cfe_internal/update/update_processes.cf

Table of Contents

common bodies

cfe_internal_process_knowledge

Prototype: cfe_internal_process_knowledge

Implementation:

bundle common cfe_internal_process_knowledge
{
  vars:

    !windows::

      "bindir"      string => "$(sys.bindir)",
      comment => "Use a system variable";
}

agent bundles

cfe_internal_update_processes

Prototype: cfe_internal_update_processes

Description: Determine which cfengine components should be managed, and what their state should be.

By default all the relevant services will run on each host. For example all hosts will run cf-execd, cf-serverd, and cf-monitord. Individual services can be disabled:

  • If persistent_disable_COMPONENT ( persistent_disable_cf_serverd, persistent_disable_cf_monitord) is defined the service will be disabled.

  • If the component is found in def.agents_to_be_disabled it will be disabled.

Implementation:

bundle agent cfe_internal_update_processes
{
  classes:
      "systemd_supervised"
        scope => "bundle",
        expression => "systemd",
        comment => "As of 3.10 the runalerts service is supervised by systemd
                    when available. Prior to 3.10 the service is supervised
                    directly by CFEngine policy.";

  vars:

    any::

      # By default the core components are expected to be running in all cases.

      "agent[cf_execd]" string => "cf-execd";
      "agent[cf_serverd]" string => "cf-serverd";
      "agent[cf_monitord]" string => "cf-monitord";

    policy_server.enterprise_edition::

      "agent[cf_hub]"
        string => "cf-hub",
        comment => "cf-hub is only relevant on Enterprise hubs";

    systemd::

      # On systemd hosts the cfengine3 service acts as an umbrella for other
      # services.

      "agent[cfengine3]"
        string => "cfengine3",
        comment => "systemd hosts use the cfengine3 service as an umbrella.
                    systemd_supervised hosts additionally have individual units
                    for each managed service.";


    systemd_supervised.enterprise_edition.policy_server::

      # Only enterprise systemd supervised hosts these additional service
      # definitions for each component.

      "agent[cf_postgres]" string => "cf-postgres";
      "agent[cf_runalerts]" string => "cf-runalerts";
      "agent[cf_apache]"   string => "cf-apache";

    cfredis_in_enterprise::
      # TODO Remove from MPF after 3.12 EOL
      "agent[cf_redis_server]" -> { "ENT-2797" }
        string => "cf-redis-server";

    cfconsumer_in_enterprise::
      # TODO Remove from MPF after 3.12 EOL
      "agent[cf_consumer]" -> { "ENT-2797" }
        string => "cf-consumer";

    any::
      # We get a consolidated list of all agents for the executing host.
      "all_agents" slist => getvalues( agent );

      # We use def.agents_to_be_disabled if it exists, otherwise we default to
      # no agents being disabled.

      "agents_to_be_disabled"
        comment => "CFE processes that should not be enabled",
        handle => "cfe_internal_update_processes_vars_agents_to_be_disabled",
        slist => { @(def.agents_to_be_disabled) },
        ifvarclass => isvariable( "def.agents_to_be_disabled" );

      "agents_to_be_disabled"
        comment => "The default agents that should not be enabled.",
        handle => "cfe_internal_update_processes_vars_default_agents_to_be_disabled",
        slist => { },
        ifvarclass => not( isvariable("def.agents_to_be_disabled") );

      # An agent is disabled if there is a persistently defined disablement
      # class OR if the agent is found in a list of agents to be specifically
      # disabled.

      "disable[$(all_agents)]"
        string => "$(all_agents)",
        ifvarclass => or( canonify( "persistent_disable_$(all_agents)" ),
                          some( "$(all_agents)", agents_to_be_disabled ));

    systemd_supervised.policy_server.enterprise.hub_passive|(ha_replication_only_node.!failover_to_repliacation_node_enabled)::

      # We want the enterprise components cf-runalerts, and cf-hub to be
      # disabled if running on a passive hub or replication only hub.

      "disabled[cf_runalerts]" string => "cf-runalerts";
      "disabled[cf_hub]" string => "cf-hub";

    any::

      # First we get the consolidated list of agents to be disabled.
      "agents_to_be_disabled" slist => getvalues( disabled );

      # Any agent that is not explicitly disabled should be enabled.
      "agents_to_be_enabled"  slist => difference( all_agents, agents_to_be_disabled );

  methods:

    systemd.!systemd_supervised::

      "CFENGINE systemd service"
      usebundle => maintain_cfe_systemd,
      comment => "Call a bundle to maintain CFEngine with systemd",
      handle => "cfe_internal_update_processes_methods_maintain_systemd";

    systemd_supervised::

      # By default when running under systemd supervision, cfengine will not
      # continue to make sure that the units are enabled or running. To enable
      # this internal management please uncomment the following.

