classes
Classes promises may be made in any bundle. Classes defined by
classes type promises in common
bundles are namespace
(aka global) scoped by
default.
bundle common g
{
classes:
"one" expression => "any"; # always defined
"two"; # always defined
"client_network" expression => iprange("128.39.89.0/24");
}
Notes:
- The promiser is automatically canonified when classes are defined.
- Classes are not automatically canonified when checked.
bundle agent main
{
classes:
"my-illegal-class";
reports:
# We search to see what class was defined:
"$(with)" with => join( " ", classesmatching( "my.illegal.class" ) );
# We see that the illegal class is explicitly not defined.
"my-illegal-class is NOT defined (as expected, its invalid)"
unless => "my-illegal-class";
# We see the canonified form of the illegal class is defined.
"my_illegal_class is defined"
if => canonify("my-illegal-class");
# Note, ifvarclass takes expressisons, you couldn't do that if it were
# automatically canonified. Here I canonify the string using with, and use
# it as part of the expression which contains an invalid classcharacter, but
# its desireable for constructing expressions.
"Slice and dice using `with`"
with => canonify( "my-illegal-class" ),
if => "linux|$(with)";
}
First we promise to define my-illegal-class
. When the promise is actuated
it is automatically canonified and defined. This automatic canonification is
logged in verbose logs (verbose: Class identifier 'my-illegal-class' contains illegal characters - canonifying
).
Next several reports prove which form of the class was defined. The last
report shows how if
takes a class expression, and if you are checking a class
that contains invalid characters you must canonify it.
R: my_illegal_class
R: my-illegal-class is NOT defined (as expected, its invalid)
R: my_illegal_class is defined
R: Slice and dice using `with`
This policy can be found in
/var/cfengine/share/doc/examples/class-automatic-canonificiation.cf
and downloaded directly from
github.
- The term
class
andcontext
are sometimes used interchangeably. The following attributes to make a complete promise.
- and
- expression
- dist
- or
- not
- xor
If you omit all of them, the class is always defined (as if you said expression
=> "any"
).
For example, the following promise defines the class web
when a file exists:
bundle agent example
{
classes:
"web"
if => fileexists("/etc/httpd/httpd.conf");
}
History: The context attributes expression
, and
, or
, not
, xor
,
dist
were made optional in CFEngine 3.9.0. Before that, one of them was
required. So the following examples were the valid equivalents of the example
above before 3.9.0:
bundle agent example
{
classes:
"web"
expression => fileexists("/etc/httpd/httpd.conf");
"webserver"
expression => "any",
if => fileexists("/etc/httpd/httpd.conf");
}
Attributes
and
Description: Combine class sources with AND
The class on the left-hand side is set if all of the class expressions listed on the right-hand side are true.
Type: clist
Allowed input range: [a-zA-Z0-9_!@@$|.()\[\]{}:]+
Example:
classes:
"compound_class" and => { classmatch("host[0-9].*"), "Monday", "Hr02" };
Notes:
If an expression contains a mixture of different object types that need to be ANDed together, this list form is more convenient than providing an expression.
dist
Description: Generate a probabilistic class distribution
Always set one generic class and one additional class, randomly weighted on a probability distribution.
Type: rlist
Allowed input range: -9.99999E100,9.99999E100
Example:
classes:
"my_dist"
dist => { "10", "20", "40", "50" };
Notes:
In the example above the values sum up to 10+20+40+50 = 120
. When generating
the distribution, CFEngine picks a number between 1-120
, and set the class
my_dist
as well as one of the following classes:
my_dist_10 (10/120 of the time)
my_dist_20 (20/120 of the time)
my_dist_40 (40/120 of the time)
my_dist_50 (50/120 of the time)
expression
Description: Evaluate string expression of classes in normal form
Set the class on the left-hand side if the expression on the right-hand side evaluates to true. With classes, the notion of "true" is not a boolean state, because classes can never be false. They are not booleans. They can be defined or undefined, but it's important to understand that a class may be defined during the execution of the agent, so the result of an expression may change during execution.
Expressions can be:
class names, with or without a namespace
the literals
true
(always defined) andfalse
(never defined) that allow JSON booleans to be used inside expressionsthe logical and operation, expressed as
a&b
ora.b
, which is true if botha
andb
are truethe logical or operation, expressed as
a|b
, which is true if eithera
orb
are truethe logical not operation, expressed as
!a
, which is true ifa
is not true. Note again here thata
could become true during the execution. So if you have"myclass" expression => "!x"
andx
starts undefined but is defined later, you could have bothx
andmyclass
defined!parenthesis
(whatever)
which operate as expected to prioritize expression evaluationthe return value of a function that returns a class, such as
fileexists()
and()
userexists()
etc.
