Aborting execution
Sometimes it is useful to abort a bundle execution if certain conditions are not met,
for example when validating input to a bundle. The following policy uses a list of
regular expressions for classes, or class expressions that cf-agent
will watch out for.
If any of these classes becomes defined, it will cause the current bundle to be aborted.
body common control
{
bundlesequence => { "example" };
}
body agent control
{
abortbundleclasses => { "invalid" };
}
bundle agent example
{
vars:
#"userlist" slist => { "mark", "john" }; # contains all valid entries
"userlist" slist => { "mark", "john", "thomas" }; # contains one invalid entry
classes:
"invalid" not => regcmp("[a-z][a-z][a-z][a-z]","$(userlist)"); # The class 'invalid' is set if the user name does not
# contain exactly four un-capitalized letters (bundle
# execution will be aborted if set)
reports:
!invalid::
"User name $(userlist) is valid at 4 letters";
}
This policy can be found in
/var/cfengine/share/doc/examples/abort.cf
and downloaded directly from
github.
This is how the policy runs when the userlist is valid:
cf-agent -f unit_abort.cf
R: User name mark is valid at 4 letters
R: User name john is valid at 4 letters
This is how the policy runs when the userlist contains an invalid entry:
cf-agent -f unit_abort.cf
Bundle example aborted on defined class "invalid"
To run this example file as part of your main policy you need to make an additional change:
There cannot be two body agent control
in the main policy. Delete the
body agent control
section from /var/cfengine/masterfiles/unit_abort.cf
.
Copy and paste abortbundleclasses => { "invalid" };
into
/var/cfengine/masterfiles/controls/cf_agent.cf
. If you add it to
the end of the file it should look something like this:
...
# dryrun => "true";
abortbundleclasses => { "invalid" };
}