From b539ce8f4d27d7dcf87ff4bbc7da9c545746e89a Mon Sep 17 00:00:00 2001 From: Ole Herman Schumacher Elgesem Date: Mon, 16 Feb 2026 22:16:15 +0100 Subject: [PATCH] Fixed typos and grammar mistakes Co-authored-by: Claude (cherry picked from commit 5f9112d60d43f9b913a1f917d9b01909da0e9861) Signed-off-by: Ole Herman Schumacher Elgesem --- .../01-installation/_index.markdown | 12 +++--- .../general-installation/_index.markdown | 16 +++---- ...tallation-community-containerized.markdown | 8 ++-- .../installation-community.markdown | 2 +- ...allation-enterprise-free-aws-rhel.markdown | 12 +++--- .../installation-enterprise-free.markdown | 8 ++-- .../installation-enterprise-vagrant.markdown | 14 +++---- .../installation-enterprise.markdown | 16 +++---- .../local-virtual-machine.markdown | 6 +-- .../putty-quick-start-guide.markdown | 16 +++---- .../verify-signatures.markdown | 2 +- .../vi-quick-start-guide.markdown | 2 +- .../01-installation/secure-bootstrap.markdown | 12 +++--- .../01-installation/upgrading.markdown | 6 +-- .../01-installation/version-control.markdown | 2 +- .../02-modules-from-cfengine-build.markdown | 6 +-- .../03-reporting-and-web-ui.markdown | 6 +-- content/getting-started/_index.markdown | 6 +-- .../reference/promise-types/_index.markdown | 16 +++---- .../reference/promise-types/access.markdown | 6 +-- .../reference/promise-types/classes.markdown | 14 +++---- .../reference/promise-types/commands.markdown | 16 +++---- .../reference/promise-types/custom.markdown | 18 ++++---- .../promise-types/databases.markdown | 10 ++--- .../promise-types/files/_index.markdown | 42 +++++++++---------- .../promise-types/measurements.markdown | 10 ++--- .../reference/promise-types/methods.markdown | 4 +- .../packages-deprecated.markdown | 12 +++--- .../reference/promise-types/packages.markdown | 10 ++--- .../promise-types/processes.markdown | 6 +-- .../reference/promise-types/reports.markdown | 2 +- .../reference/promise-types/services.markdown | 16 +++---- .../reference/promise-types/storage.markdown | 2 +- .../reference/promise-types/users.markdown | 6 +-- content/reference/promise-types/vars.markdown | 2 +- .../additional-topics/file-content.markdown | 4 +- 36 files changed, 174 insertions(+), 174 deletions(-) diff --git a/content/getting-started/01-installation/_index.markdown b/content/getting-started/01-installation/_index.markdown index c8d6042bf..e63455e0b 100644 --- a/content/getting-started/01-installation/_index.markdown +++ b/content/getting-started/01-installation/_index.markdown @@ -23,12 +23,12 @@ We will use an Ubuntu 20.04 Linux virtual machine as the CFEngine Hub, and we wi If you've never set up a virtual machine (VM) before, these are some easy ways: - Cloud: Create a VM in Digital Ocean, AWS, or any other cloud vendor. **(Recommended)** -- Mac OS: Install and run Vagrant and Virtual Box. +- macOS: Install and run Vagrant and VirtualBox. - Linux: Install and run Vagrant and libvirt. - Windows: Use Windows Subsystem for Linux (WSL). -We recommend using Digital Ocean because it is very easy to use the GUI, and spawn a virtual without installing something locally. -However, since it requires you to create an account, some users might prefer to install virtualization software and run everything themself. +We recommend using Digital Ocean because it is very easy to use the GUI, and spawn a virtual machine without installing something locally. +However, since it requires you to create an account, some users might prefer to install virtualization software and run everything themselves. This is also possible, for example using Vagrant and VirtualBox, and we will provide instructions for both. ## Development machine and CFEngine Hub @@ -152,7 +152,7 @@ For example, in Digital Ocean, the username is `root`, and the IP might be `128. **Note:** In the rest of this tutorial, replace the IP address we use in the examples, `192.168.56.2` with that IP. -**Using Vagrant and Virtualbox:** +**Using Vagrant and VirtualBox:** Come back to this tutorial after you have completed the installation and setup of a VM as explained in this tutorial: @@ -198,7 +198,7 @@ Policy server : None Binaries : dpkg, apt ``` -The output shows you the information needed for SSH (username and hostname / IP) as well as some key information about the host, such as architecture and operating system: +The output shows you the information needed for SSH (username and hostname / IP) as well as some key information