From fc050456887ffaceacd7cc176f9ae2eb350160cc Mon Sep 17 00:00:00 2001 From: Ted Zlatanov Date: Mon, 31 Mar 2014 19:52:23 -0400 Subject: [PATCH 01/30] Redmine#4848: fix peers, peerleader, and peerleaders documentation --- reference/functions/peerleader.markdown | 36 ++++++++++++++++-------- reference/functions/peerleaders.markdown | 31 ++++++++++++++------ reference/functions/peers.markdown | 36 +++++++++++++++--------- 3 files changed, 68 insertions(+), 35 deletions(-) diff --git a/reference/functions/peerleader.markdown b/reference/functions/peerleader.markdown index 213892d7..b369e0cb 100644 --- a/reference/functions/peerleader.markdown +++ b/reference/functions/peerleader.markdown @@ -9,20 +9,32 @@ tags: [reference, communication functions, functions, peerleader] [%CFEngine_function_prototype(filename, regex, groupsize)%] -**Description:** Returns the assigned peer-leader of the partition to which the current host belongs. - -This function returns the name of a host that may be considered the -leader of a group of peers of the current host. Peers are defined -according to a list of hosts, provided as a file in `filename`. -This file should contain a list (one per line), possibly with comments -matching the [unanchored][unanchored] regular expression `regex`, of fully -qualified host names. CFEngine breaks this list up into non-overlapping groups -of up to `groupsize`, each of which has a leader that is the first host in the +**Description:** Returns the current hosts's partition's peer leader. + +So given `groupsize` 3 and the file + +``` +a +b +c +# this is a comment d +e +``` + +The peer leader of host `b` will be host `a`. + +Given a list of host names in `filename`, one per line, and excluding +comment lines starting with the [unanchored][unanchored] regular +expression `regex`, CFEngine partitions the host list into groups of +up to `groupsize`. Each group's peer leader is the first host in the group. -The current host should belong to this file if it is expected to interact with -the others. The function returns nothing if the host does not belong to the -list. +The current host (unqualified or fully qualified) should belong to +this file if it is expected to interact with the others. The function +fails otherwise. + +If the current host name (fully qualified or unqualified) is the peer +leader, the string `localhost` is used instead of the host name. [%CFEngine_function_attributes(filename, regex, groupsize)%] diff --git a/reference/functions/peerleaders.markdown b/reference/functions/peerleaders.markdown index 193010e8..b6832345 100644 --- a/reference/functions/peerleaders.markdown +++ b/reference/functions/peerleaders.markdown @@ -9,20 +9,33 @@ tags: [reference, communication functions, functions, peerleaders] [%CFEngine_function_prototype(filename, regex, groupsize)%] -**Description:** Returns a list of peer leaders from the named partitioning. +**Description:** Returns a list of partition peer leaders from a file of host names. -Peers are defined according to a list of hosts, provided in `filename`. This -file should contain a list (one per line), possibly with comments matching the -[unanchored][unanchored] regular expression `regex`, of fully qualified host -names. CFEngine breaks up this list into non-overlapping groups of up to -`groupsize`, each of which has a leader that is the first host in the group. +Given a list of host names in `filename`, one per line, and excluding +comment lines starting with the [unanchored][unanchored] regular +expression `regex`, CFEngine partitions the host list into groups of +up to `groupsize`. Each group's peer leader is the first host in the +group. -The current host does not need to belong to this file. +So given `groupsize` 2 and the file + +``` +a +b +c +# this is a comment d +e +``` + +The peer leaders will be `a` and `c`. + +The current host name does not need to belong to this file. If it's +found (fully qualified or unqualified), the string `localhost` is used +instead of the host name. [%CFEngine_function_attributes(filename, regex, groupsize)%] -An arbitrary limit of 64 is set for `groupsize` to avoid nonsensical -promises. +`groupsize` must be between 2 and 64 to avoid nonsensical promises. **Example:** diff --git a/reference/functions/peers.markdown b/reference/functions/peers.markdown index 21176eae..f8b84106 100644 --- a/reference/functions/peers.markdown +++ b/reference/functions/peers.markdown @@ -9,25 +9,33 @@ tags: [reference, communication functions, functions, peers] [%CFEngine_function_prototype(filename, regex, groupsize)%] -**Description:** Returns a list of peers from the partition to which -the current host belongs, excluding the current host. +**Description:** Returns the current hosts's partition peers (excluding it). -This function returns a list of hostnames that may be considered peers -of the current host. Peers are defined according to a list of hosts, -provided in `filename`. This file should contain a list (one per line), -possible with comments matching the [unanchored][unanchored] regular -expression `regex`, of fully qualified host names. -CFEngine breaks this list up into non-overlapping groups of up to `groupsize`, -each of which has a leader that is the first host in the group. +So given `groupsize` 3 and the file -The current host should belong to this file if it is expected to interact with -the others. The function returns nothing if the current host does not belong -to the list. +``` +a +b +c +# this is a comment d +e +``` + +The peers of host `b` will be `a` and `c`. + +Given a list of host names in `filename`, one per line, and excluding +comment lines starting with the [unanchored][unanchored] regular +expression `regex`, CFEngine partitions the host list into groups of +up to `groupsize`. Each group's peer leader is the first host in the +group. + +The current host (unqualified or fully qualified) should belong to +this file if it is expected to interact with the others. The function +returns an empty list otherwise. [%CFEngine_function_attributes(filename, regex, groupsize)%] -An arbitrary limit of 64 is set for `groupsize` to avoid nonsensical -promises. +`groupsize` must be between 2 and 64 to avoid nonsensical promises. **Example:** From 56e71958097220ddc987a050df294f20b16472be Mon Sep 17 00:00:00 2001 From: KevWright Date: Tue, 1 Apr 2014 12:29:49 +0200 Subject: [PATCH 02/30] Added new content and files to system overview --- overviews/system-overview/components.markdown | 204 ----------------- .../directory-structure.markdown | 42 ++++ .../files-directories-logs.markdown | 212 ++++++++++++++++++ 3 files changed, 254 insertions(+), 204 deletions(-) create mode 100644 overviews/system-overview/directory-structure.markdown create mode 100644 overviews/system-overview/files-directories-logs.markdown diff --git a/overviews/system-overview/components.markdown b/overviews/system-overview/components.markdown index 37eb6155..98d831f5 100644 --- a/overviews/system-overview/components.markdown +++ b/overviews/system-overview/components.markdown @@ -21,11 +21,6 @@ upon them, and report status to a central server. ![Components overview](components-overview.png) -## The Working Directory - -The CFEngine application is fully contained within the `/var/cfengine` -directory tree. - ### Core Components The CFEngine software components exist in `/var/cfengine/bin`. @@ -74,205 +69,6 @@ if their existing policy includes that they check for updates. Privileges can be granted to users to provide a kind of Role Based Access Control (RBAC) to certain parts of the existing policy. -### Policy files - -* `/var/cfengine/masterfiles` - -Policy repository which grants access to local or bootstrapped CFEngine -clients when they need to update their policies. Policies obtained from -`/var/cfengine/masterfiles` are then cached in `/var/cfengine/inputs` for -local policy execution. The `cf-agent` executable does not execute policies -directly from this repository. - -* `/var/cfengine/inputs` - -Cached policy repository on each CFEngine client. When `cf-agent` is -invoked by `cf-execd`, it reads only from this directory. - -* `/var/cfengine/modules` - -Location of scripts used in `commands` promises. - -### Output Directories - -* `/var/cfengine/outputs` - -Directory where `cf-agent` creates its output files. The outputs directory is -a record of spooled run-reports. These are often mailed to the administrator -by `cf-execd`, or can be copied to another central location and viewed in an -alternative browser. However, not all hosts have an email capability or are -online, so the reports are kept here. - -* `/var/cfengine/reports` - -Directory used to store reports. Reports are not tidied automatically, so you -should delete these files after a time to avoid a build up. - -* `/var/cfengine/ppkeys` - -Directory used to store encrypted public/private keys for CFEngine -client/server network communications. - -* `/var/cfengine/state` - -State data such as current process identifiers of running processes, -persistent classes and other cached data. - -* `/var/cfengine/lastseen` - -Log data for incoming and outgoing connections. - -## Logs and Records - -On hosts, CFEngine writes numerous logs and records to its private workspace. - -[CFEngine Enterprise][Enterprise Report API] provides solutions -for centralization and network-wide reporting at an arbitrary scale. - -### Embedded Databases - -Their file extensions will vary based on which library is used to -implement them: either Tokyo Cabinet (`.tcdb`) or Quick Database Manager -(`.qdbm`). - -* `cf_lastseen.tcdb` - -A database of hosts that last contacted this host, or were contacted by -this host, and includes the times at which they were last observed. - -* `cf_classes.tcdb` - -A database of classes that have been defined on the current host, -including their relative frequencies, scaled like a probability. - -* `cf_variables.tcdb` - -A database of variables (name and value) that were defined on the -current host during the last run, including relative frequencies. - -* `checksum_digests.tcdb` - -The database of hash values used in CFEngine's change management -functions. - -* `performance.tcdb` - -A database of last, average and deviation times of jobs recorded by -`cf-agent`. Most promises take an immeasurably short time to check, but -longer tasks such as command execution and file copying are measured by -default. Other checks can be instrumented by setting a -`measurement_class` in the `action` body of a promise. - -* `stats.tcdb` - -A database of external file attributes for change management -functionality. - -* `state/cf_lock.tcdb` - -A database of active and inactive locks and their expiry times. Deleting -this database will reset all lock protections in CFEngine. - -* `state/history.tcdb` - -CFEngine Enterprise maintains this long-term trend database. - -* `state/cf_observations.tcdb` - -This database contains the current state of the observational history of -the host as recorded by `cf-monitord`. - -* `state/promise_compliance.tcdb` - -CFEngine Enterprise database of individual promise -compliance history. The database is approximate because promise -references can change as policy is edited. It quickly approaches -accuracy as a policy goes unchanged for more than a day. - -* `state/cf_state.tcdb` - -A database of persistent classes active on this current host. - -* `state/nova_measures.tcdb` - -CFEngine Enterprise database of custom measurements. - -* `state/nova_static.tcdb` - -CFEngine Enterprise database of static system discovery data. - -### Text logs - -* `promise_summary.log` - -A time-stamped log of the percentage fraction of promises kept after -each run. - -* `cf3.HOSTNAME.runlog` - -A time-stamped log of when each lock was released. This shows the last -time each individual promise was verified. - -* `cfagent.HOSTNAME.log` - -Although ambiguously named (for historical reasons) this log contains -the current list of setuid/setgid programs observed on the system. -CFEngine warns about new additions to this list. This log has been -deprecated. - -* `cf_value.log` - -A time stamped log of the business value estimated from the execution of -the automation system. - -* `cf_notkept.log` - -In CFEngine Enterprise, a list of promises, with handles and comments, that -were not kept. - -* `cf_repaired.log` - -In CFEngine Enterprise, a list of promises, with handles and comments, that were repaired. - -* `reports/*` - -CFEngine Enterprise uses this directory as a default place for outputting -reports. - -* `state/cf_procs` -A cache of the process table. This is useful for `measurement` promises about processes. - -* `state/cf_rootprocs` -A cache of the process table of processes owned by the root user. This is useful for `measurement` promises about processes. - -* `state/cf_otherprocs` -A cache of the process table for processes not owned by the root user. This is useful for `measurement` promises about processes. - -* `state/file_changes.log` - -A time-stamped log of which files have experienced content changes since -the last observation, as determined by the hashing algorithms in -CFEngine. - -* `state/*_measure.log` - -CFEngine Enterprise maintains user-defined logs based on specifically -promised observations of the system. - -* `state/env_data` - -This file contains a list of currently discovered classes and variable -values that characterize the anomaly alert environment. They are altered -by the monitor daemon. - -* `/var/logs/cfengine-install.log` - -This file contains logs related to the CFEngine package installation. -### Process Information -The CFEngine components keep their current process identifier number in -`pid files' in the work directory. For example: - cf-execd.pid - cf-serverd.pid diff --git a/overviews/system-overview/directory-structure.markdown b/overviews/system-overview/directory-structure.markdown new file mode 100644 index 00000000..0a629a0f --- /dev/null +++ b/overviews/system-overview/directory-structure.markdown @@ -0,0 +1,42 @@ +--- +layout: default +title: CFEngine Directory Structure +categories: [Overviews, System Overview, CFEngine Directory Structure] +published: true +sorting: 30 +alias: overviews-system-directory-structure.html +tags: [overviews, system, system overview, directory structure] +--- + +The CFEngine application is fully contained within the /var/cfengine directory tree. Here is a quick breakdown of the directory structure and some of the files and functions associated with each subdirectory. + +## Components ## + +/var/cfengine/bin - Consists of the agents and daemons that run CFEngine, including: + +cf-agent - Agent: Executes the promises.cf file; ensures that all promises are being kept +cf-execd - Daemon: Starts the cf-agent process at a specified time interval. +cf-serverd - Daemon: Provides network services; used to distribute policy and data files +cf-monitord - Daemon: Collects system statistics +cf-promises - Agent: Verifies CFEngine's configuration syntax +cf-runagent - Agent: Contacts a remote system to run cf-agent +cf-report - Agent: Extracts and presents report data in HTML,XML or graph formats + +See Also: [The CFEngine Components][The CFEngine Components] + +## Directories ## + +```/var/cfengine/masterfiles``` + Policy repository which grants access to local or bootstrapped CFEngine clients when they need to update their policies. Policies obtained from /var/cfengine/masterfiles are then cached in /var/cfengine/inputs for local policy execution. The cf-agent executable does not execute policies directly from this repository. +```/var/cfengine/inputs``` + Cached policy repository located on a CFEngine client. The cf-agent executable executes policies from this repository. +```/var/cfengine/outputs``` + Directory where cf-agent creates its output files. +```/var/cfengine/ppkeys``` + Directory used to store encrypted public/private keys for CFEngine client/server network communications. +```/var/cfengine/reports``` + Directory used to store reports generated by cf-report . +```/var/cfengine/lib``` + Directory to store shared objects and dependencies that are in the bundled packages. + +See Also: [CFEngine Files, Directories and Logs][CFEngine Files, Directories and Logs] diff --git a/overviews/system-overview/files-directories-logs.markdown b/overviews/system-overview/files-directories-logs.markdown new file mode 100644 index 00000000..da2ae347 --- /dev/null +++ b/overviews/system-overview/files-directories-logs.markdown @@ -0,0 +1,212 @@ +--- +layout: default +title: CFEngine Files, Directories and Logs +categories: [Getting Started, Concepts, CFEngine Files, Directories and Logs] +published: true +sorting: 30 +alias: overview-system-files-directories-logs.html +tags: [overviews, system overview, files, directories, logs] +--- + +## Policy files + +* `/var/cfengine/masterfiles` + +Policy repository which grants access to local or bootstrapped CFEngine +clients when they need to update their policies. Policies obtained from +`/var/cfengine/masterfiles` are then cached in `/var/cfengine/inputs` for +local policy execution. The `cf-agent` executable does not execute policies +directly from this repository. + +* `/var/cfengine/inputs` + +Cached policy repository on each CFEngine client. When `cf-agent` is +invoked by `cf-execd`, it reads only from this directory. + +* `/var/cfengine/modules` + +Location of scripts used in `commands` promises. + +## Output Directories + +* `/var/cfengine/outputs` + +Directory where `cf-agent` creates its output files. The outputs directory is +a record of spooled run-reports. These are often mailed to the administrator +by `cf-execd`, or can be copied to another central location and viewed in an +alternative browser. However, not all hosts have an email capability or are +online, so the reports are kept here. + +* `/var/cfengine/reports` + +Directory used to store reports. Reports are not tidied automatically, so you +should delete these files after a time to avoid a build up. + +* `/var/cfengine/ppkeys` + +Directory used to store encrypted public/private keys for CFEngine +client/server network communications. + +* `/var/cfengine/state` + +State data such as current process identifiers of running processes, +persistent classes and other cached data. + +* `/var/cfengine/lastseen` + +Log data for incoming and outgoing connections. + +## Logs and Records + +On hosts, CFEngine writes numerous logs and records to its private workspace. + +[CFEngine Enterprise][Enterprise Report API] provides solutions +for centralization and network-wide reporting at an arbitrary scale. + +## Embedded Databases + +Their file extensions will vary based on which library is used to +implement them: either Tokyo Cabinet (`.tcdb`) or Quick Database Manager +(`.qdbm`). + +* `cf_lastseen.tcdb` + +A database of hosts that last contacted this host, or were contacted by +this host, and includes the times at which they were last observed. + +* `cf_classes.tcdb` + +A database of classes that have been defined on the current host, +including their relative frequencies, scaled