| A complete configuration |
| Recovery from errors in the configuration |
| Recovery from errors in the software |
| What should a failsafe and update file contain? |
| failsafe.cf |
| promises.cf |
| site.cf |
| update.cf |
| A simple crash course in concepts |
| Best practice for writing promises |
| Containers |
| Control promises |
| Datatypes in cfengine 3 |
| Decisions |
| Developer structures |
| Distributed discovery |
| Loops and lists in cfengine 3 |
| Loops |
| Normal ordering |
| Pattern matching and referencing |
| Rules are promises |
| The main promise types |
| Types in cfengine 3 |
| Variable expansion in cfengine 3 |
| Variables |
| When and where are promises made? |
| Build, Deploy, Manage, Audit |
| Commercial or Free? |
| Contact CFEngine |
| Identifying the Team (TBD) |
| Installation or Pilot |
| Mission Goal and Knowledge Management |
| The Mission Plan |
| Training and Certification |
| What does adoption involve? |
| Always document promises |
| Always keep coding to a minimum |
| Always use existing templates |
| Always use lists |
| Always use the system variables for system resources |
| Always use variables as pointers to paths and servers |
| Knowledge base requirements |
| Trouble shooting the knowledge base |
| Adapting to Windows |
| Auditing software applications |
| Customizing applications |
| Distinct states |
| Distributing software packages to client hosts |
| Enterprise Software Reporting |
| Environments promises |
| Example deployment |
| How can CFEngine help? (TBD) |
| Integrated software installation |
| Package management |
| Problems with older Windows systems |
| Starting and stopping software |
| Stopping and restarting an application for update |
| Virtualization types supported |
| What are virtualization and cloud computing? |
| What can CFEngine do with virtual machines? |
| What is Application Management? |
| Why build virtualization support into CFEngine? |
| Assembling a compilable file set |
| Automated translation with cfconvert |
| Automatic Conversion Strategy |
| Converting by module |
| Optimizing the configuration |
| Validating the conversion |
| How long will it take to convert? |
| One chunk at a time |
| Avoid writing custom scripts |
| avoid running cfengine without lock protection |
| Recommendations for Audit |
| Recommendations for Build |
| Recommendations for Deploy |
| Recommendations for Manage |
| Stem cell hosts |
| Summary BDMA workflow |
| What is BDMA? |
| audit (Traditionally servers needed to be audited to determine their actual state. Under cfengine, auditing simply means generating summary reports about recent compliance or repair operations.) |
| build (Also called "provisioning" systems, i.e. the process of specifying and assembling the resources to fulfill a set of system promises. Traditionally servers were built as a "golden image" for cloning. Under cfengine, the build phase of the server lifecycle involves planning policy for the desired-state. Installation may also be considered a part of the build process.) |
| deploy (Traditionally servers were deployed by pushing out a cloned image. Under cfengine the deployment of policy just means publishing a new version of policy on a policy server.) |
| manage (Traditionally servers needed to be managed by responding to incidents. Under cfengine indicdents are repaired automatically and management is chiefly about observing and diving the success of the current system policy.) |
| Analytical Network and System Administration (TBD) |
| Handbook of Network and System Administration (TBD) |
| Principles of Network and System Administration (TBD) |
| * promises in edit_line |
| Bundles of agent |
| commands promises in agent |
| databases promises in agent |
| delete_lines promises in edit_line |
| environments promises in agent |
| field_edits promises in edit_line |
| files promises in agent |
| insert_lines promises in edit_line |
| interfaces promises in agent |
| methods promises in agent |
| outputs promises in agent |
| packages promises in agent |
| processes promises in agent |
| replace_patterns promises in edit_line |
| services promises in agent |
| storage promises in agent |
| * promises |
| Bundles of common |
| classes promises |
| reports promises |
| vars promises |
| Bundles of knowledge |
| inferences promises in knowledge |
| occurrences promises in knowledge |
| topics promises in knowledge |
| Bundles of monitor |
| measurements promises in monitor |
| Bundles of server |
| access promises in server |
| roles promises in server |
| A renewed cfengine |
| CFEngine 3.1.0a1 Getting started |
| CFEngine hard classes |
| Familiarizing yourself |
| Filenames and paths |
| Global and local classes |
| Installation (TBD) |
| Remote access troubleshooting (TBD) |
| Syntax, identifiers and names |
| Testing as a non-privilieged user |
| The bare necessities of a cfengine 3 |
| The work directory (TBD) |
| Upgrading from cfengine 2 |
| Generic syntax examples |
| Aggregation of multiple jobs |
| An alternative way to plan changes |
| Appendix - Did you know? (TBD) |
| Coordinating dispatch |
| Dont shoot the messenger |
| Fancy distributed encapsulation |
| How does cfengine convergence help? |
| ITIL release management |
| Job scheduling and periodic maintenance |
| Like revision control? |
| Limitations of rollback in system administration |
| Long workflow chains |
| More links in the chain |
| One-off workflows |
| Regular workflows |
| Resetting a case where rollback works? |
| Self-healing workflows |
| Summary of Distributed Scheduling |
| Triggering multiple follow-ups |
| What is distributed scheduling? |
| What is rollback? |
| Why is relying on rollback not a good strategy? |
| Anomaly Monitoring |
| Batch Jobs |
| Common Workflows |
| Garbage Collection |
| Knowledge Updating |
| Name Service |
| Policy Distribution |
| Security |
| Services |
| Software Management |
| Change detection |
| Common high level issues |
| Distribute root passwords |
| Distribute ssh keys |
| Find the MAC address |
| Garbage collection |
| Laptop support configuration |
| Log rotation |
| Postfix mail configuration |
| Set up HPC clusters |
| Set up a web server |
| Set up name resolution |
| Set up sudo |
| Templating |
| Add lines to a file |
| Add software packages to the system |
| Add users to passwd and group |
| Add variable definitions to a file e.g. /etc/system |
| Check file or directory permissions |
| Common low level issues |
| Copy files |
| Copy then edit a file convergently |
| Editing files |
| Editing tabular files |
| Mount NFS filesystem |
| Ordering promises |
| Set up a PXE boot server |
| Tidying garbage files |
| Unmount NFS filesystem |
| Web server modules |
| email address (TBD) |
| home page (TBD) |
| phone number mobile (TBD) |
| phone number office (TBD) |
| website (TBD) |
| Control promises (TBD) |
| agent control promises |
| common control promises |
| executor control promises |
| hub control promises |
| knowledge control promises |
| monitor control promises |
| reporter control promises |
| runagent control promises |
| server control promises |
| Creating a database directly |
| Creating a database manually |
| Extracting one-off numerical data |
| Extraction strings and logging |
| Extraction to list variable |
| Creating SQL databases |
| Creating a point of contact on a server |
| Database Promises |
| Database access rights |
| Database table promises |
| How to manage databases |
| LDAP integration |
| MS Registry functions |
| Other topics found under Category |
| Results for this topic |
| The Console |
| The Science Station |
| The knowledge base maps |
| The knowledge base pages |
| Changing owner |
| Changing permissions |
| Concepts |
| Deny permissions |
| Effective permissions |
| Entity types |
| Inheritance |
| Owners |
| Permissions |
| CFEngine 3 Generic ACL Syntax |
| File ACL example |
| File Access Control Lists |
| Introduction (TBD) |
| NT ACL type |
| POSIX ACL type |
| getting started with cfengine (Basic concepts and tips) |
| getting started with copernicus (Introduction to browsing the knowledge base) |
| information categories (Document types) |
| management issues (Decision making support) |
| miscellaneous concepts (An orphanage for unclassified concepts) |
| networking (TCP/IP configuration) |
| operating systems (System software) |
| persons (Historical and resource figureheads) |
| procedures (Application areas for policy) |
| security (Defending an acceptable level of risk) |
| technical concepts (Unfamiliar phrases and technical terms) |
| Completely new features |
| General remarks and expectations |
| On best practices |
| On the translation of policies |
| Graphs |
| Applications of hierarchy |
| Classes are sets |
| Expressing is a or has a |
| For and against hierarchies |
| How hierarchy compares to sets |
| How to organize your organization |
| Inheritance and its forms |
| What is a hierarchy? |
| Remote execution of cf-agent |
| Remote file distribution |
| Changing a password |
| Checking a file |
| Hello world |
| How to execute and test a cfengine policy |
| Reporting (TBD) |
| The update bundle - provisioning |
| cf-execd |
| How to run cfengine 3 examples |
| Abandon Autonomy? |
| Active Monitoring |
| Alert |
| Audit |
| Availability |
| Baseline |
| Basics |
| Benchmark |
| CMDB Asset Management |
| Capability |
| CFEngine in ITIL clothes? |
| Change management in the enterprise |
| Change management vs convergence |
| Change record |
| Chronological Analysis |
| Configuration Item |
| Configuration Management Database |
| Configuration |
| Continual Service Improvement |
| Document |
| Emergency Change |
| Error |
| Event |
| Exception, Failure, Event, Summary |
| Failure |
| How can cfengine or promises help an enterprise |
| ITIL Configuration Management |
| ITIL and CFEngine Summary |
| ITIL history and versions |
| ITIL processes |
| Incident and problem management |
| Incident |
| Monitoring |
| Passive Monitoring |
| Policy |
| Proactive Monitoring, Problem, Policy, Summary |
| Problem |
| Promise, Reactive Monitoring, Problem, Summary |
| Reactive Monitoring |
| Record |
| Recovery |
| Release management |
| Release, Request for Change, Repair, Summary |
| Remediation |
| Repair |
| Request for Change |
| Resilience |
| Restoration |
| Role |
| Service Design |
| Service Level Agreement |
| Service Level Management |
| Service Management |
| Service Operation |
| Service Strategy |
| Service desk |
| Service orientation and ITIL |
| Tool Support |
| Using cfengine to implement ITIL objectives |
| Version 2 |
| Version 3 |
| Warning |
| What is maintenance? |
| What it ITIL? |
| Which ITIL processes apply to cfengine? |
| Improve Copernicus |
| Installing CFEngine Nova |
| Installing the software |
| What is the default configuration - out of the box? |
| Introduction |
| Introduction (TBD) |
| About the cfengine architecture |
| Introduction to CFEngine Nova |
| Nova Commercial Enhancements |
| What are enterprise versions? |
| Functions involving date or time |
| Functions listed by return value |
| Functions which fill arrays |
| Functions which look at files |
| Functions which look at variables |
| Functions which read |
| Functions which read LDAP data |
| Functions which read arrays |
| Functions which read classes |
| Functions which read command output |
| Functions which read disk data |
| Functions which read files |
| Functions which read from a remote-cfengine |
| Functions which read from the network |
| Functions which read large data |
| Functions which read lists |
| Functions which read strings |
| Functions which read the Windows registry |
| Functions which read the environment |
| Functions which return |
| Functions which return class |
| Functions which return int |
| Functions which return string |
| Functions which work with or on regular expressions |
| Fixing Iterating across nested lists |
| Iterated promises |
| Iterating across multiple lists |
| Iterating across multiple lists, revisted |
| Iterating over nested lists |
| Nesting promises workaround |
| Summary of iteration |
| The power of iteration in cfengine |
| What is iteration? |
| Creating the map |
| How does CFEngine Nova help? |
| How should you begin? |
| Knowledge transfer |
| Pitfalls to avoid |
| Risk and uncertainty |
| The Copernicus Knowledge map |
| Types of information |
| What is knowledge management? |
| What other special documents should an organization have? |
| Annex: Technical pre-requisites |
| Annotating promises |
| Knowledge Management |
| Modelling configuration promises as topic maps |
| Promises and Knowledge |
| Querying the Topic Map |
| Step by step |
| The basics of knowledge |
| The nuts and bolts of topic maps |
| What topic maps offer |
| Best practice for LDAP integration |
| Function ldaparray |
