SlideShare uma empresa Scribd logo

What is new in CFEngine 3.6

Jonathan Clarke
Jonathan Clarke

This talk will introduce new CFEngine 3.6 features, we have these bullet points: User promises TLS protocol Math expressions Dynamic inputs New language functions Tags Data containers File templating Presentation by Kristian Amlie of CFEngine

TecnologiaEducação
1 de 34
Baixar para ler offline
What is new in CFEngine 3.6 www.cfengine.com
What is new • • • • • • • • User promises TLS protocol Math expressions Dynamic inputs New language functions Tags Data containers File templating
User promises
User promises • A new promise type • Manage local users on hosts • Make promises about user characteristics • UID • Group membership • Home directory • Password • Shell • Description
User promises - Example bundle agent my_bundle { users: “joe” policy => “present”, group_primary => “users”, groups_secondary => { “printers”, “db_users” }, home_dir => “/nfs/home/joe”, home_bundle => setup_home_dir(“joe”); }
TLS protocol
TLS protocol • • • • Industry standard security protocol All traffic is fully encrypted Transparent to the user Old protocol • Deprecated, but still supported • Can be turned off after upgrade is complete
Math expressions
Math expressions • New math evaluation function: eval() • Works on strings • String contains expression to evaluate • Example: eval(“ceil($(sys.cpus) / 4)”) • Previously required shell script
Math expressions • Accepts common math operators: +, -, *, / • Some less common ones too: ^, **, % • Many common math functions • ceil, floor, log10, log2, log, sqrt, sin, cos, tan, asin, acos, atan, abs, step • Mathematical constants • e, log2e, log10e, ln2, ln10, pi, pi_2, pi_4, 1_pi, 2_pi, 2_srqtpi, sqrt2, sqrt1_2 • SI-units: K, M, G, T, P
Dynamic inputs
Dynamic inputs • 3.5: • Input files can only be defined in promises.cf • Inconvenient; all file additions require editing promises.cf • 3.6: • file control bodies can contain input files • Body can be specified once per file • body file control { inputs => “input_file.cf”; }
Dynamic inputs - Example • promises.cf body common control { inputs => { “input_file.cf” }; } • input_file.cf body file control { inputs => { “nested_input_file.cf” }; }
New language functions
New language functions • findfiles(glob1, glob2, ...) • Returns a list of files that match glob pattern • makerule(target, sources) • Determines whether target needs to be rebuilt from sources • Inspired by the Unix make program • packagesmatching(...) • Returns list of installed packages • List can be filtered by name, version and architecture
New language functions • canonifyuniquely(test) • Convert a string into a legal class name • Unlike canonify, name is guaranteed to be unique. • Useful when making class names from a list of files • bundlesmatching(regex, tag1, ...) • Returns bundles matching criteria • Result can be used in a methods promise • Very powerful together with findfiles
bundlesequence - Example • bundle common global { vars: “policies” slist => findfiles (“/var/cfengine/inputs/*.cf”); “bundles” slist => bundlesmatching (“.*”, “production”); } body common control { inputs => { @(global.policies) }; bundlesequence => { @(global.bundles) }; }
New language functions • Plenty of others • data_readstringarray • readjson • data_readstringarrayidx • storejson • datastate • string_downcase • datatype • string_head • getclassmetatags • string_length • getvariablemetatags • string_reverse • max • string_tail • mean • string_upcase • mergedata • variablesmatching • min • variance • parsejson
Tags
Tags • Labels that you can attach to bundles and promises • Certain functions can filter based on tags • bundlesmatching • classesmatching • variablesmatching
Tags - Example • bundle agent my_bundle { meta: ### Bundle tags “tags” => { “experimental” }; vars: ### Variable tags “db_server” string => “106.54.21.90”, meta => { “mysql”, “trusted” }; classes: ### Class tags “experimental” expression => “any”, meta => { “tier_spec” }; }
Data containers
Data containers • Structured containers (JSON) • “container” data => parsejson('[ { “user”: “joe”, “groups”: “users” }, { “user”: “jack”, “groups”: “admins” }, ]'); • reports: “$(container[1][user])”; • --> R: jack
Data containers • Can read JSON files • readjson(filename, maxbytes) • Or fields from a text file • data_readstringarray (filename, comment, split, maxentries, maxbytes) • data_readstringarrayidx (filename, comment, split, maxentries, maxbytes) • Convert back to JSON • storejson(data_container)
Data containers - Example • records.txt: • joe,/nfs/home/joe,Joe Smith jack,/home/jack,Jack Jensen • Resulting JSON after data_readstringarrayidx • [ [ “joe”, “/nfs/home/joe”, “Joe Smith” ], [ “jack”, “/home/jack”, “Jack Jensen” ] ]
Data containers - Example • records.txt: • joe,/nfs/home/joe,Joe Smith jack,/home/jack,Jack Jensen • policy.cf: • vars: “users” data => data_readstringarrayidx (“records.txt”, “”, “,”, 10, 4000); “index” slist => getindices(“users”); users: “$(users[$(index)][0])” home_dir => “$(users[$(index)][1])”, description => “$(users[$(index)][2])”, policy => “present”;
File templating
File templating • New templating engine: Mustache • Based on the Mustache templating language • http://mustache.github.io/
File templating - Example • promises.cf: • files: "/etc/motd" edit_line => motd_edit, edit_defaults => empty; } bundle edit_line motd_edit { insert_lines: “Welcome to this CFEngine managed machine.”; “This machine pulls policy from $(sys.policy_hub).”; } • Result: • Welcome to this CFEngine managed machine. This machine pulls policy from 10.80.80.1.
File templating - Example • promises.cf: • files: "/etc/motd" edit_template => "template.mustache", template_method => "mustache"; • template.mustache: • Welcome to this CFEngine managed machine. This machine pulls policy from {{vars.sys.policy_hub}}. • Result: • Welcome to this CFEngine managed machine. This machine pulls policy from 10.80.80.1.
Miscellaneous • cf-serverd allows distinct key/IP/hostname access controls • New “shortcut” constraint in server policy allows non-absolute paths in copy_from promises • New log format • Many new built-in variables: • sys.uptime, sys.masterdir, this.promiser_ppid, ... • LMDB replaces Tokyo Cabinet as database backend • Calls to execresult and returnszero are now cached instead of executing repeatedly
Questions? www.cfengine.com
Questions? • • • • • • • • User promises TLS protocol Math expressions Dynamic inputs New language functions Tags Data containers File templating www.cfengine.com
Thank you! www.cfengine.com

