Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-1983

Don't emit log messages when action_policy is nop doesn't

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Open
    • Priority: (None)
    • Resolution: Unresolved
    • Affects Version/s: 3.12.2
    • Fix Version/s: None
    • Component/s: cf-agent
    • Labels:
    • Complexity:
      M

      Description

      When I set action_policy => "nop" I get exactly the same warning and the same outcome classes as with warn.

      body file control
      {
          # Include the stdlib for local_dcp, policy, delete_lines
             inputs => { "$(sys.libdir)/stdlib.cf" };
      }
      bundle agent example_action_policy
      # @brief Example illustrating how action_policy in action bodies control promise actuation and outcomes
      {
        files:
      
            # We make sure there is some files to operate on, so we simply make a copy
            # of ourselves
      
            "/tmp/$(this.promise_filename).nop"
              copy_from => local_dcp( $(this.promise_filename) ); 
      
            "/tmp/$(this.promise_filename).warn"
              copy_from => local_dcp( $(this.promise_filename) ); 
      
            "/tmp/$(this.promise_filename).fix"
              copy_from => local_dcp( $(this.promise_filename) ); 
      
           # We excercise each valid value of action_policy (nop, fix, warn) defining
           # classes named for the action_policy
      
            "/tmp/$(this.promise_filename).nop"
              handle => "delete_lines_action_nop", 
              edit_line => delete_lines_matching ( ".*" ),
              action => policy( "nop" ),
              classes => results( "namespace", "MY_files_promise_nop" );
      
            "/tmp/$(this.promise_filename).warn"
              handle => "delete_lines_action_warn", 
              edit_line => delete_lines_matching ( ".*" ),
              action => policy( "warn" ),
              classes => results( "namespace", "MY_files_promise_warn" );
      
            "/tmp/$(this.promise_filename).fix"
              handle => "delete_lines_action_fix", 
              edit_line => delete_lines_matching ( ".*" ),
              action => policy( "fix" ),
              classes => results( "namespace", "MY_files_promise_fix" );
      
        commands:
      
            "/bin/echo Running Command nop" 
              handle => "command_nop", 
              action => policy( "nop" ),
              classes => results( "namespace", "MY_commands_promise_nop" );
      
            "/bin/echo Running Command warn" 
              handle => "command_warn", 
              action => policy( "warn" ),
              classes => results( "namespace", "MY_commands_promise_warn" );
      
            "/bin/echo Running Command fix" 
              handle => "command_fix", 
              action => policy( "fix" ),
              classes => results( "namespace", "MY_commands_promise_fix" );
      
        reports:
      
          "MY classes:$(const.n)$(const.t)$(with)"
            with => join( "$(const.n)$(const.t)", classesmatching( "MY_.*" ) );
      
      }
      bundle agent __main__
      {
        methods:
            "example_action_policy";
      }
      
      # cf-agent --no-lock --log-level info --file \~/CFEngine/core/examples/action_policy.cf
          info: Copying from 'localhost:/home/nickanderson/org/cfengine3-Fafgpx'
          info: Copying from 'localhost:/home/nickanderson/org/cfengine3-Fafgpx'
          info: Copying from 'localhost:/home/nickanderson/org/cfengine3-Fafgpx'
       warning: Should edit file '/tmp//home/nickanderson/org/cfengine3-Fafgpx.nop' but only a warning promised
       warning: Should edit file '/tmp//home/nickanderson/org/cfengine3-Fafgpx.warn' but only a warning promised
          info: Edit file '/tmp//home/nickanderson/org/cfengine3-Fafgpx.fix'
          info: Executing 'no timeout' ... '/bin/echo Running Command nop'
       warning: Command '/bin/echo Running Command nop' needs to be executed, but only warning was promised
          info: Executing 'no timeout' ... '/bin/echo Running Command warn'
       warning: Command '/bin/echo Running Command warn' needs to be executed, but only warning was promised
          info: Executing 'no timeout' ... '/bin/echo Running Command fix'
        notice: Q: ".../bin/echo Runni": Running Command fix
          info: Last 1 quoted lines were generated by promiser '/bin/echo Running Command fix'
          info: Completed execution of '/bin/echo Running Command fix'
      R: MY classes:
      	MY_files_promise_nop_not_kept
      	MY_files_promise_fix_repaired
      	MY_commands_promise_warn_failed
      	MY_files_promise_nop_error
      	MY_commands_promise_fix_repaired
      	MY_files_promise_nop_reached
      	MY_commands_promise_warn_not_kept
      	MY_files_promise_fix_reached
      	MY_commands_promise_nop_error
      	MY_files_promise_warn_error
      	MY_commands_promise_nop_failed
      	MY_commands_promise_warn_reached
      	MY_files_promise_warn_reached
      	MY_commands_promise_fix_reached
      	MY_files_promise_warn_not_kept
      	MY_commands_promise_nop_not_kept
      	MY_commands_promise_warn_error
      	MY_files_promise_nop_failed
      	MY_files_promise_warn_failed
      	MY_commands_promise_nop_reached
       warning: Method 'example_action_policy' invoked repairs, but only warnings promised
      

      In [libpromises/attributes.c]:

          if (value && ((strcmp(value, "warn") == 0) || (strcmp(value, "nop") == 0)))
          {
              t.action = cfa_warn;
          }
          else
          {
              t.action = cfa_fix;     // default
          }
      

      The documentation currently only states that the nop options exists, it does not specify the behaviour of the agent when it's used.

      https://docs.cfengine.com/docs/3.12/reference-promise-types.html#action_policy

      action_policy

      Description: Determines whether to repair or report about non-kept promises

      The action settings allow general transaction control to be implemented on promise verification. Action bodies place limits on how often to verify the promise and what classes to raise in the case that the promise can or cannot be kept.

      Type: (menu option)

      Allowed input range:

      fix
      warn
      nop

      Example:

      The following example shows a simple use of transaction control:

      body action warn_only

      Unknown macro: { action_policy => "warn"; ifelapsed => "60"; }

      I would' like this option to be the same as "warn" (check and create outcome classes if needed) but without the warning (no log beyond info level). Especially at scale, and where remediation policies require sign-off, this log message can contribute to significant number of useless log messages.

      Interpreting it as "nothing at all" could be tempting, but simply commenting out the matching promise would have the same effect.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              peckpeck Benoît Peccatte
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:

                Summary Panel