Cfplaypen

cfplaypen.cseunsw.site is a small Debian server running in AWS. It has a stripped-down implementation and file layout of that set up on cfengine hub and can be used to experiment with cfengine and learn how to create and use promises files.

• cfplaypen can only be logged in to as root via SSH key from CSE's server, trusted and untrusted subnetworks.

• The raw promises files are in /var/lib/cfengine3/masterfiles.

• After making a change run check_and_install_promises to sanity check the raw promises and generate the final promises.cf in /var/lib/cfengine3/inputs.

• The program which actually "executes" the promises is cf-agent. This is run automatically on every managed host every five minutes by the process cf-execd. In this case there's just this one host.

• cf-agent downloads the promises.cf from the hub through a process called cf-serverd. cf-serverd is basically a secure file server. In this playpen arrangement the client and the hub are the same host.

• cf-execd and cf-serverd get their configurations from the same promises.cf file created above and which is also used by cf-agent. If the server or execd parts of the promises file are changed these processes need to be restarted to re-read the file: systemctl restart cfengine3.

• With cf-agent running in the background as discussed above, the only diagnostic output you get is a one-line summary appended to /var/log/cfengine3/promise_summary.log after each run.

• For more detail, run-cf-agent will run cf-agent and then give you a breakdown of promises outcomes.

• For excrutiating detail, cf-agent -K -v will give you very detailed output.