Recomendados

11 advanced replication
11 advanced replication11 advanced replication
11 advanced replication
darwinodb
 
26 io -ii file handling
26 io -ii file handling26 io -ii file handling
26 io -ii file handling
Ravindra Rathore
 
Course 102: Lecture 8: Composite Commands
Course 102: Lecture 8: Composite Commands Course 102: Lecture 8: Composite Commands
Course 102: Lecture 8: Composite Commands
Ahmed El-Arabawy
 
Mastering the MongoDB Javascript Shell
Mastering the MongoDB Javascript ShellMastering the MongoDB Javascript Shell
Mastering the MongoDB Javascript Shell
Scott Hernandez
 
Kicking ass with redis
Kicking ass with redisKicking ass with redis
Kicking ass with redis
Dvir Volk
 
Mastering the MongoDB Shell
Mastering the MongoDB ShellMastering the MongoDB Shell
Mastering the MongoDB Shell
MongoDB
 
Native or External?
Native or External?Native or External?
Native or External?
ESUG
 
Shell Tips & Tricks
Shell Tips & TricksShell Tips & Tricks
Shell Tips & Tricks
MongoDB
 

Recomendados

11 advanced replication
11 advanced replication11 advanced replication
11 advanced replication
darwinodb
 
26 io -ii file handling
26 io -ii file handling26 io -ii file handling
26 io -ii file handling
Ravindra Rathore
 
Course 102: Lecture 8: Composite Commands
Course 102: Lecture 8: Composite Commands Course 102: Lecture 8: Composite Commands
Course 102: Lecture 8: Composite Commands
Ahmed El-Arabawy
 
Mastering the MongoDB Javascript Shell
Mastering the MongoDB Javascript ShellMastering the MongoDB Javascript Shell
Mastering the MongoDB Javascript Shell
Scott Hernandez
 
Kicking ass with redis
Kicking ass with redisKicking ass with redis
Kicking ass with redis
Dvir Volk
 
Mastering the MongoDB Shell
Mastering the MongoDB ShellMastering the MongoDB Shell
Mastering the MongoDB Shell
MongoDB
 
