Quick Reference Guide for CFEngine 3
CFEngine-Reference
COMPLETE TABLE OF CONTENTS
Summary of contents
1 Command reference
1.1 cf-promises - CFEngine's promise analyzer
The promise agent is a validator and analysis tool for
configuration files belonging to any of the components
of CFEngine. Configurations that make changes must be
approved by this validator before being executed.
- ‘--help’
- (-h) - Print the help message
- ‘--bundlesequence’
- (-b value) - Use the specified bundlesequence for verification
- ‘--debug’
- (-d value) - Set debugging level 0,1,2,3
- ‘--verbose’
- (-v) - Output verbose information about the behaviour of the agent
- ‘--dry-run’
- (-n) - All talk and no action mode - make no changes, only inform of promises not kept
- ‘--version’
- (-V) - Output the version of the software
- ‘--file’
- (-f value) - Specify an alternative input file than the default
- ‘--define’
- (-D) value - Define a list of comma separated classes to be defined at the start of execution
- ‘--negate’
- (-N) value - Define a list of comma separated classes to be undefined at the start of execution
- ‘--inform’
- (-I) - Print basic information about changes made to the system, i.e. promises repaired
- ‘--diagnostic’
- (-x) - Activate internal diagnostics (developers only)
- ‘--analysis’
- (-a) - Perform additional analysis of configuration
- ‘--reports’
- (-r) - Generate reports about configuration
Debug levels: 1=parsing, 2=running, 3=summary, 4=expression eval
1.2 cf-agent - CFEngine's change agent
The main CFEngine agent is the instigator of change
in the system. In that sense it is the most important
part of the CFEngine suite.
- ‘--bootstrap’
- (-B) - Bootstrap/repair a CFEngine configuration from failsafe file in the current directory
- ‘--bundlsequence’
- (-b) - Set or override bundlesequence from command line
- ‘--debug’
- (-d value) - Set debugging level 0,1,2,3
- ‘--define’
- (-D value) - Define a list of comma separated classes to be defined at the start of execution
- ‘--diagnostic’
- (-x) - Activate internal diagnostics (developers only)
- ‘--dry-run’
- (-n) - All talk and no action mode - make no changes, only inform of promises not kept
- ‘--file’
- (-f value) - Specify an alternative input file than the default
- ‘--help’
- (-h) - Print the help message
- ‘--inform’
- (-I) - Print basic information about changes made to the system, i.e. promises repaired
- ‘--negate’
- (-N value) - Define a list of comma separated classes to be undefined at the start of execution
- ‘--no-lock’
- (-K) - Ignore locking constraints during execution (ifelapsed/expireafter) if "too soon" to run
- ‘--policy-server’
- (-B) - Define the server name or IP address of the a policy server (for use with bootstrap).
- ‘--verbose’
- (-v) - Output verbose information about the behaviour of the agent
- ‘--version’
- (-V) - Output the version of the software
Debug levels: 1=parsing, 2=running, 3=summary, 4=expression eval
1.3 cf-serverd - CFEngine's server agent
The server daemon provides two services: it acts as a
file server for remote file copying and it allows an
authorized cf-runagent to start a cf-agent process and
set certain additional classes with role-based access
control.
- ‘--help’
- (-h) - Print the help message
- ‘--debug’
- (-d value) - Set debugging level 0,1,2,3
- ‘--verbose’
- (-v) - Output verbose information about the behaviour of the agent
- ‘--version’
- (-V) - Output the version of the software
- ‘--file’
- (-f value) - Specify an alternative input file than the default
- ‘--define’
- (-D value) - Define a list of comma separated classes to be defined at the start of execution
- ‘--negate’
- (-N value) - Define a list of comma separated classes to be undefined at the start of execution
- ‘--no-lock’
- (-K) - Ignore locking constraints during execution (ifelapsed/expireafter) if "too soon" to run
- ‘--inform’
- (-I) - Print basic information about changes made to the system, i.e. promises repaired
- ‘--diagnostic’
- (-x) - Activate internal diagnostics (developers only)
- ‘--no-fork’
- (-F) - Run as a foreground processes (do not fork)
- ‘--ld-library-path’
- (-L value) - Set the internal value of LD_LIBRARY_PATH for child processes
Debug levels: 1=parsing, 2=running, 3=summary, 4=expression eval
1.4 cf-execd - CFEngine's execution agent
The executor daemon is a scheduler and wrapper for
execution of cf-agent. It collects the output of the
agent and can email it to a specified address. It can
splay the start time of executions across the network
and work as a class-based clock for scheduling.
