diff --git a/examples/tutorials/deploy_sketch.markdown b/examples/tutorials/deploy_sketch.markdown index 04db5ae0..71f5da38 100644 --- a/examples/tutorials/deploy_sketch.markdown +++ b/examples/tutorials/deploy_sketch.markdown @@ -2,7 +2,7 @@ layout: default title: Configure and Deploy a Policy Using Sketches (Enterprise Only) sorting: 16 -categories: [Examples, Tutorials] +categories: [Examples, Tutorials, Sketches] published: true alias: examples-tutorials-deploy-sketch.html tags: [Examples, Tutorials, Sketch] diff --git a/examples/tutorials/distribute-files-from-a-central-location.markdown b/examples/tutorials/distribute-files-from-a-central-location.markdown index 0351be13..84aa8164 100644 --- a/examples/tutorials/distribute-files-from-a-central-location.markdown +++ b/examples/tutorials/distribute-files-from-a-central-location.markdown @@ -2,7 +2,7 @@ layout: default title: Distribute files from a central location sorting: 10 -categories: [Examples, Tutorials] +categories: [Examples, Tutorials, File Distribution] published: true alias: examples-tutorials-distribute-files-from-a-central-location.html tags: [Examples, Tutorials, file distribution] diff --git a/examples/tutorials/hello_world.markdown b/examples/tutorials/hello_world.markdown index 4d28c187..152cda90 100644 --- a/examples/tutorials/hello_world.markdown +++ b/examples/tutorials/hello_world.markdown @@ -2,7 +2,7 @@ layout: default title: Hello World sorting: 15 -categories: [Examples, Tutorials] +categories: [Examples, Tutorials, Hello World] published: true alias: examples-tutorials-hello-world.html tags: [Examples, Tutorials, hello-world, stand-alone] diff --git a/examples/tutorials/template.markdown b/examples/tutorials/template.markdown index 6b445fe7..2164420e 100644 --- a/examples/tutorials/template.markdown +++ b/examples/tutorials/template.markdown @@ -2,7 +2,7 @@ layout: default title: Template sorting: 15 -categories: [Examples, Tutorials] +categories: [Examples, Tutorials, Template] published: false alias: examples-tutorials-template.html tags: [Examples, Tutorials, Template] diff --git a/overviews.markdown b/overviews.markdown index 76e90988..55c805e0 100644 --- a/overviews.markdown +++ b/overviews.markdown @@ -1,10 +1,10 @@ --- layout: default title: Overviews -categories: [Getting Started, Overviews] +categories: [Overviews] published: true sorting: 30 -alias: getting-started-overviews.html +alias: overviews.html --- Read these overviews to get a good understanding of CFEngine fundamentals. diff --git a/overviews/learning-resources.markdown b/overviews/learning-resources.markdown new file mode 100644 index 00000000..b59a016d --- /dev/null +++ b/overviews/learning-resources.markdown @@ -0,0 +1,9 @@ +--- +layout: default +title: Learning Resources +categories: [Overviews, Learning Resources] +published: true +sorting: 40 +alias: overviews-learning-resources.html +tags: [overviews, learning] +--- diff --git a/overviews/learning-resources/latest-release.markdown b/overviews/learning-resources/latest-release.markdown index 06705b7b..7f447b75 100644 --- a/overviews/learning-resources/latest-release.markdown +++ b/overviews/learning-resources/latest-release.markdown @@ -1,7 +1,7 @@ --- layout: default title: Latest Release -categories: [Overviews,Resources,Latest Release] +categories: [Overviews,Learning Resources,Latest Release] published: true sorting: 60 alias: overviews-resources-latest-release.html diff --git a/overviews/learning-resources/latest-release/known-issues.markdown b/overviews/learning-resources/latest-release/known-issues.markdown index 86cf3b6d..52ab3206 100644 --- a/overviews/learning-resources/latest-release/known-issues.markdown +++ b/overviews/learning-resources/latest-release/known-issues.markdown @@ -2,7 +2,7 @@ layout: default title: Known Issues sorting: 30 -categories: [Overviews,Resources,Latest Release, Known Issues] +categories: [Overviews,Learning Resources,Latest Release, Known Issues] published: true alias: overviews-resources-latest-release-known-issues.html tags: [overviews, releases, latest release, 3.6.0, platforms, versions, known issues] diff --git a/overviews/learning-resources/latest-release/supported-platforms.markdown b/overviews/learning-resources/latest-release/supported-platforms.markdown index 1ed5f4cb..ea147dc4 100644 --- a/overviews/learning-resources/latest-release/supported-platforms.markdown +++ b/overviews/learning-resources/latest-release/supported-platforms.markdown @@ -2,7 +2,7 @@ layout: default title: Supported Platforms and Versions sorting: 40 -categories: [Overviews,Resources,Latest Release,Supported Platforms] +categories: [Overviews,Learning Resources,Latest Release,Supported Platforms] published: true alias: overviews-resources-latest-release-supported-platforms.html tags: [overviews, releases, latest release, 3.6.0, platforms, versions, support] diff --git a/overviews/learning-resources/latest-release/upgrade.markdown b/overviews/learning-resources/latest-release/upgrade.markdown index e594cc7a..458108d9 100644 --- a/overviews/learning-resources/latest-release/upgrade.markdown +++ b/overviews/learning-resources/latest-release/upgrade.markdown @@ -2,7 +2,7 @@ layout: default title: Upgrade Instructions sorting: 50 -categories: [Overviews,Resources,Latest Release, Upgrade] +categories: [Overviews,Learning Resources,Latest Release, Upgrade] published: true alias: overviews-resources-latest-release-upgrade.html tags: [overviews, releases, latest release, 3.6.0, platforms, versions, upgrade] diff --git a/overviews/learning-resources/latest-release/whatsnew.markdown b/overviews/learning-resources/latest-release/whatsnew.markdown index 3572fbe7..02abf3dc 100644 --- a/overviews/learning-resources/latest-release/whatsnew.markdown +++ b/overviews/learning-resources/latest-release/whatsnew.markdown @@ -1,7 +1,7 @@ --- layout: default title: New in CFEngine -categories: [Overviews,Resources,Latest Release, New in CFEngine] +categories: [Overviews,Learning Resources,Latest Release, New in CFEngine] published: true sorting: 10 alias: overviews-resources-latest-release-whats-new.html diff --git a/overviews/learning-resources/learning-tools.markdown b/overviews/learning-resources/learning-tools.markdown index 777dc7dd..e83644d8 100644 --- a/overviews/learning-resources/learning-tools.markdown +++ b/overviews/learning-resources/learning-tools.markdown @@ -1,7 +1,7 @@ --- layout: default title: Learning Tools -categories: [Overviews, Learning Tools] +categories: [Overviews, Learning Resources, Learning Tools] published: true sorting: 40 alias: overviews-learning-tools.html diff --git a/overviews/learning-resources/new-users.markdown b/overviews/learning-resources/new-users.markdown index e5695eee..a26b32e7 100644 --- a/overviews/learning-resources/new-users.markdown +++ b/overviews/learning-resources/new-users.markdown @@ -2,7 +2,7 @@ layout: default title: Up and Running sorting: 13 -categories: [Examples, Tutorials] +categories: [Overviews, Learning Resources, Tutorials] published: true alias: new-users.html tags: [Examples, Tutorials, Community] diff --git a/overviews/learning-resources/support-and-community.markdown b/overviews/learning-resources/support-and-community.markdown index e39840cb..d1f171a4 100644 --- a/overviews/learning-resources/support-and-community.markdown +++ b/overviews/learning-resources/support-and-community.markdown @@ -2,7 +2,7 @@ layout: default title: Support and Community sorting: 50 -categories: [Overviews, Support and Community] +categories: [Overviews, Learning Resources,Support and Community] published: true alias: overviews-support-and-community.html tags: [overviews, support, community, bugs, help] diff --git a/overviews/manuals.markdown b/overviews/manuals.markdown index 9849c04a..f82ad211 100644 --- a/overviews/manuals.markdown +++ b/overviews/manuals.markdown @@ -4,7 +4,7 @@ title: Learning CFEngine categories: [Overviews, Manuals] published: true sorting: 30 -alias: overviews,manuals.html +alias: overviews-manuals.html tags: [overviews, manuals] --- diff --git a/overviews/policy-promises-overview.markdown b/overviews/policy-and-promises-overview.markdown similarity index 98% rename from overviews/policy-promises-overview.markdown rename to overviews/policy-and-promises-overview.markdown index 0b24fbf5..0d022a55 100644 --- a/overviews/policy-promises-overview.markdown +++ b/overviews/policy-and-promises-overview.markdown @@ -1,8 +1,8 @@ --- layout: default -title: Promises Overview +title: Policy and Promises Overview sorting: 100 -categories: [Overviews, Promises Overview] +categories: [Overviews, Policy and Promises Overview] published: true alias: overviews-promises.html tags: [overviews, promises overview] diff --git a/overviews/policy-promises-overview/language-concepts.markdown b/overviews/policy-and-promises-overview/language-concepts.markdown similarity index 92% rename from overviews/policy-promises-overview/language-concepts.markdown rename to overviews/policy-and-promises-overview/language-concepts.markdown index 4330e234..d2f1c14f 100644 --- a/overviews/policy-promises-overview/language-concepts.markdown +++ b/overviews/policy-and-promises-overview/language-concepts.markdown @@ -1,7 +1,7 @@ --- layout: default title: Language Concepts -categories: [Overviews, Language Concepts] +categories: [Overviews, Policy and Promises Overview, Language Concepts] published: true sorting: 40 alias: overviews-language-concepts.html diff --git a/overviews/policy-promises-overview/language-concepts/bodies.markdown b/overviews/policy-and-promises-overview/language-concepts/bodies.markdown similarity index 94% rename from overviews/policy-promises-overview/language-concepts/bodies.markdown rename to overviews/policy-and-promises-overview/language-concepts/bodies.markdown index 1dfacb9c..60258327 100644 --- a/overviews/policy-promises-overview/language-concepts/bodies.markdown +++ b/overviews/policy-and-promises-overview/language-concepts/bodies.markdown @@ -1,7 +1,7 @@ --- layout: default title: Bodies -categories: [Manuals, Language Concepts, Bodies] +categories: [Overviews,Policy and Promises Overview, Language Concepts, Bodies] published: true sorting: 30 alias: manuals-language-concepts-bodies.html diff --git a/overviews/policy-promises-overview/language-concepts/bundles.markdown b/overviews/policy-and-promises-overview/language-concepts/bundles.markdown similarity index 97% rename from overviews/policy-promises-overview/language-concepts/bundles.markdown rename to overviews/policy-and-promises-overview/language-concepts/bundles.markdown index a33eb25a..c7d10caa 100644 --- a/overviews/policy-promises-overview/language-concepts/bundles.markdown +++ b/overviews/policy-and-promises-overview/language-concepts/bundles.markdown @@ -1,7 +1,7 @@ --- layout: default title: Bundles -categories: [Manuals, Language Concepts, Bundles] +categories: [Overviews,Policy and Promises Overview, Language Concepts, Bundles] published: true sorting: 20 alias: manuals-language-concepts-bundles.html diff --git a/overviews/policy-promises-overview/language-concepts/classes.markdown b/overviews/policy-and-promises-overview/language-concepts/classes.markdown similarity index 99% rename from overviews/policy-promises-overview/language-concepts/classes.markdown rename to overviews/policy-and-promises-overview/language-concepts/classes.markdown index eef316d3..030ed90b 100644 --- a/overviews/policy-promises-overview/language-concepts/classes.markdown +++ b/overviews/policy-and-promises-overview/language-concepts/classes.markdown @@ -1,7 +1,7 @@ --- layout: default title: Classes and Decisions -categories: [Manuals, Language Concepts, Classes] +categories: [Overviews,Policy and Promises Overview, Language Concepts, Classes] published: true sorting: 40 alias: manuals-language-concepts-classes.html diff --git a/overviews/policy-promises-overview/language-concepts/loops.markdown b/overviews/policy-and-promises-overview/language-concepts/loops.markdown similarity index 97% rename from overviews/policy-promises-overview/language-concepts/loops.markdown rename to overviews/policy-and-promises-overview/language-concepts/loops.markdown index 2378a780..4a2a14cb 100644 --- a/overviews/policy-promises-overview/language-concepts/loops.markdown +++ b/overviews/policy-and-promises-overview/language-concepts/loops.markdown @@ -1,7 +1,7 @@ --- layout: default title: Loops -categories: [Manuals, Language Concepts, Loops] +categories: [Overviews, Policy and Promises Overview, Language Concepts, Loops] published: true sorting: 70 alias: manuals-language-concepts-loops.html diff --git a/overviews/policy-promises-overview/language-concepts/namespaces.markdown