SlideShare a Scribd company logo

What is new in CFEngine 3.6

RUDDER
RUDDER

This talk will introduce new CFEngine 3.6 features, we have these bullet points: User promises TLS protocol Math expressions Dynamic inputs New language functions Tags Data containers File templating Presentation by Kristian Amlie of CFEngine, given at CfgMgmtCamp 2014 in Ghent

TechnologyEducation
1 of 34
Download to read offline
What is new in CFEngine 3.6 www.cfengine.com
What is new • • • • • • • • User promises TLS protocol Math expressions Dynamic inputs New language functions Tags Data containers File templating
User promises
User promises • A new promise type • Manage local users on hosts • Make promises about user characteristics • UID • Group membership • Home directory • Password • Shell • Description
User promises - Example bundle agent my_bundle { users: “joe” policy => “present”, group_primary => “users”, groups_secondary => { “printers”, “db_users” }, home_dir => “/nfs/home/joe”, home_bundle => setup_home_dir(“joe”); }
TLS protocol
TLS protocol • • • • Industry standard security protocol All traffic is fully encrypted Transparent to the user Old protocol • Deprecated, but still supported • Can be turned off after upgrade is complete
Math expressions
Math expressions • New math evaluation function: eval() • Works on strings • String contains expression to evaluate • Example: eval(“ceil($(sys.cpus) / 4)”) • Previously required shell script
Math expressions • Accepts common math operators: +, -, *, / • Some less common ones too: ^, **, % • Many common math functions • ceil, floor, log10, log2, log, sqrt, sin, cos, tan, asin, acos, atan, abs, step • Mathematical constants • e, log2e, log10e, ln2, ln10, pi, pi_2, pi_4, 1_pi, 2_pi, 2_srqtpi, sqrt2, sqrt1_2 • SI-units: K, M, G, T, P
Dynamic inputs
Dynamic inputs • 3.5: • Input files can only be defined in promises.cf • Inconvenient; all file additions require editing promises.cf • 3.6: • file control bodies can contain input files • Body can be specified once per file • body file control { inputs => “input_file.cf”; }
Dynamic inputs - Example • promises.cf body common control { inputs => { “input_file.cf” }; } • input_file.cf body file control { inputs => { “nested_input_file.cf” }; }
New language functions
New language functions • findfiles(glob1, glob2, ...) • Returns a list of files that match glob pattern • makerule(target, sources) • Determines whether target needs to be rebuilt from sources • Inspired by the Unix make program • packagesmatching(...) • Returns list of installed packages • List can be filtered by name, version and architecture
New language functions • canonifyuniquely(test) • Convert a string into a legal class name • Unlike canonify, name is guaranteed to be unique. • Useful when making class names from a list of files • bundlesmatching(regex, tag1, ...) • Returns bundles matching criteria • Result can be used in a methods promise • Very powerful together with findfiles
bundlesequence - Example • bundle common global { vars: “policies” slist => findfiles (“/var/cfengine/inputs/*.cf”); “bundles” slist => bundlesmatching (“.*”, “production”); } body common control { inputs => { @(global.policies) }; bundlesequence => { @(global.bundles) }; }
New language functions • Plenty of others • data_readstringarray • readjson • data_readstringarrayidx • storejson • datastate • string_downcase • datatype • string_head • getclassmetatags • string_length • getvariablemetatags • string_reverse • max • string_tail • mean • string_upcase • mergedata • variablesmatching • min • variance • parsejson
Tags
Tags • Labels that you can attach to bundles and promises • Certain functions can filter based on tags • bundlesmatching • classesmatching • variablesmatching
Tags - Example • bundle agent my_bundle { meta: ### Bundle tags “tags” => { “experimental” }; vars: ### Variable tags “db_server” string => “106.54.21.90”, meta => { “mysql”, “trusted” }; classes: ### Class tags “experimental” expression => “any”, meta => { “tier_spec” }; }
Data containers
Data containers • Structured containers (JSON) • “container” data => parsejson('[ { “user”: “joe”, “groups”: “users” }, { “user”: “jack”, “groups”: “admins” }, ]'); • reports: “$(container[1][user])”; • --> R: jack
Data containers • Can read JSON files • readjson(filename, maxbytes) • Or fields from a text file • data_readstringarray (filename, comment, split, maxentries, maxbytes) • data_readstringarrayidx (filename, comment, split, maxentries, maxbytes) • Convert back to JSON • storejson(data_container)
Data containers - Example • records.txt: • joe,/nfs/home/joe,Joe Smith jack,/home/jack,Jack Jensen • Resulting JSON after data_readstringarrayidx • [ [ “joe”, “/nfs/home/joe”, “Joe Smith” ], [ “jack”, “/home/jack”, “Jack Jensen” ] ]
Data containers - Example • records.txt: • joe,/nfs/home/joe,Joe Smith jack,/home/jack,Jack Jensen • policy.cf: • vars: “users” data => data_readstringarrayidx (“records.txt”, “”, “,”, 10, 4000); “index” slist => getindices(“users”); users: “$(users[$(index)][0])” home_dir => “$(users[$(index)][1])”, description => “$(users[$(index)][2])”, policy => “present”;
File templating
File templating • New templating engine: Mustache • Based on the Mustache templating language • http://mustache.github.io/
File templating - Example • promises.cf: • files: "/etc/motd" edit_line => motd_edit, edit_defaults => empty; } bundle edit_line motd_edit { insert_lines: “Welcome to this CFEngine managed machine.”; “This machine pulls policy from $(sys.policy_hub).”; } • Result: • Welcome to this CFEngine managed machine. This machine pulls policy from 10.80.80.1.
File templating - Example • promises.cf: • files: "/etc/motd" edit_template => "template.mustache", template_method => "mustache"; • template.mustache: • Welcome to this CFEngine managed machine. This machine pulls policy from {{vars.sys.policy_hub}}. • Result: • Welcome to this CFEngine managed machine. This machine pulls policy from 10.80.80.1.
Miscellaneous • cf-serverd allows distinct key/IP/hostname access controls • New “shortcut” constraint in server policy allows non-absolute paths in copy_from promises • New log format • Many new built-in variables: • sys.uptime, sys.masterdir, this.promiser_ppid, ... • LMDB replaces Tokyo Cabinet as database backend • Calls to execresult and returnszero are now cached instead of executing repeatedly
Questions? www.cfengine.com
Questions? • • • • • • • • User promises TLS protocol Math expressions Dynamic inputs New language functions Tags Data containers File templating www.cfengine.com
Thank you! www.cfengine.com

