Hard and Soft Classes
Classes fall into hard (discovered) and soft (defined) types. This reference documents the hard classes that might be set by CFEngine, and soft classes used by CFEngine's default policy.
hard classes and
soft classes defined in common bundles on a
particular host, run
cf-promises --show-classes as a privileged user.
[root@hub masterfiles]# cf-promises --show-classes Class name Meta tags 10_0_2_15 inventory,attribute_name=none,source=agent,hardclass 127_0_0_1 inventory,attribute_name=none,source=agent,hardclass 192_168_33_2 inventory,attribute_name=none,source=agent,hardclass 1_cpu source=agent,derived-from=sys.cpus,hardclass 64_bit source=agent,hardclass Afternoon time_based,source=agent,hardclass Day22 time_based,source=agent,hardclass ...
Note that some of the classes are set only if a trusted link can be established
cf-monitord, i.e. if both are running with privilege, and
/var/cfengine/state/env_data file is secure.
You can also use the built-in
classesmatching() function to get a
list of all the defined classes in a list, inside CFEngine policy
classesmatching() is especially useful because it also lets
you specify tag regular expressions.
See also: The
Classes and variables have tags that describe their provenance (who created them) and purpose (why were they created).
While you can provide your own tags for soft classes in policy with
meta attribute, there are some tags applied to hard classes and
other special cases. This list may change in future versions of
source=agent: this hard class or variable was created by the agent in the C code. This tag is useful when you need to find classes or variables that don't match the other sources below. e.g.
source=environment: this hard class or variable was created by the agent in the C code. It reflects something about the environment like a command-line option, e.g.
inform_mode. Another useful option,
source=bootstrap: this hard class or variable was created by the agent in the C code based on bootstrap parameters. e.g.
policy_serveris set based on the IP address or host name you provided when you ran
cf-agent -B host-or-ip.
source=module: this class or variable was created through the module protocol.
source=persistent: this persistent class was loaded from storage.
source=body: this variable was created by a body with side effects.
source=function: this class or variable was created by a function as a side effect, e.g. see the classes that
selectservers()sets or the variables that
regextract()sets. These classes or variables will also have a
source=promise: this soft class was created from policy.
inventory: related to the system inventory, e.g. the network interfaces
attribute_name=none: has no visual attribute name (ignored by Mission Portal)
attribute_name=X: has visual attribute name
X(used by Mission Portal)
monitoring: related to the monitoring (
time_based: based on the system date, e.g.
derived-from=varname: for a class, this tells you it was derived from a variable name, e.g. if the special variable
xyz, the resulting class
xyzwill have the tag
cfe_internal: internal utility classes and variables
source=ldap: this soft class or variable was created from an LDAP lookup.
source=observation: this class or variable came from a
measurementssystem observation and will also have the
- CFEngine-specific classes
any: this class is always set
policy_server: set when the file
$(workdir)/state/am_policy_hubexists. When a host is bootstrapped, if the agent detects that it is bootstrapping to itself the file is created.
bootstrap_mode: set when bootstrapping a host
debug_mode: log verbosity levels in order of noisiness
opt_dry_run: set when the
--dry-runoption is given
failsafe_fallback: set when the base policy is invalid and the built-in
bootstrap.c) is invoked
community_edition) and (
enterprise_edition): the two different CFEngine products, Community and Enterprise, can be distinguished by these mutually exclusive sets of hard classes
commoncf-promises and others: classes that identify the current component.
cf-promisesis a special case because it's not an agent in the CFEngine sense, so note that using
cf-promises --show-classeswill not show these classes because it can't.
- Operating System Classes (note that the presence of these classes doesn't imply platform support)
- Operating System Architecture -
ultrix, the always-favorite
- VM or hypervisor specific:
- On Solaris-10 systems, the zone name (in the form
zone_global, zone_foo, zone_baz).
systemd: based on the detected capabilities of the platform or the compiled-in options
- See also:
- Operating System Architecture -
- Network Classes
- Unqualified Name of Host. CFEngine truncates it at the first dot.
www.research.company.comhave the same unqualified name –
- The IP address octets of any active interface (in the form
- User-defined Group of Hosts
mac_unknown: set when the MAC address can't be found
- See also:
- Unqualified Name of Host. CFEngine truncates it at the first dot. Note:
- note ALL of these have a local and a GMT version. The GMT classes are consistent the world over, in case you need global change coordination.
