CFEngine: new classesmatching() function

April 7, 2013
cfengine

Pull request: #425
Availability: cfengine/master branch

Get an slist of defined classes matching a given unanchored regular expression.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13


body common control
{
      bundlesequence => { run };
}

bundle agent run
{
  vars:
      "c" slist => classesmatching(".*");
  reports:
    cfengine::
      "Classes matching = $(c)";
}

Will output all classes matching “.*” pattern, so all of them:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11


Running full policy integrity checks
R: Classes matching = Sunday
R: Classes matching = compiled_on_linux_gnu
R: Classes matching = cpu_high_normal
R: Classes matching = cfengine_3_5_0b2
R: Classes matching = linux_2_6_32_358_el6_x86_64
R: Classes matching = ssh_in_high
R: Classes matching = 192_168_2_104
R: Classes matching = ipv4_192_168_2_104
R: Classes matching = redhat
(...)

In addition to handle custom classes, it may be used to spot abnormal node behavior thanks to classes defined by cf-monitord.

The following example is dumb and will report any level above normality, but “normality” is very system specific, and the regular expression must be modified accordingly to avoid noise.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14


body common control
{
      bundlesequence => { foo };
}

bundle agent foo
{
  vars:
      "anomalies" slist => classesmatching("dev1|dev2|anomaly");

  reports:
    cfengine::
      "Possible anomaly: $(anomalies)";
}

Output:

1
2
3


Running full policy integrity checks
R: Possible anomaly: cpu_high_dev1
R: Possible anomaly: cpu0_high_dev1