Recommended

11 advanced replication
11 advanced replication11 advanced replication
11 advanced replication
darwinodb
 
26 io -ii file handling
26 io -ii file handling26 io -ii file handling
26 io -ii file handling
Ravindra Rathore
 
Course 102: Lecture 8: Composite Commands
Course 102: Lecture 8: Composite Commands Course 102: Lecture 8: Composite Commands
Course 102: Lecture 8: Composite Commands
Ahmed El-Arabawy
 
Mastering the MongoDB Javascript Shell
Mastering the MongoDB Javascript ShellMastering the MongoDB Javascript Shell
Mastering the MongoDB Javascript Shell
Scott Hernandez
 
Kicking ass with redis
Kicking ass with redisKicking ass with redis
Kicking ass with redis
Dvir Volk
 
Mastering the MongoDB Shell
Mastering the MongoDB ShellMastering the MongoDB Shell
Mastering the MongoDB Shell
MongoDB
 
Native or External?
Native or External?Native or External?
Native or External?
ESUG
 
Shell Tips & Tricks
Shell Tips & TricksShell Tips & Tricks
Shell Tips & Tricks
MongoDB
 

Recommended

11 advanced replication
11 advanced replication11 advanced replication
11 advanced replication
darwinodb
 
26 io -ii file handling
26 io -ii file handling26 io -ii file handling
26 io -ii file handling
Ravindra Rathore
 
Course 102: Lecture 8: Composite Commands
Course 102: Lecture 8: Composite Commands Course 102: Lecture 8: Composite Commands
Course 102: Lecture 8: Composite Commands
Ahmed El-Arabawy
 
Mastering the MongoDB Javascript Shell
Mastering the MongoDB Javascript ShellMastering the MongoDB Javascript Shell
Mastering the MongoDB Javascript Shell
Scott Hernandez
 
