File: cfengine_stdlib.cf

package info (click to toggle)
cfengine3 3.2.4-2%2Bnmu1
links: PTS, VCS
area: main
in suites: wheezy
size: 8,976 kB
sloc: ansic: 66,527; sh: 11,600; yacc: 407; makefile: 288
file content (1372 lines) | stat: -rw-r--r-- 27,230 bytes
###########################################################################
#  Copyright (C) Cfengine AS
# 
#  This program is free software; you can redistribute it and/or modify it
#  under the terms of the GNU General Public License as published by the
#  Free Software Foundation; version 3.
#   
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  To the extent this program is licensed as part of the Enterprise
#  versions of Cfengine, the applicable Commerical Open Source License
#  (COSL) may apply to this file if you as a licensee so wish it. See
#  included file COSL.txt.
###########################################################################
#
# Cfengine Community Open Promise-Body Library
#
# This initiative started by Cfengine promotes a
# standardized set of names and promise specifications
# for template functionality within Cfengine 3.
#
# The aim is to promote an industry standard for
# naming of configuration patterns, leading to a
# de facto middleware of standardized syntax.
#
# Names should be intuitive and parameters should be
# minimal to assist readability and comprehensibility.

# Contributions to this file are voluntarily given to
# the cfengine community, and are moderated by Cfengine.
# No liability or warranty for misuse is implied.
#
# If you add to this file, please try to make the
# contributions "self-documenting". Comments made
# after the bundle/body statement are retained in
# the online docs
#

# Subversion : $Rev: 61 $
# For Cfengine Core: 3.1.0

###################################################
# If you find Cfengine useful, please consider    #
# purchasing a commercial version of the software.#
###################################################

###################################################
# edit_line bundles
###################################################

bundle edit_line insert_lines(lines)
{
insert_lines:

  "$(lines)"
    comment => "Append lines if they don't exist";
}

##

bundle edit_line comment_lines_matching(regex,comment)

 # Comment lines of a file matching a regex

{
replace_patterns:
	 
 "^($(regex))$" 

     replace_with => comment("$(comment)"),
          comment => "Search and replace string";
}
	 
##
	 
bundle edit_line uncomment_lines_matching(regex,comment)
	 
 # Uncomment lines of a file where the regex matches
 # the text after the comment string
	 
{
replace_patterns:
 
 "^$(comment)\s?($(regex))$" 

       replace_with => uncomment,
            comment => "Uncomment lines matching a regular expression";
}
	 
##

bundle edit_line comment_lines_containing(regex,comment)

 # Comment lines of a file containing a regex

{
replace_patterns:
 
 "^(.*$(regex).*)$" 

     replace_with => comment("$(comment)"),
          comment => "Comment out lines in a file";
}
	 
##
	 
bundle edit_line uncomment_lines_containing(regex,comment)
	 
 # Uncomment lines of a file where the regex matches
 # the text after the comment string
	 
{
replace_patterns:
 
 "^$(comment)\s?(.*$(regex).*)$" 

    replace_with => uncomment,
         comment => "Uncomment a line containing a fragment";
}

##

bundle edit_line delete_lines_matching(regex)
{
delete_lines:

  "$(regex)"

     comment => "Delete lines matching regular expressions";
}

##

bundle edit_line warn_lines_matching(regex)
{
delete_lines:

  "$(regex)"  

   comment => "Warn about lines in a file",
    action => warn_only;
}

##

bundle edit_line append_if_no_line(str)
{
insert_lines:

 "$(str)"

     comment => "Append a line to the file if it doesn't already exist";
}

##

bundle edit_line append_if_no_lines(list)
{
insert_lines:

 "$(list)"

   comment => "Append lines to the file if they don't already exist";
}

##

bundle edit_line resolvconf(search,list)

 # search is the search domains with space
 # list is an slist of nameserver addresses

{
delete_lines:

  "search.*"     comment => "Reset search lines from resolver";
  "nameserver.*" comment => "Reset nameservers in resolver";

insert_lines:

  "search $(search)"    comment => "Add search domains to resolver";
  "nameserver $(list)"  comment => "Add name servers to resolver";
}

##

bundle edit_line set_variable_values(v)