Native or External?
Native or External?Native or External?
Native or External?
ESUG
 
Shell Tips & Tricks
Shell Tips & TricksShell Tips & Tricks
Shell Tips & Tricks
MongoDB
 
Session 23 - JDBC
Session 23 - JDBCSession 23 - JDBC
Session 23 - JDBC
PawanMM
 
Session 22 - Java IO, Serialization
Session 22 - Java IO, SerializationSession 22 - Java IO, Serialization
Session 22 - Java IO, Serialization
PawanMM
 
general protocol basics
general protocol basicsgeneral protocol basics
general protocol basics
Aravindan A
 
Course 102: Lecture 7: Simple Utilities
Course 102: Lecture 7: Simple Utilities Course 102: Lecture 7: Simple Utilities
Course 102: Lecture 7: Simple Utilities
Ahmed El-Arabawy
 
14 file handling
14 file handling14 file handling
14 file handling
APU
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to Redis
Dvir Volk
 
Course 102: Lecture 6: Seeking Help
Course 102: Lecture 6: Seeking HelpCourse 102: Lecture 6: Seeking Help
Course 102: Lecture 6: Seeking Help
Ahmed El-Arabawy
 
Exported resources design patterns
Exported resources design patternsExported resources design patterns
Exported resources design patterns
Yevgeny Trachtinov
 
Java Input Output and File Handling
Java Input Output and File HandlingJava Input Output and File Handling
Java Input Output and File Handling
Sunil OS
 
برنامج محادثة باستخدام الاستدعاء العكسي في استدعاء الطرق البعيدة بلغة الجافا ...
برنامج محادثة باستخدام الاستدعاء العكسي في استدعاء الطرق البعيدة بلغة الجافا ...برنامج محادثة باستخدام الاستدعاء العكسي في استدعاء الطرق البعيدة بلغة الجافا ...
برنامج محادثة باستخدام الاستدعاء العكسي في استدعاء الطرق البعيدة بلغة الجافا ...
Abdulrazak Zakieh
 
Rubyspec y el largo camino hacia Ruby 1.9
Rubyspec y el largo camino hacia Ruby 1.9Rubyspec y el largo camino hacia Ruby 1.9
Rubyspec y el largo camino hacia Ruby 1.9
David Calavera
 
OrientDB
OrientDBOrientDB
OrientDB
aemadrid
 
The emerging world of mongo db csp
The emerging world of mongo db cspThe emerging world of mongo db csp
The emerging world of mongo db csp
Carlos Sánchez Pérez
 
Cross Origin Resource Sharing (CORS) - Azizul Hakim
Cross Origin Resource Sharing (CORS) - Azizul HakimCross Origin Resource Sharing (CORS) - Azizul Hakim
Cross Origin Resource Sharing (CORS) - Azizul Hakim
Cefalo
 
ERRest and Dojo
ERRest and DojoERRest and Dojo
ERRest and Dojo
WO Community
 
Redis SoCraTes 2014
Redis SoCraTes 2014Redis SoCraTes 2014
Redis SoCraTes 2014
steffenbauer
 
Session 24 - JDBC, Intro to Enterprise Java
Session 24 - JDBC, Intro to Enterprise JavaSession 24 - JDBC, Intro to Enterprise Java
Session 24 - JDBC, Intro to Enterprise Java
PawanMM
 
Everything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus scriptEverything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus script
Bill Buchan
 
PHP Data Objects
PHP Data ObjectsPHP Data Objects
PHP Data Objects
Prashant Marathe
 
Building Your First App: An Introduction to MongoDB
Building Your First App: An Introduction to MongoDBBuilding Your First App: An Introduction to MongoDB
Building Your First App: An Introduction to MongoDB
Great Wide Open
 
Dspace4 150227090306-conversion-gate01
Dspace4 150227090306-conversion-gate01Dspace4 150227090306-conversion-gate01
Dspace4 150227090306-conversion-gate01
walaba06
 
DSpace 4.2 Basics & Configuration
DSpace 4.2 Basics & ConfigurationDSpace 4.2 Basics & Configuration
DSpace 4.2 Basics & Configuration
DuraSpace
 

Mais conteúdo relacionado

Mais procurados

14 file handling
14 file handling14 file handling
14 file handling
APU
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to Redis
Dvir Volk
 
