sys
System variables are derived from CFEngine's automated discovery of system values. They are provided as variables in order to make automatically adaptive rules for configuration.
files:
"$(sys.resolv)"
create => "true",
edit_line => doresolv("@(this.list1)","@(this.list2)"),
edit_defaults => reconstruct;
sys.arch
The variable gives the kernel's short architecture description.
# arch = x86_64
sys.bindir
The name of the directory where CFEngine looks for its binaries..
# bindir = /var/cfengine/bin
History: Introduced in CFEngine 3.6
sys.cdate
The date of the system in canonical form, i.e. in the form of a class, from when the agent initialized.
# cdate = Sun_Dec__7_10_39_53_2008_
sys.cf_promises
A variable containing the path to the CFEngine syntax analyzer
cf-promises
on the platform you are using.
classes:
"syntax_ok" expression => returnszero("$(sys.cf_promises)");
sys.cf_version
The variable gives the version of the running CFEngine Core.
# cf_version = 3.0.5
sys.cf_version_major
The variable gives the major version of the running CFEngine Core.
# cf_version = 3.0.5
# cf_version_major = 3
History: Was introduced in 3.5.1, Enterprise 3.5.1.
sys.cf_version_minor
The variable gives the minor version of the running CFEngine Core.
# cf_version = 3.0.5
# cf_version_minor = 0
History: Was introduced in 3.5.1, Enterprise 3.5.1.
sys.cf_version_patch
The variable gives the patch version of the running CFEngine Core.
# cf_version = 3.0.5
# cf_version_patch = 5
History: Was introduced in 3.5.1, Enterprise 3.5.1.
sys.cf_version_release
The variable gives the release number of the running CFEngine Core.
# cf_version_release = 1
History: Was introduced in 3.16.0.
sys.class
This variable contains the name of the hard-class category for this host (i.e. its top level operating system type classification).
# class = linux
See also: sys.os
sys.cpus
A variable containing the number of CPU cores detected. On systems which
provide virtual cores, it is set to the total number of virtual, not
physical, cores. In addition, on a single-core system the class 1_cpu
is set, and on multi-core systems the class n_cpus
is set, where
n is the number of cores identified.
reports:
"Number of CPUS = $(sys.cpus)";
8_cpus::
"This system has 8 processors.";
History: Was introduced in 3.3.0, Enterprise 2.2.0 (2012)
sys.crontab
The variable gives the location of the current users's master crontab directory.
# crontab = /var/spool/crontab/root
sys.date
The date of the system as a text string, from when the agent initialized.
# date = Sun Dec 7 10:39:53 2008
sys.doc_root
A scalar variable containing the default path for the document root of the standard web server package.
History: Was introduced in 3.1.0, Enterprise 2.0.
sys.domain
The domain name as discovered by CFEngine. If the DNS is in use, it could
be possible to derive the domain name from its DNS registration, but in
general there is no way to discover this value automatically. The
common control
body permits the ultimate specification of this value.
# domain = example.org
sys.enterprise_version
The variable gives the version of the running CFEngine Enterprise Edition.
# enterprise_version = 3.0.0
History: Was introduced in 3.5.0, Enterprise 3.0.0.
sys.expires
History:
- Removed 3.5.0
- Introduced in version 3.1.4, Enterprise 2.0.2 (2011).
sys.exports
The location of the system NFS exports file.
# exports = /etc/exports
# exports = /etc/dfs/dfstab
sys.failsafe_policy_path
The name of the failsafe policy file.
# failsafe_policy_path = /var/cfengine/inputs/failsafe.cf
History: Introduced in CFEngine 3.6
sys.flavor, sys.flavour
A variable containing an operating system identification string that is used to determine the current release of the operating system in a form that can be used as a label in naming. This is used, for instance, to detect which package name to choose when updating software binaries for CFEngine.
These two variables are synonyms for each other.
History: Was introduced in 3.2.0, Enterprise 2.0
See also: sys.ostype
sys.fqhost
The fully qualified name of the host. In order to compute this value properly, the domain name must be defined.
# fqhost = host.example.org
See also: sys.uqhost
sys.fstab
The location of the system filesystem (mount) table.
# fstab = /etc/fstab
sys.hardware_addresses
This is a list variable containing a list of all known MAC addresses for system interfaces.
History: Was introduced in 3.3.0, Enterprise 2.2.0 (2011)
sys.hardware_mac[interface_name]
This contains the MAC address of the named interface. For example:
reports:
"Tell me $(sys.hardware_mac[eth0])";
Note: The keys in this array are canonified. For example, the entry for wlan0.1
would be found under the wlan0_1
key. Ref: CFE-4174.
History: Was introduced in 3.3.0, Enterprise 2.2.0 (2011)
sys.host
The name of the current host, according to the kernel. It is undefined whether this is qualified or unqualified with a domain name.
# host = myhost
sys.inet
The available information about the IPv4 network stack, from when the agent initialized. This is currently available only on Linux systems with the special /proc/net/*
information files.
From the route table, the default_gateway
is extracted. From the list of routes in routes
, the default_route
is copied to the top level for convenience.
Each route's flags are extracted in a convenient list format.
The stats
key contains all the TCP and IP counters provided by the system in /proc/net/netstat
.
History: Was introduced in 3.9.0.