    #  "CFEngine systemd Unit Definitions"
    #    usebundle => cfe_internal_systemd_unit_files;

    #  "CFEngine systemd Unit States"
    #    usebundle => cfe_internal_systemd_service_unit_state;

    am_policy_hub.enterprise.!systemd_supervised::

      "TAKING CARE CFE HUB PROCESSES"
      usebundle => maintain_cfe_hub_process,
      comment => "Call a bundle to maintian HUB processes",
      handle => "cfe_internal_update_processes_methods_maintain_hub";

    !windows.!systemd_supervised::

      "DISABLING CFE AGENTS"
      usebundle => disable_cfengine_agents("$(agents_to_be_disabled)"),
      comment => "Call a bundle to disable CFEngine given processes",
      handle => "cfe_internal_update_processes_methods_disabling_cfe_agents";

      "CHECKING FOR PERSISTENTLY DISABLED CFE AGENTS"
      usebundle => disable_cfengine_agents($(all_agents)),
      ifvarclass => canonify("persistent_disable_$(all_agents)"),
      comment => "Call a bundle to disable CFEngine given processes if persistent_disable_x is set",
      handle => "cfe_internal_update_processes_methods_maybe_disabling_cfe_agents";

      "ENABLING CFE AGENTS"
      usebundle => enable_cfengine_agents("$(agents_to_be_enabled)"),
      comment => "Call a bundle to enable CFEngine given processes",
      handle => "cfe_internal_update_processes_methods_enabling_cfe_agents";

    windows::

      "CFENGINE on Windows"
      usebundle => maintain_cfe_windows,
      comment => "Call a bundle to maintain CFEngine on Windows",
      handle => "cfe_internal_update_processes_methods_maintain_windows";

}

maintain_cfe_hub_process

Prototype: maintain_cfe_hub_process

Implementation:

bundle agent maintain_cfe_hub_process
{
  vars:

    am_policy_hub::

      "file_check"  string => translatepath("$(cfe_internal_update_policy_cpv.inputs_dir)/promises.cf"),
      comment => "Path to a policy file",
      handle => "cfe_internal_maintain_cfe_hub_process_vars_file_check";

      #

  classes:

    am_policy_hub::

      "files_ok" expression => fileexists("$(file_check)"),
      comment => "Check for $(sys.workdir)/inputs/promises.cf",
      handle => "cfe_internal_maintain_cfe_hub_process_classes_files_ok";

    am_policy_hub.enable_cfengine_enterprise_hub_ha::
      "ha_run_hub_process"
        or => { "!ha_replication_only_node",
                "ha_replication_only_node.failover_to_replication_node_enabled" };

      "ha_kill_hub_process"
        or => { "ha_replication_only_node.!failover_to_replication_node_enabled" };

      #

  processes:

    am_policy_hub::

      "$(cfe_internal_process_knowledge.bindir)/vacuumdb"
      restart_class => "no_vacuumdb",
      comment => "Monitor vacuumdb process",
      handle => "cfe_internal_maintain_cfe_hub_process_processes_check_vacuumdb",
      ifvarclass => "nova|enterprise";

   am_policy_hub.cfredis_in_enterprise::

      # TODO Remove from MPF after 3.12 EOL
      "$(cfe_internal_process_knowledge.bindir)/redis-server" -> { "ENT-2797" }
      restart_class => "start_redis_server",
      comment => "Monitor redis-server process",
      handle => "cfe_internal_maintain_cfe_hub_process_processes_redis",
      ifvarclass => "nova|enterprise";

    am_policy_hub.cfconsumer_in_enterprise::
      "$(cfe_internal_process_knowledge.bindir)/cf-consumer" -> { "ENT-2797" }
      restart_class => "start_cf_consumer",
      comment => "Monitor cf-consumer process",
      handle => "cfe_internal_maintain_cfe_hub_process_processes_cf_consumer",
      ifvarclass => "(nova|enterprise).no_vacuumdb";

   am_policy_hub.!enable_cfengine_enterprise_hub_ha::
      "$(cfe_internal_process_knowledge.bindir)/postgres"
      restart_class => "start_postgres_server",
      comment => "Monitor postgres process",
      handle => "cfe_internal_maintain_cfe_hub_process_processes_postgres",
      ifvarclass => "nova|enterprise";

    am_policy_hub.!enable_cfengine_enterprise_hub_ha.files_ok.!windows|ha_run_hub_process::
      "cf-hub"      restart_class => "start_hub",
      comment => "Monitor cf-hub process",
      handle => "cfe_internal_maintain_cfe_hub_process_processes_cf_hub",
      ifvarclass => and( "(nova|enterprise).no_vacuumdb",
                         "!persistent_disable_cf_hub" ); # Don't start it if it's persistently disabled

    am_policy_hub.ha_kill_hub_process::
      "cf-hub"      signals => { "term" },
      comment => "Terminate cf-hub on backup HA node outside cluster",
      handle => "cfe_internal_kill_hub_process_on_inactive_ha_node";