Rubyspec y el largo camino hacia Ruby 1.9
Rubyspec y el largo camino hacia Ruby 1.9Rubyspec y el largo camino hacia Ruby 1.9
Rubyspec y el largo camino hacia Ruby 1.9
David Calavera
 

Mais procurados (20)

Session 23 - JDBC
Session 23 - JDBCSession 23 - JDBC
Session 23 - JDBC
 
Session 22 - Java IO, Serialization
Session 22 - Java IO, SerializationSession 22 - Java IO, Serialization
Session 22 - Java IO, Serialization
 
general protocol basics
general protocol basicsgeneral protocol basics
general protocol basics
 
Course 102: Lecture 7: Simple Utilities
Course 102: Lecture 7: Simple Utilities Course 102: Lecture 7: Simple Utilities
Course 102: Lecture 7: Simple Utilities
 
14 file handling
14 file handling14 file handling
14 file handling
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to Redis
 
Course 102: Lecture 6: Seeking Help
Course 102: Lecture 6: Seeking HelpCourse 102: Lecture 6: Seeking Help
Course 102: Lecture 6: Seeking Help
 
Exported resources design patterns
Exported resources design patternsExported resources design patterns
Exported resources design patterns
 
Java Input Output and File Handling
Java Input Output and File HandlingJava Input Output and File Handling
Java Input Output and File Handling
 
برنامج محادثة باستخدام الاستدعاء العكسي في استدعاء الطرق البعيدة بلغة الجافا ...
برنامج محادثة باستخدام الاستدعاء العكسي في استدعاء الطرق البعيدة بلغة الجافا ...برنامج محادثة باستخدام الاستدعاء العكسي في استدعاء الطرق البعيدة بلغة الجافا ...
برنامج محادثة باستخدام الاستدعاء العكسي في استدعاء الطرق البعيدة بلغة الجافا ...
 
Rubyspec y el largo camino hacia Ruby 1.9
Rubyspec y el largo camino hacia Ruby 1.9Rubyspec y el largo camino hacia Ruby 1.9
Rubyspec y el largo camino hacia Ruby 1.9
 
OrientDB
OrientDBOrientDB
OrientDB
 
The emerging world of mongo db csp
The emerging world of mongo db cspThe emerging world of mongo db csp
The emerging world of mongo db csp
 
Cross Origin Resource Sharing (CORS) - Azizul Hakim
Cross Origin Resource Sharing (CORS) - Azizul HakimCross Origin Resource Sharing (CORS) - Azizul Hakim
Cross Origin Resource Sharing (CORS) - Azizul Hakim
 
ERRest and Dojo
ERRest and DojoERRest and Dojo
ERRest and Dojo
 
Redis SoCraTes 2014
Redis SoCraTes 2014Redis SoCraTes 2014
Redis SoCraTes 2014
 
Session 24 - JDBC, Intro to Enterprise Java
Session 24 - JDBC, Intro to Enterprise JavaSession 24 - JDBC, Intro to Enterprise Java
Session 24 - JDBC, Intro to Enterprise Java
 
Everything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus scriptEverything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus script
 
PHP Data Objects
PHP Data ObjectsPHP Data Objects
PHP Data Objects
 
Building Your First App: An Introduction to MongoDB
Building Your First App: An Introduction to MongoDBBuilding Your First App: An Introduction to MongoDB
Building Your First App: An Introduction to MongoDB
 

Semelhante a What is new in CFEngine 3.6

Dspace4 150227090306-conversion-gate01
Dspace4 150227090306-conversion-gate01Dspace4 150227090306-conversion-gate01
Dspace4 150227090306-conversion-gate01
walaba06
 
DSpace 4.2 Basics & Configuration
DSpace 4.2 Basics & ConfigurationDSpace 4.2 Basics & Configuration
DSpace 4.2 Basics & Configuration
DuraSpace
 
The Role of Atom/AtomPub in Digital Archive Services at The University of Tex...
The Role of Atom/AtomPub in Digital Archive Services at The University of Tex...The Role of Atom/AtomPub in Digital Archive Services at The University of Tex...
The Role of Atom/AtomPub in Digital Archive Services at The University of Tex...
Peter Keane
 
Javase7 1641812
Javase7 1641812Javase7 1641812
Javase7 1641812
Vinay H G
 
Hadoop 20111117
Hadoop 20111117Hadoop 20111117
Hadoop 20111117
exsuns
 

Semelhante a What is new in CFEngine 3.6 (20)