like a probability. + +* `cf_variables.tcdb` + +A database of variables (name and value) that were defined on the +current host during the last run, including relative frequencies. + +* `checksum_digests.tcdb` + +The database of hash values used in CFEngine's change management +functions. + +* `performance.tcdb` + +A database of last, average and deviation times of jobs recorded by +`cf-agent`. Most promises take an immeasurably short time to check, but +longer tasks such as command execution and file copying are measured by +default. Other checks can be instrumented by setting a +`measurement_class` in the `action` body of a promise. + +* `stats.tcdb` + +A database of external file attributes for change management +functionality. + +* `state/cf_lock.tcdb` + +A database of active and inactive locks and their expiry times. Deleting +this database will reset all lock protections in CFEngine. + +* `state/history.tcdb` + +CFEngine Enterprise maintains this long-term trend database. + +* `state/cf_observations.tcdb` + +This database contains the current state of the observational history of +the host as recorded by `cf-monitord`. + +* `state/promise_compliance.tcdb` + +CFEngine Enterprise database of individual promise +compliance history. The database is approximate because promise +references can change as policy is edited. It quickly approaches +accuracy as a policy goes unchanged for more than a day. + +* `state/cf_state.tcdb` + +A database of persistent classes active on this current host. + +* `state/nova_measures.tcdb` + +CFEngine Enterprise database of custom measurements. + +* `state/nova_static.tcdb` + +CFEngine Enterprise database of static system discovery data. + +## Text logs + +* `promise_summary.log` + +A time-stamped log of the percentage fraction of promises kept after +each run. + +* `cf3.HOSTNAME.runlog` + +A time-stamped log of when each lock was released. This shows the last +time each individual promise was verified. + +* `cfagent.HOSTNAME.log` + +Although ambiguously named (for historical reasons) this log contains +the current list of setuid/setgid programs observed on the system. +CFEngine warns about new additions to this list. This log has been +deprecated. + +* `cf_value.log` + +A time stamped log of the business value estimated from the execution of +the automation system. + +* `cf_notkept.log` + +In CFEngine Enterprise, a list of promises, with handles and comments, that +were not kept. + +* `cf_repaired.log` + +In CFEngine Enterprise, a list of promises, with handles and comments, that were repaired. + +* `reports/*` + +CFEngine Enterprise uses this directory as a default place for outputting +reports. + +* `state/cf_procs` +A cache of the process table. This is useful for `measurement` promises about processes. + +* `state/cf_rootprocs` +A cache of the process table of processes owned by the root user. This is useful for `measurement` promises about processes. + +* `state/cf_otherprocs` +A cache of the process table for processes not owned by the root user. This is useful for `measurement` promises about processes. + +* `state/file_changes.log` + +A time-stamped log of which files have experienced content changes since +the last observation, as determined by the hashing algorithms in +CFEngine. + +* `state/*_measure.log` + +CFEngine Enterprise maintains user-defined logs based on specifically +promised observations of the system. + +* `state/env_data` + +This file contains a list of currently discovered classes and variable +values that characterize the anomaly alert environment. They are altered +by the monitor daemon. + +* `/var/logs/cfengine-install.log` + +This file contains logs related to the CFEngine package installation. + +## Process Information + +The CFEngine components keep their current process identifier number in +`pid files' in the work directory. For example: + + cf-execd.pid + cf-serverd.pid From 8f2ccda9423141af3fa1bcf93c1dd297a57aa8be Mon Sep 17 00:00:00 2001 From: KevWright Date: Tue, 1 Apr 2014 12:32:09 +0200 Subject: [PATCH 03/30] Fixed some markdown in directory structure doc --- .../directory-structure.markdown | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/overviews/system-overview/directory-structure.markdown b/overviews/system-overview/directory-structure.markdown index 0a629a0f..7bda4910 100644 --- a/overviews/system-overview/directory-structure.markdown +++ b/overviews/system-overview/directory-structure.markdown @@ -14,29 +14,29 @@ The CFEngine application is fully contained within the /var/cfengine directory t /var/cfengine/bin - Consists of the agents and daemons that run CFEngine, including: -cf-agent - Agent: Executes the promises.cf file; ensures that all promises are being kept -cf-execd - Daemon: Starts the cf-agent process at a specified time interval. -cf-serverd - Daemon: Provides network services; used to distribute policy and data files -cf-monitord - Daemon: Collects system statistics -cf-promises - Agent: Verifies CFEngine's configuration syntax -cf-runagent - Agent: Contacts a remote system to run cf-agent -cf-report - Agent: Extracts and presents report data in HTML,XML or graph formats +`cf-agent` - Agent: Executes the promises.cf file; ensures that all promises are being kept +`cf-execd` - Daemon: Starts the cf-agent process at a specified time interval. +`cf-serverd` - Daemon: Provides network services; used to distribute policy and data files +`cf-monitord` - Daemon: Collects system statistics +`cf-promises` - Agent: Verifies CFEngine's configuration syntax +`cf-runagent` - Agent: Contacts a remote system to run cf-agent +`cf-report` - Agent: Extracts and presents report data in HTML,XML or graph formats See Also: [The CFEngine Components][The CFEngine Components] ## Directories ## -```/var/cfengine/masterfiles``` +`/var/cfengine/masterfiles` Policy repository which grants access to local or bootstrapped CFEngine clients when they need to update their policies. Policies obtained from /var/cfengine/masterfiles are then cached in /var/cfengine/inputs for local policy execution. The cf-agent executable does not execute policies directly from this repository. -```/var/cfengine/inputs``` +`/var/cfengine/inputs` Cached policy repository located on a CFEngine client. The cf-agent executable executes policies from this repository. -```/var/cfengine/outputs``` +`/var/cfengine/outputs` Directory where cf-agent creates its output files. -```/var/cfengine/ppkeys``` +`/var/cfengine/ppkeys` Directory used to store encrypted public/private keys for CFEngine client/server network communications. -```/var/cfengine/reports``` +`/var/cfengine/reports` Directory used to store reports generated by cf-report . -```/var/cfengine/lib``` +`/var/cfengine/lib` Directory to store shared objects and dependencies that are in the bundled packages. See Also: [CFEngine Files, Directories and Logs][CFEngine Files, Directories and Logs] From 6dda7855a4b4d2d69b4e71807264bfa87bca3e8d Mon Sep 17 00:00:00 2001 From: KevWright Date: Tue, 1 Apr 2014 15:00:54 +0200 Subject: [PATCH 04/30] Added and modified file, dir etc. content in sys overview docs. --- .../directory-structure.markdown | 86 ++++-- .../files-directories-logs.markdown | 285 ++++++++++++------ 2 files changed, 252 insertions(+), 119 deletions(-) diff --git a/overviews/system-overview/directory-structure.markdown b/overviews/system-overview/directory-structure.markdown index 7bda4910..1b705ba7 100644 --- a/overviews/system-overview/directory-structure.markdown +++ b/overviews/system-overview/directory-structure.markdown @@ -10,33 +10,71 @@ tags: [overviews, system, system overview, directory structure] The CFEngine application is fully contained within the /var/cfengine directory tree. Here is a quick breakdown of the directory structure and some of the files and functions associated with each subdirectory. -## Components ## +## Components in /var/cfengine/bin ## -/var/cfengine/bin - Consists of the agents and daemons that run CFEngine, including: +### Agents ### -`cf-agent` - Agent: Executes the promises.cf file; ensures that all promises are being kept -`cf-execd` - Daemon: Starts the cf-agent process at a specified time interval. -`cf-serverd` - Daemon: Provides network services; used to distribute policy and data files -`cf-monitord` - Daemon: Collects system statistics -`cf-promises` - Agent: Verifies CFEngine's configuration syntax -`cf-runagent` - Agent: Contacts a remote system to run cf-agent -`cf-report` - Agent: Extracts and presents report data in HTML,XML or graph formats +* `cf-agent`: Executes the promises.cf file; ensures that all promises are being kept +* `cf-consumer` +* `cf-hub` +* `cf-key` +* `cf-promises`: Verifies CFEngine's configuration syntax +* `cf-runagent`: Contacts a remote system to run cf-agent +* `cf-twin` + +### Daemons ### + +* `cf-execd`: Starts the cf-agent process at a specified time interval. +* `cf-monitord`: Collects system statistics +* `cf-serverd`: Provides network services; used to distribute policy and data files See Also: [The CFEngine Components][The CFEngine Components] -## Directories ## - -`/var/cfengine/masterfiles` - Policy repository which grants access to local or bootstrapped CFEngine clients when they need to update their policies. Policies obtained from /var/cfengine/masterfiles are then cached in /var/cfengine/inputs for local policy execution. The cf-agent executable does not execute policies directly from this repository. -`/var/cfengine/inputs` - Cached policy repository located on a CFEngine client. The cf-agent executable executes policies from this repository. -`/var/cfengine/outputs` - Directory where cf-agent creates its output files. -`/var/cfengine/ppkeys` - Directory used to store encrypted public/private keys for CFEngine client/server network communications. -`/var/cfengine/reports` - Directory used to store reports generated by cf-report . -`/var/cfengine/lib` - Directory to store shared objects and dependencies that are in the bundled packages. - +## Sub-Directories in /var/cfengine ## + +[/bin](#/var/cfengine/bin) +* `/cfapache` +* `/config` +* `/design-center` +* `/httpd` +* `/inputs` + +Cached policy repository located on a CFEngine client. The cf-agent executable executes policies from this repository. + +* `/lastseen` +* `/lib` + +Directory to store shared objects and dependencies that are in the bundled packages. + +* `/lib-twin` +* `/masterfiles` + +Policy repository which grants access to local or bootstrapped CFEngine clients when they need to update their policies. Policies obtained from /var/cfengine/masterfiles are then cached in /var/cfengine/inputs for local policy execution. The cf-agent executable does not execute policies directly from this repository. + +* `/master_software_updates` +* `/modules` +* `/outputs` + +Directory where cf-agent creates its output files. + +* `/plugins` +* `/ppkeys` + +Directory used to store encrypted public/private keys for CFEngine client/server network communications. + +* `/reports` + +Directory used to store reports generated by cf-report. + +* `/share` +* `/software_updates` +* `/ssl` +* `/state` + See Also: [CFEngine Files, Directories and Logs][CFEngine Files, Directories and Logs] + + + + + + diff --git a/overviews/system-overview/files-directories-logs.markdown b/overviews/system-overview/files-directories-logs.markdown index da2ae347..2542f5ac 100644 --- a/overviews/system-overview/files-directories-logs.markdown +++ b/overviews/system-overview/files-directories-logs.markdown @@ -7,25 +7,27 @@ sorting: 30 alias: overview-system-files-directories-logs.html tags: [overviews, system overview, files, directories, logs] --- + +## Sub-Directories in /var/cfengine ## -## Policy files +### Sub-Directories for Policy Files -* `/var/cfengine/masterfiles` +* `/modules` -Policy repository which grants access to local or bootstrapped CFEngine -clients when they need to update their policies. Policies obtained from -`/var/cfengine/masterfiles` are then cached in `/var/cfengine/inputs` for -local policy execution. The `cf-agent` executable does not execute policies -directly from this repository. +Location of scripts used in `commands` promises. -* `/var/cfengine/inputs` +* `/inputs` Cached policy repository on each CFEngine client. When `cf-agent` is invoked by `cf-execd`, it reads only from this directory. -* `/var/cfengine/modules` +* `/masterfiles` -Location of scripts used in `commands` promises. +Policy repository which grants access to local or bootstrapped CFEngine +clients when they need to update their policies. Policies obtained from +`/var/cfengine/masterfiles` are then cached in `/var/cfengine/inputs` for +local policy execution. The `cf-agent` executable does not execute policies +directly from this repository. ## Output Directories @@ -42,11 +44,6 @@ online, so the reports are kept here. Directory used to store reports. Reports are not tidied automatically, so you should delete these files after a time to avoid a build up. -* `/var/cfengine/ppkeys` - -Directory used to store encrypted public/private keys for CFEngine -client/server network communications. - * `/var/cfengine/state` State data such as current process identifiers of running processes, @@ -56,40 +53,83 @@ persistent classes and other cached data. Log data for incoming and outgoing connections. -## Logs and Records +### Other Sub-directories in /var/cfengine + +[/bin](#/var/cfengine/bin) +* `/cfapache` +* `/config` +* `/design-center` +* `/httpd` +* `/lib` + +Directory to store shared objects and dependencies that are in the bundled packages. + +* `/lib-twin` +* `/master_software_updates` +* `/plugins` +* `/ppkeys` + +Directory used to store encrypted public/private keys for CFEngine +client/server network communications. + +* `/share` +* `/software_updates` +* `/ssl` + +## Log Files in /var/cfengine ## On hosts, CFEngine writes numerous logs and records to its private workspace. [CFEngine Enterprise][Enterprise Report API] provides solutions for centralization and network-wide reporting at an arbitrary scale. -## Embedded Databases +* `cf3.[hostname].runlog` -Their file extensions will vary based on which library is used to -implement them: either Tokyo Cabinet (`.tcdb`) or Quick Database Manager -(`.qdbm`). +A time-stamped log of when each lock was released. This shows the last +time each individual promise was verified. -* `cf_lastseen.tcdb` +* `cfagent.[hostname].log` -A database of hosts that last contacted this host, or were contacted by -this host, and includes the times at which they were last observed. +Although ambiguously named (for historical reasons) this log contains +the current list of setuid/setgid programs observed on the system. +CFEngine warns about new additions to this list. This log has been +deprecated. + +* `cf_notkept.log` + +In CFEngine Enterprise, a list of promises, with handles and comments, that +were not kept. + +* `cf_repair.log` + +In CFEngine Enterprise, a list of promises, with handles and comments, that were repaired. + +* `promise_summary.log` + +A time-stamped log of the percentage fraction of promises kept after +each run. -* `cf_classes.tcdb` +## Database Files in /var/cfengine ## + +* bundles.lmdb +* `cf_classes.lmdb` A database of classes that have been defined on the current host, -including their relative frequencies, scaled like a probability. +including their relative frequencies, scaled like a probability. -* `cf_variables.tcdb` +* `cf_lastseen.lmdb` -A database of variables (name and value) that were defined on the -current host during the last run, including relative frequencies. +A database of hosts that last contacted this host, or were contacted by +this host, and includes the times at which they were last observed. -* `checksum_digests.tcdb` +* `checksum_digests.lmdb` The database of hash values used in CFEngine's change management functions. -* `performance.tcdb` +* `nova_agent_execution.lmdb` +* `nova_track.lmdb` +* `performance.lmdb` A database of last, average and deviation times of jobs recorded by `cf-agent`. Most promises take an immeasurably short time to check, but @@ -97,82 +137,145 @@ longer tasks such as command execution and file copying are measured by default. Other checks can be instrumented by setting a `measurement_class` in the `action` body of a promise. -* `stats.tcdb` - -A database of external file attributes for change management -functionality. +## Process (AKA PID) Files in /var/cfengine ## -* `state/cf_lock.tcdb` +The CFEngine components keep their current process identifier number in +`pid files' in the work directory. + +* `cf-consumer.pid` +* `cf-execd.pid` +* `cf-hub.pid` +* `cf-monitord.pid` +* `cf-serverd.pid` + +## Socket in /var/cfengine ## + +* `cf-hub-local` + +## Datafile in /var/cfengine ## + +* `policy_server.dat` + +IP address of the policy server? + +## App? in /var/cfengine ## + +* `randseed` + +## Agents and Daemons ## + +* `bin/cf-agent` +* `bin/cf-consumer` +* `bin/cf-execd` +* `bin/cf-hub` +* `bin/cf-key` +* `bin/cf-monitord` +* `bin/cf-promises` +* `bin/cf-runagent` +* `bin/cf-serverd` +* `bin/cf-twin` + +#### git #### + +* `bin/git` +* `bin/git-cvsserver` +* `bin/gitk` +* `bin/git-receive-pack` +* `bin/git-shell` +* `bin/git-upload-archive` +* `bin/git-upload-pack` + +#### Misc. #### + +* `bin/curl` +* `bin/lmdump` +* `bin/openssl` +* `bin/rpmvercmp` +* `bin/rsync` +* `bin/runalerts.sh` + +#### MongoDB #### + +* `bin/bsondump` +* `bin/mdb_copy` +* `bin/mdb_stat` +* `bin/mongo` +* `bin/mongod` +* `bin/mongodump` +* `bin/mongoexport` +* `bin/mongofiles` +* `bin/mongoimport` +* `bin/mongooplog` +* `bin/mongoperf` +* `bin/mongorestore` +* `bin/mongos` +* `bin/mongosniff` +* `bin/mongostat` +* `bin/mongotop` + +#### Postgres #### + +* `bin/clusterdb` +* `bin/createdb` +* `bin/createlang` +* `bin/createuser` +* `bin/dropdb` +* `bin/droplang` +* `bin/dropuser` +* `bin/initdb` +* `bin/pg_basebackup` +* `bin/pg_config` +* `bin/pg_controldata` +* `bin/pg_ctl` +* `bin/pg_dump` +* `bin/pg_dumpall` +* `bin/pg_isready` +* `bin/pg_receivexlog` +* `bin/pg_resetxlog` +* `bin/pg_restore` +* `bin/postgres` +* `bin/postmaster` +* `bin/psql` +* `bin/reindexdb` +* `bin/vacuumdb` + +#### Redis #### + +* `bin/redis-benchmark` +* `bin/redis-check-aof` +* `bin/redis-check-dump` +* `bin/redis-cli` +* `bin/redis-server` + + +## Not Verified ## + +* `state/cf_lock.lmdb` A database of active and inactive locks and their expiry times. Deleting this database will reset all lock protections in CFEngine. -* `state/history.tcdb` +* `state/history.lmdb` CFEngine Enterprise maintains this long-term trend database. -* `state/cf_observations.tcdb` +* `state/cf_observations.lmdb` This database contains the current state of the observational history of -the host as recorded by `cf-monitord`. - -* `state/promise_compliance.tcdb` - -CFEngine Enterprise database of individual promise -compliance history. The database is approximate because promise -references can change as policy is edited. It quickly approaches -accuracy as a policy goes unchanged for more than a day. +the host as recorded by `cf-monitord`. -* `state/cf_state.tcdb` +* `state/cf_state.lmdb` A database of persistent classes active on this current host. -* `state/nova_measures.tcdb` +* `state/nova_measures.lmdb` CFEngine Enterprise database of custom measurements. -* `state/nova_static.tcdb` +* `state/nova_static.lmdb` CFEngine Enterprise database of static system discovery data. -## Text logs - -* `promise_summary.log` - -A time-stamped log of the percentage fraction of promises kept after -each run. - -* `cf3.HOSTNAME.runlog` - -A time-stamped log of when each lock was released. This shows the last -time each individual promise was verified. - -* `cfagent.HOSTNAME.log` - -Although ambiguously named (for historical reasons) this log contains -the current list of setuid/setgid programs observed on the system. -CFEngine warns about new additions to this list. This log has been -deprecated. - -* `cf_value.log` - -A time stamped log of the business value estimated from the execution of -the automation system. - -* `cf_notkept.log` - -In CFEngine Enterprise, a list of promises, with handles and comments, that -were not kept. - -* `cf_repaired.log` - -In CFEngine Enterprise, a list of promises, with handles and comments, that were repaired. - -* `reports/*` - -CFEngine Enterprise uses this directory as a default place for outputting -reports. - * `state/cf_procs` A cache of the process table. This is useful for `measurement` promises about processes. @@ -199,14 +302,6 @@ This file contains a list of currently discovered classes and variable values that characterize the anomaly alert environment. They are altered by the monitor daemon. -* `/var/logs/cfengine-install.log` +* `/var/logs/CFEngineHub-Install.log` This file contains logs related to the CFEngine package installation. - -## Process Information - -The CFEngine components keep their current process identifier number in -`pid files' in the work directory. For example: - - cf-execd.pid - cf-serverd.pid From f990ed8a993dd09951068e8b28567c2da19fa275 Mon Sep 17 00:00:00 2001 From: KevWright Date: Tue, 1 Apr 2014 15:13:32 +0200 Subject: [PATCH 05/30] Additional links and markup for sys overview docs. --- .../files-directories-logs.markdown | 37 ++++++++++++++----- 1 file changed, 27 insertions(+), 10 deletions(-) diff --git a/overviews/system-overview/files-directories-logs.markdown b/overviews/system-overview/files-directories-logs.markdown index 2542f5ac..c4781fab 100644 --- a/overviews/system-overview/files-directories-logs.markdown +++ b/overviews/system-overview/files-directories-logs.markdown @@ -7,10 +7,27 @@ sorting: 30 alias: overview-system-files-directories-logs.html tags: [overviews, system overview, files, directories, logs] --- + +[Directories in /var/cfengine] + [Directories for Policy Files] + [Directories for Output] + [Other Directories in /var/cfengine] +[Log Files in /var/cfengine] +[Database Files in /var/cfengine] +[Process (AKA PID) Files in /var/cfengine] +[Sockets in /var/cfengine] +[Datafiles in /var/cfengine] +[Binary Files in /var/cfengine] +[CFEngine Agents and Daemons in /var/cfengine/bin] +[git in /var/cfengine/bin] +[Misc. in /var/cfengine/bin] +[MongoDB in /var/cfengine/bin] +[Postgres in /var/cfengine/bin] +[Redis in /var/cfengine/bin] ## Sub-Directories in /var/cfengine ## -### Sub-Directories for Policy Files +### Directories for Policy Files * `/modules` @@ -148,21 +165,21 @@ The CFEngine components keep their current process identifier number in * `cf-monitord.pid` * `cf-serverd.pid` -## Socket in /var/cfengine ## +## Sockets in /var/cfengine ## * `cf-hub-local` -## Datafile in /var/cfengine ## +## Datafiles in /var/cfengine ## * `policy_server.dat` IP address of the policy server? -## App? in /var/cfengine ## +## Binary Files in /var/cfengine ## * `randseed` -## Agents and Daemons ## +## CFEngine Agents and Daemons in /var/cfengine/bin ## * `bin/cf-agent` * `bin/cf-consumer` @@ -175,7 +192,7 @@ IP address of the policy server? * `bin/cf-serverd` * `bin/cf-twin` -#### git #### +## git in /var/cfengine/bin ## * `bin/git` * `bin/git-cvsserver` @@ -185,7 +202,7 @@ IP address of the policy server? * `bin/git-upload-archive` * `bin/git-upload-pack` -#### Misc. #### +## Misc. in /var/cfengine/bin ## * `bin/curl` * `bin/lmdump` @@ -194,7 +211,7 @@ IP address of the policy server? * `bin/rsync` * `bin/runalerts.sh` -#### MongoDB #### +## MongoDB in /var/cfengine/bin ## * `bin/bsondump` * `bin/mdb_copy` @@ -213,7 +230,7 @@ IP address of the policy server? * `bin/mongostat` * `bin/mongotop` -#### Postgres #### +## Postgres in /var/cfengine/bin ## * `bin/clusterdb` * `bin/createdb` @@ -239,7 +256,7 @@ IP address of the policy server? * `bin/reindexdb` * `bin/vacuumdb` -#### Redis #### +## Redis in /var/cfengine/bin ## * `bin/redis-benchmark` * `bin/redis-check-aof` From 33df8a69ea64d8c39e05bfebcf79e4ca070736eb Mon Sep 17 00:00:00 2001 From: KevWright Date: Tue, 1 Apr 2014 15:39:47 +0200 Subject: [PATCH 06/30] Fixed some meta data in system overview files --- overviews/system-overview/components.markdown | 2 +- .../files-directories-logs.markdown | 34 +++++++++---------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/overviews/system-overview/components.markdown b/overviews/system-overview/components.markdown index 98d831f5..cae3caf1 100644 --- a/overviews/system-overview/components.markdown +++ b/overviews/system-overview/components.markdown @@ -1,7 +1,7 @@ --- layout: default title: The CFEngine Components -categories: [Getting Started, Concepts, The CFEngine Components] +categories: [Overviews, System Overview, The CFEngine Components] published: true sorting: 30 alias: manuals-components.html diff --git a/overviews/system-overview/files-directories-logs.markdown b/overviews/system-overview/files-directories-logs.markdown index c4781fab..cedb1c7e 100644 --- a/overviews/system-overview/files-directories-logs.markdown +++ b/overviews/system-overview/files-directories-logs.markdown @@ -1,29 +1,29 @@ --- layout: default title: CFEngine Files, Directories and Logs -categories: [Getting Started, Concepts, CFEngine Files, Directories and Logs] +categories: [Overviews, System Overview, Directories and Logs] published: true sorting: 30 alias: overview-system-files-directories-logs.html tags: [overviews, system overview, files, directories, logs] --- -[Directories in /var/cfengine] - [Directories for Policy Files] - [Directories for Output] - [Other Directories in /var/cfengine] -[Log Files in /var/cfengine] -[Database Files in /var/cfengine] -[Process (AKA PID) Files in /var/cfengine] -[Sockets in /var/cfengine] -[Datafiles in /var/cfengine] -[Binary Files in /var/cfengine] -[CFEngine Agents and Daemons in /var/cfengine/bin] -[git in /var/cfengine/bin] -[Misc. in /var/cfengine/bin] -[MongoDB in /var/cfengine/bin] -[Postgres in /var/cfengine/bin] -[Redis in /var/cfengine/bin] +[Directories in /var/cfengine](#) + [Directories for Policy Files](#) + [Directories for Output](#) + [Other Directories in /var/cfengine](#) +[Log Files in /var/cfengine](#) +[Database Files in /var/cfengine](#) +[Process (AKA PID) Files in /var/cfengine](#) +[Sockets in /var/cfengine](#) +[Datafiles in /var/cfengine](#) +[Binary Files in /var/cfengine](#) +[CFEngine Agents and Daemons in /var/cfengine/bin](#) +[git in /var/cfengine/bin](#) +[Misc. in /var/cfengine/bin](#) +[MongoDB in /var/cfengine/bin](#) +[Postgres in /var/cfengine/bin](#) +[Redis in /var/cfengine/bin](#) ## Sub-Directories in /var/cfengine ## From 1ee81e776f82195d337de999b1fee0a1192729ea Mon Sep 17 00:00:00 2001 From: Volker Hilsheimer Date: Tue, 1 Apr 2014 15:58:06 +0200 Subject: [PATCH 07/30] Document new filter attributes. Mark old filter attributes as deprecated, they are no longer functional. --- reference/promise-types/access.markdown | 288 +++++++----------------- 1 file changed, 82 insertions(+), 206 deletions(-) diff --git a/reference/promise-types/access.markdown b/reference/promise-types/access.markdown index 2c81ef3b..8fbf83a2 100644 --- a/reference/promise-types/access.markdown +++ b/reference/promise-types/access.markdown @@ -235,294 +235,170 @@ access: **This body is only available in CFEngine Enterprise.** -**Description:** The `report_data_select` body restricts access to data -for the specified query types reported to the CFEngine Enterprise Database. +**Description:** The `report_data_select` body restricts which data is included +for "query" resources, and allows filtering of data reported to the CFEngine Enterprise Database. -This body template allows users to control the content of reports collected -by the Enterprise Database Server, and allows users to strip unwanted data -(e.g. temporary variables from reporting). +Use this body template to control the content of reports collected by the +CFEngine Enterprise server, and to strip unwanted data (e.g. temporary variables) +from reporting. -Report content can be differentiated between hosts that are controlled -by the class expression on access promiser. - -If more than one select statement applies to the same host, all of them are applied. +By default, no filtering is applied. If more than one select statement applies +to the same host, all of them are applied. Usage of this body is only allowed in conjunction with using -`resource_type => "query"`, as this is the resource type that is being affected. +[`resource_type => "query"`](#resource_type), as this is the resource type that is being affected. [%CFEngine_promise_attribute()%] **Example:** ```cf3 - -body report_data_select +body report_data_select report_data { - variables_include => { "sys..*" }; - monitoring_exclude => { ".*" }; + metatags_include => { "inventory", "compliance" }; + promise_handle_exclude => { "_.*" }; + monitoring_exclude => { "mem_.*swap" }; } ``` **History:** Introduced in Enterprise 3.5.0 -#### classes_include - -**Description:** The `classes_include` attribute is used to filter content -of the class report collected by Enterprise Hub, to include classes matching -specified regular expressions on the list. - -Only classes matching the specified regular expressions on the list will -be sent back in the report. - -If this attribute is not used, the report content is not reduced. - -[%CFEngine_promise_attribute()%] - -**Example:** - -```cf3 - -body report_data_select -{ - classes_include => { "report_only_my_classes_.*" }; -} -``` - -**History:** Introduced in Enterprise 3.5.0 +#### metatags_exclude -#### classes_exclude +**Description:** List of [anchored][anchored] regular expressions matching metatags +to exclude from reporting. -**Description:** The `classes_exclude` attribute is used to filter content -of the class report collected by Enterprise Hub, to exclude classes matching -specified regular expressions on the list. +Classes and variables with metatags matching any entry of that list will not be reported +to the CFEngine Enterprise server. -If this attribute is used in conjunction with `classes_include` it will -exclude entries from the subset selected by the include expression. +This list overrides the list in `metatags_include`. [%CFEngine_promise_attribute()%] -**Example:** +**See also:** `metatags_include`, `promise_handle_exclude`, `monitoring_exclude` -```cf3 +**History:** Introduced in CFEngine 3.6.0 -body report_data_select -{ - classes_exclude => { "my_tmp_class.*" }; -} -``` +#### metatags_include -**Notes:** +**Description:** List of [anchored][anchored] regular expressions matching metatags +to include in reporting. -**History:** Introduced in Enterprise 3.5.0 +Classes and variables with metatags matching any entry of that list will be reported +to the CFENgine Enterprise server. -#### variables_include - -**Description:** The `variables_include` attribute is used to filter -content of the variables report collected by Enterprise Hub, to contain -only variables matching specified regular expressions on the list. - -If the attribute is not used, the report content is not reduced. +The list in `metatags_exclude` overrides this list. [%CFEngine_promise_attribute()%] -Regular expressions for this attribute use the form `.`. - -**Example:** - -```cf3 +**See also:** `metatags_exclude`, `promise_handle_include`, `monitoring_include` -body report_data_select -{ - variables_include => { "my_bundle.my_variable_prefix_.*" }; -} -``` +**History:** Introduced in CFEngine 3.6.0 -**History:** Introduced in Enterprise 3.5.0 +#### promise_handle_exclude +**Description:** List of [anchored][anchored] regular expressions matching promise handles +to exclude from reporting. -#### variables_exclude +Information about promises with handles that match any entry in that list will not be reported +to the CFEngine Enterprise server. -**Description:** The `variables_exclude` attribute is used to filter -content of the variable report collected by Enterprise Hub, to exclude -variables matching specified regular expression list. +This list overrides the list in `promise_handle_include`. [%CFEngine_promise_attribute()%] -Regular expressions for this attribute use the form `.`. - -**Example:** - -```cf3 - -body report_data_select -{ - variables_exclude => { "my_bundle.tmp_var_test.*" }; -} -``` - -**Notes:** -If this attribute is used in conjunction with `variables_include`, it will -exclude entries from the subset selected by the include expression. +**See also:** `promise_handle_include`, `metatags_exclude`, `monitoring_exclude` -**History:** Introduced in Enterprise 3.5.0 +**History:** Introduced in CFEngine 3.6.0 -#### promise_notkept_log_include +#### promise_handle_include -**Description:** The `promise_notkept_log_include` attribute is used to -filter content of the not kept log report collected by Enterprise Hub, -to contain promise handles matching specified regular expressions on -the list. +**Description:** List of [anchored][anchored] regular expressions matching promise handles +to include in reporting. -Only those handles matching the regular expressions on the list will -be sent back in the report. +Information about promises with handles that match any entry in that list will be reported +to the CFEngine Enterprise server. -If the attribute is not used, the report content will not be reduced. +The list in `promise_handle_exclude` overrides this list. [%CFEngine_promise_attribute()%] -**Example:** +**See also:** `promise_handle_exclude`, `metatags_include`, `monitoring_include` -```cf3 +**History:** Introduced in CFEngine 3.6.0 -body report_data_select -{ - promise_notkept_log_include => { "my_none_important_promises_.*" }; -} -``` - -**History:** Introduced in Enterprise 3.5.0 +#### monitoring_include -#### promise_notkept_log_exclude +**Description:** List of [anchored][anchored] regular expressions matching monitoring objects +to include in reporting. -**Description:** The `promise_notkept_log_exclude` attribute is used to -filter content of the not kept log report collected by Enterprise Hub, -to exclude promise handles matching specified regular expressions on the -list. +Monitoring objects with names matching any entry in that list will be reported +to the CFEngine Enterprise server. -Only those handles matching regular expression on the list will be excluded -from the report. +The list in `monitoring_exclude` overrides this list. [%CFEngine_promise_attribute()%] -**Example:** - -```cf3 - -body report_data_select -{ - promise_notkept_log_exclude => { "my_tmp_promise_handle.*" }; -} -``` - -**Notes:** If this attribute is used in conjunction with the -`promise_notkept_log_include` attribute, it will exclude entries -from the subset selected by the include expression. +**See also:** `monitoring_exclude`, `promise_handle_include`, `metatags_include` **History:** Introduced in Enterprise 3.5.0 -#### promise_repaired_log_include - -**Description:** The `promise_repaired_log_include` attribute is used to -filter content of the repaired log report collected by Enterprise Hub, -to include regular expressions matched on the list. - -Only those handles matching the regular expression on the list will be -sent back in the report. If attribute is not used, the report content -will not be filtered. - -[%CFEngine_promise_attribute()%] - -**Example:** - -```cf3 - -body report_data_select -{ - promise_repaired_log_include => { "my_none_important_promises_.*" }; -} -``` +#### monitoring_exclude -**History:** Introduced in Enterprise 3.5.0 +**Description:** List of [anchored][anchored] regular expressions matching monitoring objects +to exclude from reporting. -#### promise_repaired_log_exclude +Monitoring objects with names matching any entry in that list will not be reported +to the CFEngine Enterprise server. -**Description:** The `promise_repaired_log_exclude` attribute is used to -filter content of the repaired log report collected by Enterprise Hub, -to exclude promise handles matching regular expression on the list. - -Only those handles matching regular expression on the list will be excluded -from the report. +This list overrides the list in `monitoring_include`. [%CFEngine_promise_attribute()%] -**Example:** - -```cf3 - -body report_data_select -{ - promise_repaired_log_exclude => { "my_tmp_promise_handle.*" }; -} -``` - -**Notes:** -If this attribute is used in conjunction with `promise_repaired_log_include`, -it will exclude entries from the subset selected by the include expression. +**See also:** `monitoring_include`, `promise_handle_exclude`, `metatags_exclude` **History:** Introduced in Enterprise 3.5.0 -#### monitoring_include - -**Description:** The `monitoring_include` attribute is used to filter -content of the monitoring report collected by Enterprise Hub, to contain -only observed objects matching regular expressions on the list. - -Only object names matching regular expression on the list will be sent -back in the report. If the attribute is not used, the report content will -not be filtered. +#### classes_include -[%CFEngine_promise_attribute()%] +**Deprecated:** This attribute is deprecated as of CFEngine 3.6.0. It performs no +action and is kept for backwards compatibility. -**Example:** +#### classes_exclude -```cf3 +**Deprecated:** This attribute is deprecated as of CFEngine 3.6.0. It performs no +action and is kept for backwards compatibility. -body report_data_select -{ - monitoring_include => { "mem_.