From 1dbdca00e70980d4312f0f2dd7a3950936e46a36 Mon Sep 17 00:00:00 2001 From: Ole Herman Schumacher Elgesem Date: Fri, 6 Mar 2026 15:13:01 +0100 Subject: [PATCH 1/6] Fixed syntax errors and other inconsistencies pointed out by linting Signed-off-by: Ole Herman Schumacher Elgesem --- content/examples/_index.markdown | 7 ++++++- .../example-snippets/all_hosts_the_same.cf | 2 +- .../basic-file-directory.markdown | 19 ++++++++++++++++++- .../examples/example-snippets/copy_files.cf | 19 ------------------- .../example-snippets/database_creation.cf | 5 ----- .../deleting_lines_exception.cf | 4 ++-- .../distribute_root_passwords.cf | 8 ++++---- .../example-snippets/editing_tabular_files.cf | 8 ++++---- .../example-snippets/ensure_running_1.cf | 2 +- .../inserting_lines_in_a_file.cf | 12 ++++++------ ...ating_the_example_into_your_main_policy.cf | 3 --- .../postfix_mail_configuration.cf | 2 +- .../example-snippets/trigger_classes.cf | 4 ++-- .../example-snippets/variation_in_hosts.cf | 8 ++++---- .../warn_if_matching_line_in_file.cf | 4 ++-- .../examples/tutorials/file_compare_test.cf | 4 ++-- .../integrating-with-sumo-logic.markdown | 4 ++-- .../language-concepts/bundles.markdown | 14 ++++++++------ .../files/edit_line/field_edits.markdown | 8 ++++---- .../files/edit_line/insert_lines.markdown | 2 +- content/resources/additional-topics/STIGs.cf | 18 +++++++++--------- 21 files changed, 77 insertions(+), 80 deletions(-) delete mode 100644 content/examples/example-snippets/copy_files.cf delete mode 100644 content/examples/example-snippets/integrating_the_example_into_your_main_policy.cf diff --git a/content/examples/_index.markdown b/content/examples/_index.markdown index 802f48811..68c1f4e5c 100644 --- a/content/examples/_index.markdown +++ b/content/examples/_index.markdown @@ -259,4 +259,9 @@ from the example. For example, the LDAP query in `active_directory.cf` needs a domain name. In the variable declaration, replace "cftesting" with your domain name: -{{< CFEngine_include_snippet(integrating_the_example_into_your_main_policy.cf, .* ) >}} +```cf3 {skip TODO} +vars: + # NOTE: Edit this to your domain, e.g. "corp" + "domain_name" + string => "cftesting"; +``` diff --git a/content/examples/example-snippets/all_hosts_the_same.cf b/content/examples/example-snippets/all_hosts_the_same.cf index 5931a1c1a..0c8ae6188 100644 --- a/content/examples/example-snippets/all_hosts_the_same.cf +++ b/content/examples/example-snippets/all_hosts_the_same.cf @@ -10,7 +10,7 @@ bundle agent central vars: "policy_server" string => "myhost.domain.tld"; "mypackages" slist => { - "nagios" + "nagios", "gcc", "apache2", "php5" diff --git a/content/examples/example-snippets/basic-file-directory.markdown b/content/examples/example-snippets/basic-file-directory.markdown index d5a03387e..9e4dd7b23 100644 --- a/content/examples/example-snippets/basic-file-directory.markdown +++ b/content/examples/example-snippets/basic-file-directory.markdown @@ -76,7 +76,24 @@ Also you could write this using a list variable: ## Copy files -{{< CFEngine_include_snippet(copy_files.cf, .* ) >}} +```cf3 {skip TODO} +files: + "/var/cfengine/inputs" + handle => "update_policy", + perms => m("600"), + copy_from => u_scp("$(master_location)",@(policy_server)), + depth_search => recurse("inf"), + file_select => input_files, + action => immediate; + + "/var/cfengine/bin" + perms => m("700"), + copy_from => u_scp("/usr/local/sbin","localhost"), + depth_search => recurse("inf"), + file_select => cf3_files, + action => immediate, + classes => on_change("reload"); +``` ## Copy and flatten directory diff --git a/content/examples/example-snippets/copy_files.cf b/content/examples/example-snippets/copy_files.cf deleted file mode 100644 index 6c3473d57..000000000 --- a/content/examples/example-snippets/copy_files.cf +++ /dev/null @@ -1,19 +0,0 @@ - files: - -"/var/cfengine/inputs" - -handle => "update_policy", -perms => m("600"), -copy_from => u_scp("$(master_location)",@(policy_server)), -depth_search => recurse("inf"), -file_select => input_files, -action => immediate; - -"/var/cfengine/bin" - -perms => m("700"), -copy_from => u_scp("/usr/local/sbin","localhost"), -depth_search => recurse("inf"), -file_select => cf3_files, -action => immediate, -classes => on_change("reload"); diff --git a/content/examples/example-snippets/database_creation.cf b/content/examples/example-snippets/database_creation.cf index 16b625fa4..90f4a144c 100644 --- a/content/examples/example-snippets/database_creation.cf +++ b/content/examples/example-snippets/database_creation.cf @@ -13,11 +13,6 @@ body knowledge control sql_type => "postgres"; } -bundle knowledge dummy -{ - topics: -} - body common control { bundlesequence => { "databases" }; diff --git a/content/examples/example-snippets/deleting_lines_exception.cf b/content/examples/example-snippets/deleting_lines_exception.cf index ac1c99d53..507983333 100644 --- a/content/examples/example-snippets/deleting_lines_exception.cf +++ b/content/examples/example-snippets/deleting_lines_exception.cf @@ -26,11 +26,11 @@ bundle agent testbundle files: "/tmp/passwd_excerpt" create => "true", - edit_line => MarkNRoot; + edit_line => mark_n_root; } ######################################################## -bundle edit_line MarkNRoot +bundle edit_line mark_n_root { delete_lines: "mark.