all hosts that receive and run the policy. The host_specific.json Augments file, is on the other hand loaded from the $(sys.workdir)/data/ directory. And it is expected to be independent from the policy.

You have probably heard of cowsay, but have you heard of agentsay? Just in case you haven’t seen the greatness of cowsay, here is an example: command output If you look in core/contrib you will find agentsay among other goodies. It’s a Python script. You can use it to make an agent say something. command output Happy Friday!

Did you know that CFEngine can simply warn about something not being in the desired state? Traditionally with CFEngine, you define your desired state and CFEngine works towards making that happen. Sometimes you might not want CFEngine to take action and instead warn that a given promise wants to change something. Let’s take a look at a contrived example.

Who cares about that promise? Today, I want to highlight one of the lightweight knowledge management features in CFEngine. That is, Promisees, also known as Stakeholders. Promisees are references to things that might care about a specific promise. And they can be attached to any promise. Let’s take a look at a contrived example: From the example above, we can see that the methods promise - promising to run the example_promisees bundle - has Feature Friday #21 defined as the only promisee.