*" }; -} -``` +#### variables_include -**History:** Introduced in Enterprise 3.5.0 +**Deprecated:** This attribute is deprecated as of CFEngine 3.6.0. It performs no +action and is kept for backwards compatibility. -#### monitoring_exclude +#### variables_exclude -**Description:** The `monitoring_exclude` attribute is used to filter -content of the monitoring report collected by Enterprise Hub, to exclude -observed objects matching specified regular expressions on the list. +**Deprecated:** This attribute is deprecated as of CFEngine 3.6.0. It performs no +action and is kept for backwards compatibility. -Only object names matching regular expression list will be excluded from -the report. +#### promise_notkept_log_include -[%CFEngine_promise_attribute()%] +**Deprecated:** This attribute is deprecated as of CFEngine 3.6.0. It performs no +action and is kept for backwards compatibility. -**Example:** +#### promise_notkept_log_exclude -```cf3 +**Deprecated:** This attribute is deprecated as of CFEngine 3.6.0. It performs no +action and is kept for backwards compatibility. -body report_data_select -{ - monitoring_exclude => { "mem_swap", "mem_freeswap" }; -} -``` +#### promise_repaired_log_include -**Notes:** +**Deprecated:** This attribute is deprecated as of CFEngine 3.6.0. It performs no +action and is kept for backwards compatibility. -If this attribute is used in conjunction with `monitoring_include` it will -exclude entries from the subset selected by the include expression. +#### promise_repaired_log_exclude -**History:** Introduced in Enterprise 3.5.0 +**Deprecated:** This attribute is deprecated as of CFEngine 3.6.0. It performs no +action and is kept for backwards compatibility. ### resource_type From 071fb9183473f7b6c40c31fde9e6ea9c84ae6bb0 Mon Sep 17 00:00:00 2001 From: Volker Hilsheimer Date: Wed, 2 Apr 2014 12:25:45 +0200 Subject: [PATCH 08/30] Clarify how include and exclude statements are combined. --- reference/promise-types/access.markdown | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/reference/promise-types/access.markdown b/reference/promise-types/access.markdown index 8fbf83a2..f6b3dc8f 100644 --- a/reference/promise-types/access.markdown +++ b/reference/promise-types/access.markdown @@ -236,14 +236,16 @@ access: **This body is only available in CFEngine Enterprise.** **Description:** The `report_data_select` body restricts which data is included -for "query" resources, and allows filtering of data reported to the CFEngine Enterprise Database. +for "query" resources, and allows filtering of data reported to the CFEngine Enterprise server. Use this body template to control the content of reports collected by the CFEngine Enterprise server, and to strip unwanted data (e.g. temporary variables) from reporting. -By default, no filtering is applied. If more than one select statement applies -to the same host, all of them are applied. +By default, no filtering is applied. If include and exclude rules are combined, then the +exclude statement is applied to the subset from the include statement. + +If more than one report_data_select body applies to the same host, all of them are applied. Usage of this body is only allowed in conjunction with using [`resource_type => "query"`](#resource_type), as this is the resource type that is being affected. @@ -271,7 +273,7 @@ to exclude from reporting. Classes and variables with metatags matching any entry of that list will not be reported to the CFEngine Enterprise server. -This list overrides the list in `metatags_include`. +When combined with `metatags_include`, this list is applied to the selected subset. [%CFEngine_promise_attribute()%] @@ -287,7 +289,7 @@ to include in reporting. Classes and variables with metatags matching any entry of that list will be reported to the CFENgine Enterprise server. -The list in `metatags_exclude` overrides this list. +When combined with `metatags_exclude`, the exclude list is applied to the subset from this list. [%CFEngine_promise_attribute()%] @@ -303,7 +305,7 @@ to exclude from reporting. Information about promises with handles that match any entry in that list will not be reported to the CFEngine Enterprise server. -This list overrides the list in `promise_handle_include`. +When combined with `promise_handle_include`, this list is applied to the selected subset. [%CFEngine_promise_attribute()%] @@ -319,7 +321,7 @@ to include in reporting. Information about promises with handles that match any entry in that list will be reported to the CFEngine Enterprise server. -The list in `promise_handle_exclude` overrides this list. +When combined with `promise_handle_exclude`, the exclude list is applied to the subset from this list. [%CFEngine_promise_attribute()%] @@ -335,7 +337,7 @@ to include in reporting. Monitoring objects with names matching any entry in that list will be reported to the CFEngine Enterprise server. -The list in `monitoring_exclude` overrides this list. +When combined with `monitoring_exclude`, the exclude list is applied to the subset from this list. [%CFEngine_promise_attribute()%] @@ -351,7 +353,7 @@ to exclude from reporting. Monitoring objects with names matching any entry in that list will not be reported to the CFEngine Enterprise server. -This list overrides the list in `monitoring_include`. +When combined with `monitoring_include`, this list is applied to the selected subset. [%CFEngine_promise_attribute()%] From ec019f2ac5d73011c099e50c2a07e8630a3c6ccb Mon Sep 17 00:00:00 2001 From: Volker Hilsheimer Date: Tue, 1 Apr 2014 15:57:37 +0200 Subject: [PATCH 09/30] Document new admit/deny attributes and resource identification. Rewrite/organize introduction to access promises. Enterprise specific functionality needs more information. --- reference/promise-types/access.markdown | 168 ++++++++++++++++++------ 1 file changed, 128 insertions(+), 40 deletions(-) diff --git a/reference/promise-types/access.markdown b/reference/promise-types/access.markdown index 2c81ef3b..d01f2ab3 100644 --- a/reference/promise-types/access.markdown +++ b/reference/promise-types/access.markdown @@ -7,54 +7,53 @@ alias: reference-promise-types-access.html tags: [reference, bundle server, cf-serverd, access, server, promise types, acl, trust, encryption] --- -Access promises are conditional promises made by the server about file -objects. The promise has two consequences. For file copy requests, the -file becomes transferable to the remote client according to the -conditions specified in the server promise; in other words, if the -connection encryption requirements are met, and if the client has been -granted appropriate privileges with `maproot` (like its NFS counterpart) -to be able to see file objects not owned by the server process owner. - -The promise has two mutally exclusive attributes admit and deny. Use of -admit is preferred as mistakes and omissions can easily be made when -excluding from a group. - -When access is granted to a directory, the promise is automatically -given about all of its contents and sub-directories. The access promise -allows overlapping promises to be made, and these are kept on a -first-come-first-served basis. Thus file objects (promisers) should be -listed in order of most-specific file first. In this way, specific -promises will override less specific ones. +Access promises are conditional promises made by resources living on the server. + +The promiser is the name of the resource affected and is interpreted to be a path, unless a +different `resource_type` is specified. Access is then granted to hosts listed in `admit_ips`, +`admit_keys` and `admit_hostnames`, or denied using the counterparts `deny_ips`, `deny_keys` +and `deny_hostnames`. Use of admit to grant on a "need to know" basis is preferred, as mistakes +and omissions can easily be made when excluding from a group. A security policy based on +exceptions is a weak one. ```cf3 - access: - - "/path/file_object" - - admit = { "hostname", "ipv4_address", "ipv6_address" }; - +bundle server access_rules() +{ +access: + + "/source/directory" + comment => "Access to file transfer", + admit_ips => { "192.168.0.1/24" }; +} ``` - +For file copy requests, the file becomes transferable to the remote client according to the +conditions specified in the access promise. Use `ifencrypted` to grant access only if the +transfer is encrypted, and control with `maproot` (like its NFS counterpart) which hosts +can see file objects not owned by the server process owner. When access is granted to a +directory, the promise is automatically given about all of its contents and sub-directories. -**Example:** +File resources are specified using an absolute filepath, but can set a `shortcut` through +which clients can access the resource without detailed knowledge of the filesystem +layout on the server. Specifically in access promises about files, a special variable +context `connection` is available with variables `ip`, `key` and `hostname`, containing +information about the connection through which access is attempted. ```cf3 -body server control -{ -allowconnects => { "127.0.0.1" , "::1" }; -allowallconnects => { "127.0.0.1" , "::1" }; -trustkeysfrom => { "127.0.0.1" , "::1" }; -} + "/var/cfengine/cmdb/$(connection.key).json" + shortcut => "me.json", + admit_keys => { "$(connection.key)" }; +``` -bundle server access_rules() -{ -access: +In this example, requesting the file "me.json" will transfer the file specific to +the requesting host. Note that the usage of the `$(connection.*)` variables is strictly +limited to literal strings within the promiser and admit/deny lists; they can not be +passed to functions or stored in other variables. - "/source/directory" - comment => "Access to file transfer", - admit => { "127.0.0.1" }; +With CFEngine Enteprise, access can be granted to additional query data for reporting +and orchestration. +```cf3 # Grant orchestration communication "did.*" @@ -105,13 +104,85 @@ body report_data_select report_filter ``` -Entries may be literal addresses of IPv4 or IPv6, or any name registered -in the POSIX `gethostbyname` service. +The access promise allows overlapping promises to be made, and these are kept on a +first-come-first-served basis. Thus file objects (promisers) should be +listed in order of most-specific file first. In this way, specific +promises will override less specific ones. **** ## Attributes + +### admit_hostnames + +**Description:** A list of hostnames to grant access to the object. + +[%CFEngine_promise_attribute()%] + +**Note:** The host trying to access the object is identified using a reverse +DNS lookup on the connecting IP. This introduces latency for *every* incoming +connection. Leaving `admit_hostnames` empty and specifying only numeric addresses +in `admit` will avoid this. + +**See also:** `deny_hostnames`, `admit_ips`, `admit_keys` + +**History:** Introduced in CFEngine 3.6.0 + +### admit_ips + +**Description:** A list of IP addresses to grant access to the object. + +Subnets are specified using CIDR notation. + +[%CFEngine_promise_attribute()%] + +**See also:** `deny_ips`, `admit_hostnames`, `admit_keys` + +**History:** Introduced in CFEngine 3.6.0 + +### admit_keys + +**Description:** A list of RSA host keys to grant access to the object. + +[%CFEngine_promise_attribute()%] + +**See also:** `deny_keys`, `admit_hostnames`, `admit_ips` + +**History:** Introduced in CFEngine 3.6.0 + +### deny_hostnames + +**Description:** A list of hostnames to deny access to the object. + +This overrides the grants in `admit_hostnames`, `admit_ips` and `admit_keys`. + +[%CFEngine_promise_attribute()%] + +**History:** Introduced in CFEngine 3.6.0 + +### deny_ips + +**Description:** A list of IP addresses to deny access to the object. + +Subnets are specified using CIDR notation. + +This overrides the grants in `admit_hostnames`, `admit_ips` and `admit_keys`. + +[%CFEngine_promise_attribute()%] + +**History:** Introduced in CFEngine 3.6.0 + +### deny_keys + +**Description:** A list of RSA host keys to deny access to the object. + +This overrides the grants in `admit_hostnames`, `admit_ips` and `admit_keys`. + +[%CFEngine_promise_attribute()%] + +**History:** Introduced in CFEngine 3.6.0 + ### admit **Description:** The `admit` slist contains host names or IP addresses @@ -142,6 +213,7 @@ access: `admit` will be deprecated in CFEngine 3.7 in favor of `admit_ips`, `admit_hostnames`, and `admit_keys`. + ### deny **Description:** The `deny` slist contains host names or IP addresses @@ -613,3 +685,19 @@ access: } ``` +### shortcut + +**Description:** For file promisers, the server will give access to the file under +its shortcut name. + +[%CFEngine_promise_attribute()%] + +**Example:** + +```cf3 + "/var/cfengine/cmdb/$(connection.key).json" + shortcut => "me.json", + admit_keys => { "$(connection.key)" }; +``` + +**History:** Introduced in CFEngine 3.6.0 From 70904691bd9c310b57e39781265c9091777b368a Mon Sep 17 00:00:00 2001 From: Volker Hilsheimer Date: Wed, 2 Apr 2014 14:49:26 +0200 Subject: [PATCH 10/30] Incorporate comments from review --- reference/promise-types/access.markdown | 41 ++++++++++++++----------- 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/reference/promise-types/access.markdown b/reference/promise-types/access.markdown index d01f2ab3..bc79158f 100644 --- a/reference/promise-types/access.markdown +++ b/reference/promise-types/access.markdown @@ -13,8 +13,7 @@ The promiser is the name of the resource affected and is interpreted to be a pat different `resource_type` is specified. Access is then granted to hosts listed in `admit_ips`, `admit_keys` and `admit_hostnames`, or denied using the counterparts `deny_ips`, `deny_keys` and `deny_hostnames`. Use of admit to grant on a "need to know" basis is preferred, as mistakes -and omissions can easily be made when excluding from a group. A security policy based on -exceptions is a weak one. +and omissions can easily be made when excluding from a group. ```cf3 bundle server access_rules() @@ -31,13 +30,13 @@ For file copy requests, the file becomes transferable to the remote client accor conditions specified in the access promise. Use `ifencrypted` to grant access only if the transfer is encrypted, and control with `maproot` (like its NFS counterpart) which hosts can see file objects not owned by the server process owner. When access is granted to a -directory, the promise is automatically given about all of its contents and sub-directories. +directory, the promise is automatically made about all of its contents and sub-directories. File resources are specified using an absolute filepath, but can set a `shortcut` through -which clients can access the resource without detailed knowledge of the filesystem -layout on the server. Specifically in access promises about files, a special variable -context `connection` is available with variables `ip`, `key` and `hostname`, containing -information about the connection through which access is attempted. +which clients can access the resource using a logical name, without having any detailed +knowledge of the filesystem layout on the server. Specifically in access promises about +files, a special variable context `connection` is available with variables `ip`, `key` +and `hostname`, containing information about the connection through which access is attempted. ```cf3 "/var/cfengine/cmdb/$(connection.key).json" @@ -45,13 +44,15 @@ information about the connection through which access is attempted. admit_keys => { "$(connection.key)" }; ``` -In this example, requesting the file "me.json" will transfer the file specific to -the requesting host. Note that the usage of the `$(connection.*)` variables is strictly -limited to literal strings within the promiser and admit/deny lists; they can not be +In this example, requesting the file `me.json` will transfer the file stored on the +server under the name `/var/cfengine/cmdb/SHA=....json` to the requesting host, +where it will be received as `me.json`. +Note that the usage of the `$(connection.*)` variables is strictly +limited to literal strings within the promiser and admit/deny lists; they cannot be passed to functions or stored in other variables. -With CFEngine Enteprise, access can be granted to additional query data for reporting -and orchestration. +With CFEngine Enteprise, access promises can be made about additional query data for +reporting and orchestration. ```cf3 # Grant orchestration communication @@ -116,7 +117,7 @@ promises will override less specific ones. ### admit_hostnames -**Description:** A list of hostnames to grant access to the object. +**Description:** A list of hostnames that should have access to the object. [%CFEngine_promise_attribute()%] @@ -131,7 +132,7 @@ in `admit` will avoid this. ### admit_ips -**Description:** A list of IP addresses to grant access to the object. +**Description:** A list of IP addresses that should have access to the object. Subnets are specified using CIDR notation. @@ -143,7 +144,7 @@ Subnets are specified using CIDR notation. ### admit_keys -**Description:** A list of RSA host keys to grant access to the object. +**Description:** A list of RSA keys of hosts that should have access to the object. [%CFEngine_promise_attribute()%] @@ -153,7 +154,7 @@ Subnets are specified using CIDR notation. ### deny_hostnames -**Description:** A list of hostnames to deny access to the object. +**Description:** A list of hostnames that should be denied access to the object. This overrides the grants in `admit_hostnames`, `admit_ips` and `admit_keys`. @@ -163,7 +164,7 @@ This overrides the grants in `admit_hostnames`, `admit_ips` and `admit_keys`. ### deny_ips -**Description:** A list of IP addresses to deny access to the object. +**Description:** A list of IP addresses that should be denied access to the object. Subnets are specified using CIDR notation. @@ -175,7 +176,7 @@ This overrides the grants in `admit_hostnames`, `admit_ips` and `admit_keys`. ### deny_keys -**Description:** A list of RSA host keys to deny access to the object. +**Description:** A list of RSA keys of hosts that should be denied access to the object. This overrides the grants in `admit_hostnames`, `admit_ips` and `admit_keys`. @@ -700,4 +701,8 @@ its shortcut name. admit_keys => { "$(connection.key)" }; ``` +In this example, requesting the file `me.json` will transfer the file stored on the +server under the name `/var/cfengine/cmdb/SHA=....json` to the requesting host, +where it will be received as `me.json`. + **History:** Introduced in CFEngine 3.6.0 From 010a038fd601fbd03ddf6649dc71d2580bc99b9c Mon Sep 17 00:00:00 2001 From: Volker Hilsheimer Date: Tue, 1 Apr 2014 15:39:25 +0200 Subject: [PATCH 11/30] Documentation for protocol-version management attributes. --- reference/components.markdown | 12 +++++++++++ reference/components/cf-serverd.markdown | 26 ++++++++++++++++++++++++ reference/promise-types/files.markdown | 14 +++++++++++++ 3 files changed, 52 insertions(+) diff --git a/reference/components.markdown b/reference/components.markdown index 291b2b3c..edee69a1 100644 --- a/reference/components.markdown +++ b/reference/components.markdown @@ -384,7 +384,19 @@ after which last-seen entries are purged. On native Windows versions of CFEngine (Enterprise), this string is also prefixed messages in the event log. +### protocol_version +**Description:** Defines the protocol to use for all outgoing connections. + +[%CFEngine_promise_attribute(classic)%] + +**Note:** If `protocol_version` is specified in a [`body copy_from`][files#copy_from], +then the value there will override this setting. + +**See also:** [`protocol_version`][files#protocol_version] in +[`body copy_from`][files#copy_from], `allowlegacyconnects` + +**History:** Introduced in CFEngine 3.6.0 ### require_comments diff --git a/reference/components/cf-serverd.markdown b/reference/components/cf-serverd.markdown index b80a941d..20ff9094 100644 --- a/reference/components/cf-serverd.markdown +++ b/reference/components/cf-serverd.markdown @@ -104,6 +104,32 @@ See also the warning about regular expressions in }; ``` +### allowlegacyconnects + +**Description:** List of hosts from which the server accepts connections +that are not using the latest protocol. + +Set this attribute to the empty list to not allow any incoming connections +using legacy protocol versions: + +```cf3 + allowlegacyconnects => { } +``` + +To define subnets or address ranges, use CIDR notation: + +```cf3 + allowlegacyconnects => { "192.168.1.0/24", "192.168.2.123" } +``` + +Absence of this attribute means that connections from all hosts are accepted. + +[%CFEngine_promise_attribute()%] + +**See also:** `protocol_version` + +**History:** Introduced in CFEngine 3.6.0 + ### allowusers **Description:** List of usernames who may execute requests from this diff --git a/reference/promise-types/files.markdown b/reference/promise-types/files.markdown index bc56d72f..0ab79261 100644 --- a/reference/promise-types/files.markdown +++ b/reference/promise-types/files.markdown @@ -1067,6 +1067,20 @@ security contexts. For remote copies, only Unix mode is preserved. **History:** Version 3.1.0b3,Nova 2.0.0b1 (2010) +#### protocol_version + +**Description:** Defines the protocol to use for the outgoing connection in this +copy operation. + +[%CFEngine_promise_attribute(classic)%] + +**Note:** The value here will override the setting from [`body common control`][body common]. + +**See also:** [`protocol_version`][Components and Common Control#protocol_version] in +[`body common`][body common], `allowlegacyconnects` + +**History:** Introduced in CFEngine 3.6.0 + #### purge **Description:** The `purge` menu option policy instructs on whether to purge From caabd28f2a61152b5efd9d51083b087fe75fccb4 Mon Sep 17 00:00:00 2001 From: Volker Hilsheimer Date: Tue, 1 Apr 2014 15:58:25 +0200 Subject: [PATCH 12/30] Document allowciphers. --- reference/components/cf-serverd.markdown | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/reference/components/cf-serverd.markdown b/reference/components/cf-serverd.markdown index 20ff9094..be0c0702 100644 --- a/reference/components/cf-serverd.markdown +++ b/reference/components/cf-serverd.markdown @@ -128,6 +128,16 @@ Absence of this attribute means that connections from all hosts are accepted. **See also:** `protocol_version` +### allowciphers + +**Description:** List of ciphers the server accepts. + +For a list of possible ciphers, see man page for "openssl ciphers". + +[%CFEngine_promise_attribute(AES256-GCM-SHA384:AES256-SHA)%] + +**See also:** `protocol_version` + **History:** Introduced in CFEngine 3.6.0 ### allowusers From 43b15e0372c22f46ab757176562ffa45ad6dadf2 Mon Sep 17 00:00:00 2001 From: Volker Hilsheimer Date: Wed, 2 Apr 2014 14:52:41 +0200 Subject: [PATCH 13/30] Better English, comment from review --- reference/components/cf-serverd.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference/components/cf-serverd.markdown b/reference/components/cf-serverd.markdown index be0c0702..1f76b794 100644 --- a/reference/components/cf-serverd.markdown +++ b/reference/components/cf-serverd.markdown @@ -109,7 +109,7 @@ See also the warning about regular expressions in **Description:** List of hosts from which the server accepts connections that are not using the latest protocol. -Set this attribute to the empty list to not allow any incoming connections +Set this attribute to an empty list to not allow any incoming connections using legacy protocol versions: ```cf3 From 4ed71175f689d4efb247886849beb81a71d87adb Mon Sep 17 00:00:00 2001 From: Volker Hilsheimer Date: Wed, 2 Apr 2014 15:02:49 +0200 Subject: [PATCH 14/30] Fix header --- .../mission-portal-sketches-in-design-center-app.markdown | 1 + 1 file changed, 1 insertion(+) diff --git a/overviews/system-overview/mission-portal-overview/mission-portal-sketches-in-design-center-app.markdown b/overviews/system-overview/mission-portal-overview/mission-portal-sketches-in-design-center-app.markdown index 64a2531a..bc625ea8 100644 --- a/overviews/system-overview/mission-portal-overview/mission-portal-sketches-in-design-center-app.markdown +++ b/overviews/system-overview/mission-portal-overview/mission-portal-sketches-in-design-center-app.markdown @@ -6,6 +6,7 @@ categories: [Overviews, Mission Portal Overview, Using Sketches in Mission Porta published: true alias: overviews-mission-portal-design-center-app-sketches.html tags: [overviews, mission portal, sketches, design center, design center app] +--- ## Design Center App ## From ab9984712e69a9c523d253b929aca95eefbb6a54 Mon Sep 17 00:00:00 2001 From: Volker Hilsheimer Date: Wed, 2 Apr 2014 15:05:18 +0200 Subject: [PATCH 15/30] Move overviews out of getting started. This should be what is wanted, and fixes Jekyll complaining. --- overviews.markdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/overviews.markdown b/overviews.markdown index 76e90988..55c805e0 100644 --- a/overviews.markdown +++ b/overviews.markdown @@ -1,10 +1,10 @@ --- layout: default title: Overviews -categories: [Getting Started, Overviews] +categories: [Overviews] published: true sorting: 30 -alias: getting-started-overviews.html +alias: overviews.html --- Read these overviews to get a good understanding of CFEngine fundamentals. From f1c102035586a10a8dc575eb12d8588aa28c6f0d Mon Sep 17 00:00:00 2001 From: Volker Hilsheimer Date: Wed, 2 Apr 2014 15:13:29 +0200 Subject: [PATCH 16/30] Fix manuals, leave top-level until subpages are re-categorized --- overviews/manuals.markdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/overviews/manuals.markdown b/overviews/manuals.markdown index 9849c04a..a1704956 100644 --- a/overviews/manuals.markdown +++ b/overviews/manuals.markdown @@ -1,10 +1,10 @@ --- layout: default title: Learning CFEngine -categories: [Overviews, Manuals] +categories: [Manuals] published: true sorting: 30 -alias: overviews,manuals.html +alias: overviews-manuals.html tags: [overviews, manuals] --- From 76759ebbd53b61c3f8ec5603a95a80e2a3826182 Mon Sep 17 00:00:00 2001 From: Ted Zlatanov Date: Wed, 2 Apr 2014 09:42:14 -0400 Subject: [PATCH 17/30] reference/promise-types/access.markdown: fix examples and add snippets --- reference/promise-types/access.markdown | 48 ++++++++++++++----------- 1 file changed, 28 insertions(+), 20 deletions(-) diff --git a/reference/promise-types/access.markdown b/reference/promise-types/access.markdown index de0de72e..3e04359a 100644 --- a/reference/promise-types/access.markdown +++ b/reference/promise-types/access.markdown @@ -60,51 +60,50 @@ reporting and orchestration. "did.*" comment => "Access to class context (enterprise)", resource_type => "context", - admit => { "127.0.0.1" }; + admit_ips => { "127.0.0.1" }; "value of my test_scalar, can expand variables here - $(sys.host)" comment => "Grant access to the string in quotes, by name test_scalar", handle => "test_scalar", resource_type => "literal", - admit => { "127.0.0.1" }; + admit_ips => { "127.0.0.1" }; "XYZ" comment => "Grant access to contents of persistent scalar variable XYZ", resource_type => "variable", - admit => { "127.0.0.1" }; + admit_ips => { "127.0.0.1" }; # Client grants access to CFEngine hub access "delta" comment => "Grant access to cfengine hub to collect report deltas", resource_type => "query", - report_data_select => report_filter, - admit => { "127.0.0.1" }; + report_data_select => default_data_select_host, + admit_ips => { "127.0.0.1" }; "full" comment => "Grant access to cfengine hub to collect full report dump", resource_type => "query", - report_data_select => report_filter, - admit => { "127.0.0.1" }; + report_data_select => default_data_select_host, + admit_ips => { "127.0.0.1" }; policy_hub:: "collect_calls" comment => "Grant access to cfengine client to request the collection of its reports", resource_type => "query", - admit => { "10.1.2.*" }; + admit_ips => { "10.1.2.*" }; } -body report_data_select report_filter -{ - variables_include => { "sys..*", "mon..*" }; - variables_exclude => { "sys.host" }; -} - ``` +Using the built-in `report_data_select` body `default_data_select_host`: + +[%CFEngine_include_snippet(lib/3.6/reports.cf, .+default_data_select_host, \})%] + + The access promise allows overlapping promises to be made, and these are kept on a first-come-first-served basis. Thus file objects (promisers) should be listed in order of most-specific file first. In this way, specific @@ -336,6 +335,14 @@ body report_data_select report_data } ``` +**Example:** + +Here are the built-in `report_data_select` bodies `default_data_select_host` and `default_data_select_hub`: + +[%CFEngine_include_snippet(lib/3.6/reports.cf, .+default_data_select_host, \})%] + +[%CFEngine_include_snippet(lib/3.6/reports.cf, .+default_data_select_policy_hub, \})%] + **History:** Introduced in Enterprise 3.5.0 #### metatags_exclude @@ -536,19 +543,19 @@ access: handle => "test_scalar", comment => "Grant access to contents of test_scalar VAR", resource_type => "literal", - admit => { "127.0.0.1" }; + admit_ips => { "127.0.0.1" }; "XYZ" resource_type => "variable", handle => "XYZ", - admit => { "127.0.0.1" }; + admit_ips => { "127.0.0.1" }; # On the policy hub "collect_calls" resource_type => "query", - admit => { "127.0.0.1" }; + admit_ips => { "127.0.0.1" }; # On the isolated client in the field @@ -556,11 +563,12 @@ access: "delta" comment => "Grant access to cfengine hub to collect report deltas", resource_type => "query", - admit => { "127.0.0.1" }; - "full" + admit_ips => { "127.0.0.1" }; + + "full" comment => "Grant access to cfengine hub to collect full report dump", resource_type => "query", - admit => { "127.0.0.1" }; + admit_ips => { "127.0.0.1" }; } ``` From 461ae01d03cf37cc94f72a89a4e01d2dfa198b2f Mon Sep 17 00:00:00 2001 From: KevWright Date: Wed, 2 Apr 2014 15:58:00 +0200 Subject: [PATCH 18/30] Fixed Categories in Overviews --- overviews/learning-resources/latest-release.markdown | 2 +- .../learning-resources/latest-release/known-issues.markdown | 2 +- .../latest-release/supported-platforms.markdown | 2 +- overviews/learning-resources/latest-release/upgrade.markdown | 2 +- overviews/learning-resources/latest-release/whatsnew.markdown | 2 +- overviews/learning-resources/learning-tools.markdown | 2 +- overviews/learning-resources/new-users.markdown | 2 +- overviews/learning-resources/support-and-community.markdown | 2 +- overviews/manuals.markdown | 2 +- ...-overview.markdown => policy-and-promises-overview.markdown} | 0 .../language-concepts.markdown | 2 +- .../language-concepts/bodies.markdown | 2 +- .../language-concepts/bundles.markdown | 2 +- .../language-concepts/classes.markdown | 2 +- .../language-concepts/loops.markdown | 0 .../language-concepts/namespaces.markdown | 2 +- .../language-concepts/normal-ordering.markdown | 2 +- .../language-concepts/pattern-matching-and-referencing.markdown | 2 +- .../language-concepts/promises.markdown | 2 +- .../language-concepts/variables.markdown | 2 +- .../writing-policy.markdown | 2 +- .../writing-policy/best-practices.markdown | 2 +- .../best-practices/bundles-best-practices.markdown | 2 +- .../best-practices/configuration-file-structure.markdown | 2 +- .../writing-policy/best-practices/policy-style.markdown | 2 +- .../best-practices/testing_non_privelegded_user.markdown | 2 +- .../writing-policy/configure-cfengine.markdown | 2 +- .../configure-cfengine/controlling-frequency.markdown | 2 +- .../writing-policy/configure-cfengine/version-control.markdown | 2 +- .../writing-policy/policy-concepts.markdown | 2 +- .../writing-policy/policy-concepts/policy-framework.markdown | 2 +- overviews/reports/command-line-reports.markdown | 2 +- overviews/reports/enterprise-reporting.markdown | 2 +- .../reports/enterprise-reporting/multi-site-queries.markdown | 2 +- overviews/reports/enterprise-reporting/porting-guide.markdown | 2 +- .../enterprise-reporting/reporting-architecture.markdown | 2 +- overviews/reports/enterprise-reporting/sql-queries.markdown | 2 +- overviews/reports/enterprise-reporting/troubleshooting.markdown | 2 +- overviews/reports/monitoring-reporting.markdown | 2 +- overviews/system-overview/architecture.markdown | 2 +- overviews/system-overview/concepts.markdown | 2 +- overviews/system-overview/design-center.markdown | 2 +- .../design-center/configure-sketches-community.markdown | 2 +- .../design-center/configure-sketches-enterprise.markdown | 2 +- .../access-control-mission-portal.markdown | 2 +- .../enterprise-sketch-flow.markdown | 2 +- .../integrating-mission-portal-with-git.markdown | 2 +- .../mission-portal-sketches.markdown | 2 +- .../design-center/design-center-deploy-sketch.markdown | 2 +- .../design-center/design-center-write-sketch.markdown | 2 +- overviews/system-overview/design.markdown | 2 +- overviews/system-overview/discovery.markdown | 2 +- overviews/system-overview/mission-portal-overview.markdown | 2 +- .../mission-portal-alerts-notifications.markdown | 2 +- .../mission-portal-host-monitoring.markdown | 2 +- .../mission-portal-overview/mission-portal-reports.markdown | 2 +- .../mission-portal-sketches-in-design-center-app.markdown | 2 +- .../mission-portal-sqlite-database-schema.markdown | 2 +- .../mission-portal-viewing-hosts.markdown | 2 +- overviews/system-overview/networking.markdown | 2 +- overviews/system-overview/policy-server-overview.markdown | 2 +- overviews/system-overview/security-overview.markdown | 2 +- overviews/system-overview/workflows.markdown | 2 +- 63 files changed, 61 insertions(+), 61 deletions(-) rename overviews/{policy-promises-overview.markdown => policy-and-promises-overview.markdown} (100%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/language-concepts.markdown (92%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/language-concepts/bodies.markdown (94%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/language-concepts/bundles.markdown (97%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/language-concepts/classes.markdown (99%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/language-concepts/loops.markdown (100%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/language-concepts/namespaces.markdown (97%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/language-concepts/normal-ordering.markdown (97%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/language-concepts/pattern-matching-and-referencing.markdown (99%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/language-concepts/promises.markdown (98%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/language-concepts/variables.markdown (99%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/writing-policy.markdown (97%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/writing-policy/best-practices.markdown (90%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/writing-policy/best-practices/bundles-best-practices.markdown (97%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/writing-policy/best-practices/configuration-file-structure.markdown (97%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/writing-policy/best-practices/policy-style.markdown (98%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/writing-policy/best-practices/testing_non_privelegded_user.markdown (94%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/writing-policy/configure-cfengine.markdown (82%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/writing-policy/configure-cfengine/controlling-frequency.markdown (95%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/writing-policy/configure-cfengine/version-control.markdown (97%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/writing-policy/policy-concepts.markdown (84%) rename overviews/{policy-promises-overview => policy-and-promises-overview}/writing-policy/policy-concepts/policy-framework.markdown (98%) diff --git a/overviews/learning-resources/latest-release.markdown b/overviews/learning-resources/latest-release.markdown index 06705b7b..7f447b75 100644 --- a/overviews/learning-resources/latest-release.markdown +++ b/overviews/learning-resources/latest-release.markdown @@ -1,7 +1,7 @@ --- layout: default title: Latest Release -categories: [Overviews,Resources,Latest Release] +categories: [Overviews,Learning Resources,Latest Release] published: true sorting: 60 alias: overviews-resources-latest-release.html diff --git a/overviews/learning-resources/latest-release/known-issues.markdown b/overviews/learning-resources/latest-release/known-issues.markdown index 86cf3b6d..52ab3206 100644 --- a/overviews/learning-resources/latest-release/known-issues.markdown +++ b/overviews/learning-resources/latest-release/known-issues.markdown @@ -2,7 +2,7 @@ layout: default title: Known Issues sorting: 30 -categories: [Overviews,Resources,Latest Release, Known Issues] +categories: [Overviews,Learning Resources,Latest Release, Known Issues] published: true alias: overviews-resources-latest-release-known-issues.html tags: [overviews, releases, latest release, 3.6.0, platforms, versions, known issues] diff --git a/overviews/learning-resources/latest-release/supported-platforms.markdown b/overviews/learning-resources/latest-release/supported-platforms.markdown index 1ed5f4cb..ea147dc4 100644 --- a/overviews/learning-resources/latest-release/supported-platforms.markdown +++ b/overviews/learning-resources/latest-release/supported-platforms.markdown @@ -2,7 +2,7 @@ layout: default title: Supported Platforms and Versions sorting: 40 -categories: [Overviews,Resources,Latest Release,Supported Platforms] +categories: [Overviews,Learning Resources,Latest Release,Supported Platforms] published: true alias: overviews-resources-latest-release-supported-platforms.html tags: [overviews, releases, latest release, 3.6.0, platforms, versions, support] diff --git a/overviews/learning-resources/latest-release/upgrade.markdown b/overviews/learning-resources/latest-release/upgrade.markdown index e594cc7a..458108d9 100644 --- a/overviews/learning-resources/latest-release/upgrade.markdown +++ b/overviews/learning-resources/latest-release/upgrade.markdown @@ -2,7 +2,7 @@ layout: default title: Upgrade Instructions sorting: 50 -categories: [Overviews,Resources,Latest Release, Upgrade] +categories: [Overviews,Learning Resources,Latest Release, Upgrade] published: true alias: overviews-resources-latest-release-upgrade.html tags: [overviews, releases, latest release, 3.6.0, platforms, versions, upgrade] diff --git a/overviews/learning-resources/latest-release/whatsnew.markdown b/overviews/learning-resources/latest-release/whatsnew.markdown index 3572fbe7..02abf3dc 100644 --- a/overviews/learning-resources/latest-release/whatsnew.markdown +++ b/overviews/learning-resources/latest-release/whatsnew.markdown @@ -1,7 +1,7 @@ --- layout: default title: New in CFEngine -categories: [Overviews,Resources,Latest Release, New in CFEngine] +categories: [Overviews,Learning Resources,Latest Release, New in CFEngine] published: true sorting: 10 alias: overviews-resources-latest-release-whats-new.html diff --git a/overviews/learning-resources/learning-tools.markdown b/overviews/learning-resources/learning-tools.markdown