See also: sys.inet6
, sys.interfaces_data
% cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
enp4s0 00000000 0102A8C0 0003 0 0 100 00000000 0 0 0
enp4s0 0000FEA9 00000000 0001 0 0 1000 0000FFFF 0 0 0
enp4s0 0002A8C0 00000000 0001 0 0 100 00FFFFFF 0 0 0
% cat /proc/net/netstat
TcpExt: SyncookiesSent SyncookiesRecv SyncookiesFailed EmbryonicRsts PruneCalled RcvPruned OfoPruned OutOfWindowIcmps LockDroppedIcmps ArpFilter TW TWRecycled TWKilled PAWSPassive PAWSActive PAWSEstab DelayedACKs DelayedACKLocked DelayedACKLost ListenOverflows ListenDrops TCPPrequeued TCPDirectCopyFromBacklog TCPDirectCopyFromPrequeue TCPPrequeueDropped TCPHPHits TCPHPHitsToUser TCPPureAcks TCPHPAcks TCPRenoRecovery TCPSackRecovery TCPSACKReneging TCPFACKReorder TCPSACKReorder TCPRenoReorder TCPTSReorder TCPFullUndo TCPPartialUndo TCPDSACKUndo TCPLossUndo TCPLostRetransmit TCPRenoFailures TCPSackFailures TCPLossFailures TCPFastRetrans TCPForwardRetrans TCPSlowStartRetrans TCPTimeouts TCPLossProbes TCPLossProbeRecovery TCPRenoRecoveryFail TCPSackRecoveryFail TCPSchedulerFailed TCPRcvCollapsed TCPDSACKOldSent TCPDSACKOfoSent TCPDSACKRecv TCPDSACKOfoRecv TCPAbortOnData TCPAbortOnClose TCPAbortOnMemory TCPAbortOnTimeout TCPAbortOnLinger TCPAbortFailed TCPMemoryPressures TCPSACKDiscard TCPDSACKIgnoredOld TCPDSACKIgnoredNoUndo TCPSpuriousRTOs TCPMD5NotFound TCPMD5Unexpected TCPSackShifted TCPSackMerged TCPSackShiftFallback TCPBacklogDrop TCPMinTTLDrop TCPDeferAcceptDrop IPReversePathFilter TCPTimeWaitOverflow TCPReqQFullDoCookies TCPReqQFullDrop TCPRetransFail TCPRcvCoalesce TCPOFOQueue TCPOFODrop TCPOFOMerge TCPChallengeACK TCPSYNChallenge TCPFastOpenActive TCPFastOpenActiveFail TCPFastOpenPassive TCPFastOpenPassiveFail TCPFastOpenListenOverflow TCPFastOpenCookieReqd TCPSpuriousRtxHostQueues BusyPollRxPackets TCPAutoCorking TCPFromZeroWindowAdv TCPToZeroWindowAdv TCPWantZeroWindowAdv TCPSynRetrans TCPOrigDataSent TCPHystartTrainDetect TCPHystartTrainCwnd TCPHystartDelayDetect TCPHystartDelayCwnd TCPACKSkippedSynRecv TCPACKSkippedPAWS TCPACKSkippedSeq TCPACKSkippedFinWait2 TCPACKSkippedTimeWait TCPACKSkippedChallenge TCPWinProbe TCPKeepAlive
TcpExt: 0 0 0 19896 7 0 0 9 0 0 560727 0 0 0 0 3575 2049614 302 313016 0 0 17283401 130554 186252521 0 126381259 21978 34307113 42386136 481 386568 7 175 316 11 822 2028 483 20959 148926 16709 267 271328 38869 512579 72057 281202 375133 561590 150370 23 59420 0 106 391776 9062 174837 4389 211213 13931 0 14556 0 0 0 585 594 65103 100117 0 0 0 0 2199955 0 0 0 0 0 0 0 15 36402752 5236349 0 7020 7132 4057 0 0 0 0 0 0 70 0 17925237 24 30 71 693624 275201738 33 992 2253 49843 136 484 21848 0 25 218 10478 503111
IpExt: InNoRoutes InTruncatedPkts InMcastPkts OutMcastPkts InBcastPkts OutBcastPkts InOctets OutOctets InMcastOctets OutMcastOctets InBcastOctets OutBcastOctets InCsumErrors InNoECTPkts InECT1Pkts InECT0Pkts InCEPkts
IpExt: 0 0 1304886 130589 3784495 6 437612883789 422416538003 334973818 8189234 817859007 284 1 487495405 18258 4804476 543340
# sys.inet = {
"default_gateway": "192.168.2.1",
"default_route": {
"active_default_gateway": true,
"dest": "0.0.0.0",
"flags": [
"up",
"net",
"default",
"gateway"
],
"gateway": "192.168.2.1",
"interface": "enp4s0",
"irtt": 0,
"mask": "0.0.0.0",
"metric": 100,
"mtu": 0,
"refcnt": 0,
"use": 0,
"window": 0
},
"routes": [
{
"active_default_gateway": true,
"dest": "0.0.0.0",
"flags": [
"up",
"net",
"default",
"gateway"
],
"gateway": "192.168.2.1",
"interface": "enp4s0",
"irtt": 0,
"mask": "0.0.0.0",
"metric": 100,
"mtu": 0,
"refcnt": 0,
"use": 0,
"window": 0
},
{
"active_default_gateway": false,
"dest": "169.254.0.0",
"flags": [
"up",
"net",
"not_default",
"local"
],
"gateway": "0.0.0.0",
"interface": "enp4s0",
"irtt": 0,
"mask": "255.255.0.0",
"metric": 1000,
"mtu": 0,
"refcnt": 0,
"use": 0,
"window": 0
},
{
"active_default_gateway": false,
"dest": "192.168.2.0",
"flags": [
"up",