Kicking ass with redis
Kicking ass with redisKicking ass with redis
Kicking ass with redis
Dvir Volk
 
Mastering the MongoDB Shell
Mastering the MongoDB ShellMastering the MongoDB Shell
Mastering the MongoDB Shell
MongoDB
 
Native or External?
Native or External?Native or External?
Native or External?
ESUG
 
Shell Tips & Tricks
Shell Tips & TricksShell Tips & Tricks
Shell Tips & Tricks
MongoDB
 
Session 23 - JDBC
Session 23 - JDBCSession 23 - JDBC
Session 23 - JDBC
PawanMM
 
Session 22 - Java IO, Serialization
Session 22 - Java IO, SerializationSession 22 - Java IO, Serialization
Session 22 - Java IO, Serialization
PawanMM
 
general protocol basics
general protocol basicsgeneral protocol basics
general protocol basics
Aravindan A
 
Course 102: Lecture 7: Simple Utilities
Course 102: Lecture 7: Simple Utilities Course 102: Lecture 7: Simple Utilities
Course 102: Lecture 7: Simple Utilities
Ahmed El-Arabawy
 
14 file handling
14 file handling14 file handling
14 file handling
APU
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to Redis
Dvir Volk
 
Course 102: Lecture 6: Seeking Help
Course 102: Lecture 6: Seeking HelpCourse 102: Lecture 6: Seeking Help
Course 102: Lecture 6: Seeking Help
Ahmed El-Arabawy
 
Exported resources design patterns
Exported resources design patternsExported resources design patterns
Exported resources design patterns
Yevgeny Trachtinov
 
Java Input Output and File Handling
Java Input Output and File HandlingJava Input Output and File Handling
Java Input Output and File Handling
Sunil OS
 
برنامج محادثة باستخدام الاستدعاء العكسي في استدعاء الطرق البعيدة بلغة الجافا ...
برنامج محادثة باستخدام الاستدعاء العكسي في استدعاء الطرق البعيدة بلغة الجافا ...برنامج محادثة باستخدام الاستدعاء العكسي في استدعاء الطرق البعيدة بلغة الجافا ...
برنامج محادثة باستخدام الاستدعاء العكسي في استدعاء الطرق البعيدة بلغة الجافا ...
Abdulrazak Zakieh
 
Rubyspec y el largo camino hacia Ruby 1.9
Rubyspec y el largo camino hacia Ruby 1.9Rubyspec y el largo camino hacia Ruby 1.9
Rubyspec y el largo camino hacia Ruby 1.9
David Calavera
 
OrientDB
OrientDBOrientDB
OrientDB
aemadrid
 
The emerging world of mongo db csp
The emerging world of mongo db cspThe emerging world of mongo db csp
The emerging world of mongo db csp
Carlos Sánchez Pérez
 
Cross Origin Resource Sharing (CORS) - Azizul Hakim
Cross Origin Resource Sharing (CORS) - Azizul HakimCross Origin Resource Sharing (CORS) - Azizul Hakim
Cross Origin Resource Sharing (CORS) - Azizul Hakim
Cefalo
 
ERRest and Dojo
ERRest and DojoERRest and Dojo
ERRest and Dojo
WO Community
 
Redis SoCraTes 2014
Redis SoCraTes 2014Redis SoCraTes 2014
Redis SoCraTes 2014
steffenbauer
 
Session 24 - JDBC, Intro to Enterprise Java
Session 24 - JDBC, Intro to Enterprise JavaSession 24 - JDBC, Intro to Enterprise Java
Session 24 - JDBC, Intro to Enterprise Java
PawanMM
 
Everything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus scriptEverything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus script
Bill Buchan
 
PHP Data Objects
PHP Data ObjectsPHP Data Objects
PHP Data Objects
Prashant Marathe
 
Building Your First App: An Introduction to MongoDB
Building Your First App: An Introduction to MongoDBBuilding Your First App: An Introduction to MongoDB
Building Your First App: An Introduction to MongoDB
Great Wide Open
 
Dspace4 150227090306-conversion-gate01
Dspace4 150227090306-conversion-gate01Dspace4 150227090306-conversion-gate01
Dspace4 150227090306-conversion-gate01
walaba06
 
