Simple reporting with Cfengine 3

Keeping yourself up to date about what is happening on your Linux systems can be quite time-consuming. Many sys admins therefore use a little trick: Since the most important logs contain all the informative stuff, many admins install logcheck which reports unusual happenings every 60 minutes via mail.
In this way, the admins stay informed without even having to log in to the remote system.
You can use this simple but effective way of staying informed and enhance it a little bit – what if Cfengine 3 automatically reports repaired promises to you via mail? You could get informed that e.g. someone edited a configuration file directly or your disk space is running low.

Prerequisite for simple reporting with Cfengine 3
Make sure that the logcheck package is installed on your system and working. You should also have configured postfix (or another similar tool of your choice) to send you the logcheck mails. Optionally, you could also edit /etc/cfengine3/promises.cf and insert your e-mail address.

Note that logcheck sends all mails to the user “root” – so if you want to receive them with your normal e-mail address you should edit your /etc/aliases file.

Writing the Cfengine 3 script

body common control {
        version         => "1.0";
        inputs          => { "cfengine_stdlib.cf" };
        bundlesequence  => { "report_disk_usage" };
}

bundle agent report_disk_usage {
  storage:
        "/" volume => check_disk_space;

  reports:
        lowDiskCapacity::
          "Low disk capacity detected on / !";
}

body volume check_disk_space {
        freespace       => "90%";
        repair_failed   => { "lowDiskCapacity" };
}

Now save the file with an editor of your choice (I used “example8.cf”) and make sure that it is located in the right directory (e.g. /etc/cfengine3).

Let’s see if the syntax is correct:

/var/cfengine/bin/cf-promises -f /etc/cfengine3/example8.cf

If you see no error message we can run our Cfengine script then:

/var/cfengine/bin/cf-promises -f /etc/cfengine3/example8.cf

It should give you the following output:

/var/cfengine/bin/cf-agent -f /etc/cfengine3/example8.cf 
 !! Free disk space is under 90% for volume containing / (56% free)
I: Made in version '1.0' of '/etc/cfengine3/example8.cf' near line 9
R: Low disk capacity detected on / !

As you can see, Cfengine 3 detected that we are running “low” on disk space (I used 90% free capacity so this example works, maybe you should choose 10 or 15 %) and reported it to stdout.

Furthermore the /var/log/syslog file now contains the following entries:

tail /var/log/syslog
Aug  7 19:32:57 mintbox cf3[4806]:  R: Low disk capacity detected on / !

If you don’t want to wait for the next scheduled logcheck run, you can run it manually:

sudo -u logcheck logcheck

In my case, /var/spool/mail/root now contains a message from logcheck which shows an excerpt of the syslog and the Cfengine 3 report about the disk space consumption.

Analyzing the Cfengine 3 code snippet
I assume the “body common control” section is already known to you, so let’s skip this part and move on:

bundle agent report_disk_usage {
  storage:
        "/" volume => check_disk_space;

  reports:
        lowDiskCapacity::
          "Low disk capacity detected on / !";
}

At first the bundle agent “report_disk_usage” contains a “storage” promise. “/” refers to a mount point or volume, “volume” itself poiunts to the volume body template and “check_disk_space” is the name of a body section which will be defined later on.

The “reports” promise contains a class called “lowDiskCapacity” which is a condition. If this condition is true, the message “low disk capacity detected on / !” will be reported by Cfengine 3.

The next part…

body volume check_disk_space {
        freespace       => "90%";
        repair_failed   => { "lowDiskCapacity" };
}

… contains the already mentioned body volume section called “check_disk_space”. It makes use of the volume definitions in /etc/cfengine3/cfengine_stdlib.cf and therefore can content the freespace attribute. The “repair_failed” statement sets the class “lowDiskCapacity” if the amount of free space falls below 90% – an admittely high number which should be adjusted according to your needs.

Describing it in more simple words: Cfengine 3 reports a text string if the free disk capacity drops below 90%. This is achieved by defining a “condition”/class called “lowdiskCapacity”.

Summary
We took a quick look at one possibility of letting Cfengine 3 report an outlined state to the syslog. With the help of logcheck, those reports can be sent our via mail automatically which lets you stay informed with a minimum effort.

As usual, you can download today’s Cfengine 3 code snippet here.