- Day of the Week -
Monday, Tuesday, Wednesday,...GMT_Monday, GMT_Tuesday, GMT_Wednesday,...
- Hour of the Day in Current Time Zone -
Hr00, Hr01,... Hr23and
Hr0, Hr1,... Hr23
- Hour of the Day in GMT -
GMT_Hr00, GMT_Hr01, ...GMT_Hr23and
GMT_Hr0, GMT_Hr1, ...GMT_Hr23.
- Minutes of the Hour -
Min00, Min17,... Min45,...and
GMT_Min00, GMT_Min17,... GMT_Min45,...
- Five Minute Interval of the Hour -
Min00_05, Min05_10,... Min55_00and
GMT_Min00_05, GMT_Min05_10,... GMT_Min55_00. Note the second number indicates up to what minute the interval extends and does not include that minute.
- Quarter of the Hour -
Q1, Q2, Q3, Q4and
GMT_Q1, GMT_Q2, GMT_Q3, GMT_Q4
- An expression of the current quarter hour -
- Day of the Month -
Day1, Day2,... Day31and
GMT_Day1, GMT_Day2,... GMT_Day31
- Month -
January, February,... Decemberand
GMT_January, GMT_February,... GMT_December
- Year -
- Period of the Day -
Night, Morning, Afternoon, Eveningand
GMT_Night, GMT_Morning, GMT_Afternoon, GMT_Evening(six hour blocks starting at 00:00 hours).
- Lifecycle Index -
Lcycle_0, Lcycle_1, Lcycle_2and
GMT_Lcycle_0, GMT_Lcycle_1, GMT_Lcycle_2(the year number modulo 3, used in long term resource memory).
- See also:
The unqualified name of a particular host (e.g.,
www). If your system returns a fully qualified domain name for your host (e.g.,
www.iu.hio.no), CFEngine will also define a hard class for the fully qualified name, as well as the partially-qualified component names
The IP address octets of any active interface (in the form
ipv4_192_0_0_1<!-- /@w -->,
ipv4_192_0_0<!-- /@w -->,
ipv4_192_0<!-- /@w -->,
ipv4_192<!-- /@w -->), provided they are not excluded by a regular expression in the file
The names of the active interfaces (in the form
System status and entropy information reported by
Soft classes can be set by using the
--define options wihtout having
to edit the policy. Multiple classes can be defined by separating them with
commas (no spaces).
$ cf-agent -Dclass
$ cf-agent --define class1,class2,class3
This can be especially useful when requesting a remote host to run its policy
cf-runagent to activate policy that is normally dormant.
$ cf-runagent -Demergency_evacuation -H remoteclient
If you're using dynamic inputs this can be useful in combination with
cf-promises to ensure that various input combinations syntax is validated
correctly. Many people will have this run by pre-commit hooks or as part of a
continuous build system like Jenkins or
$ cf-promises -f ./promises.cf -D prod $ cf-promises -f ./promises.cf -D dev ./promises.cf:10:12: error: syntax error "global1" expression => "any"; ^ ./promises.cf:10:12: error: Check previous line, Expected ';', got '"global1"' "global1" expression => "any"; ^ ./promises.cf:10:23: error: Expected promiser string, got 'expression' "global1" expression => "any"; ^ ./promises.cf:10:26: error: Expected ';', got '=>' "global1" expression => "any"; ^ 2014-05-22T13:46:05+0000 error: There are syntax errors in policy files
Note: Classes, once defined, will stay defined either for as long as the
bundle is evaluated (for classes with a
bundle scope) or until the agent
exits (for classes with a
namespace scope). See
cancel_notkept in classes body.
Description: Disable a CFEngine Enterprise daemon component persistently.
DAEMON can be one of
This will stop the AGENT from starting automatically.
Description: Re-enable a previously disabled CFEngine Enterprise daemon component.
DAEMON can be one of