about the host, such as architecture and operating system. ## Install CFEngine @@ -217,7 +217,7 @@ Open the CFEngine web UI in a web browser by clicking this link, or typing the a https://192.168.56.2/ You might get warnings about an insecure connection or invalid certificate. -At this point, your hub has a self signed certificate, which means there is no certificate authority that can verify which server you are talking to. +At this point, your hub has a self-signed certificate, which means there is no certificate authority that can verify which server you are talking to. In the future you might want to set up a DNS entry for your hub and give it a proper certificate, but for now, you can click the options in your browser to Ignore / Continue. (In Chrome, there might not be an "Accept and continue button", but you can type `thisisunsafe` to bypass the security warning). diff --git a/content/getting-started/01-installation/general-installation/_index.markdown b/content/getting-started/01-installation/general-installation/_index.markdown index b6719728e..9a56fa7c3 100644 --- a/content/getting-started/01-installation/general-installation/_index.markdown +++ b/content/getting-started/01-installation/general-installation/_index.markdown @@ -17,7 +17,7 @@ Check the [Pre-installation checklist][Pre-installation checklist] and [Supporte CFEngine Enterprise is provided in two packages; one is for the Policy Server (hub) and the other is for each Host (client). -Note: See [Installing Community][Installing Community] for the community version of CFEngine) +Note: See [Installing Community][Installing Community] for the community version of CFEngine. **Log in as root** and then follow these steps to install CFEngine Enterprise: @@ -35,7 +35,7 @@ Note: See [Installing Community][Installing Community] for the community version [Debian/Ubuntu] # apt -y install /path/to/.deb ``` -Note: Install actions logged to `/var/logs/cfengine-install.log`. +Note: Install actions are logged to `/var/logs/cfengine-install.log`. ## Bootstrap @@ -58,7 +58,7 @@ ifconfig sudo /var/cfengine/bin/cf-agent --bootstrap ``` -The bootstrap command must then be run on any client attaching itself to this server, using the ip address of the policy server (i.e. exactly the same as the command run on the policy server itself). +The bootstrap command must then be run on any client attaching itself to this server, using the IP address of the policy server (i.e. exactly the same as the command run on the policy server itself). ## Post-installation configuration @@ -68,10 +68,10 @@ CFEngine itself is configured through policy as well (see [Components][] and ### Configure agent email settings -By default an email a summary of any `cf-agent` run initiated by `cf-execd`. You +By default, `cf-execd` emails a summary of any `cf-agent` run. You may want to adjust the mailto or mailfrom. If you have a centralized reporting -system like CFEngine Enterprise you may wish to disable agent emails all -together. +system like CFEngine Enterprise you may wish to disable agent emails +altogether. #### Configure mailto and mailfrom @@ -94,7 +94,7 @@ needing to make any additional changes elsewhere. However, any emails sent from the system might also end up flagged as spam and sent directly to a user's junk mailbox. -**Note:** It's best practice to restart daemons after adjusting it's settings to +**Note:** It's best practice to restart daemons after adjusting its settings to ensure they have taken effect. #### Disable agent emails @@ -110,7 +110,7 @@ The preferred way to disable the agent from sending emails is to define Alternatively you can define the class from `def.cf`. -**Note:** It's best practice to restart daemons after adjusting it's settings to +**Note:** It's best practice to restart daemons after adjusting its settings to ensure they have taken effect. ### Server IP address and hostname diff --git a/content/getting-started/01-installation/general-installation/installation-community-containerized.markdown b/content/getting-started/01-installation/general-installation/installation-community-containerized.markdown index 5acf8320b..3df9ab693 100644 --- a/content/getting-started/01-installation/general-installation/installation-community-containerized.markdown +++ b/content/getting-started/01-installation/general-installation/installation-community-containerized.markdown @@ -72,7 +72,7 @@ docker exec cfengine-hub bash -c "/usr/local/sbin/cf-agent --bootstrap \$(ip -4 ## Preparing CFEngine host in container -The procedure to setup **cfengine-host** is similar to the **cfengine-hub** deployment. The changes are to name of the host container for better identification and bootstrap IP of the **cfengine-hub**. +The procedure to setup **cfengine-host** is similar to the **cfengine-hub** deployment. The changes are to the name of the host container for better identification and bootstrap IP of the **cfengine-hub**. ```command docker run --privileged -dit --name=cfengine-host registry.access.redhat.com/ubi9-init /usr/sbin/init @@ -108,7 +108,7 @@ docker exec cfengine-host bash -c "/usr/local/sbin/cf-agent --bootstrap ${CFENGI ### Preparing container image for CFEngine -Create a `Dockerfile` with following contents: +Create a `Dockerfile` with the following contents: ```Dockerfile FROM registry.access.redhat.com/ubi9-init:latest @@ -162,7 +162,7 @@ cfengine lts About an hour ago 302MB ### Using docker compose service -Create a `compose.yaml` file with following contents: +Create a `compose.yaml` file with the following contents: ```yaml {file="compose.yaml"} name: cfengine-demo @@ -211,7 +211,7 @@ Validate the `compose.yaml` file docker compose -f compose.yaml config 1>/dev/null ``` -**Note**: No output means valid yaml file. +**Note**: No output means a valid YAML file. Start service cfengine-demo diff --git a/content/getting-started/01-installation/general-installation/installation-community.markdown b/content/getting-started/01-installation/general-installation/installation-community.markdown index 22a09f04a..0037d6883 100644 --- a/content/getting-started/01-installation/general-installation/installation-community.markdown +++ b/content/getting-started/01-installation/general-installation/installation-community.markdown @@ -115,7 +115,7 @@ sudo /var/cfengine/bin/cf-agent --bootstrap 192.168.1.12 Upon successful completion, a confirmation message appears: "Bootstrap to '192.168.1.12' completed successfully!" -Type the following to check which version of CFEngine your are running: +Type the following to check which version of CFEngine you are running: ```command /var/cfengine/bin/cf-promises --version diff --git a/content/getting-started/01-installation/general-installation/installation-enterprise-free-aws-rhel.markdown b/content/getting-started/01-installation/general-installation/installation-enterprise-free-aws-rhel.markdown index 2749160ad..3d70fe23f 100644 --- a/content/getting-started/01-installation/general-installation/installation-enterprise-free-aws-rhel.markdown +++ b/content/getting-started/01-installation/general-installation/installation-enterprise-free-aws-rhel.markdown @@ -24,7 +24,7 @@ This tutorial will cover the following steps: ### Configure 2 RHEL virtual machine instances in AWS -- Login to AWS. +- Log in to AWS. - Under `Create Instance` click on `Launch Instance`. - On the line `Red Hat Enterprise Linux 64 Bit Free tier eligible` press the `Select` button. - On the `Choose Instance Type` screen ensure the `Micro Instances` tab on the left is selected. @@ -51,7 +51,7 @@ This tutorial will cover the following steps: ### Configure the security group -- On the left hand side of the AWS console click `NETWORK & SECURITY > Security Groups` +- On the left-hand side of the AWS console click `NETWORK & SECURITY > Security Groups` - Remembering the `Security group` name from earlier, click on the appropriate line item in the list. - Below the list of security group names will display details for the current security group. - Click the `Inbound` tab. @@ -117,7 +117,7 @@ Note: Turning off the firewall in a production environment is considered unsafe. ## CFEngine installation overview -We ready now ready to install the CFEngine software on both the server and client virtual machines. These also referred to as the "hub" and "host" machines, respectively. During the course of the instructions outlined in this guide, you will perform the following tasks: +We are now ready to install the CFEngine software on both the server and client virtual machines. These are also referred to as the "hub" and "host" machines, respectively. During the course of the instructions outlined in this guide, you will perform the following tasks: - Install CFEngine Enterprise onto a Policy Server and onto Hosts. A Policy Server (hub) is a CFEngine instance that contains promises (business policy) that get deployed to