Quick Reference Guide for CFEngine 3

Next: Command reference, Previous: (dir), Up: (dir)

CFEngine-Reference

COMPLETE TABLE OF CONTENTS

Summary of contents

Previous: Top, Up: Top

1 Command reference

Next: cf-agent - CFEngine's change agent, Previous: Command reference, Up: Command reference

1.1 cf-promises - CFEngine's promise analyzer

The promise agent is a validator and analysis tool for configuration files belonging to any of the components of CFEngine. Configurations that make changes must be approved by this validator before being executed.

‘--help’: (-h) - Print the help message
‘--bundlesequence’: (-b value) - Use the specified bundlesequence for verification
‘--debug’: (-d value) - Set debugging level 0,1,2,3
‘--verbose’: (-v) - Output verbose information about the behaviour of the agent
‘--dry-run’: (-n) - All talk and no action mode - make no changes, only inform of promises not kept
‘--version’: (-V) - Output the version of the software
‘--file’: (-f value) - Specify an alternative input file than the default
‘--define’: (-D) value - Define a list of comma separated classes to be defined at the start of execution
‘--negate’: (-N) value - Define a list of comma separated classes to be undefined at the start of execution
‘--inform’: (-I) - Print basic information about changes made to the system, i.e. promises repaired
‘--diagnostic’: (-x) - Activate internal diagnostics (developers only)
‘--analysis’: (-a) - Perform additional analysis of configuration
‘--reports’: (-r) - Generate reports about configuration

Debug levels: 1=parsing, 2=running, 3=summary, 4=expression eval

Next: cf-serverd - CFEngine's server agent, Previous: cf-promises - CFEngine's promise analyzer, Up: Command reference

1.2 cf-agent - CFEngine's change agent

The main CFEngine agent is the instigator of change in the system. In that sense it is the most important part of the CFEngine suite.

‘--bootstrap’: (-B) - Bootstrap/repair a CFEngine configuration from failsafe file in the current directory
‘--bundlsequence’: (-b) - Set or override bundlesequence from command line
‘--debug’: (-d value) - Set debugging level 0,1,2,3
‘--define’: (-D value) - Define a list of comma separated classes to be defined at the start of execution
‘--diagnostic’: (-x) - Activate internal diagnostics (developers only)
‘--dry-run’: (-n) - All talk and no action mode - make no changes, only inform of promises not kept
‘--file’: (-f value) - Specify an alternative input file than the default
‘--help’: (-h) - Print the help message
‘--inform’: (-I) - Print basic information about changes made to the system, i.e. promises repaired
‘--negate’: (-N value) - Define a list of comma separated classes to be undefined at the start of execution
‘--no-lock’: (-K) - Ignore locking constraints during execution (ifelapsed/expireafter) if "too soon" to run
‘--policy-server’: (-B) - Define the server name or IP address of the a policy server (for use with bootstrap).
‘--verbose’: (-v) - Output verbose information about the behaviour of the agent
‘--version’: (-V) - Output the version of the software

Debug levels: 1=parsing, 2=running, 3=summary, 4=expression eval

Next: cf-execd - CFEngine's execution agent, Previous: cf-agent - CFEngine's change agent, Up: Command reference

1.3 cf-serverd - CFEngine's server agent

The server daemon provides two services: it acts as a file server for remote file copying and it allows an authorized cf-runagent to start start a cf-agent process and set certain additional classes with role-based access control.

‘--help’: (-h) - Print the help message
‘--debug’: (-d value) - Set debugging level 0,1,2,3
‘--verbose’: (-v) - Output verbose information about the behaviour of the agent
‘--version’: (-V) - Output the version of the software
‘--file’: (-f value) - Specify an alternative input file than the default
‘--define’: (-D value) - Define a list of comma separated classes to be defined at the start of execution
‘--negate’: (-N value) - Define a list of comma separated classes to be undefined at the start of execution
‘--no-lock’: (-K) - Ignore locking constraints during execution (ifelapsed/expireafter) if "too soon" to run
‘--inform’: (-I) - Print basic information about changes made to the system, i.e. promises repaired
‘--diagnostic’: (-x) - Activate internal diagnostics (developers only)
‘--no-fork’: (-F) - Run as a foreground processes (do not fork)
‘--ld-library-path’: (-L value) - Set the internal value of LD_LIBRARY_PATH for child processes

Debug levels: 1=parsing, 2=running, 3=summary, 4=expression eval

Next: cf-monitord - CFEngine's monitoring agent, Previous: cf-serverd - CFEngine's server agent, Up: Command reference

1.4 cf-execd - CFEngine's execution agent

The executor daemon is a scheduler and wrapper for execution of cf-agent. It collects the output of the agent and can email it to a specified address. It can splay the start time of executions across the network and work as a class-based clock for scheduling.