      #

  files:

      "/var/log/postgresql.log"
      comment => "Ensure postgres.log file is there with right permissions",
      handle => "cfe_internal_maintain_cfe_hub_process_files_create_postgresql_log",
      create => "true",
      perms => u_mo("0600","cfpostgres");

      #

  commands:

    !windows.am_policy_hub.start_redis_server.cfredis_in_enterprise::

      # TODO Remove from MPF after 3.12 EOL
     "$(cfe_internal_process_knowledge.bindir)/redis-server $(cfe_internal_update_policy_cpv.redis_conf_file)" -> { "ENT-2797" }
      contain => u_in_dir("/"),
      comment => "Start redis process",
      classes => u_kept_successful_command,
      handle => "cfe_internal_maintain_cfe_hub_process_commands_start_redis";

    !windows.am_policy_hub.!enable_cfengine_enterprise_hub_ha.start_postgres_server::
     "$(cfe_internal_process_knowledge.bindir)/pg_ctl -D $(cfe_internal_update_policy_cpv.postgresdb_dir) -l $(cfe_internal_update_policy_cpv.postgresdb_log) start"
      contain => u_postgres,
      comment => "Start postgres process",
      classes => u_kept_successful_command,
      handle => "cfe_internal_maintain_cfe_hub_process_commands_start_postgres";

    !windows.am_policy_hub.start_cf_consumer.cfconsumer_in_enterprise::
      # TODO Remove from MPF after 3.12 EOL

      "$(cfe_internal_process_knowledge.bindir)/cf-consumer"
      comment => "Start cf-consumer process",
      classes => u_kept_successful_command,
      handle => "cfe_internal_maintain_cfe_hub_process_commands_start_cf-consumer";

    !windows.am_policy_hub.start_hub::
      "$(sys.cf_hub)"
      comment => "Start cf-hub process",
      classes => u_kept_successful_command,
      handle => "cfe_internal_maintain_cfe_hub_process_commands_start_cf_hub";

}

disable_cfengine_agents

Prototype: disable_cfengine_agents(process)

Arguments:

  • process: string, used to set promise attribute string of vars promiser cprocess: string, used to set promise attribute expression: string, used to set promise attribute expression of classes promiser disable_$(cprocess), used as promiser of type processes

Implementation:

bundle agent disable_cfengine_agents(process)
{
  vars:

    !windows::

      "cprocess"    string => canonify("$(process)"),
      comment => "Canonify a given process",
      handle => "cfe_internal_disable_cfengine_agents_vars_cprocess";

      #

  classes:

    !windows::

      "disable_$(cprocess)" expression => strcmp("$(process)","$(process)"),
      comment => "Create a class to disable a given process",
      handle => "cfe_internal_disable_cfengine_agents_classes_disable_process";

      #

  processes:

    !windows::

      "$(cfe_internal_process_knowledge.bindir)/$(process)"
      signals => { "term" },
      comment => "Terminate $(process)",
      handle => "cfe_internal_disable_cfengine_agents_processes_terminate_process",
      ifvarclass => "disable_$(cprocess)";

}

enable_cfengine_agents

Prototype: enable_cfengine_agents(process)

Arguments:

  • process: string, used to set promise attribute string of vars promiser cprocess of classes promiser enable_$(cprocess), used as promiser of type processes of commands promiser $(sys.$(cprocess)), used as promiser of type reports , used as promiser of type reports , used as promiser of type reports

Implementation:

bundle agent enable_cfengine_agents(process)
{
  vars:

    !windows::

      "cprocess"  string => canonify("$(process)"),
      comment => "Canonify a given process",
      handle => "cfe_internal_enable_cfengine_agents_vars_cprocess";

  classes:

    !windows::

      "enable_$(cprocess)" expression => "!persistent_disable_$(cprocess)",
      comment => "Create a class to enable a given process",
      handle => "cfe_internal_enable_cfengine_agents_classes_enable_process";

      #

  processes:

    !windows::