"net",
"not_default",
"local"
],
"gateway": "0.0.0.0",
"interface": "enp4s0",
"irtt": 0,
"mask": "255.255.255.0",
"metric": 100,
"mtu": 0,
"refcnt": 0,
"use": 0,
"window": 0
}
],
"stats": {
"IpExt": {
"InBcastOctets": "817859007",
"InBcastPkts": "3784495",
"InCEPkts": "543340",
"InCsumErrors": "1",
"InECT0Pkts": "4804476",
"InECT1Pkts": "18258",
"InMcastOctets": "334973818",
"InMcastPkts": "1304886",
"InNoECTPkts": "487495405",
"InNoRoutes": "0",
"InOctets": "437612883789",
"InTruncatedPkts": "0",
"OutBcastOctets": "284",
"OutBcastPkts": "6",
"OutMcastOctets": "8189234",
"OutMcastPkts": "130589",
"OutOctets": "422416538003"
},
"TcpExt": {
"ArpFilter": "0",
"BusyPollRxPackets": "0",
"DelayedACKLocked": "302",
"DelayedACKLost": "313016",
"DelayedACKs": "2049614",
"EmbryonicRsts": "19896",
"IPReversePathFilter": "0",
"ListenDrops": "0",
"ListenOverflows": "0",
"LockDroppedIcmps": "0",
"OfoPruned": "0",
"OutOfWindowIcmps": "9",
"PAWSActive": "0",
"PAWSEstab": "3575",
"PAWSPassive": "0",
"PruneCalled": "7",
"RcvPruned": "0",
"SyncookiesFailed": "0",
"SyncookiesRecv": "0",
"SyncookiesSent": "0",
"TCPACKSkippedChallenge": "218",
"TCPACKSkippedFinWait2": "0",
"TCPACKSkippedPAWS": "484",
"TCPACKSkippedSeq": "21848",
"TCPACKSkippedSynRecv": "136",
"TCPACKSkippedTimeWait": "25",
"TCPAbortFailed": "0",
"TCPAbortOnClose": "13931",
"TCPAbortOnData": "211213",
"TCPAbortOnLinger": "0",
"TCPAbortOnMemory": "0",
"TCPAbortOnTimeout": "14556",
"TCPAutoCorking": "17925237",
"TCPBacklogDrop": "0",
"TCPChallengeACK": "7132",
"TCPDSACKIgnoredNoUndo": "65103",
"TCPDSACKIgnoredOld": "594",
"TCPDSACKOfoRecv": "4389",
"TCPDSACKOfoSent": "9062",
"TCPDSACKOldSent": "391776",
"TCPDSACKRecv": "174837",
"TCPDSACKUndo": "20959",
"TCPDeferAcceptDrop": "0",
"TCPDirectCopyFromBacklog": "130554",
"TCPDirectCopyFromPrequeue": "186252521",
"TCPFACKReorder": "175",
"TCPFastOpenActive": "0",
"TCPFastOpenActiveFail": "0",
"TCPFastOpenCookieReqd": "0",
"TCPFastOpenListenOverflow": "0",
"TCPFastOpenPassive": "0",
"TCPFastOpenPassiveFail": "0",
"TCPFastRetrans": "512579",
"TCPForwardRetrans": "72057",
"TCPFromZeroWindowAdv": "24",
"TCPFullUndo": "2028",
"TCPHPAcks": "42386136",
"TCPHPHits": "126381259",
"TCPHPHitsToUser": "21978",
"TCPHystartDelayCwnd": "49843",
"TCPHystartDelayDetect": "2253",
"TCPHystartTrainCwnd": "992",
"TCPHystartTrainDetect": "33",
"TCPKeepAlive": "503111",
"TCPLossFailures": "38869",
"TCPLossProbeRecovery": "150370",
"TCPLossProbes": "561590",
"TCPLossUndo": "148926",
"TCPLostRetransmit": "16709",
"TCPMD5NotFound": "0",
"TCPMD5Unexpected": "0",
"TCPMemoryPressures": "0",
"TCPMinTTLDrop": "0",
"TCPOFODrop": "0",
"TCPOFOMerge": "7020",
"TCPOFOQueue": "5236349",
"TCPOrigDataSent": "275201738",
"TCPPartialUndo": "483",
"TCPPrequeueDropped": "0",
"TCPPrequeued": "17283401",
"TCPPureAcks": "34307113",
"TCPRcvCoalesce": "36402752",
"TCPRcvCollapsed": "106",
"TCPRenoFailures": "267",
"TCPRenoRecovery": "481",
"TCPRenoRecoveryFail": "23",
"TCPRenoReorder": "11",
"TCPReqQFullDoCookies": "0",
"TCPReqQFullDrop": "0",
"TCPRetransFail": "15",
"TCPSACKDiscard": "585",
"TCPSACKReneging": "7",
"TCPSACKReorder": "316",
"TCPSYNChallenge": "4057",
"TCPSackFailures": "271328",
"TCPSackMerged": "0",
"TCPSackRecovery": "386568",
"TCPSackRecoveryFail": "59420",
"TCPSackShiftFallback": "2199955",
"TCPSackShifted": "0",
"TCPSchedulerFailed": "0",
"TCPSlowStartRetrans": "281202",
"TCPSpuriousRTOs": "100117",
"TCPSpuriousRtxHostQueues": "70",
"TCPSynRetrans": "693624",
"TCPTSReorder": "822",
"TCPTimeWaitOverflow": "0",
"TCPTimeouts": "375133",
"TCPToZeroWindowAdv": "30",
"TCPWantZeroWindowAdv": "71",
"TCPWinProbe": "10478",
"TW": "560727",
"TWKilled": "0",
"TWRecycled": "0"
}
}
}
sys.inet6
The available information about the IPv6 network stack, from when the agent initialized. This is currently available only on Linux systems with the special /proc/net/*
information files.