| Function ldaplist |
| Function ldapvalue |
| Function regldap |
| LDAP function examples |
| Additional reports in commcerical cfengine versions |
| Embedded Databases |
| Logs and records |
| Reports in outputs |
| State information |
| Text logs |
| Creating a registry key |
| Creating a value-data pair |
| Deleting registry keys |
| Deleting registry values |
| Scanning and restoring the registry |
| A quick tour of the knowledge console |
| Documentation |
| Mission Portal |
| Policy analysis |
| Status level meters |
| The reasons for knowledge management |
| Understanding dependencies |
| Using the knowledge base |
| Custom promises to measure |
| Integration of monitoring with knowledge base |
| Long term trends |
| Monitoring extensions |
| Uses for custom monitoring |
| More... |
| NT ACL examples |
| NT-specific ACL syntax |
| CFEngine network services |
| How services work |
| Network services |
| Remote access explained |
| Never change system policy when humans are absent |
| Never embed simple shell commands |
| Never manage more than one cron job |
| Agent normal ordering |
| Server normal ordering |
| Continuity and repair enhancements |
| Documentation enhancements |
| Knowledge Management in Nova |
| Operating system support |
| Productivity enhancements |
| Reporting enhancements |
| Black, grey and white box encapsulation in cfengine |
| Bulk operations are handled by repeating patterns over lists |
| Bundle ordering |
| Distributing Ordering between hosts with cfengine Nova |
| Hiding details |
| High level services in cfengine |
| How does cfengine deal with modularity and orchestration? |
| Ordering operations in cfengine |
| Overriding order |
| What is modularity? |
| What is orchestration? |
| Generic syntax mapping |
| POSIX ACL examples |
| POSIX-specific ACL syntax |
| Commenting lines |
| Regular expressions in paths |
| Runaway change warning |
| Special topics on Regular Expressions |
| Alva Couch (TBD) |
| Jan Bergstra (TBD) |
| Mark Burgess |
| Steve Pepper (TBD) |
| Always do |
| Avoid |
| Never do |
| Policy Style Guide |
| Recommended |
| How to choose and name bundles |
| How to decide when to make a bundle |
| Policy hints |
| When should classes be in common bundles? |
| When should variables be in common bundles? |
| When should variables be in local bundles? |
| When to use a paramaterized bundle or method |
| Delegating responsibility |
| Policy changes |
| Quality Assurance around cfengine (TBD) |
| The policy decision flow |
| Version control and rollback |
| Try to combine tests and operations during file searches |
| Try to make many small changes |
| Encryption |
| Key exchange |
| Other users than root |
| Remote access troubleshooting |
| Server connection |
| Time windows |
| Encryption (TBD) |
| Key exchange (TBD) |
| Other users than root (TBD) |
| Server connection (TBD) |
| Time windows (TBD) |
| Report extensions |
| Reports added in Nova |
| CMDB and CFEngine |
| CFEngine output levels |
| Change auditing - the all seeing eye |
| Cheaper options - tripwires |
| Creating custom logs |
| Creating custom reports all versions |
| Decentralized data collection in CFEngine |
| Including data in reports |
| Nova measurements |
| Redirecting output to logs |
| Reporting in CFEngine |
| Should monitoring and configuration be separate? |
| Standard reports in CFEngine Nova |
| What are monitoring and reporting? |
| What is a CMDB? |
| A file content change report |
| A promise compliance report |
| Installed setuid program report |
| Installed software packages |
| Performance logs |
| Appendix - Did you know? |
| Calendars |
| Chaining jobs together |
| Choosing a scheduling interval |
| Commands promises |
| Define jobs with basic profile information |
| How can CFEngine help? |
| Logging execution |
| Scheduling by Sensing Events and Patterns |
| Splaying host times |
| What is scheduling? |
| Working with Unix cron. |
| Example remote scalar lookup |
| Function remotescalar |
| Server access resource type |
| Server extensions |
| Adoption (TBD) |
| Application Management |
| BDMA |
| CFEngine-AutoReference |
| CFEngine-Best-Practices |
| CFEngine-Open-Promise-Body-Library |
| CFEngine-Reference |
| CFEngine-Solutions |
| CFEngine-Tutorial |
| Hierarchies |
| ITIL |
| Iteration |
| Knowledge |
| Orchestration |
| Reporting |
| Scheduling |
| Teams |
| Special Variables |
| Variable context const |
| Variable context edit |
| Variable context match |
| Variable context mon |
| Variable context sys |
| Variable context this |
| Function accessedbefore |
| Function accumulated |
| Function ago |
| Function canonify |
| Function changedbefore |
| Function classify |
| Function classmatch |
| Function countclassesmatching |
| Function countlinesmatching |
| Function diskfree |
| Function escape |
| Function execresult |
| Function fileexists |
| Function filesexist |
| Function getenv |
| Function getfields |
| Function getgid |
| Function getindices |
| Function getuid |
| Function getusers |
| Function grep |
| Function groupexists |
| Function hash |
| Function hashmatch |
| Function host2ip |
| Function hostinnetgroup |
| Function hostrange |
| Function hostsseen |
| Function iprange |
| Function irange |
| Function isdir |
| Function isgreaterthan |
| Function islessthan |
| Function islink |
| Function isnewerthan |
| Function isplain |
| Function isvariable |
| Function join |
| Function lastnode |
| Function ldaparray (TBD) |
| Function ldaplist (TBD) |
| Function ldapvalue (TBD) |
| Function now |
| Function on |
| Function peerleader |
| Function peerleaders |
| Function peers |
| Function randomint |
| Function readfile |
| Function readintarray |
| Function readintlist |
| Function readrealarray |
| Function readreallist |
| Function readstringarray |
| Function readstringlist |
| Function readtcp |
| Function regarray |
| Function regcmp |
| Function regextract |
| Function registryvalue |
| Function regldap (TBD) |
| Function regline |
| Function reglist |
| Function remoteclassesmatching |
| Function remotescalar (TBD) |
| Function returnszero |
| Function rrange |
| Function selectservers |
| Function splayclass |
| Function splitstring |
| Function strcmp |
| Function translatepath |
| Function usemodule |
| Function userexists |
| Introduction to functions |
| Special functions |
| How do you view cfengine? |
| Managing diverse and challenging environmens seamlessly and invisibly |
| Managing expectations - a theory of promises |
| Scaling up |
| System automation |
| Why automation? |
| Creative roles |
| Delegating roles in a collaboration |
| What is team-work? |
| The Purpose Of This Handbook |
| body action bg |
| body action if_elapsed |
| body action ifwin_bg |
| body action immediate |
| body action measure_performance |
| body action sample_rate |
| body action warn_only |
| body changes detect_all_change |
| body changes detect_content |
| body classes cf2_if_else |
| body classes if_else |
| body classes if_notkept |
| body classes if_ok |
| body classes if_repaired |
| body classes state_repaired |
| body contain in_dir |
| body contain in_shell |
| body contain jail |
| body contain setuid |
| body contain setuid_sh |
| body contain setuidgid_sh |
| body contain silent |
| body contain silent_in_dir |
| body copy_from local_cp |
| body copy_from no_backup_cp |
| body copy_from no_backup_rcp |
| body copy_from remote_cp |
| body copy_from secure_cp |
| body copy_from seed_cp |
| body copy_from sync_cp |
| body delete tidy |
| body depth_search recurse |
| body depth_search recurse_ignore |
| body edit_defaults empty |
| body edit_defaults std_defs |
| body edit_field col |
| body edit_field quoted_var |
| body file_select by_name |
| body file_select days_old |
| body file_select dirs |
| body file_select ex_list |
| body file_select exclude |
| body file_select name_age |
| body file_select plain |
| body file_select size_range |
| body link_from linkchildren |
| body link_from ln_s |
| body location start |
| body match_value scan_log |
| body mount nfs |
| body mount nfs_p |
| body mount unmount |
| body package_method apt |
| body package_method freebsd |
| body package_method solaris |
| body package_method yum |
| body package_method zypper |
| body perms m |
| body perms mo |
| body perms mog |
| body perms og |
| body perms owner |
| body process_count check_range |
| body rename disable |
| body rename rotate |
| body rename to |
| body replace_with comment |
| body replace_with uncomment |
| body replace_with value |
| body select_process exclude_procs |
| body select_region INI_section |
| body volume min_free_space |
| bundle edit_line append_groups_starting |
| bundle edit_line append_if_no_line |
| bundle edit_line append_if_no_lines |
| bundle edit_line append_user_field |
| bundle edit_line append_users_starting |
| bundle edit_line comment_lines_containing |
| bundle edit_line comment_lines_matching |
| bundle edit_line delete_lines_matching |
| bundle edit_line expand_template |
| bundle edit_line resolvconf |
| bundle edit_line set_user_field |
| bundle edit_line set_variable_values |
| bundle edit_line uncomment_lines_containing |
| bundle edit_line uncomment_lines_matching |
| bundle edit_line warn_lines_matching |
| About the cfengine architecture (TBD) |
| Getting started with the Community Edition |
| Installation |
| The components of cfengine |
| The players |
| The policy decision flow (TBD) |
| The work directory |
| Associations |
| Occurrences |
| Searching |
| The content |
| Topics |
| Types |
| Topic map definitions |
| cf-know |
| Topic as a subject-header (in Topics that have Category) |
| Translation Codebook |
| upgrading from cfengine 2 acl |
| upgrading from cfengine 2 admit |
| upgrading from cfengine 2 alerts |
| upgrading from cfengine 2 binservers |
| upgrading from cfengine 2 broadcast |
| upgrading from cfengine 2 classes |
| upgrading from cfengine 2 control |
| upgrading from cfengine 2 copy |
| upgrading from cfengine 2 defaultroute |
| upgrading from cfengine 2 deny |
| upgrading from cfengine 2 directories |
| upgrading from cfengine 2 disable |
| upgrading from cfengine 2 disks |
| upgrading from cfengine 2 editfiles |
| upgrading from cfengine 2 files |
| upgrading from cfengine 2 filters |
| upgrading from cfengine 2 groups |
| upgrading from cfengine 2 homeservers |
| upgrading from cfengine 2 ignore |
| upgrading from cfengine 2 import |
| upgrading from cfengine 2 interfaces |
| upgrading from cfengine 2 links |
| upgrading from cfengine 2 mailserver |
| upgrading from cfengine 2 methods |
| upgrading from cfengine 2 miscmounts |
| upgrading from cfengine 2 mountables |
| upgrading from cfengine 2 packages |
| upgrading from cfengine 2 processes |
| upgrading from cfengine 2 rename |
| upgrading from cfengine 2 required |
| upgrading from cfengine 2 resolve |
| upgrading from cfengine 2 scli |
| upgrading from cfengine 2 shellcommands |
| upgrading from cfengine 2 strategies |
| upgrading from cfengine 2 tidy |
| upgrading from cfengine 2 unmount |
| Building flexible time classes |
| Choosing a scheduling interval (TBD) |
| Do I need cron? |
| Splaying host times (TBD) |
| Structuring commands promises |
| The single cron job approach |
| Using cfengine as a front-end or replacement for cron |
| Variable const.dollar |
| Variable const.endl |
| Variable const.n |
| Variable const.r |
| Variable const.t |
| Variable edit.filename |
| Variable match.0 |
| Variable mon./var/cfengine/state/nova_static.tcdb |
| Variable mon.av_cfengine_in |
| Variable mon.av_cfengine_out |
| Variable mon.av_cpu |
| Variable mon.av_cpu0 |
| Variable mon.av_cpu1 |
| Variable mon.av_cpu2 |
| Variable mon.av_cpu3 |
| Variable mon.av_diskfree |
| Variable mon.av_dns_in |
| Variable mon.av_dns_out |
| Variable mon.av_ftp_in |
| Variable mon.av_ftp_out |
| Variable mon.av_icmp_in |
| Variable mon.av_icmp_out |
| Variable mon.av_irc_in |
| Variable mon.av_irc_out |
| Variable mon.av_loadavg |
| Variable mon.av_messages |
| Variable mon.av_netbiosdgm_in |
| Variable mon.av_netbiosdgm_out |
| Variable mon.av_netbiosns_in |
| Variable mon.av_netbiosns_out |
| Variable mon.av_netbiosssn_in |
| Variable mon.av_netbiosssn_out |
| Variable mon.av_nfsd_in |
| Variable mon.av_nfsd_out |
| Variable mon.av_otherprocs |
| Variable mon.av_rootprocs |
| Variable mon.av_smtp_in |
| Variable mon.av_smtp_out |
| Variable mon.av_ssh_in |
| Variable mon.av_ssh_out |
| Variable mon.av_syslog |
| Variable mon.av_tcpack_in |
| Variable mon.av_tcpack_out |
| Variable mon.av_tcpfin_in |
| Variable mon.av_tcpfin_out |
| Variable mon.av_tcpmisc_in |
| Variable mon.av_tcpmisc_out |
| Variable mon.av_tcpsyn_in |
| Variable mon.av_tcpsyn_out |
| Variable mon.av_temp0 |
| Variable mon.av_temp1 |
| Variable mon.av_temp2 |
| Variable mon.av_temp3 |
| Variable mon.av_udp_in |