 # Sets the RHS of variables in the file of the form
 #   LHS = RHS
 # Adds a new line if no LHS exists, repairs RHS values if one does exist
 #
 # To use:
 #   1) Define an array, where the keys are the LHS and the values are the RHS
 #        "stuff[lhs-1]" string => "rhs1";
 #        "stuff[lhs-2]" string => "rhs2";
 #   2) The parameter passed to the edit_line promise is the fully qualified
 #      name of the array (i.e., "bundlename.stuff") WITHOUT any "$" or "@"

{
vars:

  "index" slist => getindices("$(v)");

  # Be careful if the index string contains funny chars

  "cindex[$(index)]" string => canonify("$(index)");

field_edits:

  # match a line starting like the key = something

  "\s*$(index)\s*=.*"

     edit_field => col("=","2","$($(v)[$(index)])","set"),
        classes => if_ok("$(cindex[$(index)])_in_file"),
        comment => "Match a line starting like key = something";

insert_lines:

  "$(index)=$($(v)[$(index)])",

         comment => "Insert a variable definition",
      ifvarclass => "!$(cindex[$(index)])_in_file";
}

##

bundle edit_line append_users_starting(v)

 # For adding to /etc/passwd or etc/shadow, needs
 # an array v[username] string => "line..."

{
vars:

  "index"        slist => getindices("$(v)");

classes:

  "add_$(index)" not => userexists("$(index)");

insert_lines:

  "$($(v)[$(index)])",

         comment => "Append users into a password file format",
      ifvarclass => "add_$(index)";
}

##

bundle edit_line append_groups_starting(v)

 # For adding groups to /etc/group, needs
 # an array v[groupname] string => "line..."

{
vars:

  "index"        slist => getindices("$(v)");

classes:

  "add_$(index)" not => groupexists("$(index)");

insert_lines:

  "$($(v)[$(index)])",

         comment => "Append users into a group file format",
      ifvarclass => "add_$(index)";

}

##

bundle edit_line set_user_field(user,field,val)

 # Set the value of field number "field" in
 # a :-field formatted file like /etc/passwd

{
field_edits:

 "$(user):.*"

        comment => "Edit a user attribute in the password file",
     edit_field => col(":","$(field)","$(val)","set");
}

##

bundle edit_line append_user_field(group,field,allusers)

 # For adding users to to a file like /etc/group
 # at field position "field", comma separated subfields

{
vars:

  "val" slist => { @(allusers) };

field_edits:

 "$(group):.*"

       comment => "Append users into a password file format",
    edit_field => col(":","$(field)","$(val)","alphanum");
}

##

bundle edit_line expand_template(templatefile)

 # Read in the named text file and expand $(var)
 # inside the file

{
insert_lines:

   "$(templatefile)"

        insert_type => "file",
            comment => "Expand variables in the template file",
     expand_scalars => "true";
}

##
## editing bodies
##

body edit_field quoted_var(newval,method)
{
field_separator => "\"";
select_field    => "2";
value_separator  => " ";
field_value     => "$(newval)";
field_operation => "$(method)";
extend_fields => "false";
allow_blank_fields => "true";
}

##

body edit_field col(split,col,newval,method)
{
field_separator    => "$(split)";
select_field       => "$(col)";
value_separator    => ",";
field_value        => "$(newval)";
field_operation    => "$(method)";
extend_fields      => "true";
allow_blank_fields => "true";
}


##

body replace_with value(x)
{
replace_value => "$(x)";
occurrences => "all";
}

##

body select_region INI_section(x)
{
select_start => "\[$(x)\]\s*";
select_end => "\[.*\]\s*";
}

##
## edit_defaults
##

body edit_defaults std_defs
{
empty_file_before_editing => "false";
edit_backup => "false";
max_file_size => "300000";
}

##

body edit_defaults empty
{
empty_file_before_editing => "true";
edit_backup => "false";
max_file_size => "300000";
}

##
## location
##

body location start
{
before_after => "before";
}

##

body location after(str)
{
before_after => "after";
select_line_matching => "$(str)";
}

##
## replace_with
##

##

body replace_with comment(c)
{
replace_value => "$(c) $(match.1)";
occurrences => "all";
}