The configured devices with IPv6 addresses from /proc/net/if_inet6
are collected under addresses
.
The routes from /proc/net/ipv6_route
are collected but not analyzed for default route etc. as with IPv4 routes in sys.inet
.
The network statistics from /proc/net/snmp6
are converted to a convenient key-value format under stats
.
History: Was introduced in 3.9.0.
See also: sys.inet
, sys.interfaces_data
% cat /proc/net/if_inet6
00000000000000000000000000000001 01 80 10 80 lo
fe80000000000000004249fffebdd7b4 04 40 20 80 docker0
fe80000000000000c27cd1fffe3eada6 02 40 20 80 enp4s0
% cat /proc/net/ipv6_route
fe800000000000000000000000000000 40 00000000000000000000000000000000 00 00000000000000000000000000000000 00000100 00000001 00000004 00000001 enp4s0
00000000000000000000000000000000 00 00000000000000000000000000000000 00 00000000000000000000000000000000 ffffffff 00000001 0007e26c 00200200 lo
00000000000000000000000000000001 80 00000000000000000000000000000000 00 00000000000000000000000000000000 00000000 00000009 0000020b 80200001 lo
fe80000000000000c27cd1fffe3eada6 80 00000000000000000000000000000000 00 00000000000000000000000000000000 00000000 00000002 00000004 80200001 lo
ff000000000000000000000000000000 08 00000000000000000000000000000000 00 00000000000000000000000000000000 00000100 00000008 0003ffc5 00000001 enp4s0
00000000000000000000000000000000 00 00000000000000000000000000000000 00 00000000000000000000000000000000 ffffffff 00000001 0007e26c 00200200 lo
% cat /proc/net/snmp6
Ip6InReceives 492189
Ip6InHdrErrors 0
Ip6InTooBigErrors 0
Ip6InNoRoutes 0
Ip6InAddrErrors 0
Ip6InUnknownProtos 0
Ip6InTruncatedPkts 0
Ip6InDiscards 0
Ip6InDelivers 490145
Ip6OutForwDatagrams 0
Ip6OutRequests 12145
Ip6OutDiscards 6
Ip6OutNoRoutes 249070
Ip6ReasmTimeout 0
Ip6ReasmReqds 0
Ip6ReasmOKs 0
Ip6ReasmFails 0
Ip6FragOKs 0
Ip6FragFails 0
Ip6FragCreates 0
Ip6InMcastPkts 488766
Ip6OutMcastPkts 10304
Ip6InOctets 132343220
Ip6OutOctets 1522724
Ip6InMcastOctets 131896014
Ip6OutMcastOctets 1076616
Ip6InBcastOctets 0
Ip6OutBcastOctets 0
Ip6InNoECTPkts 492196
Ip6InECT1Pkts 0
Ip6InECT0Pkts 0
Ip6InCEPkts 0
Icmp6InMsgs 275
Icmp6InErrors 0
Icmp6OutMsgs 1815
Icmp6OutErrors 0
Icmp6InCsumErrors 0
Icmp6InDestUnreachs 0
Icmp6InPktTooBigs 0
Icmp6InTimeExcds 0
Icmp6InParmProblems 0
Icmp6InEchos 0
Icmp6InEchoReplies 0
Icmp6InGroupMembQueries 0
Icmp6InGroupMembResponses 1
Icmp6InGroupMembReductions 1
Icmp6InRouterSolicits 0
Icmp6InRouterAdvertisements 0
Icmp6InNeighborSolicits 5
Icmp6InNeighborAdvertisements 268
Icmp6InRedirects 0
Icmp6InMLDv2Reports 0
Icmp6OutDestUnreachs 0
Icmp6OutPktTooBigs 0
Icmp6OutTimeExcds 0
Icmp6OutParmProblems 0
Icmp6OutEchos 0
Icmp6OutEchoReplies 0
Icmp6OutGroupMembQueries 0
Icmp6OutGroupMembResponses 0
Icmp6OutGroupMembReductions 0
Icmp6OutRouterSolicits 396
Icmp6OutRouterAdvertisements 0
Icmp6OutNeighborSolicits 206
Icmp6OutNeighborAdvertisements 5
Icmp6OutRedirects 0
Icmp6OutMLDv2Reports 1208
Icmp6InType131 1
Icmp6InType132 1
Icmp6InType135 5
Icmp6InType136 268
Icmp6OutType133 396
Icmp6OutType135 206
Icmp6OutType136 5
Icmp6OutType143 1208
Udp6InDatagrams 486201
Udp6NoPorts 0
Udp6InErrors 0
Udp6OutDatagrams 7273
Udp6RcvbufErrors 0
Udp6SndbufErrors 0
Udp6InCsumErrors 0
Udp6IgnoredMulti 0
UdpLite6InDatagrams 0
UdpLite6NoPorts 0
UdpLite6InErrors 0
UdpLite6OutDatagrams 0