DSpace 4.2 Basics & Configuration
DSpace 4.2 Basics & ConfigurationDSpace 4.2 Basics & Configuration
DSpace 4.2 Basics & Configuration
DuraSpace
 

More Related Content

What's hot

14 file handling
14 file handling14 file handling
14 file handling
APU
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to Redis
Dvir Volk
 
Rubyspec y el largo camino hacia Ruby 1.9
Rubyspec y el largo camino hacia Ruby 1.9Rubyspec y el largo camino hacia Ruby 1.9
Rubyspec y el largo camino hacia Ruby 1.9
David Calavera
 

What's hot (20)

Session 23 - JDBC
Session 23 - JDBCSession 23 - JDBC
Session 23 - JDBC
 
Session 22 - Java IO, Serialization
Session 22 - Java IO, SerializationSession 22 - Java IO, Serialization
Session 22 - Java IO, Serialization
 
general protocol basics
general protocol basicsgeneral protocol basics
general protocol basics
 
Course 102: Lecture 7: Simple Utilities
Course 102: Lecture 7: Simple Utilities Course 102: Lecture 7: Simple Utilities
Course 102: Lecture 7: Simple Utilities
 
14 file handling
14 file handling14 file handling
14 file handling
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to Redis
 
Course 102: Lecture 6: Seeking Help
Course 102: Lecture 6: Seeking HelpCourse 102: Lecture 6: Seeking Help
Course 102: Lecture 6: Seeking Help
 
Exported resources design patterns
Exported resources design patternsExported resources design patterns
Exported resources design patterns
 
Java Input Output and File Handling
Java Input Output and File HandlingJava Input Output and File Handling
Java Input Output and File Handling
 
برنامج محادثة باستخدام الاستدعاء العكسي في استدعاء الطرق البعيدة بلغة الجافا ...
برنامج محادثة باستخدام الاستدعاء العكسي في استدعاء الطرق البعيدة بلغة الجافا ...برنامج محادثة باستخدام الاستدعاء العكسي في استدعاء الطرق البعيدة بلغة الجافا ...
برنامج محادثة باستخدام الاستدعاء العكسي في استدعاء الطرق البعيدة بلغة الجافا ...
 
Rubyspec y el largo camino hacia Ruby 1.9
Rubyspec y el largo camino hacia Ruby 1.9Rubyspec y el largo camino hacia Ruby 1.9
Rubyspec y el largo camino hacia Ruby 1.9
 
OrientDB
OrientDBOrientDB
OrientDB
 
The emerging world of mongo db csp
The emerging world of mongo db cspThe emerging world of mongo db csp
The emerging world of mongo db csp
 
Cross Origin Resource Sharing (CORS) - Azizul Hakim
Cross Origin Resource Sharing (CORS) - Azizul HakimCross Origin Resource Sharing (CORS) - Azizul Hakim
Cross Origin Resource Sharing (CORS) - Azizul Hakim
 
ERRest and Dojo
ERRest and DojoERRest and Dojo
ERRest and Dojo
 
Redis SoCraTes 2014
Redis SoCraTes 2014Redis SoCraTes 2014
Redis SoCraTes 2014
 
Session 24 - JDBC, Intro to Enterprise Java
Session 24 - JDBC, Intro to Enterprise JavaSession 24 - JDBC, Intro to Enterprise Java
Session 24 - JDBC, Intro to Enterprise Java
 
Everything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus scriptEverything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus script
 
PHP Data Objects
PHP Data ObjectsPHP Data Objects
PHP Data Objects
 
Building Your First App: An Introduction to MongoDB
Building Your First App: An Introduction to MongoDBBuilding Your First App: An Introduction to MongoDB
Building Your First App: An Introduction to MongoDB
 

Similar to What is new in CFEngine 3.6

Dspace4 150227090306-conversion-gate01
Dspace4 150227090306-conversion-gate01Dspace4 150227090306-conversion-gate01
Dspace4 150227090306-conversion-gate01
walaba06
 
DSpace 4.2 Basics & Configuration
DSpace 4.2 Basics & ConfigurationDSpace 4.2 Basics & Configuration
DSpace 4.2 Basics & Configuration
DuraSpace
 
