Wednesday, 20 January 2016

Troubleshooting CFEngine 3 client machines

Here's a couple of operational tips that I have gathered together when running CFEngine 3. This page is mainly for finding out why a client did not get a particular promise applied and so these commands are geared towards being run on client machines for troubleshooting.

Is the service running?

For systemd systems:

  systemctl status cfengine3
for System V init systems:
  /etc/init.d/cfengine3 status

How do I know if all the promises have been kept on a client?

Run the following command on a client machine

  tail -f /var/cfengine/promise_summary.log
You will see two things, the outcome of Promises.cf which is how many of the promises have been kept on the machine, and secondly the outome of update.cf it tells you if any new promises have been downloaded from the policy hub. The outcome of Promises.cf is the main one that we want to see at 100%

Promise Directory Locaton

This is where the promises kept on a client, you may want to inspect these files to see if the client has pulled down a promise or template file from the policy hub.

  /var/cfengine/inputs
You should find that all promise and template files get synced to the client, even those promise files that do not get executed or apply to the client. Compare the files here with the files on the policy hub.

Manually run the cfengine rules on the client

This gives output straight to the screen for you to read. Any errors will be displayed on screen.

  cf-agent --no-lock --inform -f /var/cfengine/inputs/promises.cf

Find out the current environment

We use different environments, as described in the "Learning CFEngine 3" book. To see what environment applies to a client, we have written a bundle to write the environment string to a file. Then all you have to do is inspect this file on any client to see which environment is in effect. Here's the bundle:

  bundle agent current_environment_info
  {
      vars:
          "curr_environment" string => "/etc/current_environment";

      files:
          "$(curr_environment)"
              create => "true",
              edit_defaults => empty,
              edit_line => write_environment_string;
  }

  bundle edit_line write_environment_string
  {
      insert_lines:
              "Environment: $(environments.active)";
  }