UdpLite6RcvbufErrors 0
UdpLite6SndbufErrors 0
UdpLite6InCsumErrors 0
# sys.inet6 = {
"addresses": {
"docker0": {
"address": "d7b4:febd:49ff:42:0:0:0:fe80",
"device_number": 4,
"interface": "docker0",
"prefix_length": 64,
"raw_flags": "80",
"scope": 32
},
"enp4s0": {
"address": "ada6:fe3e:d1ff:c27c:0:0:0:fe80",
"device_number": 2,
"interface": "enp4s0",
"prefix_length": 64,
"raw_flags": "80",
"scope": 32
},
"lo": {
"address": "1:0:0:0:0:0:0:0",
"device_number": 1,
"interface": "lo",
"prefix_length": 128,
"raw_flags": "80",
"scope": 16
}
},
"routes": [
{
"dest": "0:0:0:0:0:0:0:0",
"dest_prefix": "40",
"flags": [
"up",
"net",
"local"
],
"interface": "enp4s0",
"metric": 256,
"next_hop": "0:0:0:0:0:0:0:0",
"refcnt": 1,
"source_prefix": "00",
"use": 4
},
{
"dest": "0:0:0:0:0:0:0:0",
"dest_prefix": "80",
"flags": [
"up",
"net",
"local"
],
"interface": "lo",
"metric": 0,
"next_hop": "0:0:0:0:0:0:0:0",
"refcnt": 2,
"source_prefix": "00",
"use": 4
}
],
"stats": {
"Icmp6InCsumErrors": 0,
"Icmp6InDestUnreachs": 0,
"Icmp6InEchoReplies": 0,
"Icmp6InEchos": 0,
"Icmp6InErrors": 0,
"Icmp6InGroupMembQueries": 0,
"Icmp6InGroupMembReductions": 1,
"Icmp6InGroupMembResponses": 1,
"Icmp6InMLDv2Reports": 0,
"Icmp6InMsgs": 275,
"Icmp6InNeighborAdvertisements": 268,
"Icmp6InNeighborSolicits": 5,
"Icmp6InParmProblems": 0,
"Icmp6InPktTooBigs": 0,
"Icmp6InRedirects": 0,
"Icmp6InRouterAdvertisements": 0,
"Icmp6InRouterSolicits": 0,
"Icmp6InTimeExcds": 0,
"Icmp6InType131": 1,
"Icmp6InType132": 1,
"Icmp6InType135": 5,
"Icmp6InType136": 268,
"Icmp6OutDestUnreachs": 0,
"Icmp6OutEchoReplies": 0,
"Icmp6OutEchos": 0,
"Icmp6OutErrors": 0,
"Icmp6OutGroupMembQueries": 0,
"Icmp6OutGroupMembReductions": 0,
"Icmp6OutGroupMembResponses": 0,
"Icmp6OutMLDv2Reports": 1208,
"Icmp6OutMsgs": 1815,
"Icmp6OutNeighborAdvertisements": 5,
"Icmp6OutNeighborSolicits": 206,
"Icmp6OutParmProblems": 0,
"Icmp6OutPktTooBigs": 0,
"Icmp6OutRedirects": 0,
"Icmp6OutRouterAdvertisements": 0,
"Icmp6OutRouterSolicits": 396,
"Icmp6OutTimeExcds": 0,
"Icmp6OutType133": 396,
"Icmp6OutType135": 206,
"Icmp6OutType136": 5,
"Icmp6OutType143": 1208,
"Ip6FragCreates": 0,
"Ip6FragFails": 0,
"Ip6FragOKs": 0,
"Ip6InAddrErrors": 0,
"Ip6InBcastOctets": 0,
"Ip6InCEPkts": 0,
"Ip6InDelivers": 490145,
"Ip6InDiscards": 0,
"Ip6InECT0Pkts": 0,
"Ip6InECT1Pkts": 0,
"Ip6InHdrErrors": 0,
"Ip6InMcastOctets": 131896014,
"Ip6InMcastPkts": 488766,
"Ip6InNoECTPkts": 492196,
"Ip6InNoRoutes": 0,
"Ip6InOctets": 132343220,
"Ip6InReceives": 492189,
"Ip6InTooBigErrors": 0,
"Ip6InTruncatedPkts": 0,
"Ip6InUnknownProtos": 0,
"Ip6OutBcastOctets": 0,
"Ip6OutDiscards": 6,
"Ip6OutForwDatagrams": 0,
"Ip6OutMcastOctets": 1076616,
"Ip6OutMcastPkts": 10304,
"Ip6OutNoRoutes": 249070,
"Ip6OutOctets": 1522724,
"Ip6OutRequests": 12145,
"Ip6ReasmFails": 0,
"Ip6ReasmOKs": 0,
"Ip6ReasmReqds": 0,
"Ip6ReasmTimeout": 0,
"Udp6IgnoredMulti": 0,
"Udp6InCsumErrors": 0,
"Udp6InDatagrams": 486201,
"Udp6InErrors": 0,
"Udp6NoPorts": 0,
"Udp6OutDatagrams": 7273,
"Udp6RcvbufErrors": 0,
"Udp6SndbufErrors": 0,
"UdpLite6InCsumErrors": 0,
"UdpLite6InDatagrams": 0,
"UdpLite6InErrors": 0,
"UdpLite6NoPorts": 0,
"UdpLite6OutDatagrams": 0,
"UdpLite6RcvbufErrors": 0,
"UdpLite6SndbufErrors": 0
}
}
sys.inputdir
The name of the inputs directory where CFEngine looks for its policy files.