- ‘--help’
- (-h) - Print the help message
- ‘--debug’
- (-d value) - Set debugging level 0,1,2,3
- ‘--verbose’
- (-v) - Output verbose information about the behaviour of the agent
- ‘--dry-run’
- (-n) - All talk and no action mode - make no changes, only inform of promises not kept
- ‘--version’
- (-V) - Output the version of the software
- ‘--file’
- (-f value) - Specify an alternative input file than the default
- ‘--define’
- (-D value) - Define a list of comma separated classes to be defined at the start of execution
- ‘--negate’
- (-N value) - Define a list of comma separated classes to be undefined at the start of execution
- ‘--no-lock’
- (-K) - Ignore locking constraints during execution (ifelapsed/expireafter) if "too soon" to run
- ‘--inform’
- (-I) - Print basic information about changes made to the system, i.e. promises repaired
- ‘--diagnostic’
- (-x) - Activate internal diagnostics (developers only)
- ‘--no-fork’
- (-F) - Run as a foreground processes (do not fork)
- ‘--no-winsrv’
- (-W) - Do not run as a service on windows - use this when running from a command shell (commercial editions only)
- ‘--ld-library-path’
- (-L value) - Set the internal value of LD_LIBRARY_PATH for child processes
Debug levels: 1=parsing, 2=running, 3=summary, 4=expression eval
1.5 cf-monitord - CFEngine's monitoring agent
The monitoring agent is a machine-learning, sampling
daemon which learns the normal state of the current
host and classifies new observations in terms of the
patterns formed by previous ones. The data are made
available to and read by cf-agent for classification
of responses to anomalous states.
- ‘--help’
- (-h) - Print the help message
- ‘--debug’
- (-d value) - Set debugging level 0,1,2,3
- ‘--verbose’
- (-v) - Output verbose information about the behaviour of the agent
- ‘--dry-run’
- (-n) - All talk and no action mode - make no changes, only inform of promises not kept
- ‘--version’
- (-V) - Output the version of the software
- ‘--no-lock’
- (-K) - Ignore system lock
- ‘--file’
- (-f value) - Specify an alternative input file than the default
- ‘--inform’
- (-I) - Print basic information about changes made to the system, i.e. promises repaired
- ‘--diagnostic’
- (-x) - Activate internal diagnostics (developers only)
- ‘--no-fork’
- (-F) - Run process in foreground, not as a daemon
- ‘--histograms’
- (-H) - Store informatino about histograms / distributions
- ‘--tcpdump’
- (-T) - Interface with tcpdump if available to collect data about network
Debug levels: 1=parsing, 2=running, 3=summary,
1.6 cf-runagent - Run agent
The run agent connects to a list of running instances of
the cf-serverd service. The agent allows a user to
forego the usual scheduling interval for the agent and
activate cf-agent on a remote host. Additionally, a user
can send additional classes to be defined on the remote
host. Two kinds of classes may be sent: classes to decide
on which hosts the agent will be started, and classes that
the user requests the agent should define on execution.
The latter type is regulated by cfserverd's role based
access control.
- ‘--help’
- (-h) - Print the help message
- ‘--background’
- (-b value) - Parallelize connections (50 by default)
- ‘--debug’
- (-d value) - Set debugging level 0,1,2,3
- ‘--verbose’
- (-v) - Output verbose information about the behaviour of the agent
- ‘--dry-run’
- (-n) - All talk and no action mode - make no changes, only inform of promises not kept
- ‘--version’
- (-V) - Output the version of the software
- ‘--file’
- (-f value) - Specify an alternative input file than the default
- ‘--define-class’
- (-D value) - Define a list of comma separated classes to be sent to a remote agent
- ‘--select-class’
- (-s value) - Define a list of comma separated classes to be used to select remote agents by constraint
- ‘--inform’
- (-I) - Print basic information about changes made to the system, i.e. promises repaired
- ‘--remote-options’
- (-o value) - Pass options to a remote server process
- ‘--diagnostic’
- (-x) - Activate internal diagnostics (developers only)
- ‘--hail’
- -H value - Hail the following comma-separated lists of hosts, overriding default list
- ‘--interactive’
- (-i) - Enable interactive mode for key trust
- ‘--query’
- (-q value) - Query a server for a knowledge menu (commercial editions only)
- ‘--timeout’
- (-t value) - Connection timeout, seconds
Debug levels: 1=parsing, 2=running, 3=summary, 4=expression eval
1.7 cf-report - CFEngine's reporting agent
The reporting agent is a merger between the older
CFEngine programs cfshow and cfenvgraph. It outputs
data stored in CFEngine's embedded databases in human
readable form.