##

body replace_with uncomment
{
replace_value => "$(match.1)";
occurrences => "all";
}

####################################################
## agent bodyparts
####################################################

##
## action
##

body action if_elapsed(x)
{
ifelapsed => "$(x)";
expireafter => "$(x)";
}

##

body action measure_performance(x)
{
measurement_class => "Detect changes in $(this.promiser)";
ifelapsed => "$(x)";
expireafter => "$(x)";
}

##

body action warn_only
{
action_policy => "warn";
ifelapsed => "60";
}

##

body action bg(elapsed,expire)
{
ifelapsed   => "$(elapsed)";    # run only every 8 hours
expireafter => "$(expire)";
background  => "true";
}

##

body action ifwin_bg
{
windows::
background => "true";
}

##

body action immediate
{
ifelapsed => "0";
}

##

body action policy(p)
{
action_policy => "$(p)";
}

##

# Log a message to log=[/file|stdout]

body action log_repaired(log,message)
{
log_string => "$(sys.date), $(message)";
log_repaired => "$(log)";
}

##
## contain
##

body contain silent
{
no_output => "true";
}

##

body contain in_dir(s)
{
chdir => "$(s)";
}

##

body contain silent_in_dir(s)
{
chdir => "$(s)";
no_output => "true";
}

##

body contain in_shell
{
useshell => "true";
}

##

body contain setuid(x)
{
exec_owner => "$(x)";
useshell => "false";
}

##

body contain setuid_sh(x)
{
exec_owner => "$(x)";
useshell => "true";
}

##

body contain setuidgid_sh(owner,group)
{
exec_owner => "$(owner)";
exec_group => "$(group)";
useshell => "true";
}

##

body contain jail(owner,root,dir)
{
exec_owner => "$(owner)";
useshell => "true";
chdir => "$(dir)";
chroot => "$(root)";
}


##
## classes
##


body classes if_repaired(x)
{
promise_repaired => { "$(x)" };
}

##

body classes if_else(yes,no)

{
promise_kept     => { "$(yes)" };
promise_repaired => { "$(yes)" };
repair_failed    => { "$(no)" };
repair_denied    => { "$(no)" };
repair_timeout   => { "$(no)" };
}

##

body classes cf2_if_else(yes,no)

# meant to match cf2 semantics

{
promise_repaired => { "$(yes)" };
repair_failed    => { "$(no)" };
repair_denied    => { "$(no)" };
repair_timeout   => { "$(no)" };
}

##

body classes if_notkept(x)
{
repair_failed   => { "$(x)" };
repair_denied   => { "$(x)" };
repair_timeout  => { "$(x)" };
}

##

body classes if_ok(x)
{
promise_repaired => { "$(x)" };
promise_kept => { "$(x)" };
}

##
## Persistent classes
##

body classes state_repaired(x)
{
promise_repaired => { "$(x)" };
persist_time => "10";
}

##

body classes enumerate(x)

#
# This is used by commercial editions to count 
# instances of jobs in a cluster
#

{
promise_repaired => { "mXC_$(x)" };
promise_kept => { "mXC_$(x)" };
persist_time => "15";
}

###################################################
# agent bundles
###################################################


##..................................................
## files promises
##..................................................

##
## copy_from
##

body copy_from secure_cp(from,server)
{
source      => "$(from)";
servers     => { "$(server)" };
compare     => "digest";
encrypt     => "true";
verify      => "true";
}

##

body copy_from remote_cp(from,server)
{
servers     => { "$(server)" };
source      => "$(from)";
compare     => "mtime";
}

##

body copy_from local_cp(from)
{
source      => "$(from)";
}

##

body copy_from perms_cp(from)
{
source      => "$(from)";
preserve    => "true";
}

##

# Copy only if the file does not already exist, i.e. seed the placement

body copy_from seed_cp(from)
{
source      => "$(from)";
compare     => "exists";
}

##

body copy_from sync_cp(from,server)
{
servers     => { "$(server)" };
source      => "$(from)";
purge       => "true";
preserve    => "true";
}

##

body copy_from no_backup_cp(from)
{
source      => "$(from)";
copy_backup => "false";
}