| Variable mon.av_udp_out |
| Variable mon.av_users |
| Variable mon.av_webaccess |
| Variable mon.av_weberrors |
| Variable mon.av_www_in |
| Variable mon.av_www_out |
| Variable mon.av_wwws_in |
| Variable mon.av_wwws_out |
| Variable mon.dev_cfengine_in |
| Variable mon.dev_cfengine_out |
| Variable mon.dev_cpu |
| Variable mon.dev_cpu0 |
| Variable mon.dev_cpu1 |
| Variable mon.dev_cpu2 |
| Variable mon.dev_cpu3 |
| Variable mon.dev_diskfree |
| Variable mon.dev_dns_in |
| Variable mon.dev_dns_out |
| Variable mon.dev_ftp_in |
| Variable mon.dev_ftp_out |
| Variable mon.dev_icmp_in |
| Variable mon.dev_icmp_out |
| Variable mon.dev_irc_in |
| Variable mon.dev_irc_out |
| Variable mon.dev_loadavg |
| Variable mon.dev_messages |
| Variable mon.dev_netbiosdgm_in |
| Variable mon.dev_netbiosdgm_out |
| Variable mon.dev_netbiosns_in |
| Variable mon.dev_netbiosns_out |
| Variable mon.dev_netbiosssn_in |
| Variable mon.dev_netbiosssn_out |
| Variable mon.dev_nfsd_in |
| Variable mon.dev_nfsd_out |
| Variable mon.dev_otherprocs |
| Variable mon.dev_rootprocs |
| Variable mon.dev_smtp_in |
| Variable mon.dev_smtp_out |
| Variable mon.dev_ssh_in |
| Variable mon.dev_ssh_out |
| Variable mon.dev_syslog |
| Variable mon.dev_tcpack_in |
| Variable mon.dev_tcpack_out |
| Variable mon.dev_tcpfin_in |
| Variable mon.dev_tcpfin_out |
| Variable mon.dev_tcpmisc_in |
| Variable mon.dev_tcpmisc_out |
| Variable mon.dev_tcpsyn_in |
| Variable mon.dev_tcpsyn_out |
| Variable mon.dev_temp0 |
| Variable mon.dev_temp1 |
| Variable mon.dev_temp2 |
| Variable mon.dev_temp3 |
| Variable mon.dev_udp_in |
| Variable mon.dev_udp_out |
| Variable mon.dev_users |
| Variable mon.dev_webaccess |
| Variable mon.dev_weberrors |
| Variable mon.dev_www_in |
| Variable mon.dev_www_out |
| Variable mon.dev_wwws_in |
| Variable mon.dev_wwws_out |
| Variable mon.free_disk_watch |
| Variable mon.value_cfengine_in |
| Variable mon.value_cfengine_out |
| Variable mon.value_cpu |
| Variable mon.value_cpu0 |
| Variable mon.value_cpu1 |
| Variable mon.value_cpu2 |
| Variable mon.value_cpu3 |
| Variable mon.value_diskfree |
| Variable mon.value_dns_in |
| Variable mon.value_dns_out |
| Variable mon.value_ftp_in |
| Variable mon.value_ftp_out |
| Variable mon.value_icmp_in |
| Variable mon.value_icmp_out |
| Variable mon.value_irc_in |
| Variable mon.value_irc_out |
| Variable mon.value_loadavg |
| Variable mon.value_messages |
| Variable mon.value_netbiosdgm_in |
| Variable mon.value_netbiosdgm_out |
| Variable mon.value_netbiosns_in |
| Variable mon.value_netbiosns_out |
| Variable mon.value_netbiosssn_in |
| Variable mon.value_netbiosssn_out |
| Variable mon.value_nfsd_in |
| Variable mon.value_nfsd_out |
| Variable mon.value_otherprocs |
| Variable mon.value_rootprocs |
| Variable mon.value_smtp_in |
| Variable mon.value_smtp_out |
| Variable mon.value_ssh_in |
| Variable mon.value_ssh_out |
| Variable mon.value_syslog |
| Variable mon.value_tcpack_in |
| Variable mon.value_tcpack_out |
| Variable mon.value_tcpfin_in |
| Variable mon.value_tcpfin_out |
| Variable mon.value_tcpmisc_in |
| Variable mon.value_tcpmisc_out |
| Variable mon.value_tcpsyn_in |
| Variable mon.value_tcpsyn_out |
| Variable mon.value_temp0 |
| Variable mon.value_temp1 |
| Variable mon.value_temp2 |
| Variable mon.value_temp3 |
| Variable mon.value_udp_in |
| Variable mon.value_udp_out |
| Variable mon.value_users |
| Variable mon.value_webaccess |
| Variable mon.value_weberrors |
| Variable mon.value_www_in |
| Variable mon.value_www_out |
| Variable mon.value_wwws_in |
| Variable mon.value_wwws_out |
| Variable sys.arch |
| Variable sys.cdate |
| Variable sys.cf_agent |
| Variable sys.cf_execd |
| Variable sys.cf_key |
| Variable sys.cf_know |
| Variable sys.cf_monitord |
| Variable sys.cf_promises |
| Variable sys.cf_report |
| Variable sys.cf_runagent |
| Variable sys.cf_serverd |
| Variable sys.cf_twin |
| Variable sys.cf_version |
| Variable sys.class |
| Variable sys.date |
| Variable sys.domain |
| Variable sys.expires |
| Variable sys.exports |
| Variable sys.fqhost |
| Variable sys.fstab |
| Variable sys.host |
| Variable sys.interface |
| Variable sys.ipv4 |
| Variable sys.ipv4[interface_name] |
| Variable sys.ipv4_1[interface_name] |
| Variable sys.ipv4_2[interface_name] |
| Variable sys.ipv4_3[interface_name] |
| Variable sys.key_digest |
| Variable sys.long_arch |
| Variable sys.maildir |
| Variable sys.nova_version |
| Variable sys.os |
| Variable sys.ostype |
| Variable sys.release |
| Variable sys.resolv |
| Variable sys.uqhost |
| Variable sys.windir |
| Variable sys.winprogdir |
| Variable sys.winprogdir86 |
| Variable sys.winsysdir |
| Variable sys.workdir |
| Arrays in cfengine 3 |
| List variable substitution and expansion |
| Scalar variable expansion |
| Associative arrays |
| List variables |
| Scalar variables |
| Notes on windows policies |
| Windows event logging |
| Windows hard classes |
| Windows service management |
| Windows special variables |
| Windows specific features in Nova |
| action |
| classes |
| comment (TBD) |
| depends_on (TBD) |
| handle (TBD) |
| ifvarclass (TBD) |
| select_region |
| Access Example |
| admit (TBD) |
| deny (TBD) |
| ifencrypted (TBD) |
| maproot (TBD) |
| resource_type (TBD) |
| abortbundleclasses |
| abortclasses |
| addclasses |
| agentaccess |
| agentfacility |
| auditing |
| binarypaddingchar |
| bindtointerface |
| checksum_alert_time |
| childlibpath |
| default_repository |
| default_timeout |
| defaultcopytype |
| dryrun |
| editbinaryfilesize |
| editfilesize |
| environment |
| exclamation |
| expireafter (TBD) |
| files_auto_define |
| files_single_copy |
| hashupdates |
| hostnamekeys |
| ifelapsed (TBD) |
| inform |
| intermittency (TBD) |
| max_children |
| maxconnections |
| mountfilesystems |
| nonalphanumfiles |
| repchar |
| secureinput |
| sensiblecount |
| sensiblesize |
| skipidentify |
| suspiciousnames |
| syslog |
| timezone |
| track_value |
| verbose |
| CfengineStdLibrary (TBD) |
| Frequently Asked Topics |
| cf-copernicus (TBD) |
| cf3-bestpractice (TBD) |
| cf3-glossary (TBD) |
| cf3-reference (TBD) |
| cf3-solutions (TBD) |
| cf3-tutorial (TBD) |
| cf3-upgrade (TBD) |
| cfnova (TBD) |
| st-adopt (TBD) |
| st-appmgt (TBD) |
| st-bdma (TBD) |
| st-distsched (TBD) |
| st-hierarchy (TBD) |
| st-iterate (TBD) |
| st-itil (TBD) |
| st-knowledge (TBD) |
| st-orchestrate (TBD) |
| st-reporting (TBD) |
| st-rollback (TBD) |
| st-schedule (TBD) |
| st-teams (TBD) |
| st-virt (TBD) |
| backup (TBD) |
| configuration (CFEngine desired-state automation and self-repair service) |
| database (Relational database services) |
| directory services (Directory services are look-up services, typically with identity or host information.) |
| email (TBD) |
| login (The ability to log onto systems with a username and password) |
| mail (Electronic mail service, as made famous by the Unix operating system.) |
| storage (Remotely accessible disk volumes.) |
| storage (storage as a concept) |
| web services (TBD) |
| web (The WWW web service) |
| webserver (TBD) |
| lvalue |
| rvalue |
| aces (Native settings for access control entry) |
| acl (Criteria for access control lists on file) |
| acl_directory_inherit (Access control list type for the affected file system) |
| acl_method (Editing method for access control list) |
| acl_type (Access control list type for the affected file system) |
| action (Output behaviour) |
| action_policy (Whether to repair or report about non-kept promises) |
| admit (List of host names or IP addresses to grant access to file objects) |
| allow_blank_fields (true/false allow blank fields in a line (do not purge)) |
| and (Combine class sources with AND) |
| args (Alternative string of arguments for the command (concatenated with promiser string)) |
| associates (List of associated topics by this forward relationship) |
| association (Declare associated topics) |
| atime (Range of access times (atime) for acceptable files) |
| audit (true/false switch for detailed audit records of this promise) |
| authorize (List of public-key user names that are allowed to activate the promised class during remote agent activation) |
| background (true/false switch for parallelizing the promise repair) |
| backward_relationship (Name of backward/inverse association from associates to promiser topic) |
| before_after (Menu option, point cursor before of after matched line) |
| bsdflags (List of menu options for bsd file system flags to set) |
| cancel_kept (A list of classes to be cancelled if the promise is kept) |
| cancel_notkept (A list of classes to be cancelled if the promise is not kept for any reason) |
| cancel_repaired (A list of classes to be cancelled if the promise is repaired) |
| changes (Criteria for change management) |
| chdir (Directory for setting current/base directory for the process) |
| check_foreign (true/false verify storage that is mounted from a foreign system on this host) |
| check_root (true/false check permissions on the root directory when depth_search) |
| chroot (Directory of root sandbox for process) |
| classes (Signalling behaviour) |
| collapse_destination_dir (true/false Place files in subdirectories into the root destination directory during copy) |
| command (Regular expression matching the command/cmd field of a process) |
| comment (A comment about this promise's real intention that follows through the program) |
| compare (Menu option policy for comparing source and image file attributes) |
| contain (Containment options for the execution process) |
| copy_backup (Menu option policy for file backup/version control) |
| copy_from (Criteria for copying file from a source) |
| copy_patterns (A set of patterns that should be copied ansd synchronized instead of linked) |
| copy_size (Integer range of file sizes that may be copied) |
| copylink_patterns (List of patterns matching files that should be linked instead of copied) |
| create (true/false whether to create non-existing file) |
| ctime (Range of change times (ctime) for acceptable files) |
| data_type (The datatype being collected.) |
| database_columns (A list of column definitions to be promised by SQL databases) |
| database_operation (The nature of the promise - to be or not to be) |
| database_rows (An ordered list of row values to be promised by SQL databases) |
| database_server (Credentials for connecting to a local/remote database server) |
| database_type (The type of database that is to be manipulated) |
| db_server_connection_db (The name of an existing database to connect to in order to create/manage other databases) |
| db_server_host (Hostname or address for connection to database, blank means localhost) |
| db_server_owner (User name for database connection) |
| db_server_password (Clear text password for database connection) |
| db_server_type (The dialect of the database server) |
| delete (Criteria for deleting files) |
| delete_if_contains_from_list (Delete line if a regex in the list match a line fragment) |
| delete_if_match_from_list (Delete line if it fully matches a regex in the list) |
| delete_if_not_contains_from_list (Delete line if a regex in the list DOES NOT match a line fragment) |
| delete_if_not_match_from_list (Delete line if it DOES NOT fully match a regex in the list) |
| delete_if_not_startwith_from_list (Delete line if it DOES NOT start with a string in the list) |
| delete_if_startwith_from_list (Delete line if it starts with a string in the list) |
| delete_select (Delete only if lines pass filter criteria) |
| deny (List of host names or IP addresses to deny access to file objects) |
| depends_on (A list of promise handles that this promise builds on or depends on somehow (for knowledge management)) |
| depth (Maximum depth level for search) |
| depth_search (Criteria for file depth searches) |
| dirlinks (Menu option policy for dealing with symbolic links to directories during deletion) |
| disable (true/false automatically rename and remove permissions) |
| disable_mode (The permissions to set when a file is disabled) |
| disable_suffix (The suffix to add to files when disabling (.cfdisabled)) |
| dist (Generate a probabilistic class distribution (strategy in cfengine 2)) |
| edit_backup (Menu option for backup policy on edit changes) |
| edit_defaults (Default promise details for file edits) |
| edit_field (Edit line-based file as matrix of fields) |
| edit_fstab (true/false add or remove entries to the file system table ("fstab")) |
| edit_line (Line editing model for file) |
| edit_xml (XML editing model for file) |
| empty_file_before_editing (Baseline memory model of file to zero/empty before commencing promised edits) |
| encrypt (true/false use encrypted data stream to connect to remote host) |
| env_addresses (The IP addresses of the environment's network interfaces) |