b/overviews/policy-and-promises-overview/language-concepts/namespaces.markdown similarity index 97% rename from overviews/policy-promises-overview/language-concepts/namespaces.markdown rename to overviews/policy-and-promises-overview/language-concepts/namespaces.markdown index 43c2e856..09cbb871 100644 --- a/overviews/policy-promises-overview/language-concepts/namespaces.markdown +++ b/overviews/policy-and-promises-overview/language-concepts/namespaces.markdown @@ -1,7 +1,7 @@ --- layout: default title: Namespaces -categories: [Manuals, Language Concepts, Namespaces] +categories: [Overviews,Policy and Promises Overview, Language Concepts, Namespaces] published: true sorting: 90 alias: manuals-language-concepts-namespaces.html diff --git a/overviews/policy-promises-overview/language-concepts/normal-ordering.markdown b/overviews/policy-and-promises-overview/language-concepts/normal-ordering.markdown similarity index 97% rename from overviews/policy-promises-overview/language-concepts/normal-ordering.markdown rename to overviews/policy-and-promises-overview/language-concepts/normal-ordering.markdown index 4d1f31a0..2f573624 100644 --- a/overviews/policy-promises-overview/language-concepts/normal-ordering.markdown +++ b/overviews/policy-and-promises-overview/language-concepts/normal-ordering.markdown @@ -1,7 +1,7 @@ --- layout: default title: Normal Ordering -categories: [Manuals, Language Concepts, Normal Ordering] +categories: [Overviews,Policy and Promises Overview, Language Concepts, Normal Ordering] published: true sorting: 60 alias: manuals-language-concepts-normal-ordering.html diff --git a/overviews/policy-promises-overview/language-concepts/pattern-matching-and-referencing.markdown b/overviews/policy-and-promises-overview/language-concepts/pattern-matching-and-referencing.markdown similarity index 99% rename from overviews/policy-promises-overview/language-concepts/pattern-matching-and-referencing.markdown rename to overviews/policy-and-promises-overview/language-concepts/pattern-matching-and-referencing.markdown index 5e161863..382cc055 100644 --- a/overviews/policy-promises-overview/language-concepts/pattern-matching-and-referencing.markdown +++ b/overviews/policy-and-promises-overview/language-concepts/pattern-matching-and-referencing.markdown @@ -1,7 +1,7 @@ --- layout: default title: Pattern Matching and Referencing -categories: [Manuals, Language Concepts, Pattern Matching and Referencing] +categories: [Overviews,Policy and Promises Overview, Language Concepts, Pattern Matching and Referencing] published: true sorting: 80 alias: manuals-language-concepts-pattern-matching-and-referencing.html diff --git a/overviews/policy-promises-overview/language-concepts/promises.markdown b/overviews/policy-and-promises-overview/language-concepts/promises.markdown similarity index 98% rename from overviews/policy-promises-overview/language-concepts/promises.markdown rename to overviews/policy-and-promises-overview/language-concepts/promises.markdown index a989b0d8..28fbce67 100644 --- a/overviews/policy-promises-overview/language-concepts/promises.markdown +++ b/overviews/policy-and-promises-overview/language-concepts/promises.markdown @@ -1,7 +1,7 @@ --- layout: default title: Promises -categories: [Manuals, Language Concepts, Promises] +categories: [Overviews,Policy and Promises Overview, Language Concepts, Promises] published: true sorting: 10 alias: manuals-language-concepts-promises.html diff --git a/overviews/policy-promises-overview/language-concepts/variables.markdown b/overviews/policy-and-promises-overview/language-concepts/variables.markdown similarity index 99% rename from overviews/policy-promises-overview/language-concepts/variables.markdown rename to overviews/policy-and-promises-overview/language-concepts/variables.markdown index 2f856edc..3e8c9d04 100644 --- a/overviews/policy-promises-overview/language-concepts/variables.markdown +++ b/overviews/policy-and-promises-overview/language-concepts/variables.markdown @@ -1,7 +1,7 @@ --- layout: default title: Variables -categories: [Manuals, Language Concepts, Variables] +categories: [Overviews,Policy and Promises Overview, Language Concepts, Variables] published: true sorting: 50 alias: manuals-language-concepts-variables.html diff --git a/overviews/policy-promises-overview/writing-policy.markdown b/overviews/policy-and-promises-overview/writing-policy.markdown similarity index 97% rename from overviews/policy-promises-overview/writing-policy.markdown rename to overviews/policy-and-promises-overview/writing-policy.markdown index 8b572822..6180c1e2 100644 --- a/overviews/policy-promises-overview/writing-policy.markdown +++ b/overviews/policy-and-promises-overview/writing-policy.markdown @@ -1,7 +1,7 @@ --- layout: default title: Writing Policy -categories: [Overviews, Writing Policy] +categories: [Overviews, Policy and Promises Overview, Writing Policy] published: true sorting: 50 alias: overviews-writing-policy.html diff --git a/overviews/policy-promises-overview/writing-policy/best-practices.markdown b/overviews/policy-and-promises-overview/writing-policy/best-practices.markdown similarity index 90% rename from overviews/policy-promises-overview/writing-policy/best-practices.markdown rename to overviews/policy-and-promises-overview/writing-policy/best-practices.markdown index 2e4ec34c..7a6ecc1e 100644 --- a/overviews/policy-promises-overview/writing-policy/best-practices.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/best-practices.markdown @@ -1,7 +1,7 @@ --- layout: default title: Best Practices -categories: [Manuals, Writing Policy, Best Practices] +categories: [Overviews, Policy and Promises Overview, Writing Policy, Best Practices] published: true sorting: 15 alias: manuals-writing-policy-best-practices.html diff --git a/overviews/policy-promises-overview/writing-policy/best-practices/bundles-best-practices.markdown b/overviews/policy-and-promises-overview/writing-policy/best-practices/bundles-best-practices.markdown similarity index 97% rename from overviews/policy-promises-overview/writing-policy/best-practices/bundles-best-practices.markdown rename to overviews/policy-and-promises-overview/writing-policy/best-practices/bundles-best-practices.markdown index 8dbb2c82..f94efb59 100644 --- a/overviews/policy-promises-overview/writing-policy/best-practices/bundles-best-practices.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/best-practices/bundles-best-practices.markdown @@ -1,7 +1,7 @@ --- layout: default title: Bundles Best Practices -categories: [Manuals, Writing Policy, Best Practices, Bundles Best +categories: [Overviews, Policy and Promises Overview, Writing Policy, Best Practices, Bundles Best Practices] published: true sorting: 20 diff --git a/overviews/policy-promises-overview/writing-policy/best-practices/configuration-file-structure.markdown b/overviews/policy-and-promises-overview/writing-policy/best-practices/configuration-file-structure.markdown similarity index 97% rename from overviews/policy-promises-overview/writing-policy/best-practices/configuration-file-structure.markdown rename to overviews/policy-and-promises-overview/writing-policy/best-practices/configuration-file-structure.markdown index 4a536246..385118ee 100644 --- a/overviews/policy-promises-overview/writing-policy/best-practices/configuration-file-structure.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/best-practices/configuration-file-structure.markdown @@ -1,7 +1,7 @@ --- layout: default title: Default Configuration File Structure -categories: [Manuals, Writing Policy, Best Practices, Configuration File Structure] +categories: [Overviews, Policy and Promises Overview, Writing Policy, Best Practices, Configuration File Structure] published: true sorting: 40 alias: manuals-writing-policy-configuration-file-structure.html diff --git a/overviews/policy-promises-overview/writing-policy/best-practices/policy-style.markdown b/overviews/policy-and-promises-overview/writing-policy/best-practices/policy-style.markdown similarity index 98% rename from overviews/policy-promises-overview/writing-policy/best-practices/policy-style.markdown rename to overviews/policy-and-promises-overview/writing-policy/best-practices/policy-style.markdown index 871e3a52..8973a357 100644 --- a/overviews/policy-promises-overview/writing-policy/best-practices/policy-style.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/best-practices/policy-style.markdown @@ -1,7 +1,7 @@ --- layout: default title: Policy Style Guide -categories: [Manuals, Writing Policy, Best Practices, Policy Style Guide] +categories: [Overviews, Policy and Promises Overview, Writing Policy, Best Practices, Policy Style Guide] published: true sorting: 10 alias: manuals-writing-policy-policy-style-guide.html diff --git a/overviews/policy-promises-overview/writing-policy/best-practices/testing_non_privelegded_user.markdown b/overviews/policy-and-promises-overview/writing-policy/best-practices/testing_non_privelegded_user.markdown similarity index 94% rename from overviews/policy-promises-overview/writing-policy/best-practices/testing_non_privelegded_user.markdown rename to overviews/policy-and-promises-overview/writing-policy/best-practices/testing_non_privelegded_user.markdown index 9398e2db..a50d2a51 100644 --- a/overviews/policy-promises-overview/writing-policy/best-practices/testing_non_privelegded_user.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/best-practices/testing_non_privelegded_user.markdown @@ -1,7 +1,7 @@ --- layout: default title: Testing Policies -categories: [Manuals, Writing Policy, Best Practices, Testing Policies] +categories: [Overviews, Policy and Promises Overview, Writing Policy, Best Practices, Testing Policies] published: true sorting: 50 alias: manuals-writing-policy-testing-policies.html diff --git a/overviews/policy-promises-overview/writing-policy/configure-cfengine.markdown b/overviews/policy-and-promises-overview/writing-policy/configure-cfengine.markdown similarity index 82% rename from overviews/policy-promises-overview/writing-policy/configure-cfengine.markdown rename to overviews/policy-and-promises-overview/writing-policy/configure-cfengine.markdown index 9a175b6f..e737ab6e 100644 --- a/overviews/policy-promises-overview/writing-policy/configure-cfengine.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/configure-cfengine.markdown @@ -1,7 +1,7 @@ --- layout: default title: Configure CFEngine -categories: [Manuals, Writing Policy, Configure CFEngine] +categories: [Overviews, Policy and Promises Overview, Writing Policy, Configure CFEngine] published: true sorting: 30 alias: manuals-writing-policy-configure-cfengine.html diff --git a/overviews/policy-promises-overview/writing-policy/configure-cfengine/controlling-frequency.markdown b/overviews/policy-and-promises-overview/writing-policy/configure-cfengine/controlling-frequency.markdown similarity index 95% rename from overviews/policy-promises-overview/writing-policy/configure-cfengine/controlling-frequency.markdown rename to overviews/policy-and-promises-overview/writing-policy/configure-cfengine/controlling-frequency.markdown index e80b93b8..f85afe6f 100644 --- a/overviews/policy-promises-overview/writing-policy/configure-cfengine/controlling-frequency.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/configure-cfengine/controlling-frequency.markdown @@ -1,7 +1,7 @@ --- layout: default title: Controlling Frequency -categories: [Manuals, Writing Policy, Configure CFEngine, Controlling Frequency] +categories: [Overviews, Policy and Promises Overview, Writing Policy, Configure CFEngine, Controlling Frequency] published: true sorting: 20 alias: manuals-writing-policy-controlling-frequency.html diff --git a/overviews/policy-promises-overview/writing-policy/configure-cfengine/version-control.markdown b/overviews/policy-and-promises-overview/writing-policy/configure-cfengine/version-control.markdown similarity index 97% rename from overviews/policy-promises-overview/writing-policy/configure-cfengine/version-control.markdown rename to overviews/policy-and-promises-overview/writing-policy/configure-cfengine/version-control.markdown index 3ca40047..946d4630 100644 --- a/overviews/policy-promises-overview/writing-policy/configure-cfengine/version-control.