##

body copy_from no_backup_rcp(from,server)
{
servers     => { "$(server)" };
source      => "$(from)";
compare     => "mtime";
copy_backup => "false";
}

##
## link_from
##

body link_from ln_s(x)
{
link_type => "symlink";
source => "$(x)";
when_no_source => "force";
}

##

body link_from linkchildren(tofile)
{
source        => "$(tofile)";
link_type     => "symlink";
when_no_source  => "force";
link_children => "true";
when_linking_children => "if_no_such_file"; # "override_file";
}

##
## perms
##

body perms m(mode)
{
mode   => "$(mode)";
}

##

body perms mo(mode,user)
{
owners => { "$(user)" };
mode   => "$(mode)";
}

##

body perms mog(mode,user,group)
{
owners => { "$(user)" };
groups => { "$(group)" };
mode   => "$(mode)";
}

##

body perms og(u,g)
{
owners => { "$(u)" };
groups => { "$(g)" };
}

##

body perms owner(user)
{
owners => { "$(user)" };
}

##
## ACLS (extended Unix perms)
##

body acl access_generic(acl)
# default/inherited ACLs are left unchanged,
# applicable for both files and directory on all platforms
{
acl_method => "overwrite";
aces => { "@(acl)" };
}

##

body acl strict
# NOTE: May need to take ownership of file/dir
# to be sure no-one else is allowed access
{
acl_method => "overwrite";

windows::
aces => { "user:Administrator:rwx" };
!windows::
aces => { "user:root:rwx" };
}

##
## depth_search
##

body depth_search recurse(d)

{
depth => "$(d)";
xdev  => "true";
}

##

body depth_search recurse_ignore(d,list)
{
depth => "$(d)";
exclude_dirs => { @(list) };
}

##
## delete
##

body delete tidy

{
dirlinks => "delete";
rmdirs   => "true";
}

##
## rename
##

body rename disable
{
disable => "true";
}

##

body rename rotate(level)
{
rotate => "$(level)";
}

##

body rename to(file)
{
newname => "$(file)";
}

##
## file_select
##

body file_select name_age(name,days)
{
leaf_name   => { "$(name)" };
mtime       => irange(0,ago(0,0,"$(days)",0,0,0));  
file_result => "mtime.leaf_name"; 
}

##

body file_select days_old(days)
{
mtime       => irange(0,ago(0,0,"$(days)",0,0,0));
file_result => "mtime";
}

##

body file_select size_range(from,to)
{
search_size => irange("$(from)","$(to)");
file_result => "size";
}

##

body file_select exclude(name)
{
leaf_name  => { "$(name)"};
file_result => "!leaf_name";
}

##

body file_select plain
{
file_types  => { "plain" };
file_result => "file_types";
}

body file_select dirs
{
file_types  => { "dir" };
file_result => "file_types";
}

##

body file_select by_name(names)
{
leaf_name  => { @(names)};
file_result => "leaf_name";
}

##

body file_select ex_list(names)
{
leaf_name  => { @(names)};
file_result => "!leaf_name";
}

##
## changes
##

body changes detect_all_change

# This is fierce, and will cost disk cycles

{
hash           => "best";
report_changes => "all";
update_hashes  => "yes";
}

##

body changes detect_content

# This is a cheaper alternative

{
hash           => "md5";
report_changes => "content";
update_hashes  => "yes";
}

##

body changes noupdate
# Use on (small) files that should never change
{
hash           => "sha256";
report_changes => "content";
update_hashes  => "no";
}

##

body changes diff
# Generates diff report (Nova and above)
{
hash           => "sha256";
report_changes => "content";
report_diffs   => "true";
update_hashes  => "yes";
}