| env_baseline (The path to an image with which to baseline the virtual environment) |
| env_cpus (Number of CPUs in virtual environment) |
| env_disk (Amount of secondary storage (DISK) in the virtual environment) |
| env_memory (Amount of primary storage (RAM) in the virtual environment) |
| env_name (The hostname of the virtual environment) |
| env_network (The hostname of the virtual network) |
| env_spec_file (The path to a set of promises specifying the vitual instance) |
| environment_host (The name of the virtual environment host (this must be promised uniquely)) |
| environment_interface (Virtual environment outward identity and location) |
| environment_resources (Virtual environment resource description) |
| environment_state (The desired dynamical state of the specified environment) |
| environment_type (Virtual environment type) |
| exclude_dirs (List of regexes of directory names NOT to include in depth search) |
| exec_group (The group name or id under which to run the process) |
| exec_owner (The user name or id under which to run the process) |
| exec_program (Execute this command on each file and match if the exit status is zero) |
| exec_regex (Matches file if this regular expression matches any full line returned by the command) |
| exec_timeout (Timeout in seconds for command completion) |
| expand_scalars (Expand any unexpanded variables) |
| expireafter (Number of minutes before a repair action is interrupted and retried) |
| expression (Evaluate string expression of classes in normal form) |
| extend_fields (true/false add new fields at end of line if necessary to complete edit) |
| extraction_regex (Regular expression that should contain a single backreference for extracting a value) |
| field_operation (Menu option policy for editing subfields) |
| field_separator (The regular expression used to separate fields in a line) |
| field_value (Set field value to a fixed value) |
| file_result (Logical expression combining classes defined by file search criteria) |
| file_select (Choose which files select in a search) |
| file_to_print (Path name to the file that is to be sent to standard output) |
| file_types (List of acceptable file types from menu choices) |
| findertype (Menu option for default finder type on MacOSX) |
| first_last (Menu option, choose first or last occurrence of match in file) |
| force_ipv4 (true/false force use of ipv4 on ipv6 enabled network) |
| force_update (true/false force copy update always) |
| forward_relationship (Name of forward association between promiser topic and associates) |
| freespace (Absolute or percentage minimum disk space that should be available before warning) |
| friend_pattern (Regular expression to keep selected hosts from the friends report list) |
| groups (List of acceptable groups of group ids, first is change target) |
| handle (A unique id-tag string for referring to this as a promisee elsewhere) |
| hash (Hash files for change detection) |
| history_type (Whether the data can be seen as a time-series or just an isolated value) |
| ifelapsed (Number of minutes before next allowed assessment of promise) |
| ifencrypted (true/false whether the current file access promise is conditional on the connection from the client being encrypted) |
| ifvarclass (Extended classes ANDed with context) |
| ilist (A list of integers) |
| in_range_define (List of classes to define if the matches are in range) |
| include_basedir (true/false include the start/root dir of the search results) |
| include_dirs (List of regexes of directory names to include in depth search) |
| include_start_delimiter (Whether to include the section delimiter) |
| insert_if_contains_from_list (Insert line if a regex in the list match a line fragment) |
| insert_if_match_from_list (Insert line if it fully matches a regex in the list) |
| insert_if_not_contains_from_list (Insert line if a regex in the list DOES NOT match a line fragment) |
| insert_if_not_match_from_list (Insert line if it DOES NOT fully match a regex in the list) |
| insert_if_not_startwith_from_list (Insert line if it DOES NOT start with a string in the list) |
| insert_if_startwith_from_list (Insert line if it starts with a string in the list) |
| insert_select (Insert only if lines pass filter criteria) |
| insert_type (Type of object the promiser string refers to) |
| int (A scalar integer) |
| intermittency (Real number threshold [0,1] of intermittency about current peers, report above) |
| ipv4_address (IPv4 address for the interface) |
| ipv4_netmask (Netmask for the interface) |
| ipv6_address (IPv6 address for the interface) |
| issymlinkto (List of regular expressions to match file objects) |
| lastseen (Integer time threshold in hours since current peers were last seen, report absence) |
| leaf_name (List of regexes that match an acceptable name) |
| link_children (true/false whether to link all directory's children to source originals) |
| link_from (Criteria for linking file from a source) |
| link_type (Menu option for type of links to use when copying) |
| link_type (The type of link used to alias the file) |
| linkcopy_patterns (List of patterns matching files that should be replaced with symbolic links) |
| location (Specify where in a file an insertion will be made) |
| log_failed (This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger) |
| log_kept (This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger) |
| log_level (The reporting level sent to syslog) |
| log_priority (The priority level of the log message, as interpreted by a syslog server) |
| log_repaired (This should be filename of a file to which log_string will be saved, if undefined it goes to the system logger) |
| log_string (A message to be written to the log when a promise verification leads to a repair) |
| maproot (List of host names or IP addresses to grant full read-privilege on the server) |
| match_range (Integer range for acceptable number of matches for this process) |
| match_value (Criteria for extracting the measurement from a datastream) |
| max_file_size (Do not edit files bigger than this number of bytes) |
| measurement_class (If set performance will be measured and recorded under this identifier) |
| mode (File permissions (like posix chmod)) |
| module (true/false whether to expect the cfengine module protocol) |
| mount (Criteria for mounting foreign file systems) |
| mount_options (List of option strings to add to the file system table ("fstab")) |
| mount_server (Hostname or IP or remote file system server) |
| mount_source (Path of remote file system to mount) |
| mount_type (Protocol type of remote file system) |
| move_obstructions (true/false whether to move obstructions to file-object creation) |
| mtime (Range of modification times (mtime) for acceptable files) |
| newname (The desired name for the current file) |
| no_output (true/false discard all output from the command) |
| not (Evaluate the negation of string expression in normal form) |
| not_matching (true/false negate match criterion) |
| number_of_lines (Integer maximum number of lines to print from selected file) |
| occurrences (Menu option to replace all occurrences or just first (NB the latter is non-convergent)) |
| or (Combine class sources with inclusive OR) |
| out_of_range_define (List of classes to define if the matches are out of range) |
| output_level (Output level to observe for the named promise or bundle (meta-promise)) |
| owners (List of acceptable owners or user ids, first is change target) |
| package_add_command (Command to install a package to the system) |
| package_arch_regex (Regular expression with one backreference to extract package architecture string) |
| package_architectures (Select the architecture for package selection) |
| package_changes (Menu option - whether to group packages into a single aggregate command) |
| package_delete_command (Command to remove a package from the system) |
| package_delete_convention (This is how the package manager expects the package to be referred to in the deletion part of a package update, e.g. $(name)) |
| package_file_repositories (A list of machine-local directories to search for packages) |
| package_installed_regex (Regular expression which matches packages that are already installed) |
| package_list_arch_regex (Regular expression with one backreference to extract package architecture string) |
| package_list_command (Command to obtain a list of available packages) |
| package_list_name_regex (Regular expression with one backreference to extract package name string) |
| package_list_update_command (Command to update the list of available packages (if any)) |
| package_list_update_ifelapsed (The ifelapsed locking time in between updates of the package list) |
| package_list_version_regex (Regular expression with one backreference to extract package version string) |
| package_method (Criteria for installation and verification) |
| package_multiline_start (Regular expression which matches the start of a new package in multiline output) |
| package_name_convention (This is how the package manager expects the package to be referred to, e.g. $(name).$(arch)) |
| package_name_regex (Regular expression with one backreference to extract package name string) |
| package_noverify_regex (Regular expression to match verification failure output) |
| package_noverify_returncode (Integer return code indicating package verification failure) |
| package_patch_arch_regex (Regular expression with one backreference to extract update architecture string) |
| package_patch_command (Command to update to the latest patch release of an installed package) |
| package_patch_installed_regex (Regular expression which matches packages that are already installed) |
| package_patch_list_command (Command to obtain a list of available patches or updates) |
| package_patch_name_regex (Regular expression with one backreference to extract update name string) |
| package_patch_version_regex (Regular expression with one backreference to extract update version string) |
| package_policy (Criteria for package installation/upgrade on the current system) |
| package_select (A criterion for first acceptable match relative to "package_version") |
| package_update_command (Command to update to the latest version a currently installed package) |
| package_verify_command (Command to verify the correctness of an installed package) |
| package_version (Version reference point for determining promised version) |
| package_version_regex (Regular expression with one backreference to extract package version string) |
| path_name (List of pathnames to match acceptable target) |
| path_root (Base path of the occurrence when locating file (replaced by web_root)) |
| pathtype (Menu option for interpreting promiser file object) |
| perms (Criteria for setting permissions on a file) |
| persist_time (A number of minutes the specified classes should remain active) |
| pgid (Range of integers matching the parent group id of a process) |
| pid (Range of integers matching the process id of a process) |
| policy (The policy for (dis)allowing (re)definition of variables) |
| portnumber (Port number to connect to on server host) |
| ppid (Range of integers matching the parent process id of a process) |
| preserve (true/false whether to preserve file permissions on copied file) |
| preview (true/false preview command when running in dry-run mode (with -n)) |
| printfile (Quote part of a file to standard output) |
| priority (Range of integers matching the priority field (PRI/NI) of a process) |
| process_count (Criteria for constraining the number of processes matching other criteria) |
| process_owner (List of regexes matching the user of a process) |
| process_result (Boolean class expression returning the logical combination of classes set by a process selection test) |
| process_select (Criteria for matching processes in the system process table) |
| process_stop (A command used to stop a running process) |
| promise_kept (A list of classes to be defined globally) |
| promise_repaired (A list of classes to be defined globally) |
| promiser_type (Output level to observe for the named promise or bundle (meta-promise)) |
| purge (true/false purge files on client that do not match files on server when depth_search) |
| real (A scalar real number) |
| recognize_join (Join together lines that end with a backslash, up to 4kB limit) |
| registry_exclude (A list of regular expressions to ignore in key/value verification) |
| rename (Criteria for renaming files) |
| repair_denied (A list of classes to be defined globally) |
| repair_failed (A list of classes to be defined globally) |
| repair_timeout (A list of classes to be defined globally) |
| replace_value (Value used to replace regular expression matches in search) |
| replace_with (Search-replace pattern) |