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/configure-cfengine/version-control.markdown @@ -1,7 +1,7 @@ --- layout: default title: Version Control -categories: [Manuals, Writing Policy, Configure CFEngine, Version Control] +categories: [Overviews, Policy and Promises Overview, Writing Policy, Configure CFEngine, Version Control] published: true sorting: 40 alias: manuals-writing-policy-version-control.html diff --git a/overviews/policy-promises-overview/writing-policy/policy-concepts.markdown b/overviews/policy-and-promises-overview/writing-policy/policy-concepts.markdown similarity index 84% rename from overviews/policy-promises-overview/writing-policy/policy-concepts.markdown rename to overviews/policy-and-promises-overview/writing-policy/policy-concepts.markdown index c59b2a58..839274d5 100644 --- a/overviews/policy-promises-overview/writing-policy/policy-concepts.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/policy-concepts.markdown @@ -1,7 +1,7 @@ --- layout: default title: Policy Concepts -categories: [Manuals, Writing Policy, Policy Concepts] +categories: [Overviews, Policy and Promises Overview, Writing Policy, Policy Concepts] published: true sorting: 20 alias: manuals-writing-policy-policy-concepts.html diff --git a/overviews/policy-promises-overview/writing-policy/policy-concepts/policy-framework.markdown b/overviews/policy-and-promises-overview/writing-policy/policy-concepts/policy-framework.markdown similarity index 98% rename from overviews/policy-promises-overview/writing-policy/policy-concepts/policy-framework.markdown rename to overviews/policy-and-promises-overview/writing-policy/policy-concepts/policy-framework.markdown index 8ff16eb6..9f6c342f 100644 --- a/overviews/policy-promises-overview/writing-policy/policy-concepts/policy-framework.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/policy-concepts/policy-framework.markdown @@ -1,7 +1,7 @@ --- layout: default title: Policy Framework -categories: [Manuals, Writing Policy, Policy Concepts, Policy Framework] +categories: [Overviews, Policy and Promises Overview, Writing Policy, Policy Concepts, Policy Framework] published: true sorting: 20 alias: manuals-writing-policy-policy-framework.html diff --git a/overviews/reports/command-line-reports.markdown b/overviews/reports/command-line-reports.markdown index b2ef4618..1bda78fc 100644 --- a/overviews/reports/command-line-reports.markdown +++ b/overviews/reports/command-line-reports.markdown @@ -1,7 +1,7 @@ --- layout: default title: Command-Line Reports -categories: [Manuals, Reports, Command-Line Reports] +categories: [Overviews, Reports, Command-Line Reports] published: true sorting: 60 alias: manuals-reports-command-line.html diff --git a/overviews/reports/enterprise-reporting.markdown b/overviews/reports/enterprise-reporting.markdown index 6651ead7..43940786 100644 --- a/overviews/reports/enterprise-reporting.markdown +++ b/overviews/reports/enterprise-reporting.markdown @@ -1,7 +1,7 @@ --- layout: default -title: Enterprise Report API -categories: [Manuals, Reports, Enterprise Report API] +title: Enterprise Reporting +categories: [Overviews, Reports, Enterprise Reporting] published: true sorting: 20 alias: manuals-enterprise-reporting.html diff --git a/overviews/reports/enterprise-reporting/multi-site-queries.markdown b/overviews/reports/enterprise-reporting/multi-site-queries.markdown index 6aa937a8..d310616a 100644 --- a/overviews/reports/enterprise-reporting/multi-site-queries.markdown +++ b/overviews/reports/enterprise-reporting/multi-site-queries.markdown @@ -1,7 +1,7 @@ --- layout: default title: Multi-Site Queries -categories: [Manuals, Reports, Enterprise Report API, Multi-Site Queries] +categories: [Overviews, Reports, Enterprise Reporting, Multi-Site Queries] published: true sorting: 40 alias: manuals-enterprise-reporting-multi-site-queries.html diff --git a/overviews/reports/enterprise-reporting/porting-guide.markdown b/overviews/reports/enterprise-reporting/porting-guide.markdown index 2afafa18..673b2b58 100644 --- a/overviews/reports/enterprise-reporting/porting-guide.markdown +++ b/overviews/reports/enterprise-reporting/porting-guide.markdown @@ -1,7 +1,7 @@ --- layout: default title: API Porting Guide -categories: [Manuals, Enterprise API, Porting Guide] +categories: [Overviews, Reports, Enterprise Reporting, Porting Guide] published: true sorting: 90 alias: manuals-enterprise-reporting-porting-guide.html diff --git a/overviews/reports/enterprise-reporting/reporting-architecture.markdown b/overviews/reports/enterprise-reporting/reporting-architecture.markdown index dff18f9d..e5566c9e 100644 --- a/overviews/reports/enterprise-reporting/reporting-architecture.markdown +++ b/overviews/reports/enterprise-reporting/reporting-architecture.markdown @@ -1,7 +1,7 @@ --- layout: default title: Reporting Architecture -categories: [Manuals, Reports, Enterprise Report API, Architecture] +categories: [Overviews, Reports, Enterprise Reporting, Architecture] published: true sorting: 10 alias: manuals-enterprise-reporting-architecture.html diff --git a/overviews/reports/enterprise-reporting/sql-queries.markdown b/overviews/reports/enterprise-reporting/sql-queries.markdown index b316f6a6..1bb9a527 100644 --- a/overviews/reports/enterprise-reporting/sql-queries.markdown +++ b/overviews/reports/enterprise-reporting/sql-queries.markdown @@ -1,7 +1,7 @@ --- layout: default title: SQL Queries -categories: [Manuals, Reports, Enterprise Report API, SQL Queries] +categories: [Overviews, Reports, Enterprise Reporting, SQL Queries] published: true sorting: 30 alias: manuals-enterprise-reporting-sql-queries.html diff --git a/overviews/reports/enterprise-reporting/troubleshooting.markdown b/overviews/reports/enterprise-reporting/troubleshooting.markdown index a82ff89e..fc70ab16 100644 --- a/overviews/reports/enterprise-reporting/troubleshooting.markdown +++ b/overviews/reports/enterprise-reporting/troubleshooting.markdown @@ -1,7 +1,7 @@ --- layout: default title: Troubleshooting -categories: [Manuals, Enterprise API, Troubleshooting] +categories: [Overviews, Reports, Enterprise Reporting, Troubleshooting] published: true sorting: 100 alias: manuals-enterprise-reporting-troubleshooting.html diff --git a/overviews/reports/monitoring-reporting.markdown b/overviews/reports/monitoring-reporting.markdown index f3656e71..2298cd06 100644 --- a/overviews/reports/monitoring-reporting.markdown +++ b/overviews/reports/monitoring-reporting.markdown @@ -1,7 +1,7 @@ --- layout: default title: Monitoring and Reporting -categories: [Manuals, Reports, Monitoring and Reporting] +categories: [Overviews, Reports, Monitoring and Reporting] published: true sorting: 10 alias: manuals-reports-monitoring.html diff --git a/overviews/system-overview/architecture.markdown b/overviews/system-overview/architecture.markdown index 7a24e5ca..052cd631 100644 --- a/overviews/system-overview/architecture.markdown +++ b/overviews/system-overview/architecture.markdown @@ -1,7 +1,7 @@ --- layout: default title: Architecture -categories: [Getting Started, Concepts, Architecture] +categories: [Overviews, System Overview, Architecture] published: true sorting: 20 alias: manuals-architecture.html diff --git a/overviews/system-overview/components.markdown b/overviews/system-overview/components.markdown index 37eb6155..cae3caf1 100644 --- a/overviews/system-overview/components.markdown +++ b/overviews/system-overview/components.markdown @@ -1,7 +1,7 @@ --- layout: default title: The CFEngine Components -categories: [Getting Started, Concepts, The CFEngine Components] +categories: [Overviews, System Overview, The CFEngine Components] published: true sorting: 30 alias: manuals-components.html @@ -21,11 +21,6 @@ upon them, and report status to a central server. ![Components overview](components-overview.png) -## The Working Directory - -The CFEngine application is fully contained within the `/var/cfengine` -directory tree. - ### Core Components The CFEngine software components exist in `/var/cfengine/bin`. @@ -74,205 +69,6 @@ if their existing policy includes that they check for updates. Privileges can be granted to users to provide a kind of Role Based Access Control (RBAC) to certain parts of the existing policy. -### Policy files - -* `/var/cfengine/masterfiles` - -Policy repository which grants access to local or bootstrapped CFEngine -clients when they need to update their policies. Policies obtained from -`/var/cfengine/masterfiles` are then cached in `/var/cfengine/inputs` for -local policy execution. The `cf-agent` executable does not execute policies -directly from this repository. - -* `/var/cfengine/inputs` - -Cached policy repository on each CFEngine client. When `cf-agent` is -invoked by `cf-execd`, it reads only from this directory. - -* `/var/cfengine/modules` - -Location of scripts used in `commands` promises. - -### Output Directories - -* `/var/cfengine/outputs` - -Directory where `cf-agent` creates its output files. The outputs directory is -a record of spooled run-reports. These are often mailed to the administrator -by `cf-execd`, or can be copied to another central location and viewed in an -alternative browser. However, not all hosts have an email capability or are -online, so the reports are kept here. - -* `/var/cfengine/reports` - -Directory used to store reports. Reports are not tidied automatically, so you -should delete these files after a time to avoid a build up. - -* `/var/cfengine/ppkeys` - -Directory used to store encrypted public/private keys for CFEngine -client/server network communications. - -* `/var/cfengine/state` - -State data such as current process identifiers of running processes, -persistent classes and other cached data. - -* `/var/cfengine/lastseen` - -Log data for incoming and outgoing connections. - -## Logs and Records - -On hosts, CFEngine writes numerous logs and records to its private workspace. - -[CFEngine Enterprise][Enterprise Report API] provides solutions -for centralization and network-wide reporting at an arbitrary scale. - -### Embedded Databases - -Their file extensions will vary based on which library is used to -implement them: either Tokyo Cabinet (`.tcdb`) or Quick Database Manager -(`.qdbm`). - -* `cf_lastseen.tcdb` - -A database of hosts that last contacted this host, or were contacted by -this host, and includes the times at which they were last observed. - -* `cf_classes.tcdb` - -A database of classes that have been defined on the current host, -including their relative frequencies, scaled like a probability. - -* `cf_variables.tcdb` - -A database of variables (name and value) that were defined on the -current host during the last run, including relative frequencies. - -* `checksum_digests.tcdb` - -The database of hash values used in CFEngine's change management -functions. - -* `performance.tcdb` - -A database of last, average and deviation times of jobs recorded by -`cf-agent`. Most promises take an immeasurably short time to check, but -longer tasks such as command execution and file copying are measured by -default. Other checks can be instrumented by setting a -`measurement_class` in the `action` body of a promise. - -* `stats.tcdb` - -A database of external file attributes for change management -functionality. - -* `state/cf_lock.tcdb` - -A database of active and inactive locks and their expiry times. Deleting -this database will reset all lock protections in CFEngine. - -* `state/history.tcdb` - -CFEngine Enterprise maintains this long-term trend database. - -* `state/cf_observations.tcdb` - -This database contains the current state of the observational history of -the host as recorded by `cf-monitord`. - -* `state/promise_compliance.tcdb` - -CFEngine Enterprise database of individual promise -compliance history. The database is approximate because promise -references can change as policy is edited. It quickly approaches -accuracy as a policy goes unchanged for more than a day. - -* `state/cf_state.tcdb` - -A database of persistent classes active on this current host. - -* `state/nova_measures.tcdb` - -CFEngine Enterprise database of custom measurements. - -* `state/nova_static.tcdb` - -CFEngine Enterprise database of static system discovery data. - -### Text logs - -* `promise_summary.log` - -A time-stamped log of the percentage fraction of promises kept after -each run. - -* `cf3.HOSTNAME.runlog` - -A time-stamped log of when each lock was released. This shows the last -time each individual promise was verified. - -* `cfagent.HOSTNAME.log` - -Although ambiguously named (for historical reasons) this log contains -the current list of setuid/setgid programs observed on the system. -CFEngine warns about new additions to this list. This log has been -deprecated. - -* `cf_value.log` - -A time stamped log of the business value estimated from the execution of -the automation system. - -* `cf_notkept.log` - -In CFEngine Enterprise, a list of promises, with handles and comments, that -were not kept. - -* `cf_repaired.log` - -In