Dspace4 150227090306-conversion-gate01
Dspace4 150227090306-conversion-gate01Dspace4 150227090306-conversion-gate01
Dspace4 150227090306-conversion-gate01
 
DSpace 4.2 Basics & Configuration
DSpace 4.2 Basics & ConfigurationDSpace 4.2 Basics & Configuration
DSpace 4.2 Basics & Configuration
 
La big datacamp-2014-aws-dynamodb-overview-michael_limcaco
La big datacamp-2014-aws-dynamodb-overview-michael_limcacoLa big datacamp-2014-aws-dynamodb-overview-michael_limcaco
La big datacamp-2014-aws-dynamodb-overview-michael_limcaco
 
Introduction to firebidSQL 3.x
Introduction to firebidSQL 3.xIntroduction to firebidSQL 3.x
Introduction to firebidSQL 3.x
 
Codeigniter Training Part3
Codeigniter Training Part3Codeigniter Training Part3
Codeigniter Training Part3
 
The Role of Atom/AtomPub in Digital Archive Services at The University of Tex...
The Role of Atom/AtomPub in Digital Archive Services at The University of Tex...The Role of Atom/AtomPub in Digital Archive Services at The University of Tex...
The Role of Atom/AtomPub in Digital Archive Services at The University of Tex...
 
[DanNotes] XPages - Beyound the Basics
[DanNotes] XPages - Beyound the Basics[DanNotes] XPages - Beyound the Basics
[DanNotes] XPages - Beyound the Basics
 
Whats new in MongoDB 24
Whats new in MongoDB 24Whats new in MongoDB 24
Whats new in MongoDB 24
 
CNIT 152: 13 Investigating Mac OS X Systems
CNIT 152: 13 Investigating Mac OS X SystemsCNIT 152: 13 Investigating Mac OS X Systems
CNIT 152: 13 Investigating Mac OS X Systems
 
Javase7 1641812
Javase7 1641812Javase7 1641812
Javase7 1641812
 
Linux System Programming - File I/O
Linux System Programming - File I/O Linux System Programming - File I/O
Linux System Programming - File I/O
 
XPages -Beyond the Basics
XPages -Beyond the BasicsXPages -Beyond the Basics
XPages -Beyond the Basics
 
How to use the new Domino Query Language
How to use the new Domino Query LanguageHow to use the new Domino Query Language
How to use the new Domino Query Language
 
Hadoop 20111117
Hadoop 20111117Hadoop 20111117
Hadoop 20111117
 
Elk presentation 2#3
Elk presentation 2#3Elk presentation 2#3
Elk presentation 2#3
 
Webinar: Was ist neu in MongoDB 2.4
Webinar: Was ist neu in MongoDB 2.4Webinar: Was ist neu in MongoDB 2.4
Webinar: Was ist neu in MongoDB 2.4
 
CNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X SystemsCNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X Systems
 
CNIT 152 13 Investigating Mac OS X Systems
CNIT 152 13 Investigating Mac OS X SystemsCNIT 152 13 Investigating Mac OS X Systems
CNIT 152 13 Investigating Mac OS X Systems
 
Using existing language skillsets to create large-scale, cloud-based analytics
Using existing language skillsets to create large-scale, cloud-based analyticsUsing existing language skillsets to create large-scale, cloud-based analytics
Using existing language skillsets to create large-scale, cloud-based analytics
 
Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]
Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]
Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]
 

Mais de Jonathan Clarke

Interfacing infrastructure-as-code with non-expert users
Interfacing infrastructure-as-code with non-expert usersInterfacing infrastructure-as-code with non-expert users
Interfacing infrastructure-as-code with non-expert users
Jonathan Clarke
 
Automating security policies (compliance) with Rudder
Automating security policies (compliance) with RudderAutomating security policies (compliance) with Rudder
Automating security policies (compliance) with Rudder
Jonathan Clarke
 
Configuration management: automating and rationalizing server setup with CFEn...
Configuration management: automating and rationalizing server setup with CFEn...Configuration management: automating and rationalizing server setup with CFEn...
Configuration management: automating and rationalizing server setup with CFEn...
Jonathan Clarke
 
A tale of Disaster Recovery (Cfengine everyday, practices and tools)
A tale of Disaster Recovery (Cfengine everyday, practices and tools)A tale of Disaster Recovery (Cfengine everyday, practices and tools)
A tale of Disaster Recovery (Cfengine everyday, practices and tools)
Jonathan Clarke
 