Hosts. Hosts are clients that retrieve and execute promises. - Bootstrap the policy server to itself and then bootstrap each of the Hosts to the Policy Server. Bootstrapping establishes a trust relationship between the Policy Server and all Hosts. Thus, business policy that you create in the Policy Server can be deployed to Hosts throughout your company. Bootstrapping completes the installation process. @@ -147,7 +147,7 @@ This script installs the latest CFEngine Enterprise Policy Server on your server Upon successful completion, a confirmation message appears: "Bootstrap to '172.31.3.25' completed successfully!" -- Type the following to check which version of CFEngine your are running: +- Type the following to check which version of CFEngine you are running: `/var/cfengine/bin/cf-promises --version` @@ -166,7 +166,7 @@ Note: The installation will work on 64-bit and 32-bit client machines (the host ![Bootstrap the policy server](Installing-CFE-on-AWS-11.png) -The client software (host), has been installed on the second virtual machine. +The client software (host) has been installed on the second virtual machine. Note: You can install CFEngine Enterprise on up to 25 hosts using the script above. @@ -184,7 +184,7 @@ Note: You can install CFEngine Enterprise on up to 25 hosts using the script abo - The Mission Portal is immediately accessible. Connect to the Policy Server through your web browser at: http:// (Note: The External IP address is available in the AWS console). - The default username for the Mission Portal is `admin`, and the password is also `admin`. - The Mission Portal runs TCP port 80 by default. [Configure mission portal to use HTTPS instead of HTTP](https://cfengine.zendesk.com/entries/25005193-Configure-Mission-Portal-to-use-HTTPS-instead-of-HTTP). -- During the initial setup, the Host(s) might take a few minutes to show up in the Mission Portal. Refresh the web page and login again if necessary. +- During the initial setup, the Host(s) might take a few minutes to show up in the Mission Portal. Refresh the web page and log in again if necessary. ## What next? diff --git a/content/getting-started/01-installation/general-installation/installation-enterprise-free.markdown b/content/getting-started/01-installation/general-installation/installation-enterprise-free.markdown index beb438b39..3991231f8 100644 --- a/content/getting-started/01-installation/general-installation/installation-enterprise-free.markdown +++ b/content/getting-started/01-installation/general-installation/installation-enterprise-free.markdown @@ -16,7 +16,7 @@ version of CFEngine Enterprise, but the number of Hosts (clients) is limited to - You need a minimum of 2 GB of available memory and a modern 64 bit processor. - Plan for approximately 100MB of disk space per host. You should provide an extra 2G to 4G of disk space if you plan to bootstrap more hosts later. -- You need a least two VMs/servers, one for the Policy Server and one for a Host (client). They must be on the same network. +- You need at least two VMs/servers, one for the Policy Server and one for a Host (client). They must be on the same network. - The Policy Server needs to run on a dedicated OS with a vanilla installation (i.e. it only has repositories and packages officially supported by the OS vendor) @@ -31,7 +31,7 @@ During the course of the instructions outlined in this guide, you will perform t and all Hosts. Thus, business policy that you create in the Policy Server can be deployed to Hosts throughout your company. Bootstrapping completes the installation process. - **Log in to the Mission Portal.** The Mission Portal is a graphical user interface that allows you to verify the - the actual state of all your Hosts, thus ensuring that your promises are being executed. + actual state of all your Hosts, thus ensuring that your promises are being executed. - **Try out the Tutorials.