| report_changes (Specify criteria for change warnings) |
| report_diffs (Generate reports summarizing the major differences between individual text files) |
| report_level (The reporting level for standard output) |
| report_to_file (The path and filename to which output should be appended) |
| repository (Name of a repository for versioning) |
| representation (How to interpret the promiser string e.g. actual data or reference to data) |
| represents (List of subtopics that explains the type(s) of information represented by the occurrence) |
| resource_type (The type of object being granted access (the default grants access to files)) |
| restart_class (A class to be defined globally if the process is not running, so that a command: rule can be referred to restart the process) |
| rlist (A list of real numbers) |
| rmdeadlinks (true/false remove links that point to nowhere) |
| rmdirs (true/false whether to delete empty directories during recursive deletion) |
| rotate (Maximum number of file rotations to keep) |
| rsize (Range of integers matching the resident memory size of a process, in kilobytes) |
| rxdirs (true/false add execute flag for directories if read flag is set) |
| scan_arrivals (true/false generate pseudo-periodic disk change arrival distribution) |
| search_bsdflags (String of flags for bsd file system flags expected set) |
| search_groups (List of acceptable group names or ids for the file, or regexes to match) |
| search_mode (A list of mode masks for acceptable file permissions) |
| search_owners (List of acceptable user names or ids for the file, or regexes to match) |
| search_size (Integer range of file sizes) |
| select_end (Regular expression matches end of edit region from start) |
| select_field (Integer index of the field required 1..n) |
| select_line_matching (Regular expression for matching file line location) |
| select_line_number (Read from the n-th line of the output (fixed format)) |
| select_region (Limit edits to a demarked region of the file) |
| select_start (Regular expression matching start of edit region) |
| sensible_count (Minimum number of files that should be defined on a sensible-looking storage device) |
| sensible_size (Minimum size in bytes that should be used on a sensible-looking storage device) |
| servers (List of servers in order of preference from which to copy) |
| service_args (Parameters for starting the service) |
| service_autostart_policy (Should the service be started automatically by the OS) |
| service_dependence_chain (How to handle dependencies and dependent services) |
| service_dependencies (A list of services on which this service depends) |
| service_method (Details of the service specification) |
| service_policy (Policy for service status to maintain) |
| service_type (Service abstraction type) |
| showstate (List of services about which status reports should be reported to standard output) |
| signals (A list of menu options representing signals to be sent to a process) |
| slist (A list of scalar strings) |
| source (Reference source file from which to copy) |
| source (The source file to which the link should point) |
| specify_inherit_aces (Native settings for access control entry) |
| status (Regular expression matching the status field of a process) |
| stealth (true/false whether to preserve time stamps on copied file) |
| stime_range (Range of integers matching the start time of a process) |
| stream_type (The datatype being collected.) |
| string (A scalar string) |
| tcp_ip (Interface tcp/ip properties) |
| threads (Range of integers matching the threads (NLWP) field of a process) |
| timer_policy (Whether a persistent class restarts its counter when rediscovered) |
| touch (true/false whether to touch time stamps on file) |
| track_growing_file (If true, cfengine remembers the position to which is last read when opening the file, and resets to the start if the file has since been truncated) |
| transformer (Command (with full path) used to transform current file (no shell wrapper used)) |
| traverse_links (true/false traverse symbolic links to directories (false)) |
| trustkey (true/false trust public keys from remote server if previously unknown) |
| ttime_range (Range of integers matching the total elapsed time of a process) |
| tty (Regular expression matching the tty field of a process) |
| type_check (true/false compare file types before copying and require match) |
| umask (The umask value for the child process) |
| units (The engineering dimensions of this value or a note about its intent used in plots) |
| unmount (true/false unmount a previously mounted filesystem) |
| update_hashes (Update hash values immediately after change warning) |
| usebundle (Specify the name of a bundle to run as a parameterized method) |
| useshell (true/false embed the command in a shell environment (true)) |
| value_kept (A real number value attributed to keeping this promise) |
| value_notkept (A real number value (possibly negative) attributed to not keeping this promise) |
| value_repaired (A real number value attributed to reparing this promise) |
| value_separator (Character separator for subfields inside the selected field) |
| verify (true/false verify transferred file by hashing after copy (resource penalty)) |
| volume (Criteria for monitoring/probing mounted volumes) |
| vsize (Range of integers matching the virtual memory size of a process, in kilobytes) |
| web_root (Base URL of the occurrence when rendered as a web-URL (replaces path_root)) |
| when_linking_children (Policy for overriding existing files when linking directories of children) |
| when_no_source (Behaviour when the source file to link to does not exist) |
| whitespace_policy (Criteria for matching and recognizing existing lines) |
| xdev (true/false exclude directories that are on different devices) |
| xor (Combine class sources with XOR) |
| BOOTP (A simple broadcast protocol for booting a system directly from the network, e.g. for installation purposes.) |
| PXE (A composite network service based on the PXE protocol, allows systems to boot directly from the network.) |
| sys (cfengine's internal bundle of system specific values) |
| setting variables with functions (TBD) |
| HashCommentLinesMatching |
| HashUnCommentLinesMatching |
| WarnIfLineMatching |
| acl (TBD) |
| alerts (TBD) |
| binservers (TBD) |
| broadcast (TBD) |
| cfengine 2 control settings (Parameters that affect the behaviour of the agent rather than affect the system configuration.) |
| copy (TBD) |
| defaultroute (TBD) |
| directories |
| disable (TBD) |
| disks (TBD) |
| editfiles (TBD) |
| files (TBD) |
| filters (TBD) |
| groups (TBD) |
| homeservers (TBD) |
| ignore (TBD) |
| import (TBD) |
| interfaces (TBD) |
| links (TBD) |
| mailserver (TBD) |
| methods (TBD) |
| miscmounts (TBD) |
| mountables (TBD) |
| packages (TBD) |
| processes (TBD) |
| rename (TBD) |
| required (TBD) |
| resolve (TBD) |
| scli (TBD) |
| shellcommands (TBD) |
| strategies (TBD) |
| tidy (TBD) |
| unmount (TBD) |
| deletenonuserfiles (TBD) |
| deletenonusermail (TBD) |
| warnnonuserfiles (TBD) |
| warnnonusermail (TBD) |
| commands (TBD) |
| databases (TBD) |
| files (TBD) |
| ilist (TBD) |
| int (TBD) |
| measurements (TBD) |
| occurrences (TBD) |
| processes (TBD) |
| real (TBD) |
| reports (TBD) |
| rlist (TBD) |
| slist (TBD) |
| storage (TBD) |
| string (TBD) |
| topics (TBD) |
| vars (TBD) |
| cf-agent (TBD) |
| cf-execd (TBD) |
| cf-know (TBD) |
| cf-monitord (TBD) |
| cf-promises (TBD) |
| cf-report (TBD) |
| cf-runagent (TBD) |
| cf-serverd (TBD) |
| cfagent (TBD) |
| cfd (TBD) |
| cfengine 1 (TBD) |
| cfengine 2 (TBD) |
| cfengine 2.2.x (cfengine version) |
| cfengine 3 |
| cfengine 3.0.x (cfengine version) |
| cfengine nova (cfengine version) |
| cfenvd (TBD) |
| cfenvgraph (TBD) |
| cfexecd (TBD) |
| cfrun (TBD) |
| cfservd (TBD) |
| cfshow (TBD) |
| enterprise level cfengine |
| ldap functions (TBD) |
| server functions (TBD) |
| and (TBD) |
| dist (TBD) |
| expression (TBD) |
| not (TBD) |
| or (TBD) |
| xor (TBD) |
| apt-get |
| bison (TBD) |
| cfengine (cfengine - the configuration engine) |
| copernicus |
| dpkg (TBD) |
| emerge (TBD) |
| flex (TBD) |
| gcc (TBD) |
| ldd (TBD) |
| lex (TBD) |
| pkg_add (TBD) |
| pkgadd (TBD) |
| portage (TBD) |
| rpm (TBD) |
| the omnigator (TBD) |
| yast (TBD) |
| yum |
| zypper |
| args (TBD) |
| contain |
| module (TBD) |
| bundlesequence |
| domain |
| fips_mode |
| host_licenses_paid |
| ignore_missing_bundles |
| ignore_missing_inputs |
| inputs |
| lastseenexpireafter |
| output_prefix |
| require_comments |
| syslog_host |
| syslog_port |
| version |
| CMDB (Configuration Management Database. A form of extended inventort system, championed by ITIL.) |
| EUROSOX (The 8th EU data directive) |
| ISO/IEC 20000 (A standards document based on a subset of ITIL) |
| ITIL (Stands for Information Technology Infrastructure Library. ITIL is a set of self-proclaimed best-practises originally developed by the British government. It can be viewed as mainly common-sense rules. CFEngine can be used as a component in becoming ITIL-compliant. By translating many of your best practises into policy rules, you can have CFEngine ensure parts of ITIL-compliance.) |
| SAS-70 (Stands for Statement of Auditing Standards no. 70. SAS-70 is an auditing standard. SAS 70 defines the professional standards used by a service auditor to assess the internal controls of a service organization and issue a service auditor's report. CFEngine can be used to ensure SAS-70 compliance in the same way you can achieve other standardization compliance.) |
| SOX (The Sarbanes-Oxley Act) |
| auditing (A process to verify that the datacenter operate according to the guidelines and legislations. A rapid growth in datacenter size and complexity, combined with government regulations, have called for a drastic increase in audits. CFEngine comes with reporting and logging capabilties that make auditing straightforward.) |
| eTOM (The Extended Telecom Operations Map) |
| authentication (TBD) |
| policy server (TBD) |
| convergence (The idea that we always move closer to the desired state of a system on every promise verification. Once the desired state has been reached, the state hsa converged and no further changes take place. Normally convergence to the desired state happens in a single repair, unless there are dependencies that cannot be resolved. Convergence is a stronger constraint on system behaviour than idempotence.) |
idempotence (Idempotence is a mathematical property of operations or changes. An operator is idempotent if applying it twice is the same as applying it once. This is not the same as convergence, because the result need not be anchored to anything. e.g. touch myfile is idempotent but it is not a fixed point because its effect depends on which directory the operation is performed in. touch /tmp/myfile is convergent.) |
| class (A boolean returned by certain functions in classes promises) |
| ilist (A list of integers matching -99999999999,9999999999) |
| int (A scalar integer matching -99999999999,9999999999) |
| policy (The policy for (dis)allowing (re)definition of variables matching free,overridable,constant,ifdefined) |
| real (A scalar real number matching -9.99999E100,9.99999E100) |
| rlist (A list of real numbers matching -9.99999E100,9.99999E100) |
| slist (A list of scalar strings matching ) |
| string (A scalar string matching ) |
| mysql (Open source SQL database engine optimized for web) |
| oracle (Commercial relational SQL database) |
| postgres (Open source relational SQL database engine for transaction processing) |
| database_columns (TBD) |
| database_operation (TBD) |
| database_rows (TBD) |
| database_server |
| database_type (TBD) |
| registry_exclude (TBD) |
| delete_select |
| not_matching (TBD) |
| DHCP (An IP configuration service.) |
| DNS (Domain Name Service for translating Internet addresses into hostnames and vice versa.) |
| LDAP (A well-known directory service. MS Active Directory purports to support this standard.) |
| NIS (Sun's Network Information Service (previously called Yellow Pages).) |
| hard classes |
| monitoring (Ability to monitor the current state of your datacenter. CFEngine can sample and trace behaviour, monitoring your datacenter intelligently, using historic data to decide whether a behaviour should call for action or not.) |
| persistent classes (TBD) |
| soft classes |
| environment_host (TBD) |
| environment_interface |
| environment_resources |
| environment_state (TBD) |
| environment_type (TBD) |
| exec_command |
| executorfacility |
| mailfrom |
| mailmaxlines |
| mailto |
| schedule |
| smtpserver |
| splaytime |
| access to file not granted (TBD) |
| allowConnectionsFrom not set (TBD) |
| allowMultipleConnectionsFrom not set (TBD) |
| bad memory reference (TBD) |