The Role of Atom/AtomPub in Digital Archive Services at The University of Tex...
The Role of Atom/AtomPub in Digital Archive Services at The University of Tex...The Role of Atom/AtomPub in Digital Archive Services at The University of Tex...
The Role of Atom/AtomPub in Digital Archive Services at The University of Tex...
Peter Keane
 
Javase7 1641812
Javase7 1641812Javase7 1641812
Javase7 1641812
Vinay H G
 
Hadoop 20111117
Hadoop 20111117Hadoop 20111117
Hadoop 20111117
exsuns
 

Similar to What is new in CFEngine 3.6 (20)

Dspace4 150227090306-conversion-gate01
Dspace4 150227090306-conversion-gate01Dspace4 150227090306-conversion-gate01
Dspace4 150227090306-conversion-gate01
 
DSpace 4.2 Basics & Configuration
DSpace 4.2 Basics & ConfigurationDSpace 4.2 Basics & Configuration
DSpace 4.2 Basics & Configuration
 
La big datacamp-2014-aws-dynamodb-overview-michael_limcaco
La big datacamp-2014-aws-dynamodb-overview-michael_limcacoLa big datacamp-2014-aws-dynamodb-overview-michael_limcaco
La big datacamp-2014-aws-dynamodb-overview-michael_limcaco
 
Introduction to firebidSQL 3.x
Introduction to firebidSQL 3.xIntroduction to firebidSQL 3.x
Introduction to firebidSQL 3.x
 
Codeigniter Training Part3
Codeigniter Training Part3Codeigniter Training Part3
Codeigniter Training Part3
 
The Role of Atom/AtomPub in Digital Archive Services at The University of Tex...
The Role of Atom/AtomPub in Digital Archive Services at The University of Tex...The Role of Atom/AtomPub in Digital Archive Services at The University of Tex...
The Role of Atom/AtomPub in Digital Archive Services at The University of Tex...
 
[DanNotes] XPages - Beyound the Basics
[DanNotes] XPages - Beyound the Basics[DanNotes] XPages - Beyound the Basics
[DanNotes] XPages - Beyound the Basics
 
Whats new in MongoDB 24
Whats new in MongoDB 24Whats new in MongoDB 24
Whats new in MongoDB 24
 
CNIT 152: 13 Investigating Mac OS X Systems
CNIT 152: 13 Investigating Mac OS X SystemsCNIT 152: 13 Investigating Mac OS X Systems
CNIT 152: 13 Investigating Mac OS X Systems
 
Javase7 1641812
Javase7 1641812Javase7 1641812
Javase7 1641812
 
Linux System Programming - File I/O
Linux System Programming - File I/O Linux System Programming - File I/O
Linux System Programming - File I/O
 
XPages -Beyond the Basics
XPages -Beyond the BasicsXPages -Beyond the Basics
XPages -Beyond the Basics
 
How to use the new Domino Query Language
How to use the new Domino Query LanguageHow to use the new Domino Query Language
How to use the new Domino Query Language
 
Hadoop 20111117
Hadoop 20111117Hadoop 20111117
Hadoop 20111117
 
Elk presentation 2#3
Elk presentation 2#3Elk presentation 2#3
Elk presentation 2#3
 
Webinar: Was ist neu in MongoDB 2.4
Webinar: Was ist neu in MongoDB 2.4Webinar: Was ist neu in MongoDB 2.4
Webinar: Was ist neu in MongoDB 2.4
 
CNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X SystemsCNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X Systems
 
CNIT 152 13 Investigating Mac OS X Systems
CNIT 152 13 Investigating Mac OS X SystemsCNIT 152 13 Investigating Mac OS X Systems
CNIT 152 13 Investigating Mac OS X Systems
 
Using existing language skillsets to create large-scale, cloud-based analytics
Using existing language skillsets to create large-scale, cloud-based analyticsUsing existing language skillsets to create large-scale, cloud-based analytics
Using existing language skillsets to create large-scale, cloud-based analytics
 
Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]
Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]
Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]
 

More from RUDDER

What if configuration management didn't need to be lvl60 in dev?
What if configuration management didn't need to be lvl60 in dev?What if configuration management didn't need to be lvl60 in dev?
What if configuration management didn't need to be lvl60 in dev?
RUDDER
 
