Table of contents
This policy is inventory related to linux hosts.
common bodies
inventory_linux
Prototype: inventory_linux
Description: Linux inventory
This common bundle is for Linux inventory work.
Provides: systemd class based on linktarget of /proc/1/cmdline
Implementation:
code
bundle common inventory_linux
{
vars:
have_proc_device_tree::
"_model_path" string => "/proc/device-tree/model";
"proc_device_tree_model" string => readfile("$(_model_path)"),
if => fileexists("$(_model_path)"),
comment => "Read model from $(_model_path) because it's not available from DMI",
meta => { "inventory", "attribute_name=System version" };
"_serial_number_path" string => "/proc/device-tree/serial-number";
"proc_device_tree_serial_number" string => readfile("$(_serial_number_path)"),
if => fileexists("$(_serial_number_path)"),
comment => "Read serial number from $(_serial_number_path) because it's not available from DMI",
meta => { "inventory", "attribute_name=System serial number" };
has_proc_1_cmdline::
"proc_1_cmdline_split" slist => string_split(readfile("/proc/1/cmdline", "512"), " ", "2"),
comment => "Read /proc/1/cmdline and split off arguments";
"proc_1_cmdline" string => nth("proc_1_cmdline_split", 0),
comment => "Get argv[0] of /proc/1/cmdline";
# this is the same as the original file for non-links
"proc_1_process" string => filestat($(proc_1_cmdline), "linktarget");
any::
"proc_routes" data => data_readstringarrayidx("/proc/net/route",
"#[^\n]*","\s+",40,4k),
if => fileexists("/proc/net/route");
"routeidx" slist => getindices("proc_routes");
"dgw_ipv4_iface" string => "$(proc_routes[$(routeidx)][0])",
comment => "Name of the interface where default gateway is routed",
if => strcmp("$(proc_routes[$(routeidx)][1])", "00000000");
linux::
"nfs_servers" -> { "CFE-3259" }
comment => "NFS servers (to list hosts impacted by NFS outages)",
slist => maplist( regex_replace( $(this) , ":.*", "", "g"),
# NFS server is before the colon (:), that's all we want
# e.g., nfs.example.com:/vol/homedir/user1 /home/user1 ...
# ^^^^^^^^^^^^^^^
grep( ".* nfs .*",
readstringlist("/proc/mounts", "", "\n", inf, inf)
)
),
if => fileexists( "/proc/mounts" );
"nfs_server[$(nfs_servers)]"
string => "$(nfs_servers)",
meta => { "inventory", "attribute_name=NFS Server" };
classes:
any::
"has_proc_1_cmdline" expression => fileexists("/proc/1/cmdline"),
comment => "Check if we can read /proc/1/cmdline";
"inventory_have_python_symlink" expression => fileexists("$(sys.bindir)/cfengine-selected-python");
has_proc_1_cmdline::
"systemd" expression => strcmp(lastnode($(proc_1_process), "/"), "systemd"),
comment => "Check if (the link target of) /proc/1/cmdline is systemd";
inventory_have_python_symlink::
"cfe_python_for_package_modules_supported" -> { "CFE-2602", "CFE-3512", "ENT-10248" }
comment => concat( "Here we see if the version of python found is",
" acceptable ( 3.x or 2.4 or greater ) for package",
" modules. We use this guard to prevent errors",
" related to missing python modules."),
expression => returnszero("$(sys.bindir)/cfengine-selected-python -V 2>&1 | grep ^Python | cut -d' ' -f 2 | ( IFS=. read v1 v2 v3 ; [ $v1 -ge 3 ] || [ $v1 -eq 2 -a $v2 -ge 4 ] )",
useshell);
}
monitor bundles
measure_entropy_available
Prototype: measure_entropy_available
Description: Measure amount of entropy available
Implementation:
code
bundle monitor measure_entropy_available
{
measurements:
linux::
# A lack of entropy can cause agents to hang
"/proc/sys/kernel/random/entropy_avail" -> { "ENT-6495", "ENT-6494" }
if => fileexists( "/proc/sys/kernel/random/entropy_avail" ),
handle => "entropy_avail",
stream_type => "file",
data_type => "int",
units => "bits",
history_type => "weekly",
match_value => single_value("\d+"),
comment => "Amount of entropy available";
}