*|root.*" not_matching => "true"; diff --git a/content/examples/example-snippets/distribute_root_passwords.cf b/content/examples/example-snippets/distribute_root_passwords.cf index ca2912b5b..bd125abf1 100644 --- a/content/examples/example-snippets/distribute_root_passwords.cf +++ b/content/examples/example-snippets/distribute_root_passwords.cf @@ -8,7 +8,7 @@ body common control { version => "1.2.3"; inputs => { "$(sys.libdir)/stdlib.cf" }; - bundlesequence => { "SetRootPassword" }; + bundlesequence => { "set_root_password" }; } ######################################################## @@ -19,7 +19,7 @@ bundle common g } ######################################################## -bundle agent SetRootPassword +bundle agent set_root_password { vars: # Or get variables directly from server with Enterprise @@ -32,11 +32,11 @@ bundle agent SetRootPassword # or $(pw_class)-root.txt "/tmp/shadow" - edit_line => SetRootPw; + edit_line => set_root_password; } ######################################################## -bundle edit_line SetRootPw +bundle edit_line set_root_password { vars: # Assume this file contains a single string of the form root:passwdhash: diff --git a/content/examples/example-snippets/editing_tabular_files.cf b/content/examples/example-snippets/editing_tabular_files.cf index 7a85d86d3..bd4dce392 100644 --- a/content/examples/example-snippets/editing_tabular_files.cf +++ b/content/examples/example-snippets/editing_tabular_files.cf @@ -26,18 +26,18 @@ bundle agent testbundle "/home/mark/tmp/passwd" create => "true", - edit_line => SetUserParam("mark","6","/set/this/shell"); + edit_line => set_user_param("mark","6","/set/this/shell"); "/home/mark/tmp/group" create => "true", - edit_line => AppendUserParam("root","4","@(userset)"); + edit_line => append_user_param("root","4","@(userset)"); commands: "/bin/echo" args => $(userset); } ######################################################## -bundle edit_line SetUserParam(user,field,val) +bundle edit_line set_user_param(user,field,val) { field_edits: "$(user):.*" @@ -46,7 +46,7 @@ bundle edit_line SetUserParam(user,field,val) } ######################################################## -bundle edit_line AppendUserParam(user,field,allusers) +bundle edit_line append_user_param(user,field,allusers) { vars: "val" slist => { @(allusers) }; diff --git a/content/examples/example-snippets/ensure_running_1.cf b/content/examples/example-snippets/ensure_running_1.cf index 0e0e00efa..9c21d16ea 100644 --- a/content/examples/example-snippets/ensure_running_1.cf +++ b/content/examples/example-snippets/ensure_running_1.cf @@ -1,4 +1,4 @@ -bundle agent CFEngine_processes +bundle agent cfengine_processes { vars: diff --git a/content/examples/example-snippets/inserting_lines_in_a_file.cf b/content/examples/example-snippets/inserting_lines_in_a_file.cf index d71dbb7d0..653d8a5c0 100644 --- a/content/examples/example-snippets/inserting_lines_in_a_file.cf +++ b/content/examples/example-snippets/inserting_lines_in_a_file.cf @@ -20,13 +20,13 @@ bundle agent insert files: "/tmp/test_insert" create => "true", - edit_line => Insert("$(insert.v)"); + edit_line => insert_name("$(insert.v)"); } ####################################################### # For the library ####################################################### -bundle edit_line Insert(name) +bundle edit_line insert_name(name) { insert_lines: " $(name)" @@ -66,14 +66,14 @@ bundle agent insert files: "/tmp/test_insert" create => "true", - edit_line => Insert("$(insert.v)"), + edit_line => insert_name("$(insert.v)"), edit_defaults => empty; } ####################################################### # For the library ####################################################### -bundle edit_line Insert(name) +bundle edit_line insert_name(name) { insert_lines: "Begin$(const.n)$(name)$(const.n)End"; @@ -112,7 +112,7 @@ bundle agent insert files: "/tmp/test_insert" create => "true", - edit_line => Insert("@(insert.v)"); + edit_line => insert_name("@(insert.v)"); # edit_defaults => empty; } @@ -120,7 +120,7 @@ bundle agent insert # For the library ####################################################### -bundle edit_line Insert(name) +bundle edit_line insert_name(name) { insert_lines: "$(name)"; diff --git a/content/examples/example-snippets/integrating_the_example_into_your_main_policy.cf b/content/examples/example-snippets/integrating_the_example_into_your_main_policy.cf deleted file mode 100644 index 441f64667..000000000 --- a/content/examples/example-snippets/integrating_the_example_into_your_main_policy.cf +++ /dev/null @@ -1,3 +0,0 @@ - vars: - # NOTE: Edit this to your domain, e.g. "corp" - "domain_name" string => "cftesting"; diff --git a/content/examples/example-snippets/postfix_mail_configuration.cf b/content/examples/example-snippets/postfix_mail_configuration.cf index