Will your policy work? cf-promises can check the CFEngine policy for syntax errors and give you an overview of the host’s context. It’s always a good idea to check your policy for syntax errors. Consider this policy file: /tmp/feature-friday-6.cf Can you spot the error? Let’s see if cf-promises can help: command output The output tells us that there is a syntax error near line 6, column 2. A semicolon (;) was expected but instead, a closing curly brace (}) was found.

Do you maintain multiple policy sets? Do you leverage policy written by others? Ever wished for an easier way to upgrade your policy framework? cfbs can help to improve all of these cases.

What’s the easiest way to install cfengine? Have you heard of cf-remote? cf-remote was born out of a developer’s itch for an easy way to get CFEngine installed on some host for testing. We have featured cf-remote in several posts1 since it was first released in 2019, but today is Friday, so let’s review its features.

Security Technical Implementation Guides (STIGs) are an excellent body of knowledge to leverage in securing your infrastructure. With the stig-rhel-7 module you can easily add inventory and remediation policy for RHEL 7 with CFEngine. Do note that as of March 2024 this module does not provide comprehensive coverage but rather an initial 10 findings are implemented.

When you want to inspect both the return code and output from a command execresult_as_data() might be the function you are searching for. Most CFEngine policy writers have used execresult() and returnszero(). They are useful when you want to do something based on the output of a command or based on its successful execution (returning zero). For example: /tmp/feature-friday-3.cf command output But, sometimes, you care about specific return codes.

Ever wanted to manipulate a string - temporarily - for an individual promise? Check out the with attribute and its special, $(with) variable. Sometimes you need some variation on a string for a specific case. Traditionally, to achieve this you’d simply define another variable. Here is a contrived example: I have a string, nginx and I want to emit a report that contains both the string itself and the upper case version of the string.

Looking for a way to concisely set a variable conditionally? Have you heard of ifelse()? In CFEngine, traditionally class expressions are used to constrain promises to different contexts. Setting a variable to different values based on context might look like this: /tmp/feature-friday-1.cf command output That’s great, lots of flexibility, but with an increasing number of options the policy can get quite long and it’s easier for a human interpreter to lose track of the context.