‘--help’: (-h) - Print the help message
‘--debug’: (-d value) - Set debugging level 0,1,2,3
‘--verbose’: (-v) - Output verbose information about the behaviour of the agent
‘--dry-run’: (-n) - All talk and no action mode - make no changes, only inform of promises not kept
‘--version’: (-V) - Output the version of the software
‘--file’: (-f value) - Specify an alternative input file than the default
‘--define’: (-D value) - Define a list of comma separated classes to be defined at the start of execution
‘--negate’: (-N value) - Define a list of comma separated classes to be undefined at the start of execution
‘--no-lock’: (-K) - Ignore locking constraints during execution (ifelapsed/expireafter) if "too soon" to run
‘--inform’: (-I) - Print basic information about changes made to the system, i.e. promises repaired
‘--diagnostic’: (-x) - Activate internal diagnostics (developers only)
‘--no-fork’: (-F) - Run as a foreground processes (do not fork)
‘--no-winsrv’: (-W) - Do not run as a service on windows - use this when running from a command shell (commercial editions only)
‘--ld-library-path’: (-L value) - Set the internal value of LD_LIBRARY_PATH for child processes

Debug levels: 1=parsing, 2=running, 3=summary, 4=expression eval

Next: cf-runagent - Run agent, Previous: cf-execd - CFEngine's execution agent, Up: Command reference

1.5 cf-monitord - CFEngine's monitoring agent

The monitoring agent is a machine-learning, sampling daemon which learns the normal state of the current host and classifies new observations in terms of the patterns formed by previous ones. The data are made available to and read by cf-agent for classification of responses to anomalous states.

‘--help’: (-h) - Print the help message
‘--debug’: (-d value) - Set debugging level 0,1,2,3
‘--verbose’: (-v) - Output verbose information about the behaviour of the agent
‘--dry-run’: (-n) - All talk and no action mode - make no changes, only inform of promises not kept
‘--version’: (-V) - Output the version of the software
‘--no-lock’: (-K) - Ignore system lock
‘--file’: (-f value) - Specify an alternative input file than the default
‘--inform’: (-I) - Print basic information about changes made to the system, i.e. promises repaired
‘--diagnostic’: (-x) - Activate internal diagnostics (developers only)
‘--no-fork’: (-F) - Run process in foreground, not as a daemon
‘--histograms’: (-H) - Store informatino about histograms / distributions
‘--tcpdump’: (-T) - Interface with tcpdump if available to collect data about network

Debug levels: 1=parsing, 2=running, 3=summary,

Next: cf-report - CFEngine's reporting agent, Previous: cf-monitord - CFEngine's monitoring agent, Up: Command reference

1.6 cf-runagent - Run agent

The run agent connects to a list of running instances of the cf-serverd service. The agent allows a user to forego the usual scheduling interval for the agent and activate cf-agent on a remote host. Additionally, a user can send additional classes to be defined on the remote host. Two kinds of classes may be sent: classes to decide on which hosts the agent will be started, and classes that the user requests the agent should define on execution. The latter type is regulated by cfserverd's role based access control.

‘--help’: (-h) - Print the help message
‘--background’: (-b value) - Parallelize connections (50 by default)
‘--debug’: (-d value) - Set debugging level 0,1,2,3
‘--verbose’: (-v) - Output verbose information about the behaviour of the agent
‘--dry-run’: (-n) - All talk and no action mode - make no changes, only inform of promises not kept
‘--version’: (-V) - Output the version of the software
‘--file’: (-f value) - Specify an alternative input file than the default
‘--define-class’: (-D value) - Define a list of comma separated classes to be sent to a remote agent
‘--select-class’: (-s value) - Define a list of comma separated classes to be used to select remote agents by constraint
‘--inform’: (-I) - Print basic information about changes made to the system, i.e. promises repaired
‘--remote-options’: (-o value) - Pass options to a remote server process
‘--diagnostic’: (-x) - Activate internal diagnostics (developers only)
‘--hail’: -H value - Hail the following comma-separated lists of hosts, overriding default list
‘--interactive’: (-i) - Enable interactive mode for key trust
‘--query’: (-q value) - Query a server for a knowledge menu (commercial editions only)
‘--timeout’: (-t value) - Connection timeout, seconds

Debug levels: 1=parsing, 2=running, 3=summary, 4=expression eval

Next: cf-know - CFEngine's knowledge agent, Previous: cf-runagent - Run agent, Up: Command reference

1.7 cf-report - CFEngine's reporting agent

The reporting agent is a merger between the older CFEngine programs cfshow and cfenvgraph. It outputs data stored in CFEngine's embedded databases in human readable form.