** Links to three tutorials give you a head start on learning CFEngine. ## 1. Download and install Enterprise on a policy server @@ -60,7 +60,7 @@ sudo /var/cfengine/bin/cf-agent --bootstrap Upon successful completion, a confirmation message appears: "Bootstrap to '192.168.1.12' completed successfully!" -Type the following to check which version of CFEngine your are running: +Type the following to check which version of CFEngine you are running: ```command /var/cfengine/bin/cf-promises --version @@ -105,7 +105,7 @@ password: admin The Mission Portal runs TCP port 80 by default. (Click [here] (https://cfengine.zendesk.com/entries/25005193-Configure-Mission-Portal-to-use-HTTPS-instead-of-HTTP) to configure the Mission Portal to use HTTPS instead of HTTP.) During the initial setup, the Host(s) might take a few minutes to show up in the Mission Portal. Simply refresh the web page -and login again if necessary. +and log in again if necessary. Note: If you are running Enterprise with Vagrant, you must add the correct port: http://localhost: in your browser. The is the port-forwarder diff --git a/content/getting-started/01-installation/general-installation/installation-enterprise-vagrant.markdown b/content/getting-started/01-installation/general-installation/installation-enterprise-vagrant.markdown index ef9375923..d08aa60ab 100644 --- a/content/getting-started/01-installation/general-installation/installation-enterprise-vagrant.markdown +++ b/content/getting-started/01-installation/general-installation/installation-enterprise-vagrant.markdown @@ -11,7 +11,7 @@ explore CFEngine Enterprise. This guide describes how to set up a client-server model with CFEngine and, through policy, manage both machines. Vagrant will create one VirtualBox VM to be the Policy Server (server), and another machine that will be the Host Agent (client), or host that can be managed by CFEngine. -Both running 64-bit Debian and communicate on a host-only network. +Both run 64-bit Debian and communicate on a host-only network. Apart from a one-time download of Vagrant and VirtualBox, this setup requires just one command and takes between 5 and 15 minutes to complete (determined by your Internet connection and disk speed). Upon completion, you are ready to @@ -46,7 +46,7 @@ different approach][General installation#More detailed installation guides]. This tutorial uses Vagrant to configure your VMs. It is available for Linux, Windows and MacOS and can be downloaded from vagrantup.com. After downloading Vagrant, install it on your computer. You may want to reference the -Windows Mac or Linux vagrant install guides. +Windows, Mac, or Linux Vagrant install guides. ## Install Virtualbox @@ -75,7 +75,7 @@ vagrant up Vagrant performs the following processes: - Downloads the basebox for both the hub and the client (if it has - not already been cached by vagrant. + not already been cached by vagrant). - Provisions, installs and bootstraps the hub - Provisions, installs and bootstraps clients @@ -125,7 +125,7 @@ Last login: Fri Jun 13 18:58:10 2014 from 10.0.2.2 #### Accessing via GUI -If you launch the virtualbox GUI you should find the vagrant vms named +If you launch the VirtualBox GUI, you should find the vagrant vms named `CFEngine Enterprise {{< params "cfengine.branch" >}}.{{< params "cfengine.latest_patch_release" >}}-{{< params "cfengine.latest_package_build" >}} hub`, and `CFEngine Enterprise {{< params "cfengine.branch" >}}.{{< params "cfengine.latest_patch_release" >}}-{{< params "cfengine.latest_package_build" >}} agent host001`. Additionally, you can uncomment the `v.gui=true` option in the `Vagrantfile` to have the console gui start with the vms. **Note:** There are two `v.gui` settings to uncomment; one for the hub, and one @@ -133,7 +133,7 @@ for the clients. ### Check the status of the vms -Running `vagrant status` from the vagrant project directroy will produce +Running `vagrant status` from the vagrant project directory will produce output like this. ```command @@ -175,7 +175,7 @@ vagrant suspend ``` To suspend the vms run `vagrant suspend`. This will freeze the state of each vm -and allows for latter resuming of the environment. +and allows for later resuming of the environment. ```command vagrant halt @@ -210,7 +210,7 @@ vagrant destroy ## Uninstall Vagrant environment -When you have completed your evaluation are ready to use CFEngine on +When you have completed your evaluation and are ready to use CFEngine on production servers, remove the VMs that you created above by following these simple instructions: diff --git a/content/getting-started/01-installation/general-installation/installation-enterprise.markdown b/content/getting-started/01-installation/general-installation/installation-enterprise.markdown index 9ed998e34..ff7b96755 100644 --- a/content/getting-started/01-installation/general-installation/installation-enterprise.markdown +++ b/content/getting-started/01-installation/general-installation/installation-enterprise.markdown @@ -34,7 +34,7 @@ some breathing room, typical user reported sizes are in the 100-250 MB range. On Windows systems, CFEngine consumes more space because Windows lacks support for sparse files (which are used opportunistically by lmdb). 