Servers compliance: audit, remediation, proof
Servers compliance: audit, remediation, proofServers compliance: audit, remediation, proof
Servers compliance: audit, remediation, proof
RUDDER
 
OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?
OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?
OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?
RUDDER
 
OW2Con - Configurations, do you prove yours?
OW2Con - Configurations, do you prove yours?OW2Con - Configurations, do you prove yours?
OW2Con - Configurations, do you prove yours?
RUDDER
 
The new plugin ecosystem in RUDDER 5.0
The new plugin ecosystem in RUDDER 5.0The new plugin ecosystem in RUDDER 5.0
The new plugin ecosystem in RUDDER 5.0
RUDDER
 
What uses for observing operations of Configuration Management?
What uses for observing operations of Configuration Management?What uses for observing operations of Configuration Management?
What uses for observing operations of Configuration Management?
RUDDER
 
Fosdem - Configurations do you prove yours?
Fosdem - Configurations do you prove yours?Fosdem - Configurations do you prove yours?
Fosdem - Configurations do you prove yours?
RUDDER
 
L'audit en continu : clé de la conformité démontrable (#POSS 2018)
L'audit en continu : clé de la conformité démontrable (#POSS 2018)L'audit en continu : clé de la conformité démontrable (#POSS 2018)
L'audit en continu : clé de la conformité démontrable (#POSS 2018)
RUDDER
 
How we scaled Rudder to 10k, and the road to 50k
How we scaled Rudder to 10k, and the road to 50kHow we scaled Rudder to 10k, and the road to 50k
How we scaled Rudder to 10k, and the road to 50k
RUDDER
 
What's new and what's next in Rudder
What's new and what's next in RudderWhat's new and what's next in Rudder
What's new and what's next in Rudder
RUDDER
 
Poss 2017 : gestion des configurations et mise en conformité chez un service ...
Poss 2017 : gestion des configurations et mise en conformité chez un service ...Poss 2017 : gestion des configurations et mise en conformité chez un service ...
Poss 2017 : gestion des configurations et mise en conformité chez un service ...
RUDDER
 
Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...
Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...
Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...
RUDDER
 
POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...
POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...
POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...
RUDDER
 
DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...
DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...
DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...
RUDDER
 
RUDDER - Continuous Configuration (configuration management + continuous aud...
RUDDER - Continuous Configuration (configuration management + continuous aud... RUDDER - Continuous Configuration (configuration management + continuous aud...
RUDDER - Continuous Configuration (configuration management + continuous aud...
RUDDER
 

More from RUDDER (20)

What if configuration management didn't need to be lvl60 in dev?
What if configuration management didn't need to be lvl60 in dev?What if configuration management didn't need to be lvl60 in dev?
What if configuration management didn't need to be lvl60 in dev?
 
Servers compliance: audit, remediation, proof
Servers compliance: audit, remediation, proofServers compliance: audit, remediation, proof
Servers compliance: audit, remediation, proof
 
OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?
OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?
OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?
 
OW2Con - Configurations, do you prove yours?
OW2Con - Configurations, do you prove yours?OW2Con - Configurations, do you prove yours?
OW2Con - Configurations, do you prove yours?
 
The new plugin ecosystem in RUDDER 5.0
The new plugin ecosystem in RUDDER 5.0The new plugin ecosystem in RUDDER 5.0
The new plugin ecosystem in RUDDER 5.0
 
What uses for observing operations of Configuration Management?
What uses for observing operations of Configuration Management?What uses for observing operations of Configuration Management?
What uses for observing operations of Configuration Management?
 
UX challenges of a UI-centric config management tool
UX challenges of a UI-centric config management toolUX challenges of a UI-centric config management tool
UX challenges of a UI-centric config management tool
 
What happened in RUDDER in 2018 and what’s next?
What happened in RUDDER in 2018 and what’s next?What happened in RUDDER in 2018 and what’s next?
What happened in RUDDER in 2018 and what’s next?
 
What is RUDDER and when should I use it?
What is RUDDER and when should I use it?What is RUDDER and when should I use it?
What is RUDDER and when should I use it?
 