‘--help’: (-h) - Print the help message
‘--class-regex’: (-c value) - Specify a class regular expression to search for
‘--csv’: (-C) - Enable CSV output mode in hub queries
‘--debug’: (-d value) - Set debugging level 0,1,2,3
‘--verbose’: (-v) - Output verbose information about the behaviour of the agent
‘--inform’: (-I) - Output information about actions performed by the agent
‘--version’: (-V) - Output the version of the software
‘--no-lock’: (-K) - Ignore ifelapsed locks
‘--file’: (-f value) - Specify an alternative input file than the default
‘--hostkey’: (-k value) - Specify a hostkey to lookup
‘--html’: (-H) - Print output in HTML
‘--xml’: (-X) - Print output in XML
‘--version’: (-V) - Print version string for software
‘--purge’: (-P) - Purge data about peers not seen beyond the threshold horizon for assumed-dead
‘--erasehistory’: (-E value) - Erase historical data from the cf-monitord monitoring database
‘--nova-export’: (-x value) - Export Nova reports to file - delta or full report (commercial editions only)
‘--nova-import’: (-i value) - Import Nova reports from file - specify the path (only on Nova policy hub)
‘--outputdir’: (-o value) - Set output directory for printing graph data
‘--promise-handle’: (-p value) - Specify a promise-handle to look up
‘--query-hub’: (-q value) - Query hub database interactively with optional regex search string
‘--titles’: (-t) - Add title data to generated graph files
‘--timestamps’: (-T) - Add a time stamp to directory name for graph file data
‘--resolution’: (-R) - Print graph data in high resolution
‘--show’: (-1 value) - Show data matching named criteria (software,variables,classes)
‘--syntax’: (-S) - Print a syntax summary for this CFEngine version
‘--syntax-export’: (-s) - Export a syntax tree in Javascript format
‘--no-error-bars’: (-e) - Do not add error bars to the printed graphs
‘--no-scaling’: (-n) - Do not automatically scale the axes
‘--remove-hosts,’: (-r value) - Remove comma separated list of IP address entries from the hosts-seen database

Next: cf-key, Previous: cf-report - CFEngine's reporting agent, Up: Command reference

1.8 cf-know - CFEngine's knowledge agent

The knowledge management agent is capable of building an analysing a semantic knowledge network. It can configure a relational database to contain an ISO standard topic map and permit regular-expression based searching of the map. Analysis of the semantic network can be performed providing graphical output of the data, and cfknow can assemble and converge the reference manual for the current version of the CFEngine software.

‘--help’: (-h) - Print the help message
‘--build’: (-b) - Build and store topic map in the CFDB
‘--debug’: (-d value) - Set debugging level 0,1,2,3
‘--verbose’: (-v) - Output verbose information about the behaviour of the agent
‘--version’: (-V) - Output the version of the software
‘--file’: (-f value) - Specify an alternative input file than the default
‘--manual’: (-m) - Generate reference manual from internal data
‘--manpage’: (-M) - Generate reference manpage from internal data
‘--stories’: (-z value) - Look up stories for a given topic on the command line
‘--syntax’: (-S value) - Print a syntax summary of the optional keyword or this CFEngine version
‘--topics’: (-T) - Show all topic names in CFEngine
‘--test’: (-t value) - Generate test data
‘--removetest’: (-r) - Remove test data
‘--updatetest’: (-u) - Update test data

Debug levels: 1=parsing, 2=running, 3=summary, 4

Previous: cf-know - CFEngine's knowledge agent, Up: Command reference

1.9 cf-key

‘--help’: (-h) - Print the help message
‘--debug’: (-d value) - Set debugging level 0,1,2,3
‘--verbose’: (-v) - Output verbose information about the behaviour of the agent
‘--version’: (-V) - Output the version of the software
‘--output-file’: (-f value) - Specify an alternative output file than the default (localhost.*)
‘--show-hosts’: (-s) - Show lastseen hostnames and IP addresses
‘--remove-keys’: (-r value) - Remove keys for specified hostname/IP from lastseen database