LDAP Synchronization Connector presentation at LDAPCon 2009
LDAP Synchronization Connector presentation at LDAPCon 2009LDAP Synchronization Connector presentation at LDAPCon 2009
LDAP Synchronization Connector presentation at LDAPCon 2009
Jonathan Clarke
 

Mais de Jonathan Clarke (10)

Rudder 3.0 and beyond
Rudder 3.0 and beyondRudder 3.0 and beyond
Rudder 3.0 and beyond
 
Interfacing infrastructure-as-code with non-expert users
Interfacing infrastructure-as-code with non-expert usersInterfacing infrastructure-as-code with non-expert users
Interfacing infrastructure-as-code with non-expert users
 
Sharing automation - why we need a language like ncf for this (Ignite @ devop...
Sharing automation - why we need a language like ncf for this (Ignite @ devop...Sharing automation - why we need a language like ncf for this (Ignite @ devop...
Sharing automation - why we need a language like ncf for this (Ignite @ devop...
 
Automating security policies (compliance) with Rudder
Automating security policies (compliance) with RudderAutomating security policies (compliance) with Rudder
Automating security policies (compliance) with Rudder
 
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéalOpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
 
Configuration management: automating and rationalizing server setup with CFEn...
Configuration management: automating and rationalizing server setup with CFEn...Configuration management: automating and rationalizing server setup with CFEn...
Configuration management: automating and rationalizing server setup with CFEn...
 
A tale of Disaster Recovery (Cfengine everyday, practices and tools)
A tale of Disaster Recovery (Cfengine everyday, practices and tools)A tale of Disaster Recovery (Cfengine everyday, practices and tools)
A tale of Disaster Recovery (Cfengine everyday, practices and tools)
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010
 
LDAP Synchronization Connector presentation at LDAPCon 2009
LDAP Synchronization Connector presentation at LDAPCon 2009LDAP Synchronization Connector presentation at LDAPCon 2009
LDAP Synchronization Connector presentation at LDAPCon 2009
 
LDAP Synchronization Connector (LSC)
LDAP Synchronization Connector (LSC)LDAP Synchronization Connector (LSC)
LDAP Synchronization Connector (LSC)
 