CFEngine Enterprise, a list of promises, with handles and comments, that were repaired. - -* `reports/*` - -CFEngine Enterprise uses this directory as a default place for outputting -reports. - -* `state/cf_procs` -A cache of the process table. This is useful for `measurement` promises about processes. - -* `state/cf_rootprocs` -A cache of the process table of processes owned by the root user. This is useful for `measurement` promises about processes. - -* `state/cf_otherprocs` -A cache of the process table for processes not owned by the root user. This is useful for `measurement` promises about processes. - -* `state/file_changes.log` - -A time-stamped log of which files have experienced content changes since -the last observation, as determined by the hashing algorithms in -CFEngine. - -* `state/*_measure.log` - -CFEngine Enterprise maintains user-defined logs based on specifically -promised observations of the system. - -* `state/env_data` - -This file contains a list of currently discovered classes and variable -values that characterize the anomaly alert environment. They are altered -by the monitor daemon. - -* `/var/logs/cfengine-install.log` - -This file contains logs related to the CFEngine package installation. -### Process Information -The CFEngine components keep their current process identifier number in -`pid files' in the work directory. For example: - cf-execd.pid - cf-serverd.pid diff --git a/overviews/system-overview/concepts.markdown b/overviews/system-overview/concepts.markdown index 159711bf..0dd8c639 100644 --- a/overviews/system-overview/concepts.markdown +++ b/overviews/system-overview/concepts.markdown @@ -1,7 +1,7 @@ --- layout: default title: Concepts -categories: [Overviews, Concepts] +categories: [Overviews, System Overview, Concepts] published: true sorting: 30 alias: overviews-concepts.html diff --git a/overviews/system-overview/design-center.markdown b/overviews/system-overview/design-center.markdown index 6486ccb3..8817f7ee 100644 --- a/overviews/system-overview/design-center.markdown +++ b/overviews/system-overview/design-center.markdown @@ -1,7 +1,7 @@ --- layout: default title: Design Center Overview -categories: [Overviews, Design Center Overview] +categories: [Overviews, System Overview, Design Center] published: true sorting: 60 alias: overviews-design-center.html diff --git a/overviews/system-overview/design-center/configure-sketches-community.markdown b/overviews/system-overview/design-center/configure-sketches-community.markdown index 30eae4ce..340941b7 100644 --- a/overviews/system-overview/design-center/configure-sketches-community.markdown +++ b/overviews/system-overview/design-center/configure-sketches-community.markdown @@ -1,7 +1,7 @@ --- layout: default title: Command Line Sketches -categories: [Manuals, Design Center, Sketches Community] +categories: [Overviews, System Overview, Design Center, Sketches Community] published: true sorting: 30 alias: configure-sketches-community.html diff --git a/overviews/system-overview/design-center/configure-sketches-community/design-center-advanced.markdown b/overviews/system-overview/design-center/configure-sketches-community/design-center-advanced.markdown index d103cc28..e3c2f61d 100644 --- a/overviews/system-overview/design-center/configure-sketches-community/design-center-advanced.markdown +++ b/overviews/system-overview/design-center/configure-sketches-community/design-center-advanced.markdown @@ -1,7 +1,7 @@ --- layout: default title: Advanced Walkthrough -categories: [Manuals, Design Center, Sketches Community, Advanced Walkthrough] +categories: [Overviews, System Overview, Design Center, Sketches Community, Advanced Walkthrough] published: true sorting: 10 alias: manuals-design-center-advanced.html diff --git a/overviews/system-overview/design-center/configure-sketches-enterprise.markdown b/overviews/system-overview/design-center/configure-sketches-enterprise.markdown index 5e6bdafe..8dfb44aa 100644 --- a/overviews/system-overview/design-center/configure-sketches-enterprise.markdown +++ b/overviews/system-overview/design-center/configure-sketches-enterprise.markdown @@ -1,7 +1,7 @@ --- layout: default -title: Configure the Design Center App -categories: [Manuals, Design Center, Enterprise Sketches] +title: Enterprise Sketches +categories: [Overviews, System Overview, Design Center, Enterprise Sketches] published: true sorting: 20 alias: configure-sketches-enterprise.html diff --git a/overviews/system-overview/design-center/configure-sketches-enterprise/access-control-mission-portal.markdown b/overviews/system-overview/design-center/configure-sketches-enterprise/access-control-mission-portal.markdown index 68e73773..4f70b60d 100644 --- a/overviews/system-overview/design-center/configure-sketches-enterprise/access-control-mission-portal.markdown +++ b/overviews/system-overview/design-center/configure-sketches-enterprise/access-control-mission-portal.markdown @@ -1,7 +1,7 @@ --- layout: default title: Controlling Access to the Design Center UI -categories: [Manuals, Design Center, Enterprise Sketches, Controlling Access to the Design Center UI] +categories: [Overviews, System Overview, Design Center, Enterprise Sketches, Controlling Access to the Design Center UI] published: true sorting: 20 alias: mission-portal-design-center-access-control.html diff --git a/overviews/system-overview/design-center/configure-sketches-enterprise/enterprise-sketch-flow.markdown b/overviews/system-overview/design-center/configure-sketches-enterprise/enterprise-sketch-flow.markdown index 9a70d418..80987fb5 100644 --- a/overviews/system-overview/design-center/configure-sketches-enterprise/enterprise-sketch-flow.markdown +++ b/overviews/system-overview/design-center/configure-sketches-enterprise/enterprise-sketch-flow.markdown @@ -1,7 +1,7 @@ --- layout: default title: Sketch Flow in CFEngine Enterprise -categories: [Manuals, Design Center, Enterprise Sketches, Sketch Flow in CFEngine Enterprise] +categories: [Overviews, System Overview, Design Center, Enterprise Sketches, Sketch Flow in CFEngine Enterprise] published: true sorting: 40 alias: manuals-design-center-enterprise-sketch-flow.html diff --git a/overviews/system-overview/design-center/configure-sketches-enterprise/integrating-mission-portal-with-git.markdown b/overviews/system-overview/design-center/configure-sketches-enterprise/integrating-mission-portal-with-git.markdown index 546dd194..2a1b0a77 100644 --- a/overviews/system-overview/design-center/configure-sketches-enterprise/integrating-mission-portal-with-git.markdown +++ b/overviews/system-overview/design-center/configure-sketches-enterprise/integrating-mission-portal-with-git.markdown @@ -1,7 +1,7 @@ --- layout: default title: Integrating Mission Portal with git -categories: [Manuals, Design Center, Enterprise Sketches, Integrating Mission Portal with git] +categories: [Overviews, System Overview, Design Center, Enterprise Sketches, Integrating Mission Portal with git] published: true sorting: 10 alias: manuals-design-center-integrating-mission-portal-with-git.html diff --git a/overviews/system-overview/design-center/configure-sketches-enterprise/mission-portal-sketches.markdown b/overviews/system-overview/design-center/configure-sketches-enterprise/mission-portal-sketches.markdown index b5386da0..f79de754 100644 --- a/overviews/system-overview/design-center/configure-sketches-enterprise/mission-portal-sketches.markdown +++ b/overviews/system-overview/design-center/configure-sketches-enterprise/mission-portal-sketches.markdown @@ -1,7 +1,7 @@ --- layout: default title: Sketches Available in the Mission Portal -categories: [Manuals, Design Center, Enterprise Sketches, Sketches Available in the Mission Portal] +categories: [Overviews, System Overview, Design Center, Enterprise Sketches, Sketches Available in the Mission Portal] published: true sorting: 30 alias: mission-portal-design-center-sketches-available.html diff --git a/overviews/system-overview/design-center/design-center-deploy-sketch.markdown b/overviews/system-overview/design-center/design-center-deploy-sketch.markdown index 5c3d30cd..2d3d05aa 100644 --- a/overviews/system-overview/design-center/design-center-deploy-sketch.markdown +++ b/overviews/system-overview/design-center/design-center-deploy-sketch.markdown @@ -1,7 +1,7 @@ --- layout: default title: Deploy your first Policy -categories: [Manuals, Design Center, Deploy Policy] +categories: [Overviews, System Overview, Design Center, Deploy Policy] published: true sorting: 10 alias: design-center-deploy-sketch.html diff --git a/overviews/system-overview/design-center/design-center-write-sketch.markdown b/overviews/system-overview/design-center/design-center-write-sketch.markdown index 78700b75..c90b29d0 100644 --- a/overviews/system-overview/design-center/design-center-write-sketch.markdown +++ b/overviews/system-overview/design-center/design-center-write-sketch.markdown @@ -1,7 +1,7 @@ --- layout: default title: Write a new Sketch -categories: [Manuals, Design Center, Write Sketch] +categories: [Overviews, System Overview, Design Center, Write Sketch] published: true sorting: 40 alias: design-center-write-sketch.html diff --git a/overviews/system-overview/design.markdown b/overviews/system-overview/design.markdown index 3086b12a..0fc58aff 100644 --- a/overviews/system-overview/design.markdown +++ b/overviews/system-overview/design.markdown @@ -1,7 +1,7 @@ --- layout: default title: Design -categories: [Getting Started, Concepts, Design] +categories: [Overviews, System Overview, Design] published: true sorting: 10 alias: manuals-design.html diff --git a/overviews/system-overview/directory-structure.markdown b/overviews/system-overview/directory-structure.markdown new file mode 100644 index 00000000..1b705ba7 --- /dev/null +++ b/overviews/system-overview/directory-structure.markdown @@ -0,0 +1,80 @@ +--- +layout: default +title: CFEngine Directory Structure +categories: [Overviews, System Overview, CFEngine Directory Structure] +published: true +sorting: 30 +alias: overviews-system-directory-structure.html +tags: [overviews, system, system overview, directory structure] +--- + +The CFEngine application is fully contained within the /var/cfengine directory tree. Here is a quick breakdown of the directory structure and some of the files and functions associated with each subdirectory. + +## Components in /var/cfengine/bin ## + +### Agents ### + +* `cf-agent`: Executes the promises.cf file; ensures that all promises are being kept +* `cf-consumer` +* `cf-hub` +* `cf-key` +* `cf-promises`: Verifies CFEngine's configuration syntax +* `cf-runagent`: Contacts a remote system to run cf-agent +* `cf-twin` + +### Daemons ### + +* `cf-execd`: Starts the cf-agent process at a specified time interval. +* `cf-monitord`: Collects system statistics +* `cf-serverd`: Provides network services; used to distribute policy and data files + +See Also: [The CFEngine Components][The CFEngine Components] + +## Sub-Directories in /var/cfengine ## + +[/bin](#/var/cfengine/bin) +* `/cfapache` +* `/config` +* `/design-center` +* `/httpd` +* `/inputs` + +Cached policy repository located on a CFEngine client. The cf-agent executable executes policies from this repository. + +* `/lastseen` +* `/lib` + +Directory to store shared objects and dependencies that are in the bundled packages. + +* `/lib-twin` +* `/masterfiles` + +Policy repository which grants access to local or bootstrapped CFEngine clients when they need to update their policies. Policies obtained from /var/cfengine/masterfiles are then cached in /var/cfengine/inputs for local policy execution. The cf-agent executable does not execute policies directly from this repository. + +* `/master_software_updates` +* `/modules` +* `/outputs` + +Directory where cf-agent creates its output files. + +* `/plugins` +* `/ppkeys` + +Directory used to store encrypted public/private keys for CFEngine client/server network communications. + +* `/reports` + +Directory used to store reports generated by cf-report. + +* `/share` +* `/software_updates` +* `/ssl` +* `/state` + +See Also: [CFEngine Files, Directories and Logs][CFEngine Files, Directories and Logs] + + + + + + diff --git a/overviews/system-overview/discovery.markdown b/overviews/system-overview/discovery.markdown index 3fbcf93b..6b6ecbc5 100644 --- a/overviews/system-overview/discovery.markdown +++ b/overviews/system-overview/discovery.markdown @@ -1,7 +1,7 @@ --- layout: default title: Distributed Discovery -categories: [Getting Started, Concepts, Architecture] +categories: [Overviews, System Overview, Architecture] published: true sorting: 30 alias: manuals-architecture-distributed-discovery.html diff --git a/overviews/system-overview/files-directories-logs.markdown b/overviews/system-overview/files-directories-logs.markdown new file mode 100644 index 00000000..cedb1c7e --- /dev/null +++ b/overviews/system-overview/files-directories-logs.markdown @@ -0,0 +1,324 @@ +--- +layout: default +title: CFEngine Files, Directories and Logs +categories: [Overviews, System Overview, Directories and Logs] +published: true +sorting: 30 +alias: overview-system-files-directories-logs.html +tags: [overviews, system overview, files, directories, logs] +--- + +[Directories in /var/cfengine](#) + [Directories for Policy Files](#) + [Directories for Output](#) + [Other Directories in /var/cfengine](#) +[Log Files in /var/cfengine](#) +[Database Files in /var/cfengine](#) +[Process (AKA PID) Files in /var/cfengine](#) +[Sockets in /var/cfengine](#) +[Datafiles in /var/cfengine](#) +[Binary Files in /var/cfengine](#) +[CFEngine Agents and Daemons in /var/cfengine/bin](#) +[git in /var/cfengine/bin](#) +[Misc. in /var/cfengine/bin](#) +[MongoDB in /var/cfengine/bin](#) +[Postgres in /var/cfengine/bin](#) +[Redis in /var/cfengine/bin](#) + +## Sub-Directories in /var/cfengine ## + +### Directories for Policy Files + +* `/modules` + +Location of scripts used in `commands` promises. + +* `/inputs` + +Cached policy repository on each CFEngine client. When `cf-agent` is +invoked by `cf-execd`, it reads only from this directory. + +* `/masterfiles` + +Policy repository which grants access to local or bootstrapped CFEngine +clients when they need to update their policies. Policies obtained from +`/var/cfengine/masterfiles` are then cached in `/var/cfengine/inputs` for +local policy execution. The `cf-agent` executable does not execute policies +directly from this repository. + +## Output Directories + +* `/var/cfengine/outputs` + +Directory where `cf-agent` creates its output files. The outputs directory is +a record of spooled run-reports. These are often mailed to the administrator +by `cf-execd`, or can be copied to another central location and viewed in an +alternative browser. However, not all hosts have an email capability or are +online, so the reports are kept here. + +* `/var/cfengine/reports` + +Directory used to store reports. Reports are not tidied automatically, so you +should delete these files after a time to avoid a build up. + +* `/var/cfengine/state` + +State data such as current process identifiers of running processes, +persistent classes and other cached data. + +* `/var/cfengine/lastseen` + +Log data for incoming and outgoing connections. + +### Other Sub-directories in /var/cfengine + +[/bin](#/var/cfengine/bin) +* `/cfapache` +* `/config` +* `/design-center` +* `/httpd` +* `/lib` + +Directory to store shared objects and dependencies that are in the bundled packages. + +* `/lib-twin` +* `/master_software_updates` +* `/plugins` +* `/ppkeys` + +Directory used to store encrypted public/private keys for CFEngine +client/server network communications. + +* `/share` +* `/software_updates` +* `/ssl` + +## Log Files in /var/cfengine ## + +On hosts, CFEngine writes numerous logs and records to its private workspace. + +[CFEngine Enterprise][Enterprise Report API] provides solutions +for centralization and network-wide reporting at an arbitrary scale. + +* `cf3.[hostname].runlog` + +A time-stamped log of when each lock was released. This shows the last +time each individual promise was verified. + +* `cfagent.[hostname].log` + +Although ambiguously named (for historical reasons) this log contains +the current list of setuid/setgid programs observed on the system. +CFEngine warns about new additions to this list. This log has been +deprecated. + +* `cf_notkept.log` + +In CFEngine Enterprise, a list of promises, with handles and comments, that +were not kept. + +* `cf_repair.log` + +In CFEngine Enterprise, a list of promises, with handles and comments, that were repaired. + +* `promise_summary.log` + +A time-stamped log of the percentage fraction of promises kept after +each run. + +## Database Files in /var/cfengine ## + +* bundles.lmdb +* `cf_classes.lmdb` + +A database of classes that have been defined on the current host, +including their relative frequencies, scaled like a probability. + +* `cf_lastseen.lmdb` + +A database of hosts that last contacted this host, or were contacted by +this host, and includes the times at which they were last observed. + +* `checksum_digests.lmdb` + +The database of hash values used in CFEngine's change management +functions. + +* `nova_agent_execution.lmdb` +* `nova_track.lmdb` +* `performance.lmdb` + +A database of last, average and deviation times of jobs recorded by +`cf-agent`. Most promises take an immeasurably short time to check, but +longer tasks such as command execution and file copying are measured by +default. Other checks can be instrumented by setting a +`measurement_class` in the `action` body of a promise. + +## Process (AKA PID) Files in /var/cfengine ## + +The CFEngine components keep their current process identifier number in +`pid files' in the work directory. + +* `cf-consumer.pid` +* `cf-execd.pid` +* `cf-hub.pid` +* `cf-monitord.pid` +* `cf-serverd.pid` + +## Sockets in /var/cfengine ## + +* `cf-hub-local` + +## Datafiles in /var/cfengine ## + +* `policy_server.dat` + +IP address of the policy server? + +## Binary Files in /var/cfengine ## + +* `randseed` + +## CFEngine Agents and Daemons in /var/cfengine/bin ## + +* `bin/cf-agent` +* `bin/cf-consumer` +* `bin/cf-execd` +* `bin/cf-hub` +* `bin/cf-key` +* `bin/cf-monitord` +* `bin/cf-promises` +* `bin/cf-runagent` +* `bin/cf-serverd` +* `bin/cf-twin` + +## git in /var/cfengine/bin ## + +* `bin/git` +* `bin/git-cvsserver` +* `bin/gitk` +* `bin/git-receive-pack` +* `bin/git-shell` +* `bin/git-upload-archive` +* `bin/git-upload-pack` + +## Misc. in /var/cfengine/bin ## + +* `bin/curl` +* `bin/lmdump` +* `bin/openssl` +* `bin/rpmvercmp` +* `bin/rsync` +* `bin/runalerts.sh` + +## MongoDB in /var/cfengine/bin ## + +* `bin/bsondump` +* `bin/mdb_copy` +* `bin/mdb_stat` +* `bin/mongo` +* `bin/mongod` +* `bin/mongodump` +* `bin/mongoexport` +* `bin/mongofiles` +* `bin/mongoimport` +* `bin/mongooplog` +* `bin/mongoperf` +* `bin/mongorestore` +* `bin/mongos` +* `bin/mongosniff` +* `bin/mongostat` +* `bin/mongotop` + +## Postgres in /var/cfengine/bin ## + +* `bin/clusterdb` +* `bin/createdb` +* `bin/createlang` +* `bin/createuser` +* `bin/dropdb` +* `bin/droplang` +* `bin/dropuser` +* `bin/initdb` +* `bin/pg_basebackup` +* `bin/pg_config` +* `bin/pg_controldata` +* `bin/pg_ctl` +* `bin/pg_dump` +* `bin/pg_dumpall` +* `bin/pg_isready` +* `bin/pg_receivexlog` +* `bin/pg_resetxlog` +* `bin/pg_restore` +* `bin/postgres` +* `bin/postmaster` +* `bin/psql` +* `bin/reindexdb` +* `bin/vacuumdb` + +## Redis in /var/cfengine/bin ## + +* `bin/redis-benchmark` +* `bin/redis-check-aof` +* `bin/redis-check-dump` +* `bin/redis-cli` +* `bin/redis-server` + + +## Not Verified ## + +* `state/cf_lock.lmdb` + +A database of active and inactive locks and their expiry times. Deleting +this database will reset all lock protections in CFEngine. + +* `state/history.lmdb` + +CFEngine Enterprise maintains this long-term trend database. + +* `state/cf_observations.lmdb` + +This database contains the current state of the observational history of +the host as recorded by `cf-monitord`. + +* `state/cf_state.lmdb` + +A database of persistent classes active on this current host. + +* `state/nova_measures.lmdb` + +CFEngine Enterprise database of custom measurements. + +* `state/nova_static.lmdb` + +CFEngine Enterprise database of static system discovery data. + +* `state/cf_procs` +A cache of the process table. This is useful for `measurement` promises about processes. + +* `state/cf_rootprocs` +A cache of the process table of processes owned by the root user. This is useful for `measurement` promises about processes. + +* `state/cf_otherprocs` +A cache of the process table for processes not owned by the root user. This is useful for `measurement` promises about processes. + +* `state/file_changes.log` + +A time-stamped log of which files have experienced content changes since +the last observation, as determined by the hashing algorithms in +CFEngine. + +* `state/*_measure.log` + +CFEngine Enterprise maintains user-defined logs based on specifically +promised observations of the system. + +* `state/env_data` + +This file contains a list of currently discovered classes and variable +values that characterize the anomaly alert environment. They are altered +by the monitor daemon. + +* `/var/logs/CFEngineHub-Install.log` + +This file contains logs related to the CFEngine package installation. diff --git a/overviews/system-overview/mission-portal-overview.markdown b/overviews/system-overview/mission-portal-overview.markdown index a7cb2def..e303a639 100644 --- a/overviews/system-overview/mission-portal-overview.markdown +++ b/overviews/system-overview/mission-portal-overview.markdown @@ -2,7 +2,7 @@ layout: default title: Mission Portal Overview sorting: 100 -categories: [Overviews, Mission Portal Overview] +categories: [Overviews, System Overview, Mission Portal Overview] published: true alias: overviews-mission-portal.html tags: [overviews, mission portal] diff --git a/overviews/system-overview/mission-portal-overview/mission-portal-alerts-notifications.markdown b/overviews/system-overview/mission-portal-overview/mission-portal-alerts-notifications.markdown index 12846d90..56e3304a 100644 --- a/overviews/system-overview/mission-portal-overview/mission-portal-alerts-notifications.markdown +++ b/overviews/system-overview/mission-portal-overview/mission-portal-alerts-notifications.markdown @@ -2,7 +2,7 @@ layout: default title: Alerts and Notifications in the Mission Portal Dashboard sorting: 100 -categories: [Overviews, Mission Portal Overview, Alerts and Notifications in the Mission Portal Dashboard] +categories: [Overviews, System Overview, Mission Portal Overview, Alerts and Notifications in the Mission Portal Dashboard] published: true alias: overviews-mission-portal-dashboard-alerts-notifications.html tags: [overviews, mission portal, dashboard, alerts, notifications] diff --git a/overviews/system-overview/mission-portal-overview/mission-portal-host-monitoring.markdown b/overviews/system-overview/mission-portal-overview/mission-portal-host-monitoring.markdown index 40867931..cc31add5 100644 --- a/overviews/system-overview/mission-portal-overview/mission-portal-host-monitoring.markdown +++ b/overviews/system-overview/mission-portal-overview/mission-portal-host-monitoring.markdown @@ -2,7 +2,7 @@ layout: default title: Host Monitoring in Mission Portal sorting: 100 -categories: [Overviews, Mission Portal Overview, Host Monitoring in Mission Portal] +categories: [Overviews, System Overview, Mission Portal Overview, Host Monitoring in Mission Portal] published: true alias: overviews-mission-portal-host-monitoring.html tags: [overviews, mission portal, hosts, monitoring, host monitoring] diff --git a/overviews/system-overview/mission-portal-overview/mission-portal-reports.markdown b/overviews/system-overview/mission-portal-overview/mission-portal-reports.markdown index 67a7d0fb..628176f4 100644 --- a/overviews/system-overview/mission-portal-overview/mission-portal-reports.markdown +++ b/overviews/system-overview/mission-portal-overview/mission-portal-reports.markdown @@ -2,7 +2,7 @@ layout: default title: Mission Portal Reports sorting: 100 -categories: [Overviews, Mission Portal Overview, Mission Portal Reports] +categories: [Overviews, System Overview, Mission Portal Overview, Mission Portal Reports] published: true alias: overviews-mission-portal-reports.html tags: [overviews, mission portal, reports, reporting] diff --git a/overviews/system-overview/mission-portal-overview/mission-portal-sketches-in-design-center-app.markdown b/overviews/system-overview/mission-portal-overview/mission-portal-sketches-in-design-center-app.markdown index 64a2531a..53bee6b4 100644 --- a/overviews/system-overview/mission-portal-overview/mission-portal-sketches-in-design-center-app.markdown +++ b/overviews/system-overview/mission-portal-overview/mission-portal-sketches-in-design-center-app.markdown @@ -2,10 +2,11 @@ layout: default title: Using Sketches in Mission Portal's Design Center App sorting: 100 -categories: [Overviews, Mission Portal Overview, Using Sketches in Mission Portal's Design Center App] +categories: [Overviews, System Overview, Mission Portal Overview, Using Sketches in Mission Portal's Design Center App] published: true alias: