Tags for variables, classes, and bundles
Introduction
meta tags can be attached to any promise type using the meta
attribute.
These tags are useful for cross-referencing related promises. bundles
, vars
and classes
can be identified and leveraged in different ways within policy
using these tags.
Problem statement
We'd like to apply tags to variables and classes for many purposes, from stating their provenance (whence they came, why they exist, and how they can be used) to filtering them based on tags.
We'd also like to be able to include all the files in a directory and then run all the discovered bundles if they are tagged appropriately.
Syntax
Tagging variables and classes is easy with the meta
attribute. Here's an
example that sets the inventory
tag on a variable and names the attribute that
it represents. This one is actually built into the standard
MPF inventory policy,
so it's available out of the box in either Community or Enterprise.
bundle agent cfe_autorun_inventory_listening_ports
{
vars:
"ports" -> { "ENT-150" }
slist => sort( "mon.listening_ports", "int"),
meta => { "inventory", "attribute_name=Ports listening" },
ifvarclass => some("[0-9]+", "mon.listening_ports"),
comment => "We only want to inventory the listening ports if we have
values that make sense.";
}
In the Enterprise Mission Portal, you can then make a report for "Ports listening" across all your machines. For more details, see Enterprise Reporting
Class tags work exactly the same way, you just apply them to a
classes
promise with the meta
attribute.
Tagging bundles is different because you have to use the meta
promise type (different from the meta
attribute).
An example is easiest:
bundle agent run_deprecated
{
meta:
"tags" slist => { "deprecated" };
}
This declares an agent bundle with a single tag.
Functions
Several new functions exist to give you access to variable and class tags, and to find classes and variables with tags.
classesmatching
: this used to be somewhat available with theallclasses.txt
file. You can now call a function to get all the defined classes, optionally filtering by name and tags. See classesmatchinggetvariablemetatags
: get the tags of a variable as an slist. See getvariablemetatagsvariablesmatching
: just likeclassesmatching
but for variables. See variablesmatchingvariablesmatching_as_data
: likevariablesmatching
but the matching variables and values are returned as a merged data container. See variablesmatching_as_datagetclassmetatags
: get the tags of a class as an slist. See getclassmetatagsbundlesmatching
: find the bundles matching some tags. See bundlesmatching (the example shows how you'd find adeprecated
bundle likerun_deprecated
earlier).
Module protocol
The module protocol has been extended to support tags. You set the tags on a line and they persist for every subsequent variable or class.
^meta=inventory
+x
=a=100
^meta=report,attribute_name=My vars
+y
=n=100
This will create class x
and variable a
with tag inventory
.
Then it will create class y
and variable b
with tags report
and
attribute_name=My vars
.
Enterprise Reporting with tags
In CFEngine Enterprise, you can build reports based on tagged variables and classes.
Please see Enterprise Reporting for a full tutorial, including troubleshooting possible errors. In short, this is an extremely easy way to categorize various data accessible to the agent.
Dynamic bundlesequence
Dynamic bundlesequences are extremely easy. First you find all the bundles whos name matches a regular expression and N tags.
vars:
"bundles" slist => bundlesmatching("regex", "tag1", "tag2", ...);
Then every bundle matching the regular expression regex
and all
the tags will be found and run.
methods:
"run $(bundles)" usebundle => $(bundles);
Note that the discovered bundle names will have the namespace prefix,
e.g. default:mybundle
. The regular expression has to match that. So
mybundle
as the regular expression would not work. See
bundlesmatching
for another detailed example.
In fact we found this so useful we implemented services autorun in the masterfiles policy framework.
There is only one thing to beware. All the bundles have to have the same number of arguments (0 in the case shown). Otherwise you will get a runtime error and CFEngine will abort. We recommend only using 0-argument bundles in a dynamic sequence to reduce this risk.
Summary
Tagging variables and classes and bundles in CFEngine is easy and allows more dynamic behavior than ever before. Try it out and see for yourself how it will change the way you use and think about system configuration policy and CFEngine.