| print server not running (TBD) |
| remote connection problem (TBD) |
| segmentation fault (TBD) |
| trustKeysFrom not set (TBD) |
| web server not running (TBD) |
| edit_field |
| .a files (ld library static archive) |
| .c files (C compiler source files) |
| .l files (Lex/Flex lexer input file) |
| .o files (Compiled object code from any source) |
| .so files (ld shared object/library file) |
| .y files (Yacc/Bison inpur grammer file) |
| /etc/filesystems (Unix list of available file systems and devices) |
| /etc/fstab (Unix list of available file systems and devices) |
| /etc/ftpusers (A file denying ftp access to named users) |
| /etc/hosts.allow (A file granting access to TCP services if support is compiled in) |
| /etc/hosts.deny (A file denying access to TCP services support is compiled in) |
| /etc/ldso.conf (ld shared object loader configuration file) |
| /etc/passwd (Unix system user database file) |
| /etc/printers.conf (Unix print spooler configuration file) |
| /etc/resolv.conf (The resolver/name service configuration) |
| /etc/shadow (Unix system password hash file) |
| /etc/vfstab (Unix list of available file systems and devices) |
| a.out (Default name for a compiled and linked program) |
| executable files (Files representing executable programs) |
| ftpusers (TBD) |
| passwd (TBD) |
| resolv.conf (TBD) |
| setgid files (Files that grant temporary group membership) |
| setuid files (Files that grant temporary privilege as another user) |
| shadow (TBD) |
| acl |
| changes |
| copy_from |
| create (TBD) |
| delete |
| depth_search |
| edit_defaults |
| edit_line (TBD) |
| edit_xml (TBD) |
| file_select |
| link_from |
| move_obstructions (TBD) |
| pathtype (TBD) |
| perms |
| rename |
| repository (TBD) |
| touch (TBD) |
| transformer (TBD) |
| access control list management (The ability to specify and maintain file system ACLs) |
| impact analysis (The ability to code and visualize relationships between promises) |
| ldap integration (The ability to read and match values in LDAP repositories) |
| serving literal data (The ability to code strings directly into cf-serverd for authorised distribution to clients, e.g. password hashes for password management) |
| sql integration (The ability to read values from SQL databases and verify database structural integrity) |
| syntax lookup (The ability to look up cfengine 3 syntax on the command line using cf-know --syntax) |
| windows registry editing (The ability to edit the MS Windows registry, scan and repair it) |
| accessedbefore (True if arg1 was accessed before arg2 (atime)) |
| accumulated (Convert an accumulated amount of time into a system representation) |
| ago (Convert a time relative to now to an integer system representation) |
| canonify (Convert an abitrary string into a legal class name) |
| changedbefore (True if arg1 was changed before arg2 (ctime)) |
| classify (True if the canonicalization of the argument is a currently defined class) |
| classmatch (True if the regular expression matches any currently defined class) |
| countclassesmatching (Count the number of defined classes matching regex arg1) |
| countlinesmatching (Count the number of lines matching regex arg1 in file arg2) |
| diskfree (Return the free space (in KB) available on the directory's current partition (0 if not found)) |
| escape (Escape regular expression characters in a string) |
| execresult (Execute named command and assign output to variable) |
| fileexists (True if the named file can be accessed) |
| filesexist (True if the named list of files can ALL be accessed) |
| getenv (Return the environment variable named arg1, truncated at arg2 characters) |
| getfields (Get an array of fields in the lines matching regex arg1 in file arg2, split on regex arg3 as array name arg4) |
| getgid (Return the integer group id of the named group on this host) |
| getindices (Get a list of keys to the array whose id is the argument and assign to variable) |
| getuid (Return the integer user id of the named user on this host) |
| grep (Extract the sub-list if items matching the regular expression in arg1 of the list named in arg2) |
| groupexists (True if group or numerical id exists on this host) |
| hash (Return the hash of arg1, type arg2 and assign to a variable) |
| hashmatch (Compute the hash of arg1, of type arg2 and test if it matches the value in arg 3) |
| host2ip (Returns the primary name-service IP address for the named host) |
| hostinnetgroup (True if the current host is in the named netgroup) |
| hostrange (True if the current host lies in the range of enumerated hostnames specified) |
| hostsseen (Extract the list of hosts last seen/not seen within the last arg1 hours) |
| iprange (True if the current host lies in the range of IP addresses specified) |
| irange (Define a range of integer values for cfengine internal use) |
| isdir (True if the named object is a directory) |
| isgreaterthan (True if arg1 is numerically greater than arg2, else compare strings like strcmp) |
| islessthan (True if arg1 is numerically less than arg2, else compare strings like NOT strcmp) |
| islink (True if the named object is a symbolic link) |
| isnewerthan (True if arg1 is newer (modified later) than arg2 (mtime)) |
| isplain (True if the named object is a plain/regular file) |
| isvariable (True if the named variable is defined) |
| join (Join the items of arg2 into a string, using the conjunction in arg1) |
| lastnode (Extract the last of a separated string, e.g. filename from a path) |
| ldaparray (Extract all values from an ldap record) |
| ldaplist (Extract all named values from multiple ldap records) |
| ldapvalue (Extract the first matching named value from ldap) |
| now (Convert the current time into system representation) |
| on (Convert an exact date/time to an integer system representation) |
| peerleader (Get the assigned peer-leader of the partition to which we belong) |
| peerleaders (Get a list of peer leaders from the named partitioning) |
| peers (Get a list of peers (not including ourself) from the partition to which we belong) |
| randomint (Generate a random integer between the given limits) |
| readfile (Read max number of bytes from named file and assign to variable) |
| readintarray (Read an array of integers from a file and assign the dimension to a variable) |
| readintlist (Read and assign a list variable from a file of separated ints) |
| readrealarray (Read an array of real numbers from a file and assign the dimension to a variable) |
| readreallist (Read and assign a list variable from a file of separated real numbers) |
| readstringarray (Read an array of strings from a file and assign the dimension to a variable) |
| readstringlist (Read and assign a list variable from a file of separated strings) |
| readtcp (Connect to tcp port, send string and assign result to variable) |
| regarray (True if arg1 matches any item in the associative array with id=arg2) |
| regcmp (True if arg1 is a regular expression matching that matches string arg2) |
| regextract (True if the regular expression in arg 1 matches the string in arg2 and sets a non-empty array of backreferences named arg3) |
| registryvalue (Returns a value for an MS-Win registry key,value pair) |
| regldap (True if the regular expression in arg6 matches a value item in an ldap search) |
| regline (True if the regular expression in arg1 matches a line in file arg2) |
| reglist (True if the regular expression in arg2 matches any item in the list whose id is arg1) |
| remoteclassesmatching (Read persistent classes matching a regular expression from a remote cfengine server and add them into local context with prefix) |
| remotescalar (Read a scalar value from a remote cfengine server) |
| returnszero (True if named shell command has exit status zero) |
| rrange (Define a range of real numbers for cfengine internal use) |
| selectservers (Select tcp servers which respond correctly to a query and return their number, set array of names) |
| splayclass (True if the first argument's time-slot has arrived, according to a policy in arg2) |
| splitstring (Convert a string in arg1 into a list of max arg3 strings by splitting on a regular expression in arg2) |
| strcmp (True if the two strings match exactly) |
| translatepath (Translate path separators from Unix style to the host's native) |
| usemodule (Execute cfengine module script and set class if successful) |
| userexists (True if user name or numerical id exists on this host) |
| follow_topics |
| infer |
| book (TBD) |
| cfengine reference (TBD) |
| chapter section (TBD) |
| chapter (TBD) |
| definitions (TBD) |
| example (TBD) |
| hints (TBD) |
| introduction (TBD) |
| logs (System generated notifications) |
| manual (Manuals and guides) |
| paper (TBD) |
| popular science (TBD) |
| topic maps (TBD) |
| tutorial (TBD) |
| wikipedia |
| expand_scalars (TBD) |
| insert_select |
| insert_type (TBD) |
| location |
| whitespace_policy (TBD) |
| tcp_ip |
| build_directory |
| document_root |
| generate_manual |
| graph_directory |
| graph_output |
| html_banner |
| html_footer |
| id_prefix |
| manual_source_directory |
| query_engine |
| query_output |
| sql_connection_db |
| sql_database |
| sql_owner |
| sql_passwd |
| sql_server |
| sql_type |
| style_sheet |
| view_projections |
| Application management (Deploying and patching applications, inclding the ability to configure specific applications, like Apache-servers, Microsoft Exchange, etc.) |
| application management (Deploying and patching applications, inclding the ability to configure specific applications, like Apache-servers, Microsoft Exchange, etc.) |
| business value |
| capacity planning (Sometimes called dimensioning or service provisioning. Determining whether sufficient resources will be available to deliver planned services) |
| change management (The ability to trace, log and manipulate change in files. Whenever a change occurs in a file, this probably affects some other parts of the system. The ability to track, log and potentially restore changes are important for many purposes.) |
| compliance (Frameworks for standardizing and regulating systems) |
| configuration management (The ability to configure a Datacenter through configuration settings. This is the core of CFEngine. CFEngine comes with many advanced tools to ease the configuration of Datacenters and have it self-repair according the settings you define. See also Configuration Items (CIs), Change Management.) |
| identity management (Managing user credentials) |
| incident management (Repairing policy violations) |
| inventory (List of items within a datacenter, e.g. servers, applications, services. Expressed in terms of a static database that is being updated every now on then, depending on how often you scan the network. CFEngine holds accurate inventory lists and reports can easily be created on the fly. CFEngine dosen’t hold any static database that requires frequent scan (that takes a lot of resources) to describe the inventory.) |
| knowledge management (TBD) |
| maintenance paradigms (Approaches to keeping systems in an operational state) |
| management terminology (TBD) |
| orchestration (Making the parts of a distributed system work together with a minimum of interation) |
| patch management |
| release management (The process of preparing for major changes to policy or enterprise activity.) |
| reporting (Extracting information in human readable form) |
| storage management (Disk volumes, primary, redundant and secondary storage (backup)) |
| system discovery (The ability to detect new items (see CIs) in a datacenter. CFEngine recognizes new items on the fly and you can have them reported automatically. No need for data mining or guesses.) |
| team work (Focused group in a flat organization for efficient communication and decision-making) |
| BDIM (Business Driven IT Management) |
| CI (Configuration Items. Computer related items that can be configured. Items typically are servers, routers, switches, applications and storage devices. CFEngine can discover different types of CIs automatically, trace dependencies and make them available in reports through an online knowledge portal.) |
| CM |
| FCAPS |
| SLA (Service Level Agreement) |
| adoption of cfengine (TBD) |
| agreement |
| authoring (TBD) |
| baseline (Definition of what your system looks like or what it must look like. Many traditional vendors in the industry require a baseline to be able to roll out their system and get it running. In CFEngine, there is no need for a special baseline. CFEngine focuses on the opposite – the end state.) |
| budget (TBD) |
| business process (TBD) |
| contract |
| departments (TBD) |
| enterprise (TBD) |
| gold server (TBD) |
| operations (TBD) |
| pre-screening (The ability to foresee consequences of change. If you make a change one place, what’s the impact of the rest of the datacenter? CFEngine includes a dry-run mode which simulates the consequences of a change.) |