- ‘--help’
- (-h) - Print the help message
- ‘--class-regex’
- (-c value) - Specify a class regular expression to search for
- ‘--csv’
- (-C) - Enable CSV output mode in hub queries
- ‘--debug’
- (-d value) - Set debugging level 0,1,2,3
- ‘--verbose’
- (-v) - Output verbose information about the behaviour of the agent
- ‘--inform’
- (-I) - Output information about actions performed by the agent
- ‘--version’
- (-V) - Output the version of the software
- ‘--no-lock’
- (-K) - Ignore ifelapsed locks
- ‘--file’
- (-f value) - Specify an alternative input file than the default
- ‘--hostkey’
- (-k value) - Specify a hostkey to lookup
- ‘--html’
- (-H) - Print output in HTML
- ‘--xml’
- (-X) - Print output in XML
- ‘--version’
- (-V) - Print version string for software
- ‘--purge’
- (-P) - Purge data about peers not seen beyond the threshold horizon for assumed-dead
- ‘--erasehistory’
- (-E value) - Erase historical data from the cf-monitord monitoring database
- ‘--nova-export’
- (-x value) - Export Nova reports to file - delta or full report (commercial editions only)
- ‘--nova-import’
- (-i value) - Import Nova reports from file - specify the path (only on Nova policy hub)
- ‘--outputdir’
- (-o value) - Set output directory for printing graph data
- ‘--promise-handle’
- (-p value) - Specify a promise-handle to look up
- ‘--query-hub’
- (-q value) - Query hub database interactively with optional regex search string
- ‘--titles’
- (-t) - Add title data to generated graph files
- ‘--timestamps’
- (-T) - Add a time stamp to directory name for graph file data
- ‘--resolution’
- (-R) - Print graph data in high resolution
- ‘--show’
- (-1 value) - Show data matching named criteria (software,variables,classes)
- ‘--syntax’
- (-S) - Print a syntax summary for this CFEngine version
- ‘--syntax-export’
- (-s) - Export a syntax tree in Javascript format
- ‘--no-error-bars’
- (-e) - Do not add error bars to the printed graphs
- ‘--no-scaling’
- (-n) - Do not automatically scale the axes
- ‘--remove-hosts,’
- (-r value) - Remove comma separated list of IP address entries from the hosts-seen database
1.8 cf-know - CFEngine's knowledge agent
The knowledge management agent is capable of building
an analysing a semantic knowledge network. It can
configure a relational database to contain an ISO
standard topic map and permit regular-expression based
searching of the map. Analysis of the semantic network
can be performed providing graphical output of the data,
and cfknow can assemble and converge the reference manual
for the current version of the CFEngine software.
- ‘--help’
- (-h) - Print the help message
- ‘--build’
- (-b) - Build and store topic map in the CFDB
- ‘--debug’
- (-d value) - Set debugging level 0,1,2,3
- ‘--verbose’
- (-v) - Output verbose information about the behaviour of the agent
- ‘--version’
- (-V) - Output the version of the software
- ‘--file’
- (-f value) - Specify an alternative input file than the default
- ‘--manual’
- (-m) - Generate reference manual from internal data
- ‘--manpage’
- (-M) - Generate reference manpage from internal data
- ‘--stories’
- (-z value) - Look up stories for a given topic on the command line
- ‘--syntax’
- (-S value) - Print a syntax summary of the optional keyword or this CFEngine version
- ‘--topics’
- (-T) - Show all topic names in CFEngine
- ‘--test’
- (-t value) - Generate test data
- ‘--removetest’
- (-r) - Remove test data
- ‘--updatetest’
- (-u) - Update test data
Debug levels: 1=parsing, 2=running, 3=summary, 4
1.9 cf-key
- ‘--help’
- (-h) - Print the help message
- ‘--debug’
- (-d value) - Set debugging level 0,1,2,3
- ‘--verbose’
- (-v) - Output verbose information about the behaviour of the agent
- ‘--version’
- (-V) - Output the version of the software
- ‘--output-file’
- (-f value) - Specify an alternative output file than the default (localhost.*)
- ‘--show-hosts’
- (-s) - Show lastseen hostnames and IP addresses
- ‘--remove-keys’
- (-r value) - Remove keys for specified hostname/IP from lastseen database