# inputdir = /var/cfengine/inputs
History: Introduced in CFEngine 3.6
sys.interface
The assumed (default) name of the main system interface on this host.
# interface = eth0
sys.interfaces
Displays a system list of configured interfaces currently active in use by the system. This list is detected at runtime and it passed in the variables report to the CFEngine Enterprise Database.
Example:
bundle agent example_sys_interfaces
{
reports:
"Address: $(sys.ip_addresses)";
"Interface: $(sys.interfaces)";
"Address of '$(sys.interfaces)' is '$(sys.ipv4[$(sys.interfaces)])'";
}
bundle agent __main__
{
methods:
"example_sys_interfaces";
}
Example Output:
R: Address: 127.0.0.1
R: Address: 192.168.42.189
R: Address: 192.168.122.1
R: Address: 172.17.0.1
R: Address: 192.168.33.1
R: Address: 172.27.224.211
R: Address: 192.168.69.1
R: Interface: wlan0
R: Interface: virbr0
R: Interface: docker0
R: Interface: vboxnet3
R: Interface: tun0
R: Interface: vboxnet13
R: Address of 'wlan0' is '192.168.42.189'
R: Address of 'virbr0' is '192.168.122.1'
R: Address of 'docker0' is '172.17.0.1'
R: Address of 'vboxnet3' is '192.168.33.1'
R: Address of 'tun0' is '172.27.224.211'
R: Address of 'vboxnet13' is '192.168.69.1'
History: Was introduced in 3.3.0, Enterprise 2.2.0 (2011)
sys.interfaces_data
The network statistics of the system interfaces, from when the agent initialized. This is currently available only on Linux systems with the special /proc/net/dev
file.
History: Was introduced in 3.9.0.
% cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
enp4s0: 446377831179 492136556 0 0 0 0 0 0 428200856331 499195545 0 0 0 0 0 0
lo: 1210580426 1049790 0 0 0 0 0 0 1210580426 1049790 0 0 0 0 0 0
wlp3s0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
# sys.interfaces_data = {
"enp4s0": {
"device": "enp4s0",
"receive_bytes": "446377831179",
"receive_compressed": "0",
"receive_drop": "0",
"receive_errors": "0",
"receive_fifo": "0",
"receive_frame": "0",
"receive_multicast": "0",
"receive_packets": "492136556",
"transmit_bytes": "428200856331",
"transmit_compressed": "0",
"transmit_drop": "0",
"transmit_errors": "0",
"transmit_fifo": "0",
"transmit_frame": "0",
"transmit_multicast": "0",
"transmit_packets": "499195545"
},
"lo": {
"device": "lo",
"receive_bytes": "1210580426",
"receive_compressed": "0",
"receive_drop": "0",
"receive_errors": "0",
"receive_fifo": "0",
"receive_frame": "0",
"receive_multicast": "0",
"receive_packets": "1049790",
"transmit_bytes": "1210580426",
"transmit_compressed": "0",
"transmit_drop": "0",
"transmit_errors": "0",
"transmit_fifo": "0",
"transmit_frame": "0",
"transmit_multicast": "0",
"transmit_packets": "1049790"
},
"wlp3s0": {
"device": "wlp3s0",
"receive_bytes": "0",
"receive_compressed": "0",
"receive_drop": "0",
"receive_errors": "0",
"receive_fifo": "0",
"receive_frame": "0",
"receive_multicast": "0",
"receive_packets": "0",
"transmit_bytes": "0",
"transmit_compressed": "0",
"transmit_drop": "0",
"transmit_errors": "0",
"transmit_fifo": "0",
"transmit_frame": "0",
"transmit_multicast": "0",
"transmit_packets": "0"
}
}
sys.interface_flags
Contains a space separated list of the flags of the named interface. e.g.
reports:
"eth0 flags: $(sys.interface_flags[eth0])";
Outputs:
R: eth0 flags: up broadcast running multicast
The following device flags are supported:
- up
- broadcast
- debug
- loopback
- pointopoint
- notrailers
- running
- noarp
- promisc
- allmulti
- multicast
History: Was introduced in 3.5.0 (2013)
sys.ip_addresses
Displays a system list of IP addresses currently in use by the system. This list is detected at runtime and passed in the variables report to the CFEngine Enterprise Database.
To use this list in a policy, you will need a local copy since only local variables can be iterated.
bundle agent test
{
vars:
# To iterate, we need a local copy
"i1" slist => { @(sys.ip_addresses)} ;
"i2" slist => { @(sys.interfaces)} ;
reports:
"Addresses: $(i1)";
"Interfaces: $(i2)";
"Addresses of the interfaces: $(sys.ipv4[$(i2)])";
}
History: Was introduced in 3.3.0, Enterprise 2.2.0 (2011)
sys.ip2iface
A map of full IPv4 addresses (key) to the system interface (value),
e.g. $(sys.ip2iface[1.2.3.4])
.