| provisioning (The ability to install and adopt new services, applications, OS and servers, e.g. using PXE-boot CFEngine can turn any server into anything kind of server with any kind of service running on it. CFEngine can easily deploy a service or new application throughout the datacenter, regardless of the number of servers.) |
| road map (TBD) |
| teams (TBD) |
| teamwork (TBD) |
| version Control (TBD) |
| Adoption |
| Checksums and change management (TBD) |
| Identifying the Team |
| Quality Assurance around cfengine |
| Special Topics Guide (TBD) |
| acl (compound body) (TBD) |
| action (compound body) (TBD) |
| association (compound body) (TBD) |
| cf2 reference |
| cf3 reference (TBD) |
| changes (compound body) (TBD) |
| classes (compound body) (TBD) |
| contain (compound body) (TBD) |
| copy_from (compound body) (TBD) |
| database_server (compound body) (TBD) |
| delete (compound body) (TBD) |
| delete_select (compound body) (TBD) |
| depth_search (compound body) (TBD) |
| edit_defaults (compound body) (TBD) |
| edit_field (compound body) (TBD) |
| file_select (compound body) (TBD) |
| insert_select (compound body) (TBD) |
| link_from (compound body) (TBD) |
| location (compound body) (TBD) |
| match_value (compound body) (TBD) |
| module |
| mount (compound body) (TBD) |
| package_method (compound body) (TBD) |
| perms (compound body) (TBD) |
| printfile (compound body) (TBD) |
| process_count (compound body) (TBD) |
| process_select (compound body) (TBD) |
| rename (compound body) (TBD) |
| replace_with (compound body) (TBD) |
| select_region (compound body) (TBD) |
| short topic (TBD) |
| tcp_ip (compound body) (TBD) |
| tidy (TBD) |
| volume (compound body) (TBD) |
| data_type (TBD) |
| history_type (TBD) |
| match_value |
| stream_type (TBD) |
| units (TBD) |
| usebundle (TBD) |
| HPC (High Performance Computing) |
| Iteration (Repeating i.e. re-iterating a promise multiple times, often with variations) |
| applications |
| column editing |
| commands and tools (Common tools used with cfengine) |
| customizing inputs |
| data types (TBD) |
| features (TBD) |
| functionality (Features and possibilities) |
| hello world (A simple cfengine get-started program) |
| iteration |
| loops in cfengine |
| naming (TBD) |
| other tools (TBD) |
| packaging (TBD) |
| parallelizing promises (Increase efficiency of promise verification by de-serializing) |
| pattern matching (TBD) |
| planning (TBD) |
| process filters (TBD) |
| regular expression matching (TBD) |
| remediation (TBD) |
| revision control (TBD) |
| scenarios (TBD) |
| searching (TBD) |
| system installation (TBD) |
| trust (A cost-saving acceptance of a possible but deemed unlikely risk.) |
| wildcards in directory names (TBD) |
| wildcards (TBD) |
| windows registry |
| pattern matching (Classifying items by the patterns they form) |
| topic maps (ISO standard electronic index with semantic annotations) |
| Hierarchies (Ranked, authoritative organizational tree structures) |
| aspect paradigm (TBD) |
| cascading (TBD) |
| heterogeneous system (Systems in which components are non-uniform) |
| hierarchical structure (TBD) |
| homogeneous system (Systems in which all components are uniform) |
| object orientation (TBD) |
| object paradigm (TBD) |
| overlapping sets |
| peer to peer network |
| service orientation (TBD) |
| BDMA (Build, Deploy, Manage, Audit, system lifecycle) |
| autonomics |
| computer immunology |
| convergent operators |
| promise theory |
| self-healing (System exhibiting automated repair and maintenance) |
| forgetrate |
| histograms |
| monitorfacility |
| tcpdump |
| tcpdumpcommand |
| anomaly detection |
| BIND (Berkeley Internet Name Domain (previously Berkeley Internet Name Daemon)) |
| DHCP (Dynamic Host Control Protocol) |
| DNS (The Domain Name Service) |
| LDAP (Lightweight Directory Access Protocol) |
| NAT (Network Address Translation) |
| NFS (Network File System) |
| connectivity (Cables and hardware) |
| routing (Router and switch configuration) |
| IP address (TBD) |
| IP chains (TBD) |
| IP tables (TBD) |
| default route (TBD) |
| dynamic addresses (TBD) |
| routing (TBD) |
| path_root (TBD) |
| representation (TBD) |
| represents (TBD) |
| web_root (TBD) |
| aix (TBD) |
| crayos (TBD) |
| darwin (TBD) |
| debian (Linux distro debian) |
| distributed system |
| distro (TBD) |
| environment variables (TBD) |
| fedora (Linux distro fedora) |
| filesystem (TBD) |
| freebsd (TBD) |
| gentoo (Linux distro gentoo) |
| gnu/linux (TBD) |
| irix (TBD) |
| linux (TBD) |
| macos X (TBD) |
| netbsd (TBD) |
| openbsd (TBD) |
| package managers (TBD) |
| redhat (Linux distro redhat) |
| shells (TBD) |
| slackware (Linux distro slackware) |
| solaris |
| sunos (TBD) |
| suse (Linux distro suse) |
| system packages (TBD) |
| system processes (TBD) |
| ubuntu (Linux distro ubuntu) |
| ultrix (TBD) |
| virtualization (TBD) |
| windows |
| output_level (TBD) |
| promiser_type (TBD) |
| package_architectures (TBD) |
| package_method |
| package_policy (TBD) |
| package_select (TBD) |
| package_version (TBD) |
| back references |
| file comparisons |
| regular expressions |
| selecting files (TBD) |
| selecting lines in a file (TBD) |
| selecting processes |
| wildcards (TBD) |
| adding users |
| build a web farm (TBD) |
| build an HPC cluster (TBD) |
| build solaris zones (TBD) |
| build virtual machines (TBD) |
| build workstation environments (TBD) |
| change detection scans (Implementing security tripwires) |
| changing passwords (Editing local system accounts) |
| compressing files |
| copy then edit (Copy a file template and then custom-edit it) |
| create a tripwire (Creating a tripwire for unauthorized changes) |
| creating files |
| creating network roles (TBD) |
| dealing with a firewall |
| distribute root passwords |
| distributed scheduling (Coordinating times and places for job execution) |
| editing files |
| editing tabular files |
| file copying |
| file distribution (Copying software or data from remote systems) |
| garbage collection (Tidying and deleting files) |
| generate root passwords (TBD) |
| host network configuration |
| how to setup mail transfer agent (TBD) |
| integrate cfengine with jumpstart/kickstart (TBD) |
| job scheduling (Deciding the time and place for a job to be executed) |
| killing processes |
| legacy systems (managing legacy systems with cfengine) |
| log rotation (The procedure of periodically renaming logs retaining the history of the last N periods) |
| logging |
| patching systems (Deploying and installing targeted changes with version control) |
| remote copy |
| remove dead links |
| removing users |
| replication (Mass producing almost identical configurations) |
| restart a server |
| scheduling (Deciding the time and place for a job to be executed) |
| set up DNS server (TBD) |
| set up a PXE boot server (TBD) |
| set up a neighbourhood watch (Implement redundant change detection) |
| set up a web server |
| set up name resolution (Configure IP <-> name resolution) |
| set up resolv.conf (TBD) |
| set values (Setting the values of variables in configration files) |
| setting values (Setting configuration parameters in files) |
| setup |
| software deployment (TBD) |
| ssh key distribution |
| starting (Starting processes or services) |
| stopping (Stopping processes or services) |
| synchronizing files (Making target files exact copies of a trusted source) |
| system hardening (Cleaning up unnecessary potential vulnerabilities present in the default configurations of systems) |
| troubleshooting (Diagnosing behaviour) |
| process_count |
| process_select |
| process_stop (TBD) |
| restart_class (TBD) |
| signals (TBD) |
| actions |
| agents |
| announcements |
| associations |
| behaviours |
| body-constaint (TBD) |
| body-constraint |
| body-type |
| bundles (TBD) |
| causative relationships |
| communicated information |
| conceptual relationships |
| conditional promises |
| dependencies |
| facts |
| intentions |
| location relationships |
| occurrence-types |
| occurrences (TBD) |
| policy (A declared set of intentions describing how systems should behave) |
| promise body |
| promise proposals |
| promise-type |
| promisee |
| promiser |
| promises (TBD) |
| roles (TBD) |
| services (TBD) |
| stories |
| structural relationships |
| subjects (An abstraction for any things that can be discussed) |
| topic-instances |
| topic-types |
| topics (TBD) |
| type-instances |
| versions |
| voluntary cooperation |
| workflows |
| * (TBD) |
| access (TBD) |
| classes (TBD) |
| commands |
| databases |
| delete_lines |
| environments (TBD) |
| field_edits (TBD) |
| files |
| insert_lines |
| interfaces (TBD) |
| measurements |
| methods |
| occurrences |
| outputs (TBD) |
| packages |
| processes |
| replace_patterns |
| reports |
| roles (TBD) |
| services |
| storage (TBD) |
| topics |
| vars |
| bundle contains promiser (TBD) |
| bundle reference (TBD) |
| has current exemplars (TBD) |
| is a promise made by (TBD) |
| is a promise of type (TBD) |
| makes promise of type (TBD) |
| makes promises (TBD) |
| occurs in bundle (TBD) |
| promises have been made by (TBD) |
| used in promise (TBD) |
| replace_with |
| aggregation_point |
| auto_scaling |
| csv2xml |
| error_bars |
| html_embed |
| report_output |
| reports (TBD) |
| time_stamps |
| friend_pattern (TBD) |
| lastseen (TBD) |
| printfile |
| report_to_file (TBD) |
| showstate (TBD) |
| models of knowledge (TBD) |
| models of organization |
| models of system administration (TBD) |
| authorize (TBD) |
| background_children |
| encrypt (TBD) |
| force_ipv4 (TBD) |
| hosts |
| output_to_file |
| trustkey (TBD) |
| DMZ (TBD) |
| access control (TBD) |
| authentication (TBD) |
| checksums (TBD) |
| digest (TBD) |
| digests (TBD) |
| encryption (TBD) |
| firewalls (TBD) |
| friend status (TBD) |
| hash (TBD) |
| hashes (TBD) |
| instrumentation (TBD) |
| key exchange (TBD) |
| lastseen (TBD) |
| permission (TBD) |
| privacy (TBD) |
| private keys (TBD) |
| public private keys |
| publickeys (TBD) |
| role based access control |
| tamperproof system (TBD) |
| trust in cfengine (TBD) |
| trusted third party (TBD) |
| allowallconnects |
| allowconnects |
| allowusers |
| cfruncommand |
| denybadclocks |
| denyconnects |
| dynamicaddresses |
| keycacheTTL |
| logallconnections |
| logencryptedtransfers |
| port |
| serverfacility |
| skipverify |
| trustkeysfrom |
| application services (Software running on servers) |
| boot services (Boot services are a way of booting a computer directly from the network) |
| installation (Installing computers from bare metal) |
| monitoring (Pseudo-real-time status information about system components) |
| network services (Network connectivity and availability) |
| application services (TBD) |
| network services (TBD) |
| service_dependencies (TBD) |
| service_method |
| service_policy (TBD) |
| bash (TBD) |
| csh (TBD) |
| ksh (TBD) |
| tcsh (TBD) |
| zsh (TBD) |
| NFS (Network File System (storage)) |
| samba (The Unix service for integrating with MS Windows) |
| mount |
| volume |
| bodies (A modular collection of body constraints for re-use) |
| body constraints (The attributes that cfengine enables you to promise about the promiser) |
| bundles (A modular collection of promises of different types) |
| comments (TBD) |
| contexts (Class expressions that say where or when a promise applies) |
| functions (In-built functions that may be used to set variables or classes) |
| promise types (The types of promise that cfengine can keep) |
| promisees (Recipients of a promise, i.e. promise handles, or persons) |
| promisers (The objects affected by a promise) |
| promises (Complete occurrences of promiser + promisee + promise-body) |
| values (Formal rvalues in constraint assignments and their legal ranges) |
| available patches report (Patches already installed on system) |
| classes report (User defined classes observed on the system) |
| compliance report (Total summary of host compliance) |
| file_changes report (Latest observed changes to system files) |
| file_diffs report (Latest observed differences to system files) |
| hashes report (File hash values measured (change detection)) |
| installed patches report (Patches not yet installed, but published by vendor) |
| installed software report (Software already installed on system) |
| lastseen report (Time and frequency of communications with peers) |
| license report (License utilization statistics) |
| micro-audit report (Generated by cfengine self-auditing) |
| monitor summary report (Pseudo-real-time measurement) |
| performance report (Time cost of verifying system promises) |
| promise report (Per-promise average compliance report) |
| promises not kept report (Promises that were recently unkept) |