Fosdem - Configurations do you prove yours?
Fosdem - Configurations do you prove yours?Fosdem - Configurations do you prove yours?
Fosdem - Configurations do you prove yours?
 
L'audit en continu : clé de la conformité démontrable (#POSS 2018)
L'audit en continu : clé de la conformité démontrable (#POSS 2018)L'audit en continu : clé de la conformité démontrable (#POSS 2018)
L'audit en continu : clé de la conformité démontrable (#POSS 2018)
 
Fiabilité et conformité continues en production avec Rudder (#BBOOST 2018)
Fiabilité et conformité continues en production avec Rudder (#BBOOST 2018)Fiabilité et conformité continues en production avec Rudder (#BBOOST 2018)
Fiabilité et conformité continues en production avec Rudder (#BBOOST 2018)
 
Stay up - voyage d'un éditeur de logiciels libres
Stay up - voyage d'un éditeur de logiciels libresStay up - voyage d'un éditeur de logiciels libres
Stay up - voyage d'un éditeur de logiciels libres
 
How we scaled Rudder to 10k, and the road to 50k
How we scaled Rudder to 10k, and the road to 50kHow we scaled Rudder to 10k, and the road to 50k
How we scaled Rudder to 10k, and the road to 50k
 
What's new and what's next in Rudder
What's new and what's next in RudderWhat's new and what's next in Rudder
What's new and what's next in Rudder
 
Poss 2017 : gestion des configurations et mise en conformité chez un service ...
Poss 2017 : gestion des configurations et mise en conformité chez un service ...Poss 2017 : gestion des configurations et mise en conformité chez un service ...
Poss 2017 : gestion des configurations et mise en conformité chez un service ...
 
Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...
Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...
Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...
 
POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...
POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...
POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...
 
DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...
DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...
DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...
 
RUDDER - Continuous Configuration (configuration management + continuous aud...
RUDDER - Continuous Configuration (configuration management + continuous aud... RUDDER - Continuous Configuration (configuration management + continuous aud...
RUDDER - Continuous Configuration (configuration management + continuous aud...
 