5 G of space should provide some breathing room, typical user reported sizes for `C:\Program -Files\Cfengine` are around 1 GB. As always things vary in different environments +Files\Cfengine` are around 1 GB. As always, things vary in different environments and it's a good idea to measure consumption in your infrastructure and customize accordingly. @@ -51,7 +51,7 @@ promise executions) by adjusting `def.max_client_history_size`. port 5308 (used by CFEngine) is open for both incoming and outgoing connections. -- If a firewall is active on your operating system, adapt it to it to +- If a firewall is active on your operating system, adapt it to allow for communication on port 5308 or disable it. CFEngine bundles all critical dependencies into the package; therefore, @@ -84,7 +84,7 @@ size and complexity of the CFEngine policy. The CFEngine Server requires two users: **cfapache** and **cfpostgres**. If these users do not exist during installation of the server package, they will be created, so if there are constraints -on user creation, please ensure that these users exists prior to +on user creation, please ensure that these users exist prior to installation. These users are not required nor created by the agent package. @@ -117,7 +117,7 @@ with 5000 hosts, you should have at least 40GB of memory. ### Disk sizing and partitioning So that the agent is not affected by full disks it is recommended that -`/var/cfengine` be on it's own partition. +`/var/cfengine` be on its own partition. It is recommended that `$(sys.workdir)/state/pg` is mounted on a **separate disk**. This will give PostgreSQL, which can be very disk I/O @@ -145,7 +145,7 @@ If you do not have separate partitions for `$(sys.workdir)` and `$(sys.workdir)` adds up (for 5000 bootstrapped agents it would be 1500 IOPS and 10.5 MB/s). -**Note** Your storage IOPS specification may be given in 4KiB block +**Note:** Your storage IOPS specification may be given in 4KiB block size, in which case you would need to divide it by 4 to get the corresponding 16KiB _theoretical maximum_. @@ -160,7 +160,7 @@ that connects the Policy Server with the agents. The maximum number of connections is the maximum number of sessions that `cf-serverd` will support. The general rule of thumb is that it should be set to **two times the number of clients** bootstrapped to the hub. So if you have 100 -remote agents bootstrapped to your policy server, 200 would be a good value body +remote agents bootstrapped to your policy server, 200 would be a good value for body server control maxconnections. ### Open file descriptors @@ -215,7 +215,7 @@ Enterprise: [HP-UX] # swinstall -s .depot cfengine-nova ``` -Note: Install actions logged to `/var/logs/cfengine-install.log`. +Note: Install actions are logged to `/var/logs/cfengine-install.log`. ## Bootstrap @@ -226,7 +226,7 @@ host: /var/cfengine/bin/cf-agent --bootstrap ``` -After bootstrapping the hub run the policy to complete the hub configuration. +After bootstrapping the hub, run the policy to complete the hub configuration. ```command /var/cfengine/bin/cf-agent -Kf update.cf; /var/cfengine/bin/cf-agent -K diff --git a/content/getting-started/01-installation/local-virtual-machine.markdown b/content/getting-started/01-installation/local-virtual-machine.markdown index c22f4ccae..38d800366 100644 --- a/content/getting-started/01-installation/local-virtual-machine.markdown +++ b/content/getting-started/01-installation/local-virtual-machine.markdown @@ -17,7 +17,7 @@ Install Vagrant and VirtualBox from their respective websites: - [Vagrant](https://www.vagrantup.com/downloads) - [VirtualBox](https://www.virtualbox.org/) -VirtualBox is used for virtualization, and vagrant is a nice way of interacting with the VirtualBox software, through the `vagrant` Command Line Interface (CLI), and in a `Vagrantfile`. +VirtualBox is used for virtualization, and Vagrant is a nice way of interacting with the VirtualBox software, through the `vagrant` Command Line Interface (CLI), and in a `Vagrantfile`. ## SSH key @@ -93,13 +93,13 @@ end The `Vagrantfile` above does some important things: -- Defines a Ubuntu 20.04 Virtual machine called `hub`, with hostname `hub` +- Defines an Ubuntu 20.04 virtual machine