##--------------------------------------------------------------
## Packages promises
##--------------------------------------------------------------

body package_method zypper

{
package_changes => "bulk";

package_list_command => "/usr/bin/zypper packages";
package_patch_list_command => "/usr/bin/zypper patches";
package_installed_regex => "i.*";
package_list_name_regex    => "[^|]+\|[^|]+\|\s+([^\s]+).*";
package_list_version_regex => "[^|]+\|[^|]+\|[^|]+\|\s+([^\s]+).*";
package_list_arch_regex    => "[^|]+\|[^|]+\|[^|]+\|[^|]+\|\s+([^\s]+).*";

package_patch_installed_regex => ".*Installed.*|.*Not Applicable.*";
package_patch_name_regex    => "[^|]+\|\s+([^\s]+).*";
package_patch_version_regex => "[^|]+\|[^|]+\|\s+([^\s]+).*";

package_name_convention => "$(name)";
package_add_command => "/usr/bin/zypper -non-interactive install";
package_delete_command => "/usr/bin/zypper -non-interactive remove --force-resolution";
package_update_command => "/usr/bin/zypper -non-interactive update";

package_patch_command => "/usr/bin/zypper -non-interactive patch$"; # $ means no args
package_verify_command => "/usr/bin/zypper -non-interactive verify$";
}

##

body package_method apt
{
package_changes => "bulk";
package_list_command => "/usr/bin/dpkg -l";
package_list_name_regex    => "ii\s+([^\s]+).*";
package_list_version_regex => "ii\s+[^\s]+\s+([^\s]+).*";
package_installed_regex => ".*"; # all reported are installed
package_name_convention => "$(name)";
package_list_update_ifelapsed => "240";		# 4 hours

have_aptitude::
   package_add_command => "/usr/bin/aptitude --assume-yes install";
   package_list_update_command => "/usr/bin/aptitude update";
   package_delete_command => "/usr/bin/aptitude --assume-yes remove";
   package_update_command =>  "/usr/bin/aptitude --assume-yes install";

!have_aptitude::
   package_add_command => "/usr/bin/apt-get --yes install";
   package_list_update_command => "/usr/bin/apt-get update";
   package_delete_command => "/usr/bin/apt-get --yes remove";
   package_update_command =>  "/usr/bin/apt-get --yes install";
}

##

body package_method rpm_version(repo)
{
package_changes => "individual";

package_list_command => "/bin/rpm -qa --queryformat \"i | repos | %{name} | %{version} | %{arch}\n\"";

package_list_name_regex    => "[^|]+\|[^|]+\|\s+([^\s|]+).*";
package_list_version_regex => "[^|]+\|[^|]+\|[^|]+\|\s+([^\s|]+).*";
package_list_arch_regex    => "[^|]+\|[^|]+\|[^|]+\|[^|]+\|\s+([^\s]+).*";

package_installed_regex => "i.*";
 
package_file_repositories => { "$(repo)" };

package_name_convention => "$(name)-$(version)-$(arch).rpm";

package_add_command => "/bin/rpm -ivh ";
package_delete_command => "/bin/rpm -e --nodeps";
package_verify_command => "/bin/rpm -V";
package_update_command => "/bin/rpm -Uvh ";
package_noverify_regex => ".*[^\s].*";
}

##

body package_method msi_implicit(repo)
# Use whole file name as promiser, e.g. "7-Zip-4.50-x86_64.msi",
# the name, version and arch is then deduced from the promiser
{
package_changes => "individual";
package_file_repositories => { "$(repo)" };

package_installed_regex => ".*";
 
package_name_convention => "$(name)-$(version)-$(arch).msi";
package_delete_convention => "$(firstrepo)$(name)-$(version)-$(arch).msi";

package_name_regex => "^(\S+)-(\d+\.?)+";
package_version_regex => "^\S+-((\d+\.?)+)";
package_arch_regex => "^\S+-[\d\.]+-(.*).msi";

package_add_command => "\"$(sys.winsysdir)\msiexec.exe\" /qn /i";
package_update_command => "\"$(sys.winsysdir)\msiexec.exe\" /qn /i";
package_delete_command => "\"$(sys.winsysdir)\msiexec.exe\" /qn /x";
}

##

body package_method msi_explicit(repo)
# use software name as promiser, e.g. "7-Zip", and explicitly
# specify any package_version and package_arch
{
package_changes => "individual";
package_file_repositories => { "$(repo)" };

package_installed_regex => ".*";
 
package_name_convention => "$(name)-$(version)-$(arch).msi";
package_delete_convention => "$(firstrepo)$(name)-$(version)-$(arch).msi";

package_add_command => "\"$(sys.winsysdir)\msiexec.exe\" /qn /i";
package_update_command => "\"$(sys.winsysdir)\msiexec.exe\" /qn /i";
package_delete_command => "\"$(sys.winsysdir)\msiexec.exe\" /qn /x";
}