index 777dc7dd..e83644d8 100644 --- a/overviews/learning-resources/learning-tools.markdown +++ b/overviews/learning-resources/learning-tools.markdown @@ -1,7 +1,7 @@ --- layout: default title: Learning Tools -categories: [Overviews, Learning Tools] +categories: [Overviews, Learning Resources, Learning Tools] published: true sorting: 40 alias: overviews-learning-tools.html diff --git a/overviews/learning-resources/new-users.markdown b/overviews/learning-resources/new-users.markdown index e5695eee..a26b32e7 100644 --- a/overviews/learning-resources/new-users.markdown +++ b/overviews/learning-resources/new-users.markdown @@ -2,7 +2,7 @@ layout: default title: Up and Running sorting: 13 -categories: [Examples, Tutorials] +categories: [Overviews, Learning Resources, Tutorials] published: true alias: new-users.html tags: [Examples, Tutorials, Community] diff --git a/overviews/learning-resources/support-and-community.markdown b/overviews/learning-resources/support-and-community.markdown index e39840cb..d1f171a4 100644 --- a/overviews/learning-resources/support-and-community.markdown +++ b/overviews/learning-resources/support-and-community.markdown @@ -2,7 +2,7 @@ layout: default title: Support and Community sorting: 50 -categories: [Overviews, Support and Community] +categories: [Overviews, Learning Resources,Support and Community] published: true alias: overviews-support-and-community.html tags: [overviews, support, community, bugs, help] diff --git a/overviews/manuals.markdown b/overviews/manuals.markdown index a1704956..f82ad211 100644 --- a/overviews/manuals.markdown +++ b/overviews/manuals.markdown @@ -1,7 +1,7 @@ --- layout: default title: Learning CFEngine -categories: [Manuals] +categories: [Overviews, Manuals] published: true sorting: 30 alias: overviews-manuals.html diff --git a/overviews/policy-promises-overview.markdown b/overviews/policy-and-promises-overview.markdown similarity index 100% rename from overviews/policy-promises-overview.markdown rename to overviews/policy-and-promises-overview.markdown diff --git a/overviews/policy-promises-overview/language-concepts.markdown b/overviews/policy-and-promises-overview/language-concepts.markdown similarity index 92% rename from overviews/policy-promises-overview/language-concepts.markdown rename to overviews/policy-and-promises-overview/language-concepts.markdown index 4330e234..d2f1c14f 100644 --- a/overviews/policy-promises-overview/language-concepts.markdown +++ b/overviews/policy-and-promises-overview/language-concepts.markdown @@ -1,7 +1,7 @@ --- layout: default title: Language Concepts -categories: [Overviews, Language Concepts] +categories: [Overviews, Policy and Promises Overview, Language Concepts] published: true sorting: 40 alias: overviews-language-concepts.html diff --git a/overviews/policy-promises-overview/language-concepts/bodies.markdown b/overviews/policy-and-promises-overview/language-concepts/bodies.markdown similarity index 94% rename from overviews/policy-promises-overview/language-concepts/bodies.markdown rename to overviews/policy-and-promises-overview/language-concepts/bodies.markdown index 1dfacb9c..60258327 100644 --- a/overviews/policy-promises-overview/language-concepts/bodies.markdown +++ b/overviews/policy-and-promises-overview/language-concepts/bodies.markdown @@ -1,7 +1,7 @@ --- layout: default title: Bodies -categories: [Manuals, Language Concepts, Bodies] +categories: [Overviews,Policy and Promises Overview, Language Concepts, Bodies] published: true sorting: 30 alias: manuals-language-concepts-bodies.html diff --git a/overviews/policy-promises-overview/language-concepts/bundles.markdown b/overviews/policy-and-promises-overview/language-concepts/bundles.markdown similarity index 97% rename from overviews/policy-promises-overview/language-concepts/bundles.markdown rename to overviews/policy-and-promises-overview/language-concepts/bundles.markdown index a33eb25a..c7d10caa 100644 --- a/overviews/policy-promises-overview/language-concepts/bundles.markdown +++ b/overviews/policy-and-promises-overview/language-concepts/bundles.markdown @@ -1,7 +1,7 @@ --- layout: default title: Bundles -categories: [Manuals, Language Concepts, Bundles] +categories: [Overviews,Policy and Promises Overview, Language Concepts, Bundles] published: true sorting: 20 alias: manuals-language-concepts-bundles.html diff --git a/overviews/policy-promises-overview/language-concepts/classes.markdown b/overviews/policy-and-promises-overview/language-concepts/classes.markdown similarity index 99% rename from overviews/policy-promises-overview/language-concepts/classes.markdown rename to overviews/policy-and-promises-overview/language-concepts/classes.markdown index eef316d3..030ed90b 100644 --- a/overviews/policy-promises-overview/language-concepts/classes.markdown +++ b/overviews/policy-and-promises-overview/language-concepts/classes.markdown @@ -1,7 +1,7 @@ --- layout: default title: Classes and Decisions -categories: [Manuals, Language Concepts, Classes] +categories: [Overviews,Policy and Promises Overview, Language Concepts, Classes] published: true sorting: 40 alias: manuals-language-concepts-classes.html diff --git a/overviews/policy-promises-overview/language-concepts/loops.markdown b/overviews/policy-and-promises-overview/language-concepts/loops.markdown similarity index 100% rename from overviews/policy-promises-overview/language-concepts/loops.markdown rename to overviews/policy-and-promises-overview/language-concepts/loops.markdown diff --git a/overviews/policy-promises-overview/language-concepts/namespaces.markdown b/overviews/policy-and-promises-overview/language-concepts/namespaces.markdown similarity index 97% rename from overviews/policy-promises-overview/language-concepts/namespaces.markdown rename to overviews/policy-and-promises-overview/language-concepts/namespaces.markdown index 43c2e856..09cbb871 100644 --- a/overviews/policy-promises-overview/language-concepts/namespaces.markdown +++ b/overviews/policy-and-promises-overview/language-concepts/namespaces.markdown @@ -1,7 +1,7 @@ --- layout: default title: Namespaces -categories: [Manuals, Language Concepts, Namespaces] +categories: [Overviews,Policy and Promises Overview, Language Concepts, Namespaces] published: true sorting: 90 alias: manuals-language-concepts-namespaces.html diff --git a/overviews/policy-promises-overview/language-concepts/normal-ordering.markdown b/overviews/policy-and-promises-overview/language-concepts/normal-ordering.markdown similarity index 97% rename from overviews/policy-promises-overview/language-concepts/normal-ordering.markdown rename to overviews/policy-and-promises-overview/language-concepts/normal-ordering.markdown index 4d1f31a0..2f573624 100644 --- a/overviews/policy-promises-overview/language-concepts/normal-ordering.markdown +++ b/overviews/policy-and-promises-overview/language-concepts/normal-ordering.markdown @@ -1,7 +1,7 @@ --- layout: default title: Normal Ordering -categories: [Manuals, Language Concepts, Normal Ordering] +categories: [Overviews,Policy and Promises Overview, Language Concepts, Normal Ordering] published: true sorting: 60 alias: manuals-language-concepts-normal-ordering.html diff --git a/overviews/policy-promises-overview/language-concepts/pattern-matching-and-referencing.markdown b/overviews/policy-and-promises-overview/language-concepts/pattern-matching-and-referencing.markdown similarity index 99% rename from overviews/policy-promises-overview/language-concepts/pattern-matching-and-referencing.markdown rename to overviews/policy-and-promises-overview/language-concepts/pattern-matching-and-referencing.markdown index 5e161863..382cc055 100644 --- a/overviews/policy-promises-overview/language-concepts/pattern-matching-and-referencing.markdown +++ b/overviews/policy-and-promises-overview/language-concepts/pattern-matching-and-referencing.markdown @@ -1,7 +1,7 @@ --- layout: default title: Pattern Matching and Referencing -categories: [Manuals, Language Concepts, Pattern Matching and Referencing] +categories: [Overviews,Policy and Promises Overview, Language Concepts, Pattern Matching and Referencing] published: true sorting: 80 alias: manuals-language-concepts-pattern-matching-and-referencing.html diff --git a/overviews/policy-promises-overview/language-concepts/promises.markdown b/overviews/policy-and-promises-overview/language-concepts/promises.markdown similarity index 98% rename from overviews/policy-promises-overview/language-concepts/promises.markdown rename to overviews/policy-and-promises-overview/language-concepts/promises.markdown index a989b0d8..28fbce67 100644 --- a/overviews/policy-promises-overview/language-concepts/promises.markdown +++ b/overviews/policy-and-promises-overview/language-concepts/promises.markdown @@ -1,7 +1,7 @@ --- layout: default title: Promises -categories: [Manuals, Language Concepts, Promises] +categories: [Overviews,Policy and Promises Overview, Language Concepts, Promises] published: true sorting: 10 alias: manuals-language-concepts-promises.html diff --git a/overviews/policy-promises-overview/language-concepts/variables.markdown b/overviews/policy-and-promises-overview/language-concepts/variables.markdown similarity index 99% rename from overviews/policy-promises-overview/language-concepts/variables.markdown rename to overviews/policy-and-promises-overview/language-concepts/variables.markdown index 2f856edc..3e8c9d04 100644 --- a/overviews/policy-promises-overview/language-concepts/variables.markdown +++ b/overviews/policy-and-promises-overview/language-concepts/variables.markdown @@ -1,7 +1,7 @@ --- layout: default title: Variables -categories: [Manuals, Language Concepts, Variables] +categories: [Overviews,Policy and Promises Overview, Language Concepts, Variables] published: true sorting: 50 alias: manuals-language-concepts-variables.html diff --git a/overviews/policy-promises-overview/writing-policy.markdown b/overviews/policy-and-promises-overview/writing-policy.markdown similarity index 97% rename from overviews/policy-promises-overview/writing-policy.markdown rename to overviews/policy-and-promises-overview/writing-policy.markdown index 8b572822..6180c1e2 100644 --- a/overviews/policy-promises-overview/writing-policy.markdown +++ b/overviews/policy-and-promises-overview/writing-policy.markdown @@ -1,7 +1,7 @@ --- layout: default title: Writing Policy -categories: [Overviews, Writing Policy] +categories: [Overviews, Policy and Promises Overview, Writing Policy] published: true sorting: 50 alias: overviews-writing-policy.html diff --git a/overviews/policy-promises-overview/writing-policy/best-practices.markdown b/overviews/policy-and-promises-overview/writing-policy/best-practices.markdown similarity index 90% rename from overviews/policy-promises-overview/writing-policy/best-practices.markdown rename to overviews/policy-and-promises-overview/writing-policy/best-practices.markdown index 2e4ec34c..7a6ecc1e 100644 --- a/overviews/policy-promises-overview/writing-policy/best-practices.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/best-practices.markdown @@ -1,7 +1,7 @@ --- layout: default title: Best Practices -categories: [Manuals, Writing Policy, Best Practices] +categories: [Overviews, Policy and Promises Overview, Writing Policy, Best Practices] published: true sorting: 15 alias: manuals-writing-policy-best-practices.html diff --git a/overviews/policy-promises-overview/writing-policy/best-practices/bundles-best-practices.markdown b/overviews/policy-and-promises-overview/writing-policy/best-practices/bundles-best-practices.markdown similarity index 97% rename from overviews/policy-promises-overview/writing-policy/best-practices/bundles-best-practices.markdown rename to overviews/policy-and-promises-overview/writing-policy/best-practices/bundles-best-practices.markdown index 8dbb2c82..f94efb59 100644 --- a/overviews/policy-promises-overview/writing-policy/best-practices/bundles-best-practices.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/best-practices/bundles-best-practices.markdown @@ -1,7 +1,7 @@ --- layout: default title: Bundles Best Practices -categories: [Manuals, Writing Policy, Best Practices, Bundles Best +categories: [Overviews, Policy and Promises Overview, Writing Policy, Best Practices, Bundles Best Practices] published: true sorting: 20 diff --git a/overviews/policy-promises-overview/writing-policy/best-practices/configuration-file-structure.markdown b/overviews/policy-and-promises-overview/writing-policy/best-practices/configuration-file-structure.markdown similarity index 97% rename from overviews/policy-promises-overview/writing-policy/best-practices/configuration-file-structure.markdown rename to overviews/policy-and-promises-overview/writing-policy/best-practices/configuration-file-structure.markdown index 4a536246..385118ee 100644 --- a/overviews/policy-promises-overview/writing-policy/best-practices/configuration-file-structure.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/best-practices/configuration-file-structure.markdown @@ -1,7 +1,7 @@ --- layout: default title: Default Configuration File Structure -categories: [Manuals, Writing Policy, Best Practices, Configuration File Structure] +categories: [Overviews, Policy and Promises Overview, Writing Policy, Best Practices, Configuration File Structure] published: true sorting: 40 alias: manuals-writing-policy-configuration-file-structure.html diff --git a/overviews/policy-promises-overview/writing-policy/best-practices/policy-style.markdown b/overviews/policy-and-promises-overview/writing-policy/best-practices/policy-style.markdown similarity index 98% rename from overviews/policy-promises-overview/writing-policy/best-practices/policy-style.markdown rename to overviews/policy-and-promises-overview/writing-policy/best-practices/policy-style.markdown index 871e3a52..8973a357 100644 --- a/overviews/policy-promises-overview/writing-policy/best-practices/policy-style.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/best-practices/policy-style.markdown @@ -1,7 +1,7 @@ --- layout: default title: Policy Style Guide -categories: [Manuals, Writing Policy, Best Practices, Policy Style Guide] +categories: [Overviews, Policy and Promises Overview, Writing Policy, Best Practices, Policy Style Guide] published: true sorting: 10 alias: manuals-writing-policy-policy-style-guide.html diff --git a/overviews/policy-promises-overview/writing-policy/best-practices/testing_non_privelegded_user.markdown b/overviews/policy-and-promises-overview/writing-policy/best-practices/testing_non_privelegded_user.markdown similarity index 94% rename from overviews/policy-promises-overview/writing-policy/best-practices/testing_non_privelegded_user.markdown rename to overviews/policy-and-promises-overview/writing-policy/best-practices/testing_non_privelegded_user.markdown index 9398e2db..a50d2a51 100644 --- a/overviews/policy-promises-overview/writing-policy/best-practices/testing_non_privelegded_user.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/best-practices/testing_non_privelegded_user.markdown @@ -1,7 +1,7 @@ --- layout: default title: Testing Policies -categories: [Manuals, Writing Policy, Best Practices, Testing Policies] +categories: [Overviews, Policy and Promises Overview, Writing Policy, Best Practices, Testing Policies] published: true sorting: 50 alias: manuals-writing-policy-testing-policies.html diff --git a/overviews/policy-promises-overview/writing-policy/configure-cfengine.markdown b/overviews/policy-and-promises-overview/writing-policy/configure-cfengine.markdown similarity index 82% rename from overviews/policy-promises-overview/writing-policy/configure-cfengine.markdown rename to overviews/policy-and-promises-overview/writing-policy/configure-cfengine.markdown index 9a175b6f..e737ab6e 100644 --- a/overviews/policy-promises-overview/writing-policy/configure-cfengine.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/configure-cfengine.markdown @@ -1,7 +1,7 @@ --- layout: default title: Configure CFEngine -categories: [Manuals, Writing Policy, Configure CFEngine] +categories: [Overviews, Policy and Promises Overview, Writing Policy, Configure CFEngine] published: true sorting: 30 alias: manuals-writing-policy-configure-cfengine.html diff --git a/overviews/policy-promises-overview/writing-policy/configure-cfengine/controlling-frequency.markdown b/overviews/policy-and-promises-overview/writing-policy/configure-cfengine/controlling-frequency.markdown similarity index 95% rename from overviews/policy-promises-overview/writing-policy/configure-cfengine/controlling-frequency.markdown rename to overviews/policy-and-promises-overview/writing-policy/configure-cfengine/controlling-frequency.markdown index e80b93b8..f85afe6f 100644 --- a/overviews/policy-promises-overview/writing-policy/configure-cfengine/controlling-frequency.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/configure-cfengine/controlling-frequency.markdown @@ -1,7 +1,7 @@ --- layout: default title: Controlling Frequency -categories: [Manuals, Writing Policy, Configure CFEngine, Controlling Frequency] +categories: [Overviews, Policy and Promises Overview, Writing Policy, Configure CFEngine, Controlling Frequency] published: true sorting: 20 alias: manuals-writing-policy-controlling-frequency.html diff --git a/overviews/policy-promises-overview/writing-policy/configure-cfengine/version-control.markdown b/overviews/policy-and-promises-overview/writing-policy/configure-cfengine/version-control.markdown similarity index 97% rename from overviews/policy-promises-overview/writing-policy/configure-cfengine/version-control.markdown rename to overviews/policy-and-promises-overview/writing-policy/configure-cfengine/version-control.markdown index 3ca40047..946d4630 100644 --- a/overviews/policy-promises-overview/writing-policy/configure-cfengine/version-control.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/configure-cfengine/version-control.markdown @@ -1,7 +1,7 @@ --- layout: default title: Version Control -categories: [Manuals, Writing Policy, Configure CFEngine, Version Control] +categories: [Overviews, Policy and Promises Overview, Writing Policy, Configure CFEngine, Version Control] published: true sorting: 40 alias: manuals-writing-policy-version-control.html diff --git a/overviews/policy-promises-overview/writing-policy/policy-concepts.markdown b/overviews/policy-and-promises-overview/writing-policy/policy-concepts.markdown similarity index 84% rename from overviews/policy-promises-overview/writing-policy/policy-concepts.markdown rename to overviews/policy-and-promises-overview/writing-policy/policy-concepts.markdown index c59b2a58..839274d5 100644 --- a/overviews/policy-promises-overview/writing-policy/policy-concepts.