Table of Contents

cf-net can be used to send simple protocol commands to a policy server. It is a Command-Line-Interface (CLI) to the CFEngine network protocol, and a standalone tool. cf-net is not needed or used by any of the other binaries. The tool can be used to send commands like GET and OPENDIR without writing policy. It is in some ways an extremely light-weight version of cf-agent - policy evaluation is replaced with easy to use command line arguments.

Command reference

  --help        , -h       - Print the help message
  --manpage     , -M       - Print the man page
  --host        , -H value - Server hostnames or IPs, comma-separated (defaults to policy server)
  --debug       , -d       - Enable debugging output
  --verbose     , -v       - Enable verbose output
  --log-level   , -g value - Specify how detailed logs should be. Possible values: 'error', 'warning', 'notice', 'info', 'verbose', 'debug'
  --inform      , -I       - Enable basic information output
  --tls-version , -t value - Minimum TLS version to use
  --ciphers     , -c value - TLS ciphers to use (comma-separated list)

Bootstrapping and cf-key

cf-net needs a key-pair generated by cf-key to communicate with a server. Thus, the easiest way to use cf-net is on a successfully bootstrapped client:

$ sudo /var/cfengine/bin/cf-key
$ sudo /var/cfengine/bin/cf-agent --bootstrap myhostname
$ sudo /var/cfengine/bin/cf-net connect
Connected & authenticated successfully to 'myhostname'

(myhostname can also be an IP address)

All three commands above are run with sudo, so they access the same key file.

cf-net commands

cf-net syntax follows the general structure:

$ cf-net [global options] command [command-specific options/arguments]

Note: cf-net command names are case insensitive, so cf-net get and cf-net GET are equivalent. All other options, arguments and file names are case sensitive.


Description: cf-net help is used to access help pages for cf-net.


$ cf-net help
Usage: cf-net [OPTIONS] command

$ cf-net help connect
Command:     connect
Usage:       cf-net -H, connect
Description: Checks if host(s) is available by connecting

Note: cf-net --help cannot be used with arguments like cf-net help.


Description: cf-net connect attempts to connect and authenticate to one or more hosts running cf-serverd. If no hostname is specified policy_server.dat is used (this is true for all cf-net commands).


$ sudo /var/cfengine/bin/cf-net -H,myhostname,myhostname:5308 connect
Connected & authenticated successfully to ''
Connected & authenticated successfully to 'myhostname'
Connected & authenticated successfully to 'myhostname:5308'
$ sudo /var/cfengine/bin/cf-net connect
Connected & authenticated successfully to 'myhostname:5308'


Description: cf-net stat is similar to UNIX stat, it gives information about a file/directory.


$ cf-net stat /var/cfengine/masterfiles/
myhostname:5308:'/var/cfengine/masterfiles/' is a regular file
$ cf-net stat masterfiles
myhostname:5308:'masterfiles' is a directory
$ cf-net -I stat masterfiles
    info: Inform log level enabled
    info: Detailed stat output:
mode  = 40700,  size = 4096,
uid   = 0,      gid = 0,
atime = 1495551229,     mtime = 1495551172
myhostname:5308:'masterfiles' is a directory


Description: Performs a stat and then get command, downloading the specified file to the current working directory. Use the -o option to specify output path.


$ cf-net get masterfiles/
$ ls
$ cf-net get -o masterfiles/
$ ls

Note: The -o option must come before the remote filename:


Description: Similar to UNIX ls, prints everything inside a directory, in no particular order.


$ cf-net opendir masterfiles