overviews-mission-portal-design-center-app-sketches.html tags: [overviews, mission portal, sketches, design center, design center app] +--- ## Design Center App ## diff --git a/overviews/system-overview/mission-portal-overview/mission-portal-sqlite-database-schema.markdown b/overviews/system-overview/mission-portal-overview/mission-portal-sqlite-database-schema.markdown index 3e9294d3..a56ce4a1 100644 --- a/overviews/system-overview/mission-portal-overview/mission-portal-sqlite-database-schema.markdown +++ b/overviews/system-overview/mission-portal-overview/mission-portal-sqlite-database-schema.markdown @@ -2,7 +2,7 @@ layout: default title: SQLite Database Schema sorting: 100 -categories: [GOverviews, Mission Portal Overview, SQLite Database Schema] +categories: [Overviews, System Overview, Mission Portal Overview, SQLite Database Schema] published: true alias: overviews-mission-portal-database-schema.html tags: [overviews, mission portal, reports, reporting, database schema] diff --git a/overviews/system-overview/mission-portal-overview/mission-portal-viewing-hosts.markdown b/overviews/system-overview/mission-portal-overview/mission-portal-viewing-hosts.markdown index 4064b9de..558aa696 100644 --- a/overviews/system-overview/mission-portal-overview/mission-portal-viewing-hosts.markdown +++ b/overviews/system-overview/mission-portal-overview/mission-portal-viewing-hosts.markdown @@ -2,7 +2,7 @@ layout: default title: Viewing Hosts in Mission Portal sorting: 100 -categories: [Overviews, Mission Portal Overview, Viewing Hosts in Mission Portal] +categories: [Overviews, System Overview, Mission Portal Overview, Viewing Hosts in Mission Portal] published: true alias: overviews-mission-portal-viewing-hosts.html tags: [overviews, mission portal, hosts] diff --git a/overviews/system-overview/networking.markdown b/overviews/system-overview/networking.markdown index 80d46eee..a0509f95 100644 --- a/overviews/system-overview/networking.markdown +++ b/overviews/system-overview/networking.markdown @@ -1,7 +1,7 @@ --- layout: default title: Networking -categories: [Getting Started, Concepts, Architecture] +categories: [Overviews, System Overview, Architecture] published: true sorting: 10 alias: manuals-architecture-networking.html diff --git a/overviews/system-overview/policy-server-overview.markdown b/overviews/system-overview/policy-server-overview.markdown index e124952f..87ab24a6 100644 --- a/overviews/system-overview/policy-server-overview.markdown +++ b/overviews/system-overview/policy-server-overview.markdown @@ -2,7 +2,7 @@ layout: default title: Policy Server Overview sorting: 100 -categories: [Overviews, Policy Server Overview] +categories: [Overviews, System Overview, Policy Server Overview] published: true alias: overviews-policy-server.html tags: [overviews, system overview, policy server] diff --git a/overviews/system-overview/security-overview.markdown b/overviews/system-overview/security-overview.markdown index b4e9a942..ba2f1596 100644 --- a/overviews/system-overview/security-overview.markdown +++ b/overviews/system-overview/security-overview.markdown @@ -2,7 +2,7 @@ layout: default title: Security Overview sorting: 100 -categories: [Overviews, Security Overview] +categories: [Overviews, System Overview, Security Overview] published: true alias: overviews-security.html tags: [overviews, security overview] diff --git a/overviews/system-overview/workflows.markdown b/overviews/system-overview/workflows.markdown index c353f9cd..475c204b 100644 --- a/overviews/system-overview/workflows.markdown +++ b/overviews/system-overview/workflows.markdown @@ -1,7 +1,7 @@ --- layout: default title: Policy Workflow -categories: [Getting Started, Concepts, Architecture] +categories: [Overviews, System Overview, Architecture] published: true sorting: 20 alias: manuals-architecture-policy-workflow.html diff --git a/reference/components.markdown b/reference/components.markdown index 291b2b3c..edee69a1 100644 --- a/reference/components.markdown +++ b/reference/components.markdown @@ -384,7 +384,19 @@ after which last-seen entries are purged. On native Windows versions of CFEngine (Enterprise), this string is also prefixed messages in the event log. +### protocol_version +**Description:** Defines the protocol to use for all outgoing connections. + +[%CFEngine_promise_attribute(classic)%] + +**Note:** If `protocol_version` is specified in a [`body copy_from`][files#copy_from], +then the value there will override this setting. + +**See also:** [`protocol_version`][files#protocol_version] in +[`body copy_from`][files#copy_from], `allowlegacyconnects` + +**History:** Introduced in CFEngine 3.6.0 ### require_comments diff --git a/reference/components/cf-hub.markdown b/reference/components/cf-hub.markdown index 61cb8204..dbbb5298 100644 --- a/reference/components/cf-hub.markdown +++ b/reference/components/cf-hub.markdown @@ -18,6 +18,10 @@ that have registered a connection with a collocated `cf-serverd` `cf-hub` keeps the promises made in `common`, and is affected by `common` and `hub` control bodies. +`cf-hub` collects data generated from the default run only, what you'd +get if you ran `cf-agent` without specifying a file name. This is to +avoid reporting on data generated by test or extraordinary executions. + ## Command reference [%CFEngine_include_snippet(cf-hub.help, [\s]*--[a-z], ^$)%] diff --git a/reference/components/cf-serverd.markdown b/reference/components/cf-serverd.markdown index b80a941d..1f76b794 100644 --- a/reference/components/cf-serverd.markdown +++ b/reference/components/cf-serverd.markdown @@ -104,6 +104,42 @@ See also the warning about regular expressions in }; ``` +### allowlegacyconnects + +**Description:** List of hosts from which the server accepts connections +that are not using the latest protocol. + +Set this attribute to an empty list to not allow any incoming connections +using legacy protocol versions: + +```cf3 + allowlegacyconnects => { } +``` + +To define subnets or address ranges, use CIDR notation: + +```cf3 + allowlegacyconnects => { "192.168.1.0/24", "192.168.2.123" } +``` + +Absence of this attribute means that connections from all hosts are accepted. + +[%CFEngine_promise_attribute()%] + +**See also:** `protocol_version` + +### allowciphers + +**Description:** List of ciphers the server accepts. + +For a list of possible ciphers, see man page for "openssl ciphers". + +[%CFEngine_promise_attribute(AES256-GCM-SHA384:AES256-SHA)%] + +**See also:** `protocol_version` + +**History:** Introduced in CFEngine 3.6.0 + ### allowusers **Description:** List of usernames who may execute requests from this diff --git a/reference/design-center/sketch.markdown b/reference/design-center/sketch.markdown index 598dae90..303c13b4 100644 --- a/reference/design-center/sketch.markdown +++ b/reference/design-center/sketch.markdown @@ -125,3 +125,25 @@ It may also be beneficial to include extra promises for reporting purposes and prefix their handle with `activation_id`. For example, a promise that will become not kept if a web service goes down will be helpful to detect noncompliance in a sketch that upgrades that web service. + +## Upgrading sketches + +There are three ways to upgrade a Design Center sketch repository. + +### Upgrade a Design Center sketch repository from the Github master branch of Design Center + +`cf-sketch --expert --install-all --repolist=/var/cfengine/design-center/sketches` + +The `installsource` is omitted but defaults to the Github master branch, so the above is equivalent to: + +`cf-sketch --expert --install-all --repolist=/var/cfengine/design-center/sketches --installsource=https://raw.github.com/cfengine/design-center/master/sketches/cfsketches.json` + +### Upgrade a Design Center sketch repository from the Github 3.6.x branch of Design Center + +`cf-sketch --expert --install-all --repolist=/var/cfengine/design-center/sketches --installsource=https://raw.github.com/cfengine/design-center/3.6.x/sketches/cfsketches.json` + +### Upgrade a Design Center sketch repository from your own sketch repository + +You would do this if you maintain sketches for your own organization. + +`cf-sketch --expert --install-all --repolist=/var/cfengine/design-center/sketches --installsource=/myrepo/sketches/cfsketches.json` diff --git a/reference/functions/peerleader.markdown b/reference/functions/peerleader.markdown index 213892d7..7d1c4cff 100644 --- a/reference/functions/peerleader.markdown +++ b/reference/functions/peerleader.markdown @@ -9,20 +9,32 @@ tags: [reference, communication functions, functions, peerleader] [%CFEngine_function_prototype(filename, regex, groupsize)%] -**Description:** Returns the assigned peer-leader of the partition to which the current host belongs. - -This function returns the name of a host that may be considered the -leader of a group of peers of the current host. Peers are defined -according to a list of hosts, provided as a file in `filename`. -This file should contain a list (one per line), possibly with comments -matching the [unanchored][unanchored] regular expression `regex`, of fully -qualified host names. CFEngine breaks this list up into non-overlapping groups -of up to `groupsize`, each of which has a leader that is the first host in the +**Description:** Returns the current host's partition peer leader. + +So given `groupsize` 3 and the file + +``` +a +b +c +# this is a comment d +e +``` + +The peer leader of host `b` will be host `a`. + +Given a list of host names in `filename`, one per line, and excluding +comment lines starting with the [unanchored][unanchored] regular +expression `regex`, CFEngine partitions the host list into groups of +up to `groupsize`. Each group's peer leader is the first host in the group. -The current host should belong to this file if it is expected to interact with -the others. The function returns nothing if the host does not belong to the -list. +The current host (unqualified or fully qualified) should belong to +this file if it is expected to interact with the others. The function +fails otherwise. + +If the current host name (fully qualified or unqualified) is the peer +leader, the string `localhost` is used instead of the host name. [%CFEngine_function_attributes(filename, regex, groupsize)%] diff --git a/reference/functions/peerleaders.markdown b/reference/functions/peerleaders.markdown index 193010e8..b6832345 100644 --- a/reference/functions/peerleaders.markdown +++ b/reference/functions/peerleaders.markdown @@ -9,20 +9,33 @@ tags: [reference, communication functions, functions, peerleaders] [%CFEngine_function_prototype(filename, regex, groupsize)%] -**Description:** Returns a list of peer leaders from the named partitioning. +**Description:** Returns a list of partition peer leaders from a file of host names. -Peers are defined according to a list of hosts, provided in `filename`. This -file should contain a list (one per line), possibly with comments matching the -[unanchored][unanchored] regular expression `regex`, of fully qualified host -names. CFEngine breaks up this list into non-overlapping groups of up to -`groupsize`, each of which has a leader that is the first host in the group. +Given a list of host names in `filename`, one per line, and excluding +comment lines starting with the [unanchored][unanchored] regular +expression `regex`, CFEngine partitions the host list into groups of +up to `groupsize`. Each group's peer leader is the first host in the +group. -The current host does not need to belong to this file. +So given `groupsize` 2 and the file + +``` +a +b +c +# this is a comment d +e +``` + +The peer leaders will be `a` and `c`. + +The current host name does not need to belong to this file. If it's +found (fully qualified or unqualified), the string `localhost` is used +instead of the host name. [%CFEngine_function_attributes(filename, regex, groupsize)%] -An arbitrary limit of 64 is set for `groupsize` to avoid nonsensical -promises. +`groupsize` must be between 2 and 64 to avoid nonsensical promises. **Example:** diff --git a/reference/functions/peers.markdown b/reference/functions/peers.markdown index 21176eae..33556b69 100644 --- a/reference/functions/peers.markdown +++ b/reference/functions/peers.markdown @@ -9,25 +9,33 @@ tags: [reference, communication functions, functions, peers] [%CFEngine_function_prototype(filename, regex, groupsize)%] -**Description:** Returns a list of peers from the partition to which -the current host belongs, excluding the current host. +**Description:** Returns the current host's partition peers (excluding it). -This function returns a list of hostnames that may be considered peers -of the current