# If the IPv4 address on the interfaces are
# le0 = 192.168.1.101
# xr1 = 10.12.7.254
#
# Then you will have
# sys.ip2iface[192.168.1.101] = le0
# sys.ip2iface[10.12.7.254] = xr1
Notes:
The list of addresses may be acquired with
getindices("sys.ip2iface")
(or from any of the other associative arrays). Only those interfaces which are marked as "up" and have an IP address will have entries.The values in this array are canonified. For example, the entry for
wlan0.1
would bewlan0_1
. Ref: CFE-4174.
History: Was introduced in 3.9.
sys.ipv4
All four octets of the IPv4 address of the first system interface.
Note:
If your system has a single ethernet interface, $(sys.ipv4)
will contain
your IPv4 address. However, if your system has multiple interfaces, then
$(sys.ipv4)
will simply be the IPv4 address of the first interface in the
list that has an assigned address, Use $(sys.ipv4[interface_name])
for
details on obtaining the IPv4 addresses of all interfaces on a system.
sys.ipv4[interface_name]
The full IPv4 address of the system interface named as the associative
array index, e.g. $(sys.ipv4[le0])
or $(sys.ipv4[xr1])
.
# If the IPv4 address on the interfaces are
# le0 = 192.168.1.101
# xr1 = 10.12.7.254
#
# Then the octets of all interfaces are accessible as an associative array
# sys.ipv4_1[le0] = 192
# sys.ipv4_2[le0] = 192.168
# sys.ipv4_3[le0] = 192.168.1
# sys.ipv4[le0] = 192.168.1.101
# sys.ipv4_1[xr1] = 10
# sys.ipv4_2[xr1] = 10.12
# sys.ipv4_3[xr1] = 10.12.7
# sys.ipv4[xr1] = 10.12.7.254
Note:
The list of interfaces may be acquired with getindices("sys.ipv4")
(or
from any of the other associative arrays). Only those interfaces which
are marked as "up" and have an IP address will be listed.
sys.ipv4_1[interface_name]
The first octet of the IPv4 address of the system interface named as the
associative array index, e.g. $(ipv4_1[le0])
or $(ipv4_1[xr1])
.
Note: The keys in this array are canonified. For example, the entry for wlan0.1
would be found under the wlan0_1
key. Ref: CFE-4174.
sys.ipv4_2[interface_name]
The first two octets of the IPv4 address of the system interface named as the associative array index, e.g. $(ipv4_2[le0])
or $(ipv4_2[xr1])
.
Note: The keys in this array are canonified. For example, the entry for wlan0.1
would be found under the wlan0_1
key. Ref: CFE-4174.
sys.ipv4_3[interface_name]
The first three octets of the IPv4 address of the system interface named as the associative array index, e.g. $(ipv4_3[le0])
or $(ipv4_3[xr1])
.
Note: The keys in this array are canonified. For example, the entry for wlan0.1
would be found under the wlan0_1
key. Ref: CFE-4174.
sys.key_digest
The digest of the host's cryptographic public key.
# sys.key_digest = MD5=bc230448c9bec14b9123443e1608ac07
sys.last_policy_update
Timestamp when last policy change was seen by host
sys.libdir
The name of the directory where CFEngine looks for its libraries.
# libdir = /var/cfengine/inputs/lib
History: Introduced in CFEngine 3.6, version based sub directory removed in CFEngine 3.8.
sys.local_libdir
The name of the directory where CFEngine looks for its libraries, without any prefixes.
# local_libdir = lib
History: Introduced in CFEngine 3.6, version based sub directory removed in CFEngine 3.8.
sys.logdir
The name of the directory where CFEngine log files are saved
# logdir = /var/cfengine/
History: Introduced in CFEngine 3.6
sys.license_owner
History:
- Removed 3.5.0
- Introduced in version 3.1.4, Enterprise 2.0.2 (2011).
sys.licenses_granted
History:
- Removed 3.5.0
- Was introduced in version 3.1.4, Enterprise 2.0.2 (2011).
sys.long_arch
The long architecture name for this system kernel. This name is sometimes quite unwieldy but can be useful for logging purposes.
# long_arch = linux_x86_64_2_6_22_19_0_1_default__1_SMP_2008_10_14_22_17_43__0200
See also: sys.ostype
sys.maildir
The name of the system email spool directory.
# maildir = /var/spool/mail
sys.masterdir
The name of the directory on the hub where CFEngine looks for inputs to be validated and copied into sys.inputdir
.
# masterdir = /var/cfengine/masterfiles
History: Introduced in CFEngine 3.6
sys.nova_version
The variable gives the version of the running CFEngine Enterprise Edition.
# nova_version = 1.1.3
sys.os
The name of the operating system according to the kernel.
# os = linux
See also: sys.ostype
sys.os_name_human
A human friendly version of the operating system that's running.
Example policy:
bundle agent __main__
{
reports:
"$(sys.os_name_human)";
}
Example policy output:
R: Ubuntu
History:
- 3.18.0 introduced
sys.os_release
Information parsed from /etc/os-release
if present.
bundle agent main
{
reports:
"$(with)"
with => string_mustache("", @(sys.os_release) );
}
Policy Output:
R: {
"BUG_REPORT_URL": "https://bugs.launchpad.net/ubuntu/",
"HOME_URL": "https://www.ubuntu.com/",
"ID": "ubuntu",
"ID_LIKE": "debian",
"NAME": "Ubuntu",
"PRETTY_NAME": "Ubuntu 17.10",
"PRIVACY_POLICY_URL": "https://www.ubuntu.com/legal/terms-and-policies/privacy-policy",
"SUPPORT_URL": "https://help.ubuntu.com/",
"UBUNTU_CODENAME": "artful",
"VERSION": "17.10 (Artful Aardvark)",
"VERSION_CODENAME": "artful",
"VERSION_ID": "17.10"
}
History:
- Added in 3.11.0
sys.os_version_major
The major version of the operating system that's running.