##

body package_method yum
{
package_changes => "bulk";
package_list_command => "/usr/bin/yum list installed";

# Remember to escape special characters like |

package_list_name_regex    => "([^.]+).*";
package_list_version_regex => "[^\s]\s+([^\s]+).*";
package_list_arch_regex    => "[^.]+\.([^\s]+).*";

package_installed_regex => ".*installed.*";
package_name_convention => "$(name).$(arch)";

package_add_command => "/usr/bin/yum -y install";
package_delete_command => "/bin/rpm -e";
package_verify_command => "/bin/rpm -V";
}

##

body package_method yum_rpm
# Contributed by Trond Hasle Amundsen

# More efficient package method for RedHat - uses rpm to list instead of yum
# Notes:
# - using $(name).$(arch) instead of $(name) for package_name_convention
#   causes uninstallation to fail.
# - using allmatches to remove for all architectures
#
{
  package_changes => "bulk";
  package_list_command => "/bin/rpm -qa --qf '%{name} %{version}-%{release} %{arch}\n'";

  package_list_name_regex    => "^(\S+?)\s\S+?\s\S+$";
  package_list_version_regex => "^\S+?\s(\S+?)\s\S+$";
  package_list_arch_regex    => "^\S+?\s\S+?\s(\S+)$";

  package_installed_regex => ".*";
  package_name_convention => "$(name)";

  package_add_command    => "/usr/bin/yum -y install";
  package_update_command => "/usr/bin/yum -y update";
  package_delete_command => "/bin/rpm -e --allmatches";
  package_verify_command => "/bin/rpm -V";
}

##

# The solaris package system is poorly designed, with too many different
# names to track. See the example in tests/units/unit_package_solaris.cf
# to see how to use this

body package_method solaris (pkgname, spoolfile, adminfile)
{
package_changes => "individual";
package_list_command => "/usr/bin/pkginfo -l";
package_multiline_start    =>  "\s*PKGINST:\s+[^\s]+";
package_list_name_regex    => "\s*PKGINST:\s+([^\s]+)";
package_list_version_regex => "\s*VERSION:\s+([^\s]+)";
package_list_arch_regex    => "\s*ARCH:\s+([^\s]+)";
package_installed_regex => "\s*STATUS:\s*(completely|partially)\s+installed.*";
package_name_convention => "$(name)";
package_add_command => "/usr/sbin/pkgadd -n -a /tmp/$(adminfile) -d /tmp/$(spoolfile)";
package_delete_command => "/usr/sbin/pkgrm -n -a /tmp/$(adminfile)";
}

##

body package_method freebsd
{
 package_changes => "individual";

 # Could use rpm for this
 package_list_command => "/usr/sbin/pkg_info";

 # Remember to escape special characters like |

 package_list_name_regex    => "([^-]+).*";
 package_list_version_regex => "[^-]+-([^\s]+).*";

 package_name_regex    => "([^-]+).*";
 package_version_regex => "[^-]+-([^\s]+).*";

 package_installed_regex => ".*";

 package_name_convention => "$(name)-$(version)";


package_add_command => "/usr/sbin/pkg_add -r";
package_delete_command => "/usr/sbin/pkg_delete";
}

##

 # Single bundle for all the similar managers simplifies promises

body package_method generic
{
SuSE::
 package_changes => "bulk";
 package_list_command => "/usr/bin/zypper packages";
 package_patch_list_command => "/usr/bin/zypper patches";
 package_installed_regex => "i.*";
 package_list_name_regex    => "[^|]+\|[^|]+\|\s+([^\s]+).*";
 package_list_version_regex => "[^|]+\|[^|]+\|[^|]+\|\s+([^\s]+).*";
 package_list_arch_regex    => "[^|]+\|[^|]+\|[^|]+\|[^|]+\|\s+([^\s]+).*";
 package_patch_installed_regex => ".*Installed.*|.*Not Applicable.*";
 package_patch_name_regex    => "[^|]+\|\s+([^\s]+).*";
 package_patch_version_regex => "[^|]+\|[^|]+\|\s+([^\s]+).*";
 package_name_convention => "$(name)";
 package_add_command => "/usr/bin/zypper -non-interactive install";
 package_delete_command => "/usr/bin/zypper -non-interactive remove --force-resolution";
 package_update_command => "/usr/bin/zypper -non-interactive update";
 package_patch_command => "/usr/bin/zypper -non-interactive patch$"; # $ means no args
 package_verify_command => "/usr/bin/zypper -non-interactive verify$";