host. Peers are defined according to a list of hosts, -provided in `filename`. This file should contain a list (one per line), -possible with comments matching the [unanchored][unanchored] regular -expression `regex`, of fully qualified host names. -CFEngine breaks this list up into non-overlapping groups of up to `groupsize`, -each of which has a leader that is the first host in the group. +So given `groupsize` 3 and the file -The current host should belong to this file if it is expected to interact with -the others. The function returns nothing if the current host does not belong -to the list. +``` +a +b +c +# this is a comment d +e +``` + +The peers of host `b` will be `a` and `c`. + +Given a list of host names in `filename`, one per line, and excluding +comment lines starting with the [unanchored][unanchored] regular +expression `regex`, CFEngine partitions the host list into groups of +up to `groupsize`. Each group's peer leader is the first host in the +group. + +The current host (unqualified or fully qualified) should belong to +this file if it is expected to interact with the others. The function +returns an empty list otherwise. [%CFEngine_function_attributes(filename, regex, groupsize)%] -An arbitrary limit of 64 is set for `groupsize` to avoid nonsensical -promises. +`groupsize` must be between 2 and 64 to avoid nonsensical promises. **Example:** diff --git a/reference/promise-types/access.markdown b/reference/promise-types/access.markdown index 2c81ef3b..f2aaf7bf 100644 --- a/reference/promise-types/access.markdown +++ b/reference/promise-types/access.markdown @@ -7,111 +7,182 @@ alias: reference-promise-types-access.html tags: [reference, bundle server, cf-serverd, access, server, promise types, acl, trust, encryption] --- -Access promises are conditional promises made by the server about file -objects. The promise has two consequences. For file copy requests, the -file becomes transferable to the remote client according to the -conditions specified in the server promise; in other words, if the -connection encryption requirements are met, and if the client has been -granted appropriate privileges with `maproot` (like its NFS counterpart) -to be able to see file objects not owned by the server process owner. - -The promise has two mutally exclusive attributes admit and deny. Use of -admit is preferred as mistakes and omissions can easily be made when -excluding from a group. - -When access is granted to a directory, the promise is automatically -given about all of its contents and sub-directories. The access promise -allows overlapping promises to be made, and these are kept on a -first-come-first-served basis. Thus file objects (promisers) should be -listed in order of most-specific file first. In this way, specific -promises will override less specific ones. +Access promises are conditional promises made by resources living on the server. + +The promiser is the name of the resource affected and is interpreted to be a path, unless a +different `resource_type` is specified. Access is then granted to hosts listed in `admit_ips`, +`admit_keys` and `admit_hostnames`, or denied using the counterparts `deny_ips`, `deny_keys` +and `deny_hostnames`. Use of admit to grant on a "need to know" basis is preferred, as mistakes +and omissions can easily be made when excluding from a group. ```cf3 - access: - - "/path/file_object" - - admit = { "hostname", "ipv4_address", "ipv6_address" }; - +bundle server access_rules() +{ +access: + + "/source/directory" + comment => "Access to file transfer", + admit_ips => { "192.168.0.1/24" }; +} ``` - +For file copy requests, the file becomes transferable to the remote client according to the +conditions specified in the access promise. Use `ifencrypted` to grant access only if the +transfer is encrypted, and control with `maproot` (like its NFS counterpart) which hosts +can see file objects not owned by the server process owner. When access is granted to a +directory, the promise is automatically made about all of its contents and sub-directories. -**Example:** +File resources are specified using an absolute filepath, but can set a `shortcut` through +which clients can access the resource using a logical name, without having any detailed +knowledge of the filesystem layout on the server. Specifically in access promises about +files, a special variable context `connection` is available with variables `ip`, `key` +and `hostname`, containing information about the connection through which access is attempted. ```cf3 -body server control -{ -allowconnects => { "127.0.0.1" , "::1" }; -allowallconnects => { "127.0.0.1" , "::1" }; -trustkeysfrom => { "127.0.0.1" , "::1" }; -} + "/var/cfengine/cmdb/$(connection.key).json" + shortcut => "me.json", + admit_keys => { "$(connection.key)" }; +``` -bundle server access_rules() -{ -access: +In this example, requesting the file `me.json` will transfer the file stored on the +server under the name `/var/cfengine/cmdb/SHA=....json` to the requesting host, +where it will be received as `me.json`. +Note that the usage of the `$(connection.*)` variables is strictly +limited to literal strings within the promiser and admit/deny lists; they cannot be +passed to functions or stored in other variables. - "/source/directory" - comment => "Access to file transfer", - admit => { "127.0.0.1" }; +With CFEngine Enteprise, access promises can be made about additional query data for +reporting and orchestration. +```cf3 # Grant orchestration communication "did.*" comment => "Access to class context (enterprise)", resource_type => "context", - admit => { "127.0.0.1" }; + admit_ips => { "127.0.0.1" }; "value of my test_scalar, can expand variables here - $(sys.host)" comment => "Grant access to the string in quotes, by name test_scalar", handle => "test_scalar", resource_type => "literal", - admit => { "127.0.0.1" }; + admit_ips => { "127.0.0.1" }; "XYZ" comment => "Grant access to contents of persistent scalar variable XYZ", resource_type => "variable", - admit => { "127.0.0.1" }; + admit_ips => { "127.0.0.1" }; # Client grants access to CFEngine hub access "delta" comment => "Grant access to cfengine hub to collect report deltas", resource_type => "query", - report_data_select => report_filter, - admit => { "127.0.0.1" }; + report_data_select => default_data_select_host, + admit_ips => { "127.0.0.1" }; "full" comment => "Grant access to cfengine hub to collect full report dump", resource_type => "query", - report_data_select => report_filter, - admit => { "127.0.0.1" }; + report_data_select => default_data_select_host, + admit_ips => { "127.0.0.1" }; policy_hub:: "collect_calls" comment => "Grant access to cfengine client to request the collection of its reports", resource_type => "query", - admit => { "10.1.2.*" }; + admit_ips => { "10.1.2.*" }; } -body report_data_select report_filter -{ - variables_include => { "sys..*", "mon..*" }; - variables_exclude => { "sys.host" }; -} - ``` -Entries may be literal addresses of IPv4 or IPv6, or any name registered -in the POSIX `gethostbyname` service. +Using the built-in `report_data_select` body `default_data_select_host`: + +[%CFEngine_include_snippet(lib/3.6/reports.cf, .+default_data_select_host, \})%] + + +The access promise allows overlapping promises to be made, and these are kept on a +first-come-first-served basis. Thus file objects (promisers) should be +listed in order of most-specific file first. In this way, specific +promises will override less specific ones. **** ## Attributes + +### admit_hostnames + +**Description:** A list of hostnames that should have access to the object. + +[%CFEngine_promise_attribute()%] + +**Note:** The host trying to access the object is identified using a reverse +DNS lookup on the connecting IP. This introduces latency for *every* incoming +connection. Leaving `admit_hostnames` empty and specifying only numeric addresses +in `admit` will avoid this. + +**See also:** `deny_hostnames`, `admit_ips`, `admit_keys` + +**History:** Introduced in CFEngine 3.6.0 + +### admit_ips + +**Description:** A list of IP addresses that should have access to the object. + +Subnets are specified using CIDR notation. + +[%CFEngine_promise_attribute()%] + +**See also:** `deny_ips`, `admit_hostnames`, `admit_keys` + +**History:** Introduced in CFEngine 3.6.0 + +### admit_keys + +**Description:** A list of RSA keys of hosts that should have access to the object. + +[%CFEngine_promise_attribute()%] + +**See also:** `deny_keys`, `admit_hostnames`, `admit_ips` + +**History:** Introduced in CFEngine 3.6.0 + +### deny_hostnames + +**Description:** A list of hostnames that should be denied access to the object. + +This overrides the grants in `admit_hostnames`, `admit_ips` and `admit_keys`. + +[%CFEngine_promise_attribute()%] + +**History:** Introduced in CFEngine 3.6.0 + +### deny_ips + +**Description:** A list of IP addresses that should be denied access to the object. + +Subnets are specified using CIDR notation. + +This overrides the grants in `admit_hostnames`, `admit_ips` and `admit_keys`. + +[%CFEngine_promise_attribute()%] + +**History:** Introduced in CFEngine 3.6.0 + +### deny_keys + +**Description:** A list of RSA keys of hosts that should be denied access to the object. + +This overrides the grants in `admit_hostnames`, `admit_ips` and `admit_keys`. + +[%CFEngine_promise_attribute()%] + +**History:** Introduced in CFEngine 3.6.0 + ### admit **Description:** The `admit` slist contains host names or IP addresses @@ -142,6 +213,7 @@ access: `admit` will be deprecated in CFEngine 3.7 in favor of `admit_ips`, `admit_hostnames`, and `admit_keys`. + ### deny **Description:** The `deny` slist contains host names or IP addresses @@ -171,6 +243,9 @@ access: Only regular expressions or exact matches are allowed in this list, as non-specific matches are too greedy for denial. +`deny` will be deprecated in CFEngine 3.7 in favor of `deny_ips`, +`deny_hostnames`, and `deny_keys`. + ### maproot **Description:** The `maproot` slist contains host names or IP addresses @@ -195,7 +270,7 @@ access: "/home" - admit => { "backup_host.example.org" }, + admit_hostnames => { "backup_host.example.org" }, ifencrypted => "true", # Backup needs to have access to all users @@ -226,7 +301,7 @@ access: "/path/file" - admit => { ".*\.example\.org" }, + admit_hostnames => { ".*\.example\.org" }, ifencrypted => "true"; ``` @@ -235,294 +310,180 @@ access: **This body is only available in CFEngine Enterprise.** -**Description:** The `report_data_select` body restricts access to data -for the specified query types reported to the CFEngine Enterprise Database. +**Description:** The `report_data_select` body restricts which data is included +for "query" resources, and allows filtering of data reported to the CFEngine Enterprise server. -This body template allows users to control the content of reports collected -by the Enterprise Database Server, and allows users to strip unwanted data -(e.g. temporary variables from reporting). +Use this body template to control the content of reports collected by the +CFEngine Enterprise server, and to strip unwanted data (e.g. temporary variables) +from reporting. -Report content can be differentiated between hosts that are controlled -by the class expression on access promiser. +By default, no filtering is applied. If include and exclude rules are combined, then the +exclude statement is applied to the subset from the include statement. -If more than one select statement applies to the same host, all of them are applied. +If more than one report_data_select body applies to the same host, all of them are applied. Usage of this body is only allowed in conjunction with using -`resource_type => "query"`, as this is the resource type that is being affected. +[`resource_type => "query"`](#resource_type), as this is the resource type that is being affected. [%CFEngine_promise_attribute()%] **Example:** ```cf3 - -body report_data_select +body report_data_select report_data { - variables_include => { "sys..*" }; - monitoring_exclude => { ".*" }; + metatags_include => { "inventory", "compliance" }; + promise_handle_exclude => { "_.*" }; + monitoring_exclude => { "mem_.*swap" }; } ``` -**History:** Introduced in Enterprise 3.5.0 - -#### classes_include - -**Description:** The `classes_include` attribute is used to filter content -of the class report collected by Enterprise Hub, to include classes matching -specified regular expressions on the list. - -Only classes matching the specified regular expressions on the list will -be sent back in the report. - -If this attribute is not used, the report content is not reduced. - -[%CFEngine_promise_attribute()%] - **Example:** -```cf3 +Here are the built-in `report_data_select` bodies `default_data_select_host` and `default_data_select_hub`: -body report_data_select -{ - classes_include => { "report_only_my_classes_.