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/policy-concepts.markdown @@ -1,7 +1,7 @@ --- layout: default title: Policy Concepts -categories: [Manuals, Writing Policy, Policy Concepts] +categories: [Overviews, Policy and Promises Overview, Writing Policy, Policy Concepts] published: true sorting: 20 alias: manuals-writing-policy-policy-concepts.html diff --git a/overviews/policy-promises-overview/writing-policy/policy-concepts/policy-framework.markdown b/overviews/policy-and-promises-overview/writing-policy/policy-concepts/policy-framework.markdown similarity index 98% rename from overviews/policy-promises-overview/writing-policy/policy-concepts/policy-framework.markdown rename to overviews/policy-and-promises-overview/writing-policy/policy-concepts/policy-framework.markdown index 8ff16eb6..9f6c342f 100644 --- a/overviews/policy-promises-overview/writing-policy/policy-concepts/policy-framework.markdown +++ b/overviews/policy-and-promises-overview/writing-policy/policy-concepts/policy-framework.markdown @@ -1,7 +1,7 @@ --- layout: default title: Policy Framework -categories: [Manuals, Writing Policy, Policy Concepts, Policy Framework] +categories: [Overviews, Policy and Promises Overview, Writing Policy, Policy Concepts, Policy Framework] published: true sorting: 20 alias: manuals-writing-policy-policy-framework.html diff --git a/overviews/reports/command-line-reports.markdown b/overviews/reports/command-line-reports.markdown index b2ef4618..1bda78fc 100644 --- a/overviews/reports/command-line-reports.markdown +++ b/overviews/reports/command-line-reports.markdown @@ -1,7 +1,7 @@ --- layout: default title: Command-Line Reports -categories: [Manuals, Reports, Command-Line Reports] +categories: [Overviews, Reports, Command-Line Reports] published: true sorting: 60 alias: manuals-reports-command-line.html diff --git a/overviews/reports/enterprise-reporting.markdown b/overviews/reports/enterprise-reporting.markdown index 6651ead7..dd1ccafc 100644 --- a/overviews/reports/enterprise-reporting.markdown +++ b/overviews/reports/enterprise-reporting.markdown @@ -1,7 +1,7 @@ --- layout: default title: Enterprise Report API -categories: [Manuals, Reports, Enterprise Report API] +categories: [Overviews, Reports, Enterprise Report API] published: true sorting: 20 alias: manuals-enterprise-reporting.html diff --git a/overviews/reports/enterprise-reporting/multi-site-queries.markdown b/overviews/reports/enterprise-reporting/multi-site-queries.markdown index 6aa937a8..d310616a 100644 --- a/overviews/reports/enterprise-reporting/multi-site-queries.markdown +++ b/overviews/reports/enterprise-reporting/multi-site-queries.markdown @@ -1,7 +1,7 @@ --- layout: default title: Multi-Site Queries -categories: [Manuals, Reports, Enterprise Report API, Multi-Site Queries] +categories: [Overviews, Reports, Enterprise Reporting, Multi-Site Queries] published: true sorting: 40 alias: manuals-enterprise-reporting-multi-site-queries.html diff --git a/overviews/reports/enterprise-reporting/porting-guide.markdown b/overviews/reports/enterprise-reporting/porting-guide.markdown index 2afafa18..83fa3dc3 100644 --- a/overviews/reports/enterprise-reporting/porting-guide.markdown +++ b/overviews/reports/enterprise-reporting/porting-guide.markdown @@ -1,7 +1,7 @@ --- layout: default title: API Porting Guide -categories: [Manuals, Enterprise API, Porting Guide] +categories: [Overviews, Reports,Enterprise Reporting, Porting Guide] published: true sorting: 90 alias: manuals-enterprise-reporting-porting-guide.html diff --git a/overviews/reports/enterprise-reporting/reporting-architecture.markdown b/overviews/reports/enterprise-reporting/reporting-architecture.markdown index dff18f9d..e5566c9e 100644 --- a/overviews/reports/enterprise-reporting/reporting-architecture.markdown +++ b/overviews/reports/enterprise-reporting/reporting-architecture.markdown @@ -1,7 +1,7 @@ --- layout: default title: Reporting Architecture -categories: [Manuals, Reports, Enterprise Report API, Architecture] +categories: [Overviews, Reports, Enterprise Reporting, Architecture] published: true sorting: 10 alias: manuals-enterprise-reporting-architecture.html diff --git a/overviews/reports/enterprise-reporting/sql-queries.markdown b/overviews/reports/enterprise-reporting/sql-queries.markdown index b316f6a6..1bb9a527 100644 --- a/overviews/reports/enterprise-reporting/sql-queries.markdown +++ b/overviews/reports/enterprise-reporting/sql-queries.markdown @@ -1,7 +1,7 @@ --- layout: default title: SQL Queries -categories: [Manuals, Reports, Enterprise Report API, SQL Queries] +categories: [Overviews, Reports, Enterprise Reporting, SQL Queries] published: true sorting: 30 alias: manuals-enterprise-reporting-sql-queries.html diff --git a/overviews/reports/enterprise-reporting/troubleshooting.markdown b/overviews/reports/enterprise-reporting/troubleshooting.markdown index a82ff89e..08f55266 100644 --- a/overviews/reports/enterprise-reporting/troubleshooting.markdown +++ b/overviews/reports/enterprise-reporting/troubleshooting.markdown @@ -1,7 +1,7 @@ --- layout: default title: Troubleshooting -categories: [Manuals, Enterprise API, Troubleshooting] +categories: [Overviews, Enterprise Reporting, Troubleshooting] published: true sorting: 100 alias: manuals-enterprise-reporting-troubleshooting.html diff --git a/overviews/reports/monitoring-reporting.markdown b/overviews/reports/monitoring-reporting.markdown index f3656e71..2298cd06 100644 --- a/overviews/reports/monitoring-reporting.markdown +++ b/overviews/reports/monitoring-reporting.markdown @@ -1,7 +1,7 @@ --- layout: default title: Monitoring and Reporting -categories: [Manuals, Reports, Monitoring and Reporting] +categories: [Overviews, Reports, Monitoring and Reporting] published: true sorting: 10 alias: manuals-reports-monitoring.html diff --git a/overviews/system-overview/architecture.markdown b/overviews/system-overview/architecture.markdown index 7a24e5ca..052cd631 100644 --- a/overviews/system-overview/architecture.markdown +++ b/overviews/system-overview/architecture.markdown @@ -1,7 +1,7 @@ --- layout: default title: Architecture -categories: [Getting Started, Concepts, Architecture] +categories: [Overviews, System Overview, Architecture] published: true sorting: 20 alias: manuals-architecture.html diff --git a/overviews/system-overview/concepts.markdown b/overviews/system-overview/concepts.markdown index 159711bf..0dd8c639 100644 --- a/overviews/system-overview/concepts.markdown +++ b/overviews/system-overview/concepts.markdown @@ -1,7 +1,7 @@ --- layout: default title: Concepts -categories: [Overviews, Concepts] +categories: [Overviews, System Overview, Concepts] published: true sorting: 30 alias: overviews-concepts.html diff --git a/overviews/system-overview/design-center.markdown b/overviews/system-overview/design-center.markdown index 6486ccb3..c20eecd7 100644 --- a/overviews/system-overview/design-center.markdown +++ b/overviews/system-overview/design-center.markdown @@ -1,7 +1,7 @@ --- layout: default title: Design Center Overview -categories: [Overviews, Design Center Overview] +categories: [Overviews, System Overview, Design Center Overview] published: true sorting: 60 alias: overviews-design-center.html diff --git a/overviews/system-overview/design-center/configure-sketches-community.markdown b/overviews/system-overview/design-center/configure-sketches-community.markdown index 30eae4ce..340941b7 100644 --- a/overviews/system-overview/design-center/configure-sketches-community.markdown +++ b/overviews/system-overview/design-center/configure-sketches-community.markdown @@ -1,7 +1,7 @@ --- layout: default title: Command Line Sketches -categories: [Manuals, Design Center, Sketches Community] +categories: [Overviews, System Overview, Design Center, Sketches Community] published: true sorting: 30 alias: configure-sketches-community.html diff --git a/overviews/system-overview/design-center/configure-sketches-enterprise.markdown b/overviews/system-overview/design-center/configure-sketches-enterprise.markdown index 5e6bdafe..a3dfbdc8 100644 --- a/overviews/system-overview/design-center/configure-sketches-enterprise.markdown +++ b/overviews/system-overview/design-center/configure-sketches-enterprise.markdown @@ -1,7 +1,7 @@ --- layout: default title: Configure the Design Center App -categories: [Manuals, Design Center, Enterprise Sketches] +categories: [MOverviews, System Overview, Design Center, Enterprise Sketches] published: true sorting: 20 alias: configure-sketches-enterprise.html diff --git a/overviews/system-overview/design-center/configure-sketches-enterprise/access-control-mission-portal.markdown b/overviews/system-overview/design-center/configure-sketches-enterprise/access-control-mission-portal.markdown index 68e73773..4f70b60d 100644 --- a/overviews/system-overview/design-center/configure-sketches-enterprise/access-control-mission-portal.markdown +++ b/overviews/system-overview/design-center/configure-sketches-enterprise/access-control-mission-portal.markdown @@ -1,7 +1,7 @@ --- layout: default title: Controlling Access to the Design Center UI -categories: [Manuals, Design Center, Enterprise Sketches, Controlling Access to the Design Center UI] +categories: [Overviews, System Overview, Design Center, Enterprise Sketches, Controlling Access to the Design Center UI] published: true sorting: 20 alias: mission-portal-design-center-access-control.html diff --git a/overviews/system-overview/design-center/configure-sketches-enterprise/enterprise-sketch-flow.markdown b/overviews/system-overview/design-center/configure-sketches-enterprise/enterprise-sketch-flow.markdown index 9a70d418..80987fb5 100644 --- a/overviews/system-overview/design-center/configure-sketches-enterprise/enterprise-sketch-flow.markdown +++ b/overviews/system-overview/design-center/configure-sketches-enterprise/enterprise-sketch-flow.markdown @@ -1,7 +1,7 @@ --- layout: default title: Sketch Flow in CFEngine Enterprise -categories: [Manuals, Design Center, Enterprise Sketches, Sketch Flow in CFEngine Enterprise] +categories: [Overviews, System Overview, Design Center, Enterprise Sketches, Sketch Flow in CFEngine Enterprise] published: true sorting: 40 alias: manuals-design-center-enterprise-sketch-flow.html diff --git a/overviews/system-overview/design-center/configure-sketches-enterprise/integrating-mission-portal-with-git.markdown b/overviews/system-overview/design-center/configure-sketches-enterprise/integrating-mission-portal-with-git.markdown index 546dd194..2a1b0a77 100644 --- a/overviews/system-overview/design-center/configure-sketches-enterprise/integrating-mission-portal-with-git.markdown +++ b/overviews/system-overview/design-center/configure-sketches-enterprise/integrating-mission-portal-with-git.markdown @@ -1,7 +1,7 @@ --- layout: default title: Integrating Mission Portal with git -categories: [Manuals, Design Center, Enterprise Sketches, Integrating Mission Portal with git] +categories: [Overviews, System Overview, Design Center, Enterprise Sketches, Integrating Mission Portal with git] published: true sorting: 10 alias: manuals-design-center-integrating-mission-portal-with-git.html diff --git a/overviews/system-overview/design-center/configure-sketches-enterprise/mission-portal-sketches.markdown b/overviews/system-overview/design-center/configure-sketches-enterprise/mission-portal-sketches.markdown index b5386da0..f79de754 100644 --- a/overviews/system-overview/design-center/configure-sketches-enterprise/mission-portal-sketches.markdown +++ b/overviews/system-overview/design-center/configure-sketches-enterprise/mission-portal-sketches.markdown @@ -1,7 +1,7 @@ --- layout: default title: Sketches Available in the Mission Portal -categories: [Manuals, Design Center, Enterprise Sketches, Sketches Available in the Mission Portal] +categories: [Overviews, System Overview, Design Center, Enterprise Sketches, Sketches Available in the Mission Portal] published: true sorting: 30 alias: mission-portal-design-center-sketches-available.html diff --git a/overviews/system-overview/design-center/design-center-deploy-sketch.markdown b/overviews/system-overview/design-center/design-center-deploy-sketch.markdown index 5c3d30cd..2d3d05aa 100644 --- a/overviews/system-overview/design-center/design-center-deploy-sketch.markdown +++ b/overviews/system-overview/design-center/design-center-deploy-sketch.markdown @@ -1,7 +1,7 @@ --- layout: default title: Deploy your first Policy -categories: [Manuals, Design Center, Deploy Policy] +categories: [Overviews, System Overview, Design Center, Deploy Policy] published: true sorting: 10 alias: design-center-deploy-sketch.html diff --git a/overviews/system-overview/design-center/design-center-write-sketch.markdown b/overviews/system-overview/design-center/design-center-write-sketch.markdown index 78700b75..c90b29d0 100644 --- a/overviews/system-overview/design-center/design-center-write-sketch.markdown +++ b/overviews/system-overview/design-center/design-center-write-sketch.markdown @@ -1,7 +1,7 @@ --- layout: default title: Write a new Sketch -categories: [Manuals, Design Center, Write Sketch] +categories: [Overviews, System Overview, Design Center, Write Sketch] published: true sorting: 40 alias: design-center-write-sketch.html diff --git a/overviews/system-overview/design.markdown b/overviews/system-overview/design.markdown index 3086b12a..0fc58aff 100644 --- a/overviews/system-overview/design.markdown +++ b/overviews/system-overview/design.markdown @@ -1,7 +1,7 @@ --- layout: default title: Design -categories: [Getting Started, Concepts, Design] +categories: [Overviews, System Overview, Design] published: true sorting: 10 alias: manuals-design.html diff --git a/overviews/system-overview/discovery.markdown b/overviews/system-overview/discovery.markdown index 3fbcf93b..6b6ecbc5 100644 --- a/overviews/system-overview/discovery.markdown +++ b/overviews/system-overview/discovery.markdown @@ -1,7 +1,7 @@ --- layout: default title: Distributed Discovery -categories: [Getting Started, Concepts, Architecture] +categories: [Overviews, System Overview, Architecture] published: true sorting: 30 alias: manuals-architecture-distributed-discovery.html diff --git a/overviews/system-overview/mission-portal-overview.markdown b/overviews/system-overview/mission-portal-overview.markdown index a7cb2def..e303a639 100644 --- a/overviews/system-overview/mission-portal-overview.markdown +++ b/overviews/system-overview/mission-portal-overview.markdown @@ -2,7 +2,7 @@ layout: default title: Mission Portal Overview sorting: 100 -categories: [Overviews, Mission Portal Overview] +categories: [Overviews, System Overview, Mission Portal Overview] published: true alias: overviews-mission-portal.html tags: [overviews, mission portal] diff --git a/overviews/system-overview/mission-portal-overview/mission-portal-alerts-notifications.markdown b/overviews/system-overview/mission-portal-overview/mission-portal-alerts-notifications.markdown index 12846d90..56e3304a 100644 --- a/overviews/system-overview/mission-portal-overview/mission-portal-alerts-notifications.markdown +++ b/overviews/system-overview/mission-portal-overview/mission-portal-alerts-notifications.markdown @@ -2,7 +2,7 @@ layout: default title: Alerts and Notifications in the Mission Portal Dashboard sorting: 100 -categories: [Overviews, Mission Portal Overview, Alerts and Notifications in the Mission Portal Dashboard] +categories: [Overviews, System Overview, Mission Portal Overview, Alerts and Notifications in the Mission Portal Dashboard] published: true alias: overviews-mission-portal-dashboard-alerts-notifications.html tags: [overviews, mission portal, dashboard, alerts, notifications] diff --git a/overviews/system-overview/mission-portal-overview/mission-portal-host-monitoring.markdown b/overviews/system-overview/mission-portal-overview/mission-portal-host-monitoring.markdown index 40867931..cc31add5 100644 --- a/overviews/system-overview/mission-portal-overview/mission-portal-host-monitoring.markdown +++ b/overviews/system-overview/mission-portal-overview/mission-portal-host-monitoring.markdown @@ -2,7 +2,7 @@ layout: default title: Host Monitoring in Mission Portal sorting: 100 -categories: [Overviews, Mission Portal Overview, Host Monitoring in Mission Portal] +categories: [Overviews, System Overview, Mission Portal Overview, Host Monitoring in Mission Portal] published: true alias: overviews-mission-portal-host-monitoring.html tags: [overviews, mission portal, hosts, monitoring, host monitoring] diff --git a/overviews/system-overview/mission-portal-overview/mission-portal-reports.markdown b/overviews/system-overview/mission-portal-overview/mission-portal-reports.markdown index 67a7d0fb..628176f4 100644 --- a/overviews/system-overview/mission-portal-overview/mission-portal-reports.markdown +++ b/overviews/system-overview/mission-portal-overview/mission-portal-reports.markdown @@ -2,7 +2,7 @@ layout: default title: Mission Portal Reports sorting: 100 -categories: [Overviews, Mission Portal Overview, Mission Portal Reports] +categories: [Overviews, System Overview, Mission Portal Overview, Mission Portal Reports] published: true alias: overviews-mission-portal-reports.html tags: [overviews, mission portal, reports, reporting] diff --git a/overviews/system-overview/mission-portal-overview/mission-portal-sketches-in-design-center-app.markdown b/overviews/system-overview/mission-portal-overview/mission-portal-sketches-in-design-center-app.markdown index bc625ea8..53bee6b4 100644 --- a/overviews/system-overview/mission-portal-overview/mission-portal-sketches-in-design-center-app.markdown +++ b/overviews/system-overview/mission-portal-overview/mission-portal-sketches-in-design-center-app.markdown @@ -2,7 +2,7 @@ layout: default title: Using Sketches in Mission Portal's Design Center App sorting: 100 -categories: [Overviews, Mission Portal Overview, Using Sketches in Mission Portal's Design Center App] +categories: [Overviews, System Overview, Mission Portal Overview, Using Sketches in Mission Portal's Design Center App] published: true alias: overviews-mission-portal-design-center-app-sketches.html tags: [overviews, mission portal, sketches, design center, design center app] diff --git a/overviews/system-overview/mission-portal-overview/mission-portal-sqlite-database-schema.markdown b/overviews/system-overview/mission-portal-overview/mission-portal-sqlite-database-schema.markdown index 3e9294d3..a56ce4a1 100644 --- a/overviews/system-overview/mission-portal-overview/mission-portal-sqlite-database-schema.markdown +++ b/overviews/system-overview/mission-portal-overview/mission-portal-sqlite-database-schema.markdown @@ -2,7 +2,7 @@ layout: default title: SQLite Database Schema sorting: 100 -categories: [GOverviews, Mission Portal Overview, SQLite Database Schema] +categories: [Overviews, System Overview, Mission Portal Overview, SQLite Database Schema] published: true alias: overviews-mission-portal-database-schema.html tags: [overviews, mission portal, reports, reporting, database schema] diff --git a/overviews/system-overview/mission-portal-overview/mission-portal-viewing-hosts.markdown b/overviews/system-overview/mission-portal-overview/mission-portal-viewing-hosts.markdown index 4064b9de..558aa696 100644 --- a/overviews/system-overview/mission-portal-overview/mission-portal-viewing-hosts.markdown +++ b/overviews/system-overview/mission-portal-overview/mission-portal-viewing-hosts.markdown @@ -2,7 +2,7 @@ layout: default title: Viewing Hosts in Mission Portal sorting: 100 -categories: [Overviews, Mission Portal Overview, Viewing Hosts in Mission Portal] +categories: [Overviews, System Overview, Mission Portal Overview, Viewing Hosts in Mission Portal] published: true alias: overviews-mission-portal-viewing-hosts.html tags: [overviews, mission portal, hosts] diff --git a/overviews/system-overview/networking.markdown b/overviews/system-overview/networking.markdown index 80d46eee..a0509f95 100644 --- a/overviews/system-overview/networking.markdown +++ b/overviews/system-overview/networking.markdown @@ -1,7 +1,7 @@ --- layout: default title: Networking -categories: [Getting Started, Concepts, Architecture] +categories: [Overviews, System Overview, Architecture] published: true sorting: 10 alias: manuals-architecture-networking.html diff --git a/overviews/system-overview/policy-server-overview.markdown b/overviews/system-overview/policy-server-overview.markdown index e124952f..87ab24a6 100644 --- a/overviews/system-overview/policy-server-overview.markdown +++ b/overviews/system-overview/policy-server-overview.markdown @@ -2,7 +2,7 @@ layout: default title: Policy Server Overview sorting: 100 -categories: [Overviews, Policy Server Overview] +categories: [Overviews, System Overview, Policy Server Overview] published: true alias: overviews-policy-server.html tags: [overviews, system overview, policy server] diff --git a/overviews/system-overview/security-overview.markdown b/overviews/system-overview/security-overview.markdown index b4e9a942..ba2f1596 100644 --- a/overviews/system-overview/security-overview.markdown +++ b/overviews/system-overview/security-overview.markdown @@ -2,7 +2,7 @@ layout: default title: Security Overview sorting: 100 -categories: [Overviews, Security Overview] +categories: [Overviews, System Overview, Security Overview] published: true alias: overviews-security.html tags: [overviews, security overview] diff --git a/overviews/system-overview/workflows.markdown b/overviews/system-overview/workflows.markdown index c353f9cd..475c204b 100644 --- a/overviews/system-overview/workflows.markdown +++ b/overviews/system-overview/workflows.markdown @@ -1,7 +1,7 @@ --- layout: default title: Policy Workflow -categories: [Getting Started, Concepts, Architecture] +categories: [Overviews, System Overview, Architecture] published: true sorting: 20 alias: manuals-architecture-policy-workflow.html From cf2b82b291422a71ae1189d1f5250a1a6cb51c1e Mon Sep 17 00:00:00 2001 From: Volker Hilsheimer Date: Wed, 2 Apr 2014 16:12:40 +0200 Subject: [PATCH 19/30] Fix hosts's language --- reference/functions/peerleader.markdown | 2 +- reference/functions/peers.markdown | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/reference/functions/peerleader.markdown b/reference/functions/peerleader.markdown index b369e0cb..7d1c4cff 100644 --- a/reference/functions/peerleader.markdown +++ b/reference/functions/peerleader.markdown @@ -9,7 +9,7 @@ tags: [reference, communication functions, functions, peerleader] [%CFEngine_function_prototype(filename, regex, groupsize)%] -**Description:** Returns the current hosts's partition's peer leader. +**Description:** Returns the current host's partition peer leader. So given `groupsize` 3 and the file diff --git a/reference/functions/peers.markdown b/reference/functions/peers.markdown index f8b84106..33556b69 100644 --- a/reference/functions/peers.markdown +++ b/reference/functions/peers.markdown @@ -9,7 +9,7 @@ tags: [reference, communication functions, functions, peers] [%CFEngine_function_prototype(filename, regex, groupsize)%] -**Description:** Returns the current hosts's partition peers (excluding it). +**Description:** Returns the current host's partition peers (excluding it). So given `groupsize` 3 and the file From 34732d15ddc800c16ba517f7ac6db6909e9e24de Mon Sep 17 00:00:00 2001 From: Ted Zlatanov Date: Wed, 2 Apr 2014 10:36:51 -0400 Subject: [PATCH 20/30] reference/promise-types/access.markdown: admit and deny are deprecated, use their alternatives --- reference/promise-types/access.markdown | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/reference/promise-types/access.markdown b/reference/promise-types/access.markdown index 3e04359a..f2aaf7bf 100644 --- a/reference/promise-types/access.markdown +++ b/reference/promise-types/access.markdown @@ -243,6 +243,9 @@ access: Only regular expressions or exact matches are allowed in this list, as non-specific matches are too greedy for denial. +`deny` will be deprecated in CFEngine 3.7 in favor of `deny_ips`, +`deny_hostnames`, and `deny_keys`. + ### maproot **Description:** The `maproot` slist contains host names or IP addresses @@ -267,7 +270,7 @@ access: "/home" - admit => { "backup_host.example.org" }, + admit_hostnames => { "backup_host.example.org" }, ifencrypted => "true", # Backup needs to have access to all users @@ -298,7 +301,7 @@ access: "/path/file" - admit => { ".*\.example\.org" }, + admit_hostnames => { ".*\.example\.org" }, ifencrypted => "true"; ``` From bcceec4eae6abe978f827bdf45c90d8a3c4e8bf1 Mon Sep 17 00:00:00 2001 From: Volker Hilsheimer Date: Wed, 2 Apr 2014 18:28:20 +0200 Subject: [PATCH 21/30] More fixes to category meta data. --- overviews/learning-resources.markdown | 9 +++++++++ .../design-center-advanced.markdown | 2 +- .../design-center/configure-sketches-enterprise.markdown | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 overviews/learning-resources.markdown diff --git a/overviews/learning-resources.markdown b/overviews/learning-resources.markdown new file mode 100644 index 00000000..b59a016d --- /dev/null +++ b/overviews/learning-resources.markdown @@ -0,0 +1,9 @@ +--- +layout: default +title: Learning Resources +categories: [Overviews, Learning Resources] +published: true +sorting: 40 +alias: overviews-learning-resources.html +tags: [overviews, learning] +--- diff --git a/overviews/system-overview/design-center/configure-sketches-community/design-center-advanced.markdown b/overviews/system-overview/design-center/configure-sketches-community/design-center-advanced.markdown index d103cc28..e3c2f61d 100644 --- a/overviews/system-overview/design-center/configure-sketches-community/design-center-advanced.markdown +++ b/overviews/system-overview/design-center/configure-sketches-community/design-center-advanced.markdown @@ -1,7 +1,7 @@ --- layout: default title: Advanced Walkthrough -categories: [Manuals, Design Center, Sketches Community, Advanced Walkthrough] +categories: [Overviews, System Overview, Design Center, Sketches Community, Advanced Walkthrough] published: true sorting: 10 alias: manuals-design-center-advanced.html diff --git a/overviews/system-overview/design-center/configure-sketches-enterprise.markdown b/overviews/system-overview/design-center/configure-sketches-enterprise.markdown index a3dfbdc8..d9ab198e 100644 --- a/overviews/system-overview/design-center/configure-sketches-enterprise.markdown +++ b/overviews/system-overview/design-center/configure-sketches-enterprise.markdown @@ -1,7 +1,7 @@ --- layout: default title: Configure the Design Center App -categories: [MOverviews, System Overview, Design Center, Enterprise Sketches] +categories: [Overviews, System Overview, Design Center, Enterprise Sketches] published: true sorting: 20 alias: configure-sketches-enterprise.html From fa45539578a9741b4e8c6452588e1a4cff54d8ea Mon Sep 17 00:00:00 2001 From: KevWright Date: Wed, 2 Apr 2014 18:32:32 +0200 Subject: [PATCH 22/30] Merging manually changes from https://github.com/cfengine/documentation/pull/383 --- overviews/reports/enterprise-reporting.markdown | 4 ++-- .../design-center/configure-sketches-enterprise.markdown | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/overviews/reports/enterprise-reporting.markdown b/overviews/reports/enterprise-reporting.markdown index dd1ccafc..43940786 100644 --- a/overviews/reports/enterprise-reporting.markdown +++ b/overviews/reports/enterprise-reporting.markdown @@ -1,7 +1,7 @@ --- layout: default -title: Enterprise Report API -categories: [Overviews, Reports, Enterprise Report API] +title: Enterprise Reporting +categories: [Overviews, Reports, Enterprise Reporting] published: true sorting: 20 alias: manuals-enterprise-reporting.html diff --git a/overviews/system-overview/design-center/configure-sketches-enterprise.markdown b/overviews/system-overview/design-center/configure-sketches-enterprise.markdown index d9ab198e..8dfb44aa 100644 --- a/overviews/system-overview/design-center/configure-sketches-enterprise.markdown +++ b/overviews/system-overview/design-center/configure-sketches-enterprise.markdown @@ -1,6 +1,6 @@ --- layout: default -title: Configure the Design Center App +title: Enterprise Sketches categories: [Overviews, System Overview, Design Center, Enterprise Sketches] published: true sorting: 20 From 4db8f0aeb088705a959f4bb755931275d8387f52 Mon Sep 17 00:00:00 2001 From: Ted Zlatanov Date: Wed, 2 Apr 2014 15:26:34 -0400 Subject: [PATCH 23/30] Redmine#3998: document procedure for upgrading Design Center --- reference/design-center/sketch.markdown | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/reference/design-center/sketch.markdown b/reference/design-center/sketch.markdown index 598dae90..303c13b4 100644 --- a/reference/design-center/sketch.markdown +++ b/reference/design-center/sketch.markdown @@ -125,3 +125,25 @@ It may also be beneficial to include extra promises for reporting purposes and prefix their handle with `activation_id`. For example, a promise that will become not kept if a web service goes down will be helpful to detect noncompliance in a sketch that upgrades that web service. + +## Upgrading sketches + +There are three ways to upgrade a Design Center sketch repository. + +### Upgrade a Design Center sketch repository from the Github master branch of Design Center + +`cf-sketch --expert --install-all --repolist=/var/cfengine/design-center/sketches` + +The `installsource` is omitted but defaults to the Github master branch, so the above is equivalent to: + +`cf-sketch --expert --install-all --repolist=/var/cfengine/design-center/sketches --installsource=https://raw.github.com/cfengine/design-center/master/sketches/cfsketches.json` + +### Upgrade a Design Center sketch repository from the Github 3.6.x branch of Design Center + +`cf-sketch --expert --install-all --repolist=/var/cfengine/design-center/sketches --installsource=https://raw.github.com/cfengine/design-center/3.6.x/sketches/cfsketches.json` + +### Upgrade a Design Center sketch repository from your own sketch repository + +You would do this if you maintain sketches for your own organization. + +`cf-sketch --expert --install-all --repolist=/var/cfengine/design-center/sketches --installsource=/myrepo/sketches/cfsketches.json` From 9402478d41ac1d97999818024a95ed3cb33280ae Mon Sep 17 00:00:00 2001 From: Ted Zlatanov Date: Wed, 2 Apr 2014 15:33:05 -0400 Subject: [PATCH 24/30] Redmine#3909: document what kind of data cf-hub collects --- reference/components/cf-hub.markdown | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/reference/components/cf-hub.markdown b/reference/components/cf-hub.markdown index 61cb8204..dbbb5298 100644 --- a/reference/components/cf-hub.markdown +++ b/reference/components/cf-hub.markdown @@ -18,6 +18,10 @@ that have registered a connection with a collocated `cf-serverd` `cf-hub` keeps the promises made in `common`, and is affected by `common` and `hub` control bodies. +`cf-hub` collects data generated from the default run only, what you'd +get if you ran `cf-agent` without specifying a file name. This is to +avoid reporting on data generated by test or extraordinary executions. + ## Command reference [%CFEngine_include_snippet(cf-hub.help, [\s]*--[a-z], ^$)%] From 7695ddbea39a0e50992c72a325a4038d32847555 Mon Sep 17 00:00:00 2001 From: Volker Hilsheimer Date: Thu, 3 Apr 2014 09:54:56 +0200 Subject: [PATCH 25/30] Fix category for Design Center. --- overviews/system-overview/design-center.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overviews/system-overview/design-center.markdown b/overviews/system-overview/design-center.markdown index c20eecd7..8817f7ee 100644 --- a/overviews/system-overview/design-center.markdown +++ b/overviews/system-overview/design-center.markdown @@ -1,7 +1,7 @@ --- layout: default title: Design Center Overview -categories: [Overviews, System Overview, Design Center Overview] +categories: [Overviews, System Overview, Design Center] published: true sorting: 60 alias: overviews-design-center.html From 615c64f4d90af9257c372281b9da06e94ca05895 Mon Sep 17 00:00:00 2001 From: Volker Hilsheimer Date: Thu, 3 Apr 2014 09:55:13 +0200 Subject: [PATCH 26/30] Make explicit navigation leaves for tutorial pages. --- examples/tutorials/deploy_sketch.markdown | 2 +- .../tutorials/distribute-files-from-a-central-location.markdown | 2 +- examples/tutorials/hello_world.markdown | 2 +- examples/tutorials/template.markdown | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/tutorials/deploy_sketch.markdown b/examples/tutorials/deploy_sketch.markdown index 04db5ae0..71f5da38 100644 --- a/examples/tutorials/deploy_sketch.markdown +++ b/examples/tutorials/deploy_sketch.markdown @@ -2,7 +2,7 @@ layout: default title: Configure and Deploy a Policy Using Sketches (Enterprise Only) sorting: 16 -categories: [Examples, Tutorials] +categories: [Examples, Tutorials, Sketches] published: true alias: examples-tutorials-deploy-sketch.html tags: [Examples, Tutorials, Sketch] diff --git a/examples/tutorials/distribute-files-from-a-central-location.markdown b/examples/tutorials/distribute-files-from-a-central-location.markdown index 0351be13..84aa8164 100644 --- a/examples/tutorials/distribute-files-from-a-central-location.markdown +++ b/examples/tutorials/distribute-files-from-a-central-location.markdown @@ -2,7 +2,7 @@ layout: default title: Distribute files from a central location sorting: 10 -categories: [Examples, Tutorials] +categories: [Examples, Tutorials, File Distribution] published: true alias: examples-tutorials-distribute-files-from-a-central-location.html tags: [Examples, Tutorials, file distribution] diff --git a/examples/tutorials/hello_world.markdown b/examples/tutorials/hello_world.markdown index 4d28c187..152cda90 100644 --- a/examples/tutorials/hello_world.markdown +++ b/examples/tutorials/hello_world.markdown @@ -2,7 +2,7 @@ layout: default title: Hello World sorting: 15 -categories: [Examples, Tutorials] +categories: [Examples, Tutorials, Hello World] published: true alias: examples-tutorials-hello-world.html tags: [Examples, Tutorials, hello-world, stand-alone] diff --git a/examples/tutorials/template.markdown b/examples/tutorials/template.markdown index 6b445fe7..2164420e 100644 --- a/examples/tutorials/template.markdown +++ b/examples/tutorials/template.markdown @@ -2,7 +2,7 @@ layout: default title: Template sorting: 15 -categories: [Examples, Tutorials] +categories: [Examples, Tutorials, Template] published: false alias: examples-tutorials-template.html tags: [Examples, Tutorials, Template] From 460e1aea047f4865706d0465675eb209b8d587ff Mon Sep 17 00:00:00 2001 From: Volker Hilsheimer Date: Thu, 3 Apr 2014 09:56:34 +0200 Subject: [PATCH 27/30] Categorization fixes for Enterprise Reporting. --- overviews/reports/enterprise-reporting/porting-guide.markdown | 2 +- overviews/reports/enterprise-reporting/troubleshooting.markdown | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/overviews/reports/enterprise-reporting/porting-guide.markdown b/overviews/reports/enterprise-reporting/porting-guide.markdown index 83fa3dc3..673b2b58 100644 --- a/overviews/reports/enterprise-reporting/porting-guide.markdown +++ b/overviews/reports/enterprise-reporting/porting-guide.markdown @@ -1,7 +1,7 @@ --- layout: default title: API Porting Guide -categories: [Overviews, Reports,Enterprise Reporting, Porting Guide] +categories: [Overviews, Reports, Enterprise Reporting, Porting Guide] published: true sorting: 90 alias: manuals-enterprise-reporting-porting-guide.html diff --git a/overviews/reports/enterprise-reporting/troubleshooting.markdown b/overviews/reports/enterprise-reporting/troubleshooting.markdown index 08f55266..fc70ab16 100644 --- a/overviews/reports/enterprise-reporting/troubleshooting.markdown +++ b/overviews/reports/enterprise-reporting/troubleshooting.markdown @@ -1,7 +1,7 @@ --- layout: default title: Troubleshooting -categories: [Overviews, Enterprise Reporting, Troubleshooting] +categories: [Overviews, Reports, Enterprise Reporting, Troubleshooting] published: true sorting: 100 alias: manuals-enterprise-reporting-troubleshooting.html From 33493f374b57f5f34bf1720628d91818b09b764a Mon Sep 17 00:00:00 2001 From: KevWright Date: Thu, 3 Apr 2014 10:02:33 +0200 Subject: [PATCH 28/30] Fixed Category problem. --- .../language-concepts/loops.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overviews/policy-and-promises-overview/language-concepts/loops.markdown b/overviews/policy-and-promises-overview/language-concepts/loops.markdown index 2378a780..4a2a14cb 100644 --- a/overviews/policy-and-promises-overview/language-concepts/loops.markdown +++ b/overviews/policy-and-promises-overview/language-concepts/loops.markdown @@ -1,7 +1,7 @@ --- layout: default title: Loops -categories: [Manuals, Language Concepts, Loops] +categories: [Overviews, Policy and Promises Overview, Language Concepts, Loops] published: true sorting: 70 alias: manuals-language-concepts-loops.html From e48ff214d0fd9cc8183c06abeb96bdd6d339ab5a Mon Sep 17 00:00:00 2001 From: KevWright Date: Thu, 3 Apr 2014 10:04:07 +0200 Subject: [PATCH 29/30] Fixed Category problem. --- .../language-concepts/loops.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overviews/policy-and-promises-overview/language-concepts/loops.markdown b/overviews/policy-and-promises-overview/language-concepts/loops.markdown index 2378a780..4a2a14cb 100644 --- a/overviews/policy-and-promises-overview/language-concepts/loops.markdown +++ b/overviews/policy-and-promises-overview/language-concepts/loops.markdown @@ -1,7 +1,7 @@ --- layout: default title: Loops -categories: [Manuals, Language Concepts, Loops] +categories: [Overviews, Policy and Promises Overview, Language Concepts, Loops] published: true sorting: 70 alias: manuals-language-concepts-loops.html From cdb2ca94120e1519ad5ccc5c76d31f97b682549e Mon Sep 17 00:00:00 2001 From: KevWright Date: Thu, 3 Apr 2014 10:19:57 +0200 Subject: [PATCH 30/30] Fixed more category and naming problems. --- overviews/policy-and-promises-overview.markdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/overviews/policy-and-promises-overview.markdown b/overviews/policy-and-promises-overview.markdown index 0b24fbf5..0d022a55 100644 --- a/overviews/policy-and-promises-overview.markdown +++ b/overviews/policy-and-promises-overview.markdown @@ -1,8 +1,8 @@ --- layout: default -title: Promises Overview +title: Policy and Promises Overview sorting: 100 -categories: [Overviews, Promises Overview] +categories: [Overviews, Policy and Promises Overview] published: true alias: overviews-promises.html tags: [overviews, promises overview]