| promises repaired report (Promises that were recently repaired) |
| setuid report (Known setuid programs found on system) |
| value report (Value estimate / ROI of cfengine configuration) |
| variables report (Current variable values expanded on different hosts) |
| arrays |
| automation |
| availability |
| budget (TBD) |
| cfengine components (TBD) |
| crises and fire fighting (TBD) |
| data types (TBD) |
| distributed system (TBD) |
| entropy (A measure of the variation in an observation) |
| faults (Error messages and conditions) |
| files (Notable or special files and types) |
| functions (TBD) |
| global variables (TBD) |
| intermittency (The entropy of availability of a service) |
| lists |
| modules |
| normal operational behaviour (TBD) |
| redundancy (TBD) |
| reliability (TBD) |
| research (CFEngine research) |
| resources (TBD) |
| rollback (Refers to the belief that one can reverse errors by imitating transaction control in computer management.) |
| software |
| symptoms (TBD) |
| template (TBD) |
| unusual operational behaviour (TBD) |
| variables |
| versions (TBD) |
| linear topic map notation |
| the tao (topics, associations and occurrences) |
| association |
| a cfengine class expression (Should match the generic pattern [a-zA-Z0-9_!&|.()]+, i.e. an alphanumeric string with option underscores and logical operators) |
| a cfengine identifier (Should match the generic pattern [a-zA-Z0-9_$.]+, i.e. an alphanumeric string with option underscores) |
| a file path (Should match the generic pattern [cC]:\.*|/.*, i.e. a system file path suitable for the target system) |
| a positive integer (Should match the generic pattern 0,99999999999, i.e. a number between zero and the maximum value) |
| a single character (Should match the generic pattern ^.$, i.e. one symbol) |
| a syslog level (Should match the generic pattern LOG_USER,LOG_DAEMON,LOG_LOCAL0,LOG_LOCAL1,LOG_LOCAL2,LOG_LOCAL3,LOG_LOCAL4,LOG_LOCAL5,LOG_LOCAL6,LOG_LOCAL7, i.e. a syslog constant) |
| a time range (Should match the generic pattern 0,2147483648, i.e. a value from zero to a maximum system time -- but you should use time functions to convert this) |
| a user/group id (Should match the generic pattern [a-zA-Z0-9_$.-]+, i.e. an alphanumeric string with option underscores and hyphens) |
| action (TBD) |
| an arbitrary string (Should match the generic pattern , i.e. unspecified characters) |
| associates (List of associated topics by this forward relationship) |
| audit (true/false switch for detailed audit records of this promise) |
| background (true/false switch for parallelizing the promise repair) |
| backward_relationship (Name of backward/inverse association from associates to promiser topic) |
| boolean (Should match the generic pattern true,false,yes,no,on,off, i.e. a positive or a negative) |
| check_root (true/false check permissions on the root directory when depth_search) |
| classes |
| comment |
| compare (Menu option policy for comparing source and image file attributes) |
| copy_size (Integer range of file sizes that may be copied) |
| copylink_patterns (List of patterns matching files that should be linked instead of copied) |
| db_server_host (Hostname or address for connection to database, blank means localhost) |
| db_server_password (Clear text password for database connection) |
| db_server_type (The dialect of the database server) |
| delete_if_contains_from_list (Delete line if a regex in the list match a line fragment) |
| delete_if_match_from_list (Delete line if it fully matches a regex in the list) |
| delete_if_not_contains_from_list (Delete line if a regex in the list DOES NOT match a line fragment) |
| delete_if_not_match_from_list (Delete line if it DOES NOT fully match a regex in the list) |
| delete_if_not_startwith_from_list (Delete line if it DOES NOT start with a string in the list) |
| depends_on |
| disable_mode (The permissions to set when a file is disabled) |
| disable_suffix (The suffix to add to files when disabling (.cfdisabled)) |
| env_baseline (The path to an image with which to baseline the virtual environment) |
| env_disk (Amount of secondary storage (DISK) in the virtual environment) |
| env_memory (Amount of primary storage (RAM) in the virtual environment) |
| env_name (The hostname of the virtual environment) |
| env_network (The hostname of the virtual network) |
| exclude_dirs (List of regexes of directory names NOT to include in depth search) |
| exec_group (The group name or id under which to run the process) |
| exec_timeout (Timeout in seconds for command completion) |
| expireafter (Number of minutes before a repair action is interrupted and retried) |
| extend_fields (true/false add new fields at end of line if necessary to complete edit) |
| extraction_regex (Regular expression that should contain a single backreference for extracting a value) |
| field_operation (Menu option policy for editing subfields) |
| field_value (Set field value to a fixed value) |
| file_result (Logical expression combining classes defined by file search criteria) |
| force_ipv4 (true/false force use of ipv4 on ipv6 enabled network) |
| force_update (true/false force copy update always) |
| freespace (Absolute or percentage minimum disk space that should be available before warning) |
| handle |
| ifvarclass |
| include_basedir (true/false include the start/root dir of the search results) |
| include_dirs (List of regexes of directory names to include in depth search) |
| insert_if_contains_from_list (Insert line if a regex in the list match a line fragment) |
| insert_if_match_from_list (Insert line if it fully matches a regex in the list) |
| insert_if_not_contains_from_list (Insert line if a regex in the list DOES NOT match a line fragment) |
| insert_if_not_match_from_list (Insert line if it DOES NOT fully match a regex in the list) |
| insert_if_not_startwith_from_list (Insert line if it DOES NOT start with a string in the list) |
| integer (Should match the generic pattern -99999999999,9999999999, i.e. a number between the minus and positive maximum values) |
| link type (Should match the generic pattern symlink,hardlink,relative,absolute,none, i.e. a support link type) |
| link_children (true/false whether to link all directory's children to source originals) |
| link_type (Menu option for type of links to use when copying) |
| link_type (The type of link used to alias the file) |
| log_level (The reporting level sent to syslog) |
| log_string (A message to be written to the log when a promise verification leads to a repair) |
| match_range (Integer range for acceptable number of matches for this process) |
| max_file_size (Do not edit files bigger than this number of bytes) |
| mode (File permissions (like posix chmod)) |
| mount_options (List of option strings to add to the file system table ("fstab")) |
| mount_type (Protocol type of remote file system) |
| newname (The desired name for the current file) |
| no_output (true/false discard all output from the command) |
| out_of_range_define (List of classes to define if the matches are out of range) |
| owners (List of acceptable owners or user ids, first is change target) |
| package_changes (Menu option - whether to group packages into a single aggregate command) |
| package_file_repositories (A list of machine-local directories to search for packages) |
| package_installed_regex (Regular expression which matches packages that are already installed) |
| package_list_arch_regex (Regular expression with one backreference to extract package architecture string) |
| package_list_command (Command to obtain a list of available packages) |
| package_list_update_command (Command to update the list of available packages (if any)) |
| package_list_update_ifelapsed (The ifelapsed locking time in between updates of the package list) |
| package_list_version_regex (Regular expression with one backreference to extract package version string) |
| package_multiline_start (Regular expression which matches the start of a new package in multiline output) |
| package_name_convention (This is how the package manager expects the package to be referred to, e.g. $(name).$(arch)) |
| package_name_regex (Regular expression with one backreference to extract package name string) |
| package_noverify_regex (Regular expression to match verification failure output) |
| package_noverify_returncode (Integer return code indicating package verification failure) |
| package_patch_arch_regex (Regular expression with one backreference to extract update architecture string) |
| package_patch_command (Command to update to the latest patch release of an installed package) |
| package_patch_list_command (Command to obtain a list of available patches or updates) |
| package_patch_version_regex (Regular expression with one backreference to extract update version string) |
| package_update_command (Command to update to the latest version a currently installed package) |
| path_name (List of pathnames to match acceptable target) |
| pgid (Range of integers matching the parent group id of a process) |
| pid (Range of integers matching the process id of a process) |
| portnumber (Port number to connect to on server host) |
| posix file mode or permission (Should match the generic pattern [0-7augorwxst,+-]+, i.e. something that you would give as an argument to chmod) |
| ppid (Range of integers matching the parent process id of a process) |
| priority (Range of integers matching the priority field (PRI/NI) of a process) |
| process_result (Boolean class expression returning the logical combination of classes set by a process selection test) |
| purge (true/false purge files on client that do not match files on server when depth_search) |
| real number (Should match the generic pattern -9.99999E100,9.99999E100, i.e. a number between the minus and positive maximum values) |
| recognize_join (Join together lines that end with a backslash, up to 4kB limit) |
| report_diffs (Generate reports summarizing the major differences between individual text files) |
| report_level (The reporting level for standard output) |
| rmdeadlinks (true/false remove links that point to nowhere) |
| rotate (Maximum number of file rotations to keep) |
| rxdirs (true/false add execute flag for directories if read flag is set) |
| scan_arrivals (true/false generate pseudo-periodic disk change arrival distribution) |
| search_bsdflags (String of flags for bsd file system flags expected set) |
| search_groups (List of acceptable group names or ids for the file, or regexes to match) |
| search_size (Integer range of file sizes) |
| select_end (Regular expression matches end of edit region from start) |
| select_field (Integer index of the field required 1..n) |
| select_line_number (Read from the n-th line of the output (fixed format)) |
| select_region |
| select_start (Regular expression matching start of edit region) |
| sensible_count (Minimum number of files that should be defined on a sensible-looking storage device) |
| service_autostart_policy (Should the service be started automatically by the OS) |
| source (The source file to which the link should point) |
| status (Regular expression matching the status field of a process) |
| stealth (true/false whether to preserve time stamps on copied file) |
| stime_range (Range of integers matching the start time of a process) |
| system signals (Should match the generic pattern hup,int,trap,kill,pipe,cont,abrt,stop,quit,term,child,usr1,usr2,bus,segv, i.e. a unix signal name) |
| threads (Range of integers matching the threads (NLWP) field of a process) |
| timer_policy (Whether a persistent class restarts its counter when rediscovered) |
| track_growing_file (If true, cfengine remembers the position to which is last read when opening the file, and resets to the start if the file has since been truncated) |
| traverse_links (true/false traverse symbolic links to directories (false)) |
| trustkey (true/false trust public keys from remote server if previously unknown) |
| type_check (true/false compare file types before copying and require match) |
| umask (The umask value for the child process) |
| unmount (true/false unmount a previously mounted filesystem) |
| value_notkept (A real number value (possibly negative) attributed to not keeping this promise) |
| value_repaired (A real number value attributed to reparing this promise) |
| verify (true/false verify transferred file by hashing after copy (resource penalty)) |
| vsize (Range of integers matching the virtual memory size of a process, in kilobytes) |
| when_linking_children (Policy for overriding existing files when linking directories of children) |
| xdev (true/false exclude directories that are on different devices) |
| ilist (TBD) |
| int (TBD) |
| policy (TBD) |
| real (TBD) |
| rlist (TBD) |
| slist (TBD) |
| string (TBD) |