CFEngine works by defining a desired state for a given context and converging towards that goal. Given there is no fixed starting point and that the current context might change wildly it can be challenging to succinctly answer the question “What would CFEngine do?”. In Feature Friday: Don’t fix, just warn we saw how an individual promise could be made to warn instead of trying to automatically converge towards the desired state, a granular --dry-run mode.

Implicit list iteration in CFEngine is quite a unique and novel feature. Today we look at a practice example showing how lists can improve the readability and maintainability of your policy. A novel feature in CFEngine is how a list variable is iterated when referenced as a scalar ($(variable)). Let’s take a look at a contrived example.

CFEngine build modules are great for quickly integrating 3rd party policy into your policy set. Module input (not to be confused with inputs in body common control or body file control which are the list of policy files to load) allows you to define values that apply for a particular module as it’s integrated into your policy set. Let’s take a look at a case of extending a module to support input.

Ever need to make a decision based on the version of something? The version_compare() function might be useful for you.1 Over time, software changes and features are added and removed. Sometimes, we need to make a decision based on versions. For example, the Include directive in ssh_config was introduced in OpenSSH 7.3.2 Let’s take a look at how we could possibly use it. This example illustrates the basic use of version_compare()

Looking for a tool to help you format your CFEngine policy? Have you heard of cffmt? You might recall that we had a chat with the author, Miek Gieben in The agent is in - Episode 24.1 In case you missed it, cffmt is a command line tool for formatting CFEngine policy files, like gofmt for.cf files.2 Let’s take a look. Consistent formatting can really ease reading of policy, but sometimes editors are configured differently and you can end up with inconsistently formatted policy.

Have you seen the new Groups feature in CFEngine Enterprise Mission Portal? It was first released in 3.23.0 and it’s part of the 3.24 LTS series released earlier this year, let’s check it out. Groups in Mission Portal can be based on any host reported data. They can be dynamic (hosts can come and go from a group) or they can be static and tied to specific hosts by hostname, mac address, IP or CFEngine’s public key.

Did you know CFEngine can self-organize hosts into different groups? Say you have a few hosts that you want to reboot once a month. You don’t care when, but you want the hosts to self-organize and pick a date. The select_class attribute for classes type promises might be what you’re looking for. Let’s take a look.

What’s the difference between an associative array and a data container in CFEngine? CFEngine has two ways in which structured data can be used, associative arrays (sometimes called classic arrays) and data containers. Let’s take a look at a simple data structure. Here we have two data structures, a_email an associative array and d_email a data container. The policy emits the JSON representation of each.