*" }; -} -``` - -**History:** Introduced in Enterprise 3.5.0 - -#### classes_exclude +[%CFEngine_include_snippet(lib/3.6/reports.cf, .+default_data_select_host, \})%] -**Description:** The `classes_exclude` attribute is used to filter content -of the class report collected by Enterprise Hub, to exclude classes matching -specified regular expressions on the list. - -If this attribute is used in conjunction with `classes_include` it will -exclude entries from the subset selected by the include expression. - -[%CFEngine_promise_attribute()%] - -**Example:** - -```cf3 - -body report_data_select -{ - classes_exclude => { "my_tmp_class.*" }; -} -``` - -**Notes:** +[%CFEngine_include_snippet(lib/3.6/reports.cf, .+default_data_select_policy_hub, \})%] **History:** Introduced in Enterprise 3.5.0 -#### variables_include +#### metatags_exclude -**Description:** The `variables_include` attribute is used to filter -content of the variables report collected by Enterprise Hub, to contain -only variables matching specified regular expressions on the list. +**Description:** List of [anchored][anchored] regular expressions matching metatags +to exclude from reporting. -If the attribute is not used, the report content is not reduced. +Classes and variables with metatags matching any entry of that list will not be reported +to the CFEngine Enterprise server. + +When combined with `metatags_include`, this list is applied to the selected subset. [%CFEngine_promise_attribute()%] -Regular expressions for this attribute use the form `.`. +**See also:** `metatags_include`, `promise_handle_exclude`, `monitoring_exclude` -**Example:** +**History:** Introduced in CFEngine 3.6.0 -```cf3 +#### metatags_include -body report_data_select -{ - variables_include => { "my_bundle.my_variable_prefix_.*" }; -} -``` - -**History:** Introduced in Enterprise 3.5.0 +**Description:** List of [anchored][anchored] regular expressions matching metatags +to include in reporting. +Classes and variables with metatags matching any entry of that list will be reported +to the CFENgine Enterprise server. -#### variables_exclude - -**Description:** The `variables_exclude` attribute is used to filter -content of the variable report collected by Enterprise Hub, to exclude -variables matching specified regular expression list. +When combined with `metatags_exclude`, the exclude list is applied to the subset from this list. [%CFEngine_promise_attribute()%] -Regular expressions for this attribute use the form `.`. - -**Example:** +**See also:** `metatags_exclude`, `promise_handle_include`, `monitoring_include` -```cf3 - -body report_data_select -{ - variables_exclude => { "my_bundle.tmp_var_test.*" }; -} -``` - -**Notes:** -If this attribute is used in conjunction with `variables_include`, it will -exclude entries from the subset selected by the include expression. - -**History:** Introduced in Enterprise 3.5.0 +**History:** Introduced in CFEngine 3.6.0 -#### promise_notkept_log_include +#### promise_handle_exclude -**Description:** The `promise_notkept_log_include` attribute is used to -filter content of the not kept log report collected by Enterprise Hub, -to contain promise handles matching specified regular expressions on -the list. +**Description:** List of [anchored][anchored] regular expressions matching promise handles +to exclude from reporting. -Only those handles matching the regular expressions on the list will -be sent back in the report. +Information about promises with handles that match any entry in that list will not be reported +to the CFEngine Enterprise server. -If the attribute is not used, the report content will not be reduced. +When combined with `promise_handle_include`, this list is applied to the selected subset. [%CFEngine_promise_attribute()%] -**Example:** - -```cf3 +**See also:** `promise_handle_include`, `metatags_exclude`, `monitoring_exclude` -body report_data_select -{ - promise_notkept_log_include => { "my_none_important_promises_.*" }; -} -``` +**History:** Introduced in CFEngine 3.6.0 -**History:** Introduced in Enterprise 3.5.0 +#### promise_handle_include -#### promise_notkept_log_exclude +**Description:** List of [anchored][anchored] regular expressions matching promise handles +to include in reporting. -**Description:** The `promise_notkept_log_exclude` attribute is used to -filter content of the not kept log report collected by Enterprise Hub, -to exclude promise handles matching specified regular expressions on the -list. +Information about promises with handles that match any entry in that list will be reported +to the CFEngine Enterprise server. -Only those handles matching regular expression on the list will be excluded -from the report. +When combined with `promise_handle_exclude`, the exclude list is applied to the subset from this list. [%CFEngine_promise_attribute()%] -**Example:** - -```cf3 - -body report_data_select -{ - promise_notkept_log_exclude => { "my_tmp_promise_handle.*" }; -} -``` +**See also:** `promise_handle_exclude`, `metatags_include`, `monitoring_include` -**Notes:** If this attribute is used in conjunction with the -`promise_notkept_log_include` attribute, it will exclude entries -from the subset selected by the include expression. +**History:** Introduced in CFEngine 3.6.0 -**History:** Introduced in Enterprise 3.5.0 +#### monitoring_include -#### promise_repaired_log_include +**Description:** List of [anchored][anchored] regular expressions matching monitoring objects +to include in reporting. -**Description:** The `promise_repaired_log_include` attribute is used to -filter content of the repaired log report collected by Enterprise Hub, -to include regular expressions matched on the list. +Monitoring objects with names matching any entry in that list will be reported +to the CFEngine Enterprise server. -Only those handles matching the regular expression on the list will be -sent back in the report. If attribute is not used, the report content -will not be filtered. +When combined with `monitoring_exclude`, the exclude list is applied to the subset from this list. [%CFEngine_promise_attribute()%] -**Example:** - -```cf3 - -body report_data_select -{ - promise_repaired_log_include => { "my_none_important_promises_.*" }; -} -``` +**See also:** `monitoring_exclude`, `promise_handle_include`, `metatags_include` **History:** Introduced in Enterprise 3.5.0 -#### promise_repaired_log_exclude - -**Description:** The `promise_repaired_log_exclude` attribute is used to -filter content of the repaired log report collected by Enterprise Hub, -to exclude promise handles matching regular expression on the list. +#### monitoring_exclude -Only those handles matching regular expression on the list will be excluded -from the report. +**Description:** List of [anchored][anchored] regular expressions matching monitoring objects +to exclude from reporting. -[%CFEngine_promise_attribute()%] +Monitoring objects with names matching any entry in that list will not be reported +to the CFEngine Enterprise server. -**Example:** +When combined with `monitoring_include`, this list is applied to the selected subset. -```cf3 - -body report_data_select -{ - promise_repaired_log_exclude => { "my_tmp_promise_handle.*" }; -} -``` +[%CFEngine_promise_attribute()%] -**Notes:** -If this attribute is used in conjunction with `promise_repaired_log_include`, -it will exclude entries from the subset selected by the include expression. +**See also:** `monitoring_include`, `promise_handle_exclude`, `metatags_exclude` **History:** Introduced in Enterprise 3.5.0 -#### monitoring_include - -**Description:** The `monitoring_include` attribute is used to filter -content of the monitoring report collected by Enterprise Hub, to contain -only observed objects matching regular expressions on the list. - -Only object names matching regular expression on the list will be sent -back in the report. If the attribute is not used, the report content will -not be filtered. +#### classes_include -[%CFEngine_promise_attribute()%] +**Deprecated:** This attribute is deprecated as of CFEngine 3.6.0. It performs no +action and is kept for backwards compatibility. -**Example:** +#### classes_exclude -```cf3 +**Deprecated:** This attribute is deprecated as of CFEngine 3.6.0. It performs no +action and is kept for backwards compatibility. -body report_data_select -{ - monitoring_include => { "mem_.*" }; -} -``` +#### variables_include -**History:** Introduced in Enterprise 3.5.0 +**Deprecated:** This attribute is deprecated as of CFEngine 3.6.0. It performs no +action and is kept for backwards compatibility. -#### monitoring_exclude +#### variables_exclude -**Description:** The `monitoring_exclude` attribute is used to filter -content of the monitoring report collected by Enterprise Hub, to exclude -observed objects matching specified regular expressions on the list. +**Deprecated:** This attribute is deprecated as of CFEngine 3.6.0. It performs no +action and is kept for backwards compatibility. -Only object names matching regular expression list will be excluded from -the report. +#### promise_notkept_log_include -[%CFEngine_promise_attribute()%] +**Deprecated:** This attribute is deprecated as of CFEngine 3.6.0. It performs no +action and is kept for backwards compatibility. -**Example:** +#### promise_notkept_log_exclude -```cf3 +**Deprecated:** This attribute is deprecated as of CFEngine 3.6.0. It performs no +action and is kept for backwards compatibility. -body report_data_select -{ - monitoring_exclude => { "mem_swap", "mem_freeswap" }; -} -``` +#### promise_repaired_log_include -**Notes:** +**Deprecated:** This attribute is deprecated as of CFEngine 3.6.0. It performs no +action and is kept for backwards compatibility. -If this attribute is used in conjunction with `monitoring_include` it will -exclude entries from the subset selected by the include expression. +#### promise_repaired_log_exclude -**History:** Introduced in Enterprise 3.5.0 +**Deprecated:** This attribute is deprecated as of CFEngine 3.6.0. It performs no +action and is kept for backwards compatibility. ### resource_type @@ -585,19 +546,19 @@ access: handle => "test_scalar", comment => "Grant access to contents of test_scalar VAR", resource_type => "literal", - admit => { "127.0.0.1" }; + admit_ips => { "127.0.0.1" }; "XYZ" resource_type => "variable", handle => "XYZ", - admit => { "127.0.0.1" }; + admit_ips => { "127.0.0.1" }; # On the policy hub "collect_calls" resource_type => "query", - admit => { "127.0.0.1" }; + admit_ips => { "127.0.0.1" }; # On the isolated client in the field @@ -605,11 +566,32 @@ access: "delta" comment => "Grant access to cfengine hub to collect report deltas", resource_type => "query", - admit => { "127.0.0.1" }; - "full" + admit_ips => { "127.0.0.1" }; + + "full" comment => "Grant access to cfengine hub to collect full report dump", resource_type => "query", - admit => { "127.0.0.1" }; + admit_ips => { "127.0.0.1" }; } ``` +### shortcut + +**Description:** For file promisers, the server will give access to the file under +its shortcut name. + +[%CFEngine_promise_attribute()%] + +**Example:** + +```cf3 + "/var/cfengine/cmdb/$(connection.key).json" + shortcut => "me.json", + admit_keys => { "$(connection.key)" }; +``` + +In this example, requesting the file `me.json` will transfer the file stored on the +server under the name `/var/cfengine/cmdb/SHA=....json` to the requesting host, +where it will be received as `me.json`. + +**History:** Introduced in CFEngine 3.6.0 diff --git a/reference/promise-types/files.markdown b/reference/promise-types/files.markdown index bc56d72f..0ab79261 100644 --- a/reference/promise-types/files.markdown +++ b/reference/promise-types/files.markdown @@ -1067,6 +1067,20 @@ security contexts. For remote copies, only Unix mode is preserved. **History:** Version 3.1.0b3,Nova 2.0.0b1 (2010) +#### protocol_version + +**Description:** Defines the protocol to use for the outgoing connection in this +copy operation. + +[%CFEngine_promise_attribute(classic)%] + +**Note:** The value here will override the setting from [`body common control`][body common]. + +**See also:** [`protocol_version`][Components and Common Control#protocol_version] in +[`body common`][body common], `allowlegacyconnects` + +**History:** Introduced in CFEngine 3.6.0 + #### purge **Description:** The `purge` menu option policy instructs on whether to purge