Último

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

What is new in CFEngine 3.6

  • 1. What is new in CFEngine 3.6 www.cfengine.com
  • 2. What is new • • • • • • • • User promises TLS protocol Math expressions Dynamic inputs New language functions Tags Data containers File templating
  • 4. User promises • A new promise type • Manage local users on hosts • Make promises about user characteristics • UID • Group membership • Home directory • Password • Shell • Description
  • 5. User promises - Example bundle agent my_bundle { users: “joe” policy => “present”, group_primary => “users”, groups_secondary => { “printers”, “db_users” }, home_dir => “/nfs/home/joe”, home_bundle => setup_home_dir(“joe”); }
  • 7. TLS protocol • • • • Industry standard security protocol All traffic is fully encrypted Transparent to the user Old protocol • Deprecated, but still supported • Can be turned off after upgrade is complete
  • 9. Math expressions • New math evaluation function: eval() • Works on strings • String contains expression to evaluate • Example: eval(“ceil($(sys.cpus) / 4)”) • Previously required shell script
  • 10. Math expressions • Accepts common math operators: +, -, *, / • Some less common ones too: ^, **, % • Many common math functions • ceil, floor, log10, log2, log, sqrt, sin, cos, tan, asin, acos, atan, abs, step • Mathematical constants • e, log2e, log10e, ln2, ln10, pi, pi_2, pi_4, 1_pi, 2_pi, 2_srqtpi, sqrt2, sqrt1_2 • SI-units: K, M, G, T, P
  • 12. Dynamic inputs • 3.5: • Input files can only be defined in promises.cf • Inconvenient; all file additions require editing promises.cf • 3.6: • file control bodies can contain input files • Body can be specified once per file • body file control { inputs => “input_file.cf”; }
  • 13. Dynamic inputs - Example • promises.cf body common control { inputs => { “input_file.cf” }; } • input_file.cf body file control { inputs => { “nested_input_file.cf” }; }
  • 15. New language functions • findfiles(glob1, glob2, ...) • Returns a list of files that match glob pattern • makerule(target, sources) • Determines whether target needs to be rebuilt from sources • Inspired by the Unix make program • packagesmatching(...) • Returns list of installed packages • List can be filtered by name, version and architecture
  • 16. New language functions • canonifyuniquely(test) • Convert a string into a legal class name • Unlike canonify, name is guaranteed to be unique. • Useful when making class names from a list of files • bundlesmatching(regex, tag1, ...) • Returns bundles matching criteria • Result can be used in a methods promise • Very powerful together with findfiles
  • 17. bundlesequence - Example • bundle common global { vars: “policies” slist => findfiles (“/var/cfengine/inputs/*.cf”); “bundles” slist => bundlesmatching (“.*”, “production”); } body common control { inputs => { @(global.policies) }; bundlesequence => { @(global.bundles) }; }
  • 18. New language functions • Plenty of others • data_readstringarray • readjson • data_readstringarrayidx • storejson • datastate • string_downcase • datatype • string_head • getclassmetatags • string_length • getvariablemetatags • string_reverse • max • string_tail • mean • string_upcase • mergedata • variablesmatching • min • variance • parsejson
  • 19. Tags
  • 20. Tags • Labels that you can attach to bundles and promises • Certain functions can filter based on tags • bundlesmatching • classesmatching • variablesmatching
  • 21. Tags - Example • bundle agent my_bundle { meta: ### Bundle tags “tags” => { “experimental” }; vars: ### Variable tags “db_server” string => “106.54.21.90”, meta => { “mysql”, “trusted” }; classes: ### Class tags “experimental” expression => “any”, meta => { “tier_spec” }; }
  • 23. Data containers • Structured containers (JSON) • “container” data => parsejson('[ { “user”: “joe”, “groups”: “users” }, { “user”: “jack”, “groups”: “admins” }, ]'); • reports: “$(container[1][user])”; • --> R: jack
  • 24. Data containers • Can read JSON files • readjson(filename, maxbytes) • Or fields from a text file • data_readstringarray (filename, comment, split, maxentries, maxbytes) • data_readstringarrayidx (filename, comment, split, maxentries, maxbytes) • Convert back to JSON • storejson(data_container)
  • 25. Data containers - Example • records.txt: • joe,/nfs/home/joe,Joe Smith jack,/home/jack,Jack Jensen • Resulting JSON after data_readstringarrayidx • [ [ “joe”, “/nfs/home/joe”, “Joe Smith” ], [ “jack”, “/home/jack”, “Jack Jensen” ] ]
  • 26. Data containers - Example • records.txt: • joe,/nfs/home/joe,Joe Smith jack,/home/jack,Jack Jensen • policy.cf: • vars: “users” data => data_readstringarrayidx (“records.txt”, “”, “,”, 10, 4000); “index” slist => getindices(“users”); users: “$(users[$(index)][0])” home_dir => “$(users[$(index)][1])”, description => “$(users[$(index)][2])”, policy => “present”;
  • 28. File templating • New templating engine: Mustache • Based on the Mustache templating language • http://mustache.github.io/
  • 29. File templating - Example • promises.cf: • files: "/etc/motd" edit_line => motd_edit, edit_defaults => empty; } bundle edit_line motd_edit { insert_lines: “Welcome to this CFEngine managed machine.”; “This machine pulls policy from $(sys.policy_hub).”; } • Result: • Welcome to this CFEngine managed machine. This machine pulls policy from 10.80.80.1.
  • 30. File templating - Example • promises.cf: • files: "/etc/motd" edit_template => "template.mustache", template_method => "mustache"; • template.mustache: • Welcome to this CFEngine managed machine. This machine pulls policy from {{vars.sys.policy_hub}}. • Result: • Welcome to this CFEngine managed machine. This machine pulls policy from 10.80.80.1.
  • 31. Miscellaneous • cf-serverd allows distinct key/IP/hostname access controls • New “shortcut” constraint in server policy allows non-absolute paths in copy_from promises • New log format • Many new built-in variables: • sys.uptime, sys.masterdir, this.promiser_ppid, ... • LMDB replaces Tokyo Cabinet as database backend • Calls to execresult and returnszero are now cached instead of executing repeatedly
  • 33. Questions? • • • • • • • • User promises TLS protocol Math expressions Dynamic inputs New language functions Tags Data containers File templating www.cfengine.com