Skip to the content of the web site.

Linux | CfengineClasses

Cfengine Classes/Scripts

In general, each class currently useable for configuring hosts via cfengine can be grouped into one of two categories. The first is composed of classes that act as modifiers within files. These generally include classes that identify the ditribution as well as several other helper classes used to identify certain options useful within the cfengine scripts.

The rest of the classes present in the current cfengine configuration enable configuration of various parts of a Linxus system. Each of these is associated with a cfengine script bearing the same name as the class.

There is also one very important element that is not covered by these two categories:

This script runs on all machines managed by cfengine and is tasked with retrieval of classes from an external configuration as well as the mapping of classes to cfengine scripts.

The script maintains a list of class/file associations that allow it to copy the appropriate .cf file for the classes defined on a machine. The class configuration is handled by the Python app "cf-query". The main purpose of is to tie cfengine to some form of host management system. The nature of this system has not been finalized, so this class may change in the upcoming months/years.

Modifier Classes


This class is automatically enabled on machines that are running a debian-based distro (this is based on the observation that Ubuntu defines a debian class, may prove incorrect for Xandros/Mepis/Knoppix).

While this class was initially used as a safety measure to isolate sections of scripts that may damage non-debian distributions, the presence of a debian class in Ubuntu has largely shown this to be ineffective within the debian distro family, however it still has uses for configurations that involve debian-family tools such as apt and pkgsync.


This class was introduced to allow ubuntu machines to be configured by cfengine. Unfortunately, this class is not automatically set when cfengine is run on an ubuntu machine and must be manually added. Because of this and the differences between ubuntu and debian passwd/shadow files, it becomes very easy to break an ubuntu/debian system by setting this class incorrectly. Some way to automatically detect a machine as running ubuntu is highly desireable to increase robustness in areas where ubuntu and debian significantly differ.


This class is somewhat of an oddity since it has both a modifier in the script and a script of its own ( Within the context of modifying this class causes new passwd/shadow/group/sudoers files to be pushed to the machine on which it's defined. Without this class will simply check and correct permissions on these files.


This class adds addition functionality to Specifially, having the staging class defined causes cfengine to set up master copies of the passwd/shadow files within a configuration directory on the machine. In practice, this class is intended to be used on a machine that serves as the cfengine server. Under these circumstances, staging creates complete passwd/shadow files out of the headers within the linxus_passwd file tree and any nexus passwd/shadow files that were created on the server by push_pass.

Currently this class is defined using a list of hosts within the script. This should probably remain the case, since there is little to no reason to assign this class to a non-server machine. Admittedly, this class is not very robust as it requires a specific layout of the cfengine files to work correctly.


There are several other classes that are defined dynamically when cfengine is run. These should not be manually set except for the purposes of testing, as they are enabled when certain conditions are met on the target machine.

Classes Associated With Files


While all is the name of cfengine class that is always defined, the current structure of cfengine also contains an file which is intended to run on every machine.

When defined (always) it removes cfengine backup files (*.cfsaved) and files from /tmp that are more than a week old. It also adds DNS servers and into /etc/resolv.conf.

The modifications made by this class are fairly rudimentary and should not pose a problem with most/all distributions. In particular, testing with Ubuntu has shown no ill effects. However the DNS servers that are added may not be desired by other faculties within the university and this section of the file will have to be modified.


This class was created as something of a kludge to get around a problem caused by KVM switches preventing correct detection of the monitor setting. The script is associated with this class.

Whend defined this class determines the vertical/horizontal refresh rates of the connected monitor and inserts them into a generic XF86Config? -4 file that should work on any machine with an ATI Rage graphics card. This is obviously not ideal as it will only work on a limited set of hardware configurations.

In terms of other distributions, use of this script is not recommended. Since most modern distributions are using xorg (which uses /etc/xorg.conf) this class is often useless. In addition Ubuntu appears to perform autoconfiguration on the monitor every time the system starts up, rendering this class further obsolete.


This class should be used on any cfengine server and is particularly useful when starting a new server, or recovering a broken server. The script is associated with this class.

When defined this class retrieves the latest cfengine configuration revision from the bazaar archive and places it in /config. If /config already exists it merges in the new revisions using /usr/sbin/

This class should work on any machine that has bazaar installed. However, this class may need tweaking to correctly set up the cfengine scripts on a new server as the class has not been tested extensively in this role.


This class is intended to deploy a working cups configuration on linxus workstations.

When defined, this class ensures that cupsys-client and cupsys-bsd packages are installed. It also does basic configuration of /etc/cups/client.conf using a template file.

Deployment of this class on networks other than linxus should be a straightforward matter of modifying the replacement strings in the file. However, more extensive modifications may be neccessary for network settings that are significantly different.


This class sets up several global look/feel options on linxus machines running gnome (eg. fonts, themes, screensaver).

This class ensures the installation of the packages required for the gnome desktop on debian. It then configures gnome to a reasonable set of defaults using the file /usr/share/nautilus/initial-desktop/nexus.desktop and the script /usr/sbin/

It should be noted that this script (especially the pkgsync section) needs to be modified to work with the ubuntu class mentioned above. Until then use of this class on Ubuntu machines is discouraged.

This script runs on all machines managed by cfengine.

Similarly to this script imports files based on classes, however instead of the classes being manually defined it will import classes that correspond to permanent properties (such as os or hostname) of the machine being managed.

-- AlexBencz - 26 Sep 2006