Forum: Cfengine Help
Subject: Re: Questions about the reference manual
Author: mwlarsen
Link to topic: https://cfengine.com/forum/read.php?3,18107,18134#msg-18134
Thanks for your reply, Diego. I'm having trouble with this explanation and was
hoping you could break it down a little more.
zzamboni Wrote:
> Coming back to functions: some body arguments need
> more than a single value to completely specify
> their meaning, and in this case they are
> modularized into separate functions. For example:
What is a "body argument?" I don't see the term used in the tutorials or the
reference manual.
> files:
> # Copy inputs
> "/var/cfengine/inputs"
> perms => usystem("0600", "root"),
> copy_from => umycopy("${inputs}"),
> depth_search => urecurse("inf");
> ...
> # somewhere else in the policy
> body depth_search urecurse(d)
> {
> depth => "${d}";
> exclude_dirs => { "\.svn", "\.git" };
> }
>
> body perms usystem(p,o)
> {
> mode => "${p}";
> owners => { "${o}" };
> groups => { "${o}" };
> }
>
> body copy_from umycopy(from)
> {
> source => "${from}";
> compare => "digest";
> verify => "true";
> purge => "false";
> trustkey => "true";
> }
So in this example, which is the function:
perms => usystem("0600", "root"),
or
body perms usystem(p,o)
or neither (or both)?
Or is:
body perms usystem(p,o)
{
...all the other stuff...
}
the function? If the latter is the case, what is the purpose of:
perms => usystem("0600", "root"),?
I suspect a large part of the source of my confusion is that I'm not following
the whole "function" concept. Or at least what it is that constitutes a
function.
> In this example, usystem(), urecurse() and
> umycopy() are parameterized (meaning: you can pass
> arguments to them) bodies that allow you to
> specify more complex values for the "perms",
> "copy_from" and "depth_search" parameters of the
> "/var/cfengine/inputs" promise. The parameters you
> give to them (e.g. "0600" and "root" in the case
> of usystem) will be passed to the corresponding
> body and used as specified there. The parameter
> names in a promise are fixed and defined by the
> promise type (you can look up perms, copy_from and
> depth_search in the manual), but the right-hand
> names (usystem, urecurse and umycopy in this
> example) are arbitrary and defined by you.
I'm pretty sure I expressed my inability to grasp this question in another
thread, but I'll repeat it here because I'm still beating my head against it.
Why do you have, for example:
depth_search => urecurse("inf");
body depth_search urecurse(d)
{
depth => "${d}";
exclude_dirs => { "\.svn", "\.git" };
}
Rather than just:
body depth_search urecurse("inf")
{
exclude_dirs => { "\.svn", "\.git" };
}
>
> Classes:
This one I understand completely, your explanation is crystal clear. Thank you.
> Finally, classes. "Boolean classifier" simply
> means that classes are either true or false (a
> boolean value). They cannot contain any other
> values, but they can be arbitrary names that
> describe any property that you may want to use to
> control the execution of the cfengine policy. For
> example:
>
> commands:
> windows::
> "c:\Program
> Files\somedirectory\someprogram.exe";
> linux::
> "/usr/bin/someprogram";
>
> In this case, "windows" and "linux" are both
> classes that cfengine automatically defines
> (called "hard classes") based on the type of
> system in which it is running. Cfengine defines a
> whole bunch of hard classes every time it runs,
> which allow you to easily test for the type of
> system you are running, its network configuration,
> the time of day/week/month/year, etc. Of course,
> you can also define your own classes (called "soft
> classes") based on anything else you want to do
> during the execution of a cfengine policy. For
> example:
>
> classes:
> # Is the cfengine key properly initialized?
> "have_ppkeys" expression =>
> fileexists("$(sys.workdir)/ppkeys/localhost.pub");
>
> commands:
> # If the keys have not been generated, do that
> now
> !have_ppkeys::
> "/usr/local/sbin/cf-key";
>
> In this case, the have_ppkeys class will be
> defined (true) if the
> /var/cfengine/ppkeys/localhost.pub key exists, and
> undefined (false) if it doesn't. Then, in the
> commands section, the command to produce that file
> will be run if the class is undefined.
...
> --
> Diego Zamboni
> http://blog.zzamboni.org/
> @zzamboni
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