Type: class
Allowed input range: [a-zA-Z0-9_!@@$|.()\[\]{}:]+
Example:
classes:
"class_name" expression => "solaris|(linux.specialclass)";
"has_toor" expression => userexists("toor");
# it's unlikely a machine will become Linux during execution
# so this is fairly safe
"not_linux" expression => "!linux";
"a_or_b" expression => "a|b";
# yes, it's OK to define a class twice, and this is the same outcome
# with different syntax
"a_and_b" expression => "a&b";
"a_and_b" expression => "a.b";
# yes, it's OK to define a class twice, and this is the same outcome
# with different syntax
"linux_and_has_toor" expression => and(userexists("toor"), "linux");
"linux_and_has_toor" and => { userexists("toor"), "linux" };
or
Description: Combine class sources with inclusive OR
The class on the left-hand side will be set if any one (or more) of the class expressions on the right-hand side are true.
Type: clist
Allowed input range: [a-zA-Z0-9_!@@$|.()\[\]{}:]+
Example:
classes:
"compound_test"
or => { classmatch("linux_x86_64_2_6_22.*"), "suse_10_3" };
Notes:
This is useful construction for writing expressions that contain functions.
persistence
Description: Make the class persistent to avoid re-evaluation
The value specifies time in minutes.
Type: int
Allowed input range: 0,99999999999
Example:
bundle common setclasses
{
classes:
"cached_classes"
or => { "any" },
persistence => "1";
"cached_class"
expression => "any",
persistence => "1";
}
Notes:
This feature can be used to avoid recomputing expensive classes calculations on each invocation. This is useful if a class discovered is essentially constant or only slowly varying, such as a hostname or alias from a non-standard naming facility. Persistent classes are always global and can not be set to local by scope directive.
For example, to create a conditional inclusion of costly class evaluations,
put them into a separate bundle in a file classes.cf.
# promises.cf
body common control
{
persistent_classes::
bundlesequence => { "test" };
!persistent_classes::
bundlesequence => { "setclasses", "test" };
!persistent_classes::
inputs => { "classes.cf" };
}
bundle agent test
{
reports:
!my_persistent_class::
"no persistent class";
my_persistent_class::
"persistent class defined";
}
Then create classes.cf
# classes.cf
bundle common setclasses
{
classes:
"persistent_classes" # timer flag
expression => "any",
persistence => "480";
"my_persistent_class"
or => { ...long list or heavy function... } ,
persistence => "480";
}
History: Was introduced in CFEngine 3.3.0
not
Description: Evaluate the negation of string expression in normal form
The class on the left-hand side will be set if the class expression on the right-hand side evaluates to false.
Type: class
Allowed input range: [a-zA-Z0-9_!@@$|.()\[\]{}:]+
Example:
classes:
"others" not => "linux|solaris";
"no_toor" not => userexists("toor");
Notes:
Knowing that something is not the case is not the same as not knowing whether something is the case. That a class is not set could mean either. See the note on Negative Knowledge.
scope
Description: Scope of the class set by this promise.
Type: (menu option)
Allowed input range:
namespace
bundle
Default value: bundle
in agent bundles, namespace
in common bundles
Example:
classes:
"namespace_context"
scope => "namespace";
"bundle_or_namespace_context"; # without an explicit scope, depends on bundle type
"bundle_context"
scope => "bundle";
See also: scope
in body classes
select_class
Description: Select one of the named list of classes to define based on host's fully qualified domain name, the primary IP address and the UID that cf-agent is running under.
The class is chosen deterministically (not randomly) but it is not possible to say which host will end up in which class in advance. Only that hosts will always end up in the same class every time.
Type: clist
Allowed input range: [a-zA-Z0-9_!@@$|.()\[\]{}:]+
Example:
bundle common g
{
classes:
"selection" select_class => { "one", "two" };
reports:
one::
"One was selected";
two::
"Two was selected";
selection::
"A selection was made";
}
Notes:
This feature is similar to the splayclass
function. However,
instead of selecting a class for a moment in time, it always chooses one class
in the list; the same class each time for a given host. This allows hosts to
be distributed across a controlled list of classes (e.g for load balancing
purposes).
If a list is used as the input to select_class the promise will only actuate if the list is expandable. If the list has not yet been evaluated, the select_class will be skipped and wait for a subsequent evaluation pass.
xor
Description: Combine class sources with XOR
The class on the left-hand side is set if an odd number of class expressions on the right-hand side matches. This is most commonly used with two class expressions.
Type: clist
Allowed input range: [a-zA-Z0-9_!@@$|.()\[\]{}:]+
Example:
classes:
"order_lunch" xor => { "Friday", "Hr11"}; # we get pizza every Friday