Example policy:
bundle agent __main__
{
reports:
"$(sys.os_version_major)";
}
Example policy output:
R: 22
History:
- 3.18.0 introduced
sys.ostype
Another name for the operating system.
# ostype = linux_x86_64
See also: sys.class
sys.piddir
The name of the directory where CFEngine saves the daemon pid files.
# piddir = /var/cfengine/
History: Introduced in CFEngine 3.6
sys.policy_entry_basename
The basename of the first policy file read by the agent. For example
promises.cf
or update.cf
.
See also: sys.policy_entry_dirname
sys.policy_entry_filename
History:
- Introduced 3.12.0
sys.policy_entry_dirname
The full path to the directory containing the first policy file read by the agent. For example
/var/cfengine/inputs
or ~/.cfagent/inputs
.
See also: sys.policy_entry_basename
sys.policy_entry_filename
History:
- Introduced 3.12.0
sys.policy_entry_filename
The full path to the first policy file read by the agent. For example
/var/cfengine/inputs/promises.cf
or ~/.cfagent/inputs/promises.cf
.
See also: sys.policy_entry_basename
sys.policy_entry_dirname
History:
- Introduced 3.12.0
sys.policy_hub
IP of the machine acting as the policy server.
$(sys.workdir)/policy_server.dat
stores bootstrap information. If bootstrapped to a hostname, the value is the current IP the hostname resolves to. If bootstrapped to an IP, the value is the stored IP. The variable is undefined if $(sys.workdir)/policy_server.dat
does not exist or is empty.
reports:
"Policy hub is $(sys.policy_hub)";
History:
- Introduced in version 3.1.0b1,Enterprise 2.0.0b1 (2010).
- Available in Community since 3.2.0
sys.policy_hub_port
The default port which cf-agent
will use by default when making outbound
connections to cf-serverd
. This defaults to 5308
but can be
overridden based on the data provided during bootstrap stored in
$(sys.workdir)/policy_server.dat
.
History:
- Introduced in version 3.10.0 (2016).
sys.release
The kernel release of the operating system.
# release = 2.6.22.19-0.1-default
sys.resolv
The location of the system resolver file.
# resolv = /etc/resolv.conf
sys.statedir
The name of the state directory where CFEngine looks for its embedded database files.
# statedir = /var/cfengine/state
History: Introduced in CFEngine 3.7
sys.sysday
A variable containing the time since the UNIX Epoch (00:00:00 UTC, January 1,
1970), measured in days. It is equivalent to $(sys.systime)
divided by the
number of seconds in a day, expressed as an integer. No time zone conversion
is performed, the direct result of the time() system call is used. This value
is most commonly used in the /etc/shadow file.
# sysday = 15656
Corresponds to Monday, November 12, 2012.
History: Introduced in CFEngine 3.6
sys.systime
A variable containing the result of the time() system call, which is the
time since the UNIX Epoch (00:00:00 UTC, January 1, 1970), measured in
seconds. See also $(sys.sysday)
.
# systime = 1352754900
Corresponds to Mon Nov 12 21:15:00 2012 UTC.
History: Introduced in CFEngine 3.6
sys.update_policy_path
The name of the update policy file.
# update_policy_path = /var/cfengine/inputs/update.cf
History: Introduced in CFEngine 3.6
sys.uptime
A variable containing the number of minutes which the system has been online. (Not implemented on the Windows platform.)
# uptime = 69735
Equivalent uptime command output:
16:24:52 up 48 days, 10:15, 1 user, load average: 0.00, 0.00, 0.00
History: Introduced in CFEngine 3.6
sys.user_data
A data container with the user information of the user that started the agent.
# user_data = {
"description": "root",
"gid": 0,
"home_dir": "/root",
"shell": "/bin/bash",
"uid": 0,
"username": "root"
}
History: Introduced in CFEngine 3.10
sys.uqhost
The unqualified name of the current host.
# uqhost = myhost
See also: sys.fqhost
sys.version
The version of the running kernel. On Linux, this corresponds to the
output of uname -v
.
# version = #55-Ubuntu SMP Mon Jan 10 23:42:43 UTC 2011
History: Was introduced in version 3.1.4,Enterprise 2.0.2 (2011)
sys.windir
On the Windows version of CFEngine Enterprise, this is the path to the Windows directory of this system.
# windir = C:\WINDOWS
sys.winprogdir
On the Windows version of CFEngine Enterprise, this is the path to the program files directory of the system.
# winprogdir = C:\Program Files
sys.winprogdir86
On 64 bit Windows versions of CFEngine Enterprise, this is the path to the 32 bit (x86) program files directory of the system.
# winprogdir86 = C:\Program Files (x86)
sys.winsysdir
On the Windows version of CFEngine Enterprise, this is the path to the Windows system directory.
# winsysdir = C:\WINDOWS\system32
sys.workdir
The location of the CFEngine work directory and cache. For the system privileged user this is normally:
# workdir = /var/cfengine
For non-privileged users it is in the user's home directory:
# workdir = /home/user/.cfagent
On the Windows version of CFEngine Enterprise, it is normally under program files (the directory name may change with the language of Windows):
# workdir = C:\Program Files\CFEngine