      "$(cfe_internal_process_knowledge.bindir)/$(process)"
      restart_class => "restart_$(cprocess)",
      comment => "Create a class to restart a process",
      handle => "cfe_internal_enable_cfengine_agents_processes_restart_process",
      ifvarclass => "enable_$(cprocess)";

      #

  commands:

    !windows::

      "$(sys.$(cprocess))"
      comment => "Restart a process",
      handle => "cfe_internal_enable_cfengine_agents_commands_restart_process",
      classes => u_kept_successful_command,
      ifvarclass => and( "restart_$(cprocess)",
                         isvariable( "sys.$(cprocess)" ) );

  reports:
      "The process $(process) is persistently disabled.  Run with '-Dclear_persistent_disable_$(cprocess)' to re-enable it."
      ifvarclass => and( "persistent_disable_$(cprocess)",
                         isvariable( "sys.$(cprocess)" ));

      "The process $(process) has been re-enabled.  Run with '-Dset_persistent_disable_$(cprocess)' to disable it persistently again."
      ifvarclass => and( "clear_persistent_disable_$(cprocess)",
                         isvariable( "sys.$(cprocess)" )),
      classes => u_clear_always("persistent_disable_$(cprocess)");

      "The process $(process) has been disabled persistently.  Run with '-Dclear_persistent_disable_$(cprocess)' to re-enable it."
      ifvarclass => "set_persistent_disable_$(cprocess)",
      classes => u_always_forever("persistent_disable_$(cprocess)");
}

maintain_cfe_windows

Prototype: maintain_cfe_windows

Implementation:

bundle agent maintain_cfe_windows
{
  vars:

    windows::

      "file_check"  string => translatepath("$(cfe_internal_update_policy_cpv.inputs_dir)/promises.cf"),
      comment => "Path to a policy file",
      handle => "cfe_internal_maintain_cfe_windows_vars_file_check";

      #

  classes:

    windows::

      "files_ok" expression => fileexists("$(file_check)"),
      comment => "Check for /var/cfengine/masterfiles/promises.cf",
      handle => "cfe_internal_maintain_cfe_windows_classes_files_ok";

      #

  processes:

    files_ok::

      "cf-serverd"  restart_class => "start_server",
      comment => "Monitor cf-serverd process",
      handle => "cfe_internal_maintain_cfe_windows_processes_cf_serverd";

      "cf-monitord" restart_class => "start_monitor",
      comment => "Monitor cf-monitord process",
      handle => "cfe_internal_maintain_cfe_windows_processes_cf_monitord";

      #

  services:

    files_ok.windows::

      "CfengineNovaExec"
      service_policy => "start",
      service_method => u_bootstart,
      comment => "Start the executor windows service now and at boot time",
      handle => "cfe_internal_maintain_cfe_windows_services_windows_executor";

      #

  commands:

    start_server::

      "$(sys.cf_serverd)"
      action => u_ifwin_bg,
      comment => "Start cf-serverd process",
      classes => u_kept_successful_command,
      handle => "cfe_internal_maintain_cfe_windows_commands_start_cf_serverd";

    start_monitor|restart_monitor::

      "$(sys.cf_monitord)"
      action => u_ifwin_bg,
      comment => "Start cf-monitord process",
      classes => u_kept_successful_command,
      handle => "cfe_internal_maintain_cfe_windows_commands_start_cf_monitord";

}

maintain_cfe_systemd

Prototype: maintain_cfe_systemd

Implementation:

bundle agent maintain_cfe_systemd
{
  classes:
    systemd::
      "restart_cfe"
      not => returnszero("/bin/systemctl -q is-active cfengine3", "noshell"),
      comment => "Check running status of CFEngine using systemd",
      handle => "cfe_internal_maintain_cfe_systemd_classes_restart_cfe";

  commands:
    restart_cfe::
      "/bin/systemctl -q start cfengine3"
      comment => "Start CFEngine using systemd",
      handle => "cfe_internal_maintain_cfe_systemd_commands_start_cfe";
}

classes bodies

u_clear_always

Prototype: u_clear_always(theclass)

Arguments:

  • theclass

Implementation:

body classes u_clear_always(theclass)
{
      cancel_kept => { $(theclass) };
      cancel_notkept => { $(theclass) };
      cancel_repaired => { $(theclass) };
}

u_always_forever

Prototype: u_always_forever(theclass)

Arguments:

  • theclass

Implementation:

body classes u_always_forever(theclass)
{
      promise_kept => { $(theclass) };
      promise_repaired => { $(theclass) };
      repair_failed => { $(theclass) };
      repair_denied => { $(theclass) };
      repair_timeout => { $(theclass) };
      persist_time => 999999999;
      scope => "namespace";
}