redhat::
 package_changes => "bulk";
 package_list_command => "/usr/bin/yum list installed";
 package_list_name_regex    => "([^.]+).*";
 package_list_version_regex => "[^\s]\s+([^\s]+).*";
 package_list_arch_regex    => "[^.]+\.([^\s]+).*";
 package_installed_regex => ".*installed.*";
 package_name_convention => "$(name).$(arch)";
 package_add_command => "/usr/bin/yum -y install";
 package_delete_command => "/bin/rpm -e";
 package_verify_command => "/bin/rpm -V";

debian::
 package_changes => "bulk";
 package_list_command => "/usr/bin/dpkg -l";
 package_list_name_regex    => "ii\s+([^\s]+).*";
 package_list_version_regex => "ii\s+[^\s]+\s+([^\s]+).*";
 package_installed_regex => ".*"; # all reported are installed
 package_name_convention => "$(name)";
 package_list_update_ifelapsed => "240";		# 4 hours

debian.have_aptitude::
   package_add_command => "/usr/bin/aptitude --assume-yes install";
   package_list_update_command => "/usr/bin/aptitude update";
   package_delete_command => "/usr/bin/aptitude --assume-yes remove";
   package_update_command =>  "/usr/bin/aptitude --assume-yes install";

debian.!have_aptitude::
   package_add_command => "/usr/bin/apt-get --yes install";
   package_list_update_command => "/usr/bin/apt-get update";
   package_delete_command => "/usr/bin/apt-get --yes remove";
   package_update_command =>  "/usr/bin/apt-get --yes install";

freebsd::
 package_changes => "individual";
 package_list_command => "/usr/sbin/pkg_info";
 package_list_name_regex    => "([^-]+).*";
 package_list_version_regex => "[^-]+-([^\s]+).*";
 package_name_regex    => "([^-]+).*";
 package_version_regex => "[^-]+-([^\s]+).*";
 package_installed_regex => ".*";
 package_name_convention => "$(name)-$(version)";
 package_add_command => "/usr/sbin/pkg_add -r";
 package_delete_command => "/usr/sbin/pkg_delete";
}

##-------------------------------------------------------
## storage promises
##-------------------------------------------------------

body volume min_free_space(free)
{
check_foreign  => "false";
freespace      => "$(free)";
sensible_size  => "10000";
sensible_count => "2";
}

##

body mount nfs(server,source)
{
mount_type => "nfs";
mount_source => "$(source)";
mount_server => "$(server)";
edit_fstab => "true";
}


##

body mount nfs_p(server,source,perm)
{
mount_type => "nfs";
mount_source => "$(source)";
mount_server => "$(server)";
mount_options => {"$(perm)"};
edit_fstab => "true";
}

##

body mount unmount
{
mount_type => "nfs";
edit_fstab => "true";
unmount => "true";
}

##-------------------------------------------------------
## process promises
##-------------------------------------------------------

body process_select exclude_procs(x)
{
command => "$(x)";
process_result => "!command";
}

##

body process_count check_range(name,lower,upper)
{
match_range => irange("$(lower)","$(upper)");
out_of_range_define => { "$(name)_out_of_range" };
}

##
## service promises
##

body service_method bootstart
{
  service_autostart_policy => "boot_time";
  service_dependence_chain => "start_parent_services";
windows::
  service_type => "windows";
}

##

body service_method force_deps
{
  service_dependence_chain => "all_related";
windows::
  service_type => "windows";
}

####################################################
## monitor bodyparts
####################################################

body match_value scan_log(line)
{
select_line_matching => "$(line)";
track_growing_file => "true";
}

##

body action sample_rate(x)
{
ifelapsed => "$(x)";
expireafter => "10";
}