Recently uploaded

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

What is new in CFEngine 3.6

  • 1. What is new in CFEngine 3.6 www.cfengine.com
  • 2. What is new • • • • • • • • User promises TLS protocol Math expressions Dynamic inputs New language functions Tags Data containers File templating
  • 4. User promises • A new promise type • Manage local users on hosts • Make promises about user characteristics • UID • Group membership • Home directory • Password • Shell • Description
  • 5. User promises - Example bundle agent my_bundle { users: “joe” policy => “present”, group_primary => “users”, groups_secondary => { “printers”, “db_users” }, home_dir => “/nfs/home/joe”, home_bundle => setup_home_dir(“joe”); }
  • 7. TLS protocol • • • • Industry standard security protocol All traffic is fully encrypted Transparent to the user Old protocol • Deprecated, but still supported • Can be turned off after upgrade is complete
  • 9. Math expressions • New math evaluation function: eval() • Works on strings • String contains expression to evaluate • Example: eval(“ceil($(sys.cpus) / 4)”) • Previously required shell script
  • 10. Math expressions • Accepts common math operators: +, -, *, / • Some less common ones too: ^, **, % • Many common math functions • ceil, floor, log10, log2, log, sqrt, sin, cos, tan, asin, acos, atan, abs, step • Mathematical constants • e, log2e, log10e, ln2, ln10, pi, pi_2, pi_4, 1_pi, 2_pi, 2_srqtpi, sqrt2, sqrt1_2 • SI-units: K, M, G, T, P
  • 12. Dynamic inputs • 3.5: • Input files can only be defined in promises.cf • Inconvenient; all file additions require editing promises.cf • 3.6: • file control bodies can contain input files • Body can be specified once per file • body file control { inputs => “input_file.cf”; }
  • 13. Dynamic inputs - Example • promises.cf body common control { inputs => { “input_file.cf” }; } • input_file.cf body file control { inputs => { “nested_input_file.cf” }; }
  • 15. New language functions • findfiles(glob1, glob2, ...) • Returns a list of files that match glob pattern • makerule(target, sources) • Determines whether target needs to be rebuilt from sources • Inspired by the Unix make program • packagesmatching(...) • Returns list of installed packages • List can be filtered by name, version and architecture
  • 16. New language functions • canonifyuniquely(test) • Convert a string into a legal class name • Unlike canonify, name is guaranteed to be unique. • Useful when making class names from a list of files • bundlesmatching(regex, tag1, ...) • Returns bundles matching criteria • Result can be used in a methods promise • Very powerful together with findfiles
  • 17. bundlesequence - Example • bundle common global { vars: “policies” slist => findfiles (“/var/cfengine/inputs/*.cf”); “bundles” slist => bundlesmatching (“.*”, “production”); } body common control { inputs => { @(global.policies) }; bundlesequence => { @(global.bundles) }; }
  • 18. New language functions • Plenty of others • data_readstringarray • readjson • data_readstringarrayidx • storejson • datastate • string_downcase • datatype • string_head • getclassmetatags • string_length • getvariablemetatags • string_reverse • max • string_tail • mean • string_upcase • mergedata • variablesmatching • min • variance • parsejson
  • 19. Tags
  • 20. Tags • Labels that you can attach to bundles and promises • Certain functions can filter based on tags • bundlesmatching • classesmatching • variablesmatching
  • 21. Tags - Example • bundle agent my_bundle { meta: ### Bundle tags “tags” => { “experimental” }; vars: ### Variable tags “db_server” string => “106.54.21.90”, meta => { “mysql”, “trusted” }; classes: ### Class tags “experimental” expression => “any”, meta => { “tier_spec” }; }
  • 23. Data containers • Structured containers (JSON) • “container” data => parsejson('[ { “user”: “joe”, “groups”: “users” }, { “user”: “jack”, “groups”: “admins” }, ]'); • reports: “$(container[1][user])”; • --> R: jack
  • 24. Data containers • Can read JSON files • readjson(filename, maxbytes) • Or fields from a text file • data_readstringarray (filename, comment, split, maxentries, maxbytes) • data_readstringarrayidx (filename, comment, split, maxentries, maxbytes) • Convert back to JSON • storejson(data_container)
  • 25. Data containers - Example • records.txt: • joe,/nfs/home/joe,Joe Smith jack,/home/jack,Jack Jensen • Resulting JSON after data_readstringarrayidx • [ [ “joe”, “/nfs/home/joe”, “Joe Smith” ], [ “jack”, “/home/jack”, “Jack Jensen” ] ]
  • 26. Data containers - Example • records.txt: • joe,/nfs/home/joe,Joe Smith jack,/home/jack,Jack Jensen • policy.cf: • vars: “users” data => data_readstringarrayidx (“records.txt”, “”, “,”, 10, 4000); “index” slist => getindices(“users”); users: “$(users[$(index)][0])” home_dir => “$(users[$(index)][1])”, description => “$(users[$(index)][2])”, policy => “present”;
  • 28. File templating • New templating engine: Mustache • Based on the Mustache templating language • http://mustache.github.io/
  • 29. File templating - Example • promises.cf: • files: "/etc/motd" edit_line => motd_edit, edit_defaults => empty; } bundle edit_line motd_edit { insert_lines: “Welcome to this CFEngine managed machine.”; “This machine pulls policy from $(sys.policy_hub).”; } • Result: • Welcome to this CFEngine managed machine. This machine pulls policy from 10.80.80.1.
  • 30. File templating - Example • promises.cf: • files: "/etc/motd" edit_template => "template.mustache", template_method => "mustache"; • template.mustache: • Welcome to this CFEngine managed machine. This machine pulls policy from {{vars.sys.policy_hub}}. • Result: • Welcome to this CFEngine managed machine. This machine pulls policy from 10.80.80.1.
  • 31. Miscellaneous • cf-serverd allows distinct key/IP/hostname access controls • New “shortcut” constraint in server policy allows non-absolute paths in copy_from promises • New log format • Many new built-in variables: • sys.uptime, sys.masterdir, this.promiser_ppid, ... • LMDB replaces Tokyo Cabinet as database backend • Calls to execresult and returnszero are now cached instead of executing repeatedly
  • 33. Questions? • • • • • • • • User promises TLS protocol Math expressions Dynamic inputs New language functions Tags Data containers File templating www.cfengine.com