fc1cc0a1b..0a2ed89c3 100644 --- a/content/examples/example-snippets/postfix_mail_configuration.cf +++ b/content/examples/example-snippets/postfix_mail_configuration.cf @@ -57,7 +57,7 @@ bundle edit_line prefix_postfix } ######################################################## -bundle edit_line AppendIfNSL(parameter) +bundle edit_line append_if_nsl(parameter) { insert_lines: "$(parameter)"; # This is default diff --git a/content/examples/example-snippets/trigger_classes.cf b/content/examples/example-snippets/trigger_classes.cf index deb2824d5..cb418f367 100644 --- a/content/examples/example-snippets/trigger_classes.cf +++ b/content/examples/example-snippets/trigger_classes.cf @@ -24,7 +24,7 @@ bundle agent insert files: "/tmp/test_insert" - edit_line => Insert("$(insert.v)"), + edit_line => insert_name("$(insert.v)"), edit_defaults => empty, classes => trigger("edited"); @@ -41,7 +41,7 @@ bundle agent insert # For the library ####################################################### -bundle edit_line Insert(name) +bundle edit_line insert_name(name) { insert_lines: "Begin$(const.n) $(name)$(const.n)End"; diff --git a/content/examples/example-snippets/variation_in_hosts.cf b/content/examples/example-snippets/variation_in_hosts.cf index 4a894ea42..980c5be29 100644 --- a/content/examples/example-snippets/variation_in_hosts.cf +++ b/content/examples/example-snippets/variation_in_hosts.cf @@ -15,16 +15,16 @@ bundle agent central "policy_server" string => "myhost.domain.tld"; mygroup_1:: "mypackages" slist => { - "nagios" + "nagios", "gcc", "apache2", - "php5" + "php5", }; mygroup_2:: "mypackages" slist => { - "apache" + "apache", "mysql", - "php5" + "php5", }; files: diff --git a/content/examples/example-snippets/warn_if_matching_line_in_file.cf b/content/examples/example-snippets/warn_if_matching_line_in_file.cf index fe8c2da51..728d5911c 100644 --- a/content/examples/example-snippets/warn_if_matching_line_in_file.cf +++ b/content/examples/example-snippets/warn_if_matching_line_in_file.cf @@ -14,12 +14,12 @@ bundle agent testbundle { files: "/var/cfengine/inputs/.*" - edit_line => DeleteLinesMatching(".*cfenvd.*"), + edit_line => delete_lines_matching(".*cfenvd.*"), action => WarnOnly; } ######################################################## -bundle edit_line DeleteLinesMatching(regex) +bundle edit_line delete_lines_matching(regex) { delete_lines: "$(regex)" action => WarnOnly; diff --git a/content/examples/tutorials/file_compare_test.cf b/content/examples/tutorials/file_compare_test.cf index 606b2e3e5..a816383b7 100644 --- a/content/examples/tutorials/file_compare_test.cf +++ b/content/examples/tutorials/file_compare_test.cf @@ -107,7 +107,7 @@ bundle agent create_aout_source_file "$(global_vars.workdir)/a.c" perms => system, create => "true", - edit_line => Insert("@(c)"); + edit_line => insert_name("@(c)"); reports: "The source file $(global_vars.workdir)/a.c has been created. It will be used to compile the binary a.out, which will provide more accurate file stats to compare two files than the built in CFEngine functionality for comparing file stats, including modification time. This information will be used to determine of the second of the two files being compared is newer or not."; @@ -115,7 +115,7 @@ bundle agent create_aout_source_file } -bundle edit_line Insert(name) +bundle edit_line insert_name(name) { insert_lines: "$(name)"; diff --git a/content/examples/tutorials/integrating-with-sumo-logic.markdown b/content/examples/tutorials/integrating-with-sumo-logic.markdown index fc43aa88c..6245d8c00 100644 --- a/content/examples/tutorials/integrating-with-sumo-logic.markdown +++ b/content/examples/tutorials/integrating-with-sumo-logic.markdown @@ -175,7 +175,7 @@ bundle agent sumo_logic_policy_update files: "$(policy_update_file)" create => "true", - edit_line => insert("CFEngine_update: $(sys.last_policy_update)"), + edit_line => insert_str("CFEngine_update: $(sys.last_policy_update)"), edit_defaults => file; "$(policy_update_file)" @@ -204,7 +204,7 @@ body contain shell_command useshell => "useshell"; } -bundle edit_line insert(str) +bundle edit_line insert_str(str) { insert_lines: "$(str)"; diff --git a/content/reference/language-concepts/bundles.markdown b/content/reference/language-concepts/bundles.markdown index 2be40e4de..8794b390d 100644 --- a/content/reference/language-concepts/bundles.markdown +++ b/content/reference/language-concepts/bundles.markdown @@ -30,6 +30,7 @@ declared as: ```cf3 bundle agent my_name { + # Promises for cf-agent } ``` @@ -38,16 +39,17 @@ while `cf-serverd` has bundles declared as: ```cf3 bundle server my_name { + # Promises for cf-serverd } ``` -and `cf-monitord` has bundles declared as +Currently, these are the possible _bundle types_: -```cf3 -bundle monitor my_name -{ -} -``` +- `agent`: Bundle of promises specific to the `cf-agent` binary. +- `server`: Bundle of promises specific to the `cf-serverd` binary. +- `monitor`: Bundle of promises specific to the `cf-monitord` binary. +- `common`: Bundle of promises shared among the different binaries / components. +- `edit_line`: Bunde of promises used in a `files` promise with the `edit_line` attribute. A number of promises can be made in any kind of bundle since they are of a generic input/output nature. These are `vars`, [`classes`][classes], `defaults`, diff --git a/content/reference/promise-types/files/edit_line/field_edits.markdown b/content/reference/promise-types/files/edit_line/field_edits.markdown index 302d4f722..607da82d9 100644 --- a/content/reference/promise-types/files/edit_line/field_edits.markdown +++ b/content/reference/promise-types/files/edit_line/field_edits.markdown @@ -32,12 +32,12 @@ bundle agent example "/tmp/passwd" create => "true", - edit_line => SetUserParam("mark","6","/set/this/shell"); + edit_line => set_user_param("mark","6","/set/this/shell"); "/tmp/group" create => "true", - edit_line => AppendUserParam("root","4","@(userset)"); + edit_line => append_user_param("root","4","@(userset)"); } ``` @@ -45,7 +45,7 @@ The promise in this example assumes a parameterizable model for editing the fields of such files. ```cf3 -bundle edit_line SetUserParam(user,field,val) +bundle edit_line set_user_param(user,field,val) { field_edits: @@ -56,7 +56,7 @@ bundle edit_line SetUserParam(user,field,val) edit_field => col(":","$(field)","$(val)","set"); } -bundle edit_line AppendUserParam(user,field,allusers) +bundle edit_line append_user_param(user,field,allusers) { vars: diff --git a/content/reference/promise-types/files/edit_line/insert_lines.markdown b/content/reference/promise-types/files/edit_line/insert_lines.markdown index 082ab5acd..2e164d091 100644 --- a/content/reference/promise-types/files/edit_line/insert_lines.markdown +++ b/content/reference/promise-types/files/edit_line/insert_lines.markdown @@ -497,7 +497,7 @@ exact_match **Example:** ```cf3 -bundle edit_line Insert(service, filename) +bundle edit_line insert_service(service, filename) { insert_lines: diff --git a/content/resources/additional-topics/STIGs.cf b/content/resources/additional-topics/STIGs.cf index b19830faa..f6d03c1a4 100644 --- a/content/resources/additional-topics/STIGs.cf +++ b/content/resources/additional-topics/STIGs.cf @@ -23,16 +23,16 @@ body common control { - bundlesequence => { "STIGs" }; + bundlesequence => { "stigs" }; inputs => { "/var/cfengine/inputs/cfengine_stdlib.cf" }; - host_licenses_paid => "1"; + host_licenses_paid => "1"; } # # STIGs compliance with CFEngine 3 (Nova) # -bundle agent STIGs +bundle agent stigs { vars: @@ -666,15 +666,15 @@ bundle agent STIGs perms => mog("600","root","root"), edit_defaults => empty, edit_line => append_if_no_line("ALL"); - + "/etc/cron.allow" -> { "GEN002960", "GEN002980","GEN003060", "GEN003240" } comment => "CAT II (Previously - G200, G201, G622) UNIX STIG: 3.17.3 Restrictions", handle => "stigs_files_redhat_5_etc_cron_allow", create => "true", perms => mog("600","root","root"), edit_defaults => empty, - edit_line => maintain_cron_allow("@(STIGs.cron_users)"); - + edit_line => maintain_cron_allow("@(stigs.cron_users)"); + "$(cron_dirs)" -> { "GEN003040", "GEN003080" } comment => "CAT II (Previously - G205) UNIX STIG: 3.17.3 Restrictions", handle => "stigs_files_redhat_5_cron_dirs_600", @@ -716,7 +716,7 @@ bundle agent STIGs handle => "stigs_files_redhat_5_etc_at_deny_all_not_root", create => "true", perms => mog("600","root","root"), - edit_line => append_if_no_lines("@(STIGs.at_deny_users)"); + edit_line => append_if_no_lines("@(stigs.at_deny_users)"); "/etc/at.allow" -> { "GEN003320", "GEN003340", "GEN003460" } comment => "CAT II (Previously - G213, G214, G629) UNIX STIG: 3.18.3 Restrictions", @@ -888,8 +888,8 @@ bundle agent STIGs # "/etc/hosts.allow" -> { "GEN006620" } # comment => "CAT II UNIX STIG: 6.6 Access Control Programs and TCP_WRAPPERS", # handle => "stigs_files_redhat_5_etc_hosts_allow", -# edit_line => append_if_no_lines("@(STIGs.hosts_allow)"); - +# edit_line => append_if_no_lines("@(stigs.hosts_allow)"); + # "/etc/hosts.deny" -> { "GEN006620" } # comment => "CAT II UNIX STIG: 6.6 Access Control Programs and TCP_WRAPPERS", # handle => "stigs_files_redhat_5_etc_hosts_deny", From d79e5a85f99b8bbe90fafb195c202c7704c961d1 Mon Sep 17 00:00:00 2001 From: Ole Herman Schumacher Elgesem Date: Fri, 6 Mar 2026 17:38:23 +0100 Subject: [PATCH 2/6] Removed File template examples page Signed-off-by: Ole Herman Schumacher Elgesem --- .../examples/example-snippets/_index.markdown | 1 - .../example-snippets/file-template.markdown | 28 ------------------- .../examples/example-snippets/templating.cf | 8 ------ .../examples/example-snippets/templating_1.cf | 28 ------------------- 4 files changed, 65 deletions(-) delete mode 100644 content/examples/example-snippets/file-template.markdown delete mode 100644 content/examples/example-snippets/templating.cf delete mode 100644 content/examples/example-snippets/templating_1.cf diff --git a/content/examples/example-snippets/_index.markdown b/content/examples/example-snippets/_index.markdown index 01bb0c7bf..865d44755 100644 --- a/content/examples/example-snippets/_index.markdown +++ b/content/examples/example-snippets/_index.markdown @@ -12,7 +12,6 @@ aliases: - [Software administration examples][Software administration examples] - [Commands, scripts, and execution examples][Commands, scripts, and execution examples] - [File and directory examples][File and directory examples] -- [File template examples][File template examples] - [Database examples][Database examples] - [Network examples][Network examples] - [System security examples][System security examples] diff --git a/content/examples/example-snippets/file-template.markdown b/content/examples/example-snippets/file-template.markdown deleted file mode 100644 index 15b2eaf89..000000000 --- a/content/examples/example-snippets/file-template.markdown +++ /dev/null @@ -1,28 +0,0 @@ ---- -layout: default -title: File template examples -sorting: 7 -aliases: - - "/examples-example-snippets-file-template.html" ---- - -- [Templating][File template examples#Templating] - -## Templating - -With CFEngine you have a choice between editing _deltas_ into files or distributing more-or-less finished templates. Which method you should choose depends should be made by whatever is easiest. - - If you are managing only part of the file, and something else (e.g. a package manager) is managing most of it, then it makes sense to use CFEngine file editing. - If you are managing everything in the file, then it makes sense to make the edits by hand and install them using CFEngine. You can use variables within source text files and let CFEngine expand them locally in situ, so that you can make generic templates that apply netwide. - -Example template: - -{{< CFEngine_include_snippet(templating.cf, .* ) >}} - -To copy and expand this template, you can use a pattern like this: - -{{< CFEngine_include_snippet(templating_1.cf, .* ) >}} - -The the following driving code (based on _copy then edit_) can be placed in a library, after configuring to your environmental locations: - -{{< CFEngine_include_snippet(templating_1.cf, .* ) >}} diff --git a/content/examples/example-snippets/templating.cf b/content/examples/example-snippets/templating.cf deleted file mode 100644 index 2c8b7ccbb..000000000 --- a/content/examples/example-snippets/templating.cf +++ /dev/null @@ -1,8 +0,0 @@ -# -# System file X -# - -MYVARIABLE = something or other -HOSTNAME = $(sys.host) # CFEngine fills this in - -# ... diff --git a/content/examples/example-snippets/templating_1.cf b/content/examples/example-snippets/templating_1.cf deleted file mode 100644 index cb3dc38c0..000000000 --- a/content/examples/example-snippets/templating_1.cf +++ /dev/null @@ -1,28 +0,0 @@ -bundle agent get_template(final_destination,mode) -{ - vars: - - # This needs to ne preconfigured to your site - - "masterfiles" string => "/home/mark/tmp"; - "this_template" string => lastnode("$(final_destination)","/"); - - files: - - "$(final_destination).staging" - - comment => "Get template and expand variables for this host", - perms => mo("400","root"), - copy_from => remote_cp("$(masterfiles)/templates/$(this_template)","$(policy_server)"), - action => if_elapsed("60"); - - - "$(final_destination)" - - comment => "Expand the template", - create => "true", - edit_line => expand_template("$(final_destination).staging"), - edit_defaults => empty, - perms => mo("$(mode)","root"), - action => if_elapsed("60"); -} From 12c0028420b1760ac03d5dc3d826a7f45ebe7bcc Mon Sep 17 00:00:00 2001 From: Ole Herman Schumacher Elgesem Date: Fri, 6 Mar 2026 17:43:53 +0100 Subject: [PATCH 3/6] Removed nonsense templating example Signed-off-by: Ole Herman Schumacher Elgesem --- .../example-snippets/macro_template_1.cf | 46 ------------------- .../example-snippets/system-file.markdown | 4 -- 2 files changed, 50 deletions(-) delete mode 100644 content/examples/example-snippets/macro_template_1.cf diff --git a/content/examples/example-snippets/macro_template_1.cf b/content/examples/example-snippets/macro_template_1.cf deleted file mode 100644 index aff4e3643..000000000 --- a/content/examples/example-snippets/macro_template_1.cf +++ /dev/null @@ -1,46 +0,0 @@ -bundle agent hand_edited_template -{ - vars: - - "masterfiles" string => "/mysite/masterfiles"; - "policy_server" string => "policy_host.domain.tld"; - - files: - - "/etc/hosts" - comment => "Synchronize hosts with a hand-edited template in svn", - perms => m("644"), - create => "true", - edit_line => expand_template("$(masterfiles)/trunk/hosts_master"), - edit_defaults => empty, - action => if_elapsed("60"); - - commands: - - "/usr/bin/svn update" - comment => "Update the company document repository including manuals to a local copy", - contain => silent_in_dir("$(masterfiles)/trunk"), - if => canonify("$(policy_server)"); - -} -``` -# Syntax: -# -# IP-Address Full-Qualified-Hostname Short-Hostname -# - -127.0.0.1 localhost $(sys.host) -::1 localhost ipv6-localhost ipv6-loopback -fe00::0 ipv6-localnet -ff00::0 ipv6-mcastprefix -ff02::1 ipv6-allnodes -ff02::2 ipv6-allrouters -ff02::3 ipv6-allhosts -10.0.0.100 host1.domain.tld host1 -10.0.0.101 host2.domain.tld host2 -10.0.0.20 host3.domain.tld host3 -10.0.0.21 host4.domain.tld host4 - -# Add below this line - -$(definitions.more_hosts) diff --git a/content/examples/example-snippets/system-file.markdown b/content/examples/example-snippets/system-file.markdown index f80ccd2a3..1208096dd 100644 --- a/content/examples/example-snippets/system-file.markdown +++ b/content/examples/example-snippets/system-file.markdown @@ -51,10 +51,6 @@ The next simplest approach to file management is to add variables to the templat {{< CFEngine_include_snippet(macro_template.cf, .* ) >}} -The macro template file may contain variables, as below, that get expanded by CFEngine. - -{{< CFEngine_include_snippet(macro_template_1.cf, .* ) >}} - ### Custom editing If you do not control the starting state of the file, because it is distributed by an operating system vendor for instance, then editing the final state is the best approach. That way, you will get changes that are made by the vendor, and will ensure your own modifications are kept even when updates arrive. From 22cc9c3b0ed91a00e6c2bd271bf3e6851439657f Mon Sep 17 00:00:00 2001 From: Ole Herman Schumacher Elgesem Date: Fri, 6 Mar 2026 17:48:48 +0100 Subject: [PATCH 4/6] Removed nonsense example for setting up name resolution Signed-off-by: Ole Herman Schumacher Elgesem --- .../set_up_name_resolution_1.cf | 51 ------------------- .../system-administration.markdown | 8 --- 2 files changed, 59 deletions(-) delete mode 100644 content/examples/example-snippets/set_up_name_resolution_1.cf diff --git a/content/examples/example-snippets/set_up_name_resolution_1.cf b/content/examples/example-snippets/set_up_name_resolution_1.cf deleted file mode 100644 index 5c7d36d53..000000000 --- a/content/examples/example-snippets/set_up_name_resolution_1.cf +++ /dev/null @@ -1,51 +0,0 @@ -bundle agent system_files -{ - vars: - "searchlist" string => "iu.hio.no CFEngine.com"; - "nameservers" slist => { - "128.39.89.10", - "128.39.74.16", - "192.168.1.103" - }; - - files: - "$(sys.resolv)" # test on "/tmp/resolv.conf" # - create => "true", - edit_line => doresolv("$(s)","@(this.n)"), - edit_defaults => empty; - # .... - -} -####################################################### - -bundle edit_line doresolv(search,names) -{ - insert_lines: - "search $(search)"; - "nameserver $(names)"; -} -``` -bundle agent system_files -{ - # ... - - files: - "/etc/hosts" - comment => "Add hosts to the /etc/hosts file", - edit_line => fix_etc_hosts; -} -########################################################### - -bundle edit_line fix_etc_hosts -{ - vars: - "names[127.0.0.1]" string => "localhost localhost.CFEngine.com"; - "names[128.39.89.12]" string => "myhost myhost.CFEngine.com"; - "names[128.39.89.13]" string => "otherhost otherhost.CFEngine.com"; - # etc - - "i" slist => getindices("names"); - - insert_lines: - "$(i) $(names[$(i)])"; -} diff --git a/content/examples/example-snippets/system-administration.markdown b/content/examples/example-snippets/system-administration.markdown index e4c61687f..5f7117407 100644 --- a/content/examples/example-snippets/system-administration.markdown +++ b/content/examples/example-snippets/system-administration.markdown @@ -96,14 +96,6 @@ A simple and straightforward approach is to maintain a separate modular bundle f {{< CFEngine_include_snippet(set_up_name_resolution.cf, .* ) >}} -A second approach is to try to conceal the operational details behind a veil of abstraction. - -{{< CFEngine_include_snippet(set_up_name_resolution_1.cf, .* ) >}} - -DNS is not the only name service, of course. Unix has its older /etc/hosts file which can also be managed using file editing. We simply append this to the system_files bundle. - -{{< CFEngine_include_snippet(set_up_name_resolution_1.cf, .* ) >}} - ## Set up sudo Setting up sudo is straightforward, and is best managed by copying trusted files from a repository. From 015319902804ce87a39e09b2ae3edc98cf393366 Mon Sep 17 00:00:00 2001 From: Ole Herman Schumacher Elgesem Date: Fri, 6 Mar 2026 17:57:53 +0100 Subject: [PATCH 5/6] Fixed example for general pattern of bundles Signed-off-by: Ole Herman Schumacher Elgesem --- .../example-snippets/general.markdown | 20 +++++++++---------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/content/examples/example-snippets/general.markdown b/content/examples/example-snippets/general.markdown index d6711a57b..53fc2e003 100644 --- a/content/examples/example-snippets/general.markdown +++ b/content/examples/example-snippets/general.markdown @@ -18,21 +18,19 @@ To get started with CFEngine, you can imagine the following template for enterin ## The general pattern -The general pattern of the syntax is like this (colors in html version: red, CFEngine word; blue, user-defined word): +The general pattern of the syntax is like this: -```cf3 +```cf3 {skip} bundle component name(parameters) { -what_type: - where_when:: - - ## Traditional comment - - "promiser" -> { "promisee1", "promisee2" }, + what_type: + where_when:: + ## Traditional comment + "promiser" -> { "promisee1", "promisee2" }, comment => "The intention ...", - handle => "unique_id_label", - attribute_1 => body_or_value1, - attribute_2 => body_or_value2; + handle => "unique_id_label", + attribute_1 => body_or_value1, + attribute_2 => body_or_value2; } ``` From 08d18c7381a8f8d29e08478838bb2de856135337 Mon Sep 17 00:00:00 2001 From: Ole Herman Schumacher Elgesem Date: Fri, 6 Mar 2026 18:07:04 +0100 Subject: [PATCH 6/6] Made formatting more consistent in defaults docs and skip snippets for linting Signed-off-by: Ole Herman Schumacher Elgesem --- ...ory_remediate_sec_vulnerabilities.markdown | 22 ++--- .../language-concepts/_index.markdown | 11 +-- .../reference/promise-types/defaults.markdown | 89 +++++++++++-------- .../files/edit_line/insert_lines.markdown | 4 +- .../promise-types/guest_environments.markdown | 2 +- .../reference/promise-types/services.markdown | 8 +- 6 files changed, 72 insertions(+), 64 deletions(-) diff --git a/content/examples/tutorials/report_inventory_remediate_sec_vulnerabilities.markdown b/content/examples/tutorials/report_inventory_remediate_sec_vulnerabilities.markdown index 572340494..0913152be 100644 --- a/content/examples/tutorials/report_inventory_remediate_sec_vulnerabilities.markdown +++ b/content/examples/tutorials/report_inventory_remediate_sec_vulnerabilities.markdown @@ -38,8 +38,8 @@ This bundle will check if the host is vulnerable to the CVE, define a class _CVE_2014_6217_ if it is vulnerable and augment Mission Portals Inventory interface in CFEngine Enterprise. -```cf3 {file="inventory_CVE_2014_6271.cf"} -bundle agent inventory_CVE_2014_6271 +```cf3 {file="inventory_cve_2014_6271.cf"} +bundle agent inventory_cve_2014_6271 { meta: "description" string => "Remote exploit vulnerability in bash http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271"; @@ -52,13 +52,13 @@ bundle agent inventory_CVE_2014_6271 "test_result" string => execresult("$(env) x='() { :;}; $(echo) vulnerable' $(bash) -c 'echo testing CVE-2014-6271'", "useshell"); - CVE_2014_6271:: + cve_2014_6271:: "vulnerable" string => "CVE-2014-6271", meta => { "inventory", "attribute_name=Vulnerable CVE(s)" }; classes: - "CVE_2014_6271" + "cve_2014_6271" expression => regcmp( "vulnerable.*", "$(test_result)" ), scope => "namespace", persistence => "10", @@ -70,7 +70,7 @@ bundle agent inventory_CVE_2014_6271 DEBUG|DEBUG_cve_2014_6217:: "Test Result: $(test_result)"; - CVE_2014_6271.(inform_mode|verbose_mode):: + cve_2014_6271.(inform_mode|verbose_mode):: "Tested Vulnerable for CVE-2014-6271: $($(this.bundle)_meta.description)"; } ``` @@ -94,7 +94,7 @@ place the command output into the `test_result` variable. Since we have no classes type promise is evaluated and defines the class `CVE_2014_6271` if the output matches the regular expression `vulnerable.\*`. Finally the reports are evaluated before starting the second pass. If the class `DEBUG` or -`DEBUG_inventory_CVE_2014_6271` is set the test command output will be shown, +`DEBUG_inventory_cve_2014_6271` is set the test command output will be shown, and if the vulnerability is present agent is running in inform or verbose mode message indicating the host is vulnerable along with the description will be output. @@ -112,7 +112,7 @@ is to change `"services_autorun" expression => "!any";` to `"services_autorun" expression => "any";` in `def.cf`. Once you have autorun enabled you need only save the policy into -`services/autorun/inventory_CVE_2014_6271.cf`. +`services/autorun/inventory_cve_2014_6271.cf`. ### Report on affected system inventory @@ -154,10 +154,10 @@ See the dashboard alert in action. Now that we know the extent of exposure lets ensure bash gets updated on some of the affected systems. Save the following policy into -`services/autorun/remediate_CVE_2014_6271.cf` +`services/autorun/remediate_cve_2014_6271.cf` -```cf3 {file="remediate_CVE_2014_6271.cf"} -bundle agent remediate_CVE_2014_6271 +```cf3 {file="remediate_cve_2014_6271.cf"} +bundle agent remediate_cve_2014_6271 { meta: "tags" slist => { "autorun" }; @@ -166,7 +166,7 @@ bundle agent remediate_CVE_2014_6271 "allow_update" or => { "hub", "host001" }; methods: - allow_update.CVE_2014_6271:: + allow_update.cve_2014_6271:: "Upgrade_Bash" usebundle => package_latest("bash"); } diff --git a/content/reference/language-concepts/_index.markdown b/content/reference/language-concepts/_index.markdown index 93980e27a..f1eb8ca95 100644 --- a/content/reference/language-concepts/_index.markdown +++ b/content/reference/language-concepts/_index.markdown @@ -8,15 +8,12 @@ aliases: There is only one grammatical form for statements in the language: -```cf3 +```cf3 {skip} bundle bundle_type name { -promise_type: - - classes:: - - "promiser" -> { "promisee1", "promisee2", "..." } - + promise_type: + classes:: + "promiser" -> { "promisee1", "promisee2", "..." } attribute_1 => value_1, attribute_2 => value_2, # ... diff --git a/content/reference/promise-types/defaults.markdown b/content/reference/promise-types/defaults.markdown index debfbcff9..d133ad130 100644 --- a/content/reference/promise-types/defaults.markdown +++ b/content/reference/promise-types/defaults.markdown @@ -14,74 +14,85 @@ the empty string, they remain as variables for possible future expansion. Some variables might be defined but still contain unresolved variables. To handle this you will need to match the `$(abc)` form of the variables. -```cf3 +```cf3 {skip TODO} body common control { -bundlesequence => { "main" }; + bundlesequence => { "main" }; } bundle agent main { -methods: - - "example" usebundle => test("one","x","","$(four)"); + methods: + "example" + usebundle => test("one","x","","$(four)"); } -bundle agent test(a,b,c,d) +bundle agent test(a, b, c, d) { -defaults: - - "a" string => "default a", if_match_regex => ""; - "b" string => "default b", if_match_regex => "x"; - "c" string => "default c", if_match_regex => ""; - "d" string => "default d", if_match_regex => "\$\([a-zA-Z0-9_.]+\)"; - -reports: - - "a = '$(a)', b = '$(b)', c = '$(c)' d = '$(d)'"; + defaults: + "a" + string => "default a", + if_match_regex => ""; + "b" + string => "default b", + if_match_regex => "x"; + "c" + string => "default c", + if_match_regex => ""; + "d" + string => "default d", + if_match_regex => "\$\([a-zA-Z0-9_.]+\)"; + + reports: + "a = '$(a)', b = '$(b)', c = '$(c)' d = '$(d)'"; } ``` Another example: -```cf3 +```cf3 {skip TODO} bundle agent example { -defaults: - - "X" string => "I am a default value"; - "Y" slist => { "I am a default list item 1", "I am a default list item 2" }; - -methods: - - "example" usebundle => mymethod("","bbb"); - -reports: - - "The default value of X is $(X)"; - "The default value of Y is $(Y)"; + defaults: + "X" + string => "I am a default value"; + "Y" + slist => { + "I am a default list item 1", + "I am a default list item 2", + }; + + methods: + "example" + usebundle => mymethod("","bbb"); + + reports: + "The default value of X is $(X)"; + "The default value of Y is $(Y)"; } ########################################################### -bundle agent mymethod(a,b) +bundle agent mymethod(a, b) { vars: - - "no_return" string => "ok"; # readfile("/dont/exist","123"); + "no_return" + string => "ok"; # readfile("/dont/exist","123"); defaults: - - "a" string => "AAAAAAAAA", if_match_regex => ""; - "b" string => "BBBBBBBBB", if_match_regex => ""; - "no_return" string => "no such file"; + "a" + string => "AAAAAAAAA", + if_match_regex => ""; + "b" + string => "BBBBBBBBB", + if_match_regex => ""; + "no_return" + string => "no such file"; reports: - "The value of a is $(a)"; "The value of b is $(b)"; - "The value of no_return is $(no_return)"; } ``` diff --git a/content/reference/promise-types/files/edit_line/insert_lines.markdown b/content/reference/promise-types/files/edit_line/insert_lines.markdown index 2e164d091..ba7a5b082 100644 --- a/content/reference/promise-types/files/edit_line/insert_lines.markdown +++ b/content/reference/promise-types/files/edit_line/insert_lines.markdown @@ -105,10 +105,10 @@ files: "/home/mark/tmp/file_based_on_template" create => "true", - edit_line => ExpandMeFrom("/tmp/source_template"); + edit_line => expand_me_from("/tmp/source_template"); } -bundle edit_line ExpandMeFrom(template) +bundle edit_line expand_me_from(template) { insert_lines: "$(template)" diff --git a/content/reference/promise-types/guest_environments.markdown b/content/reference/promise-types/guest_environments.markdown index 585ffbd16..7a73687e8 100644 --- a/content/reference/promise-types/guest_environments.markdown +++ b/content/reference/promise-types/guest_environments.markdown @@ -404,7 +404,7 @@ eucalyptus **Example:** -```cf3 +```cf3 {skip TODO} bundle agent my_vm_cloud { guest_environments: diff --git a/content/reference/promise-types/services.markdown b/content/reference/promise-types/services.markdown index 1535542ca..7ed5dd152 100644 --- a/content/reference/promise-types/services.markdown +++ b/content/reference/promise-types/services.markdown @@ -227,10 +227,10 @@ body service_method my_custom_service_method service_bundle => my_custom_service_method_windows( $(this.promiser), $(this.service_policy) ); redhat|centos:: - service_bundle => my_custom_service_method_EL( $(this.promiser), $(this.service_policy) ); + service_bundle => my_custom_service_method_rhel( $(this.promiser), $(this.service_policy) ); debian|ubuntu:: - service_bundle => my_custom_service_method_DEB( $(this.promiser), $(this.service_policy) ); + service_bundle => my_custom_service_method_deb( $(this.promiser), $(this.service_policy) ); } bundle agent my_custom_service_method_windows( service_identifier, desired_service_state ) @@ -238,12 +238,12 @@ bundle agent my_custom_service_method_windows( service_identifier, desired_servi # Specific windows implementation } -bundle agent my_custom_service_method_EL( service_identifier, desired_service_state ) +bundle agent my_custom_service_method_rhel( service_identifier, desired_service_state ) { # Specific Redhat|Centos implementation } -bundle agent my_custom_service_method_DEB( service_identifier, desired_service_state ) +bundle agent my_custom_service_method_deb( service_identifier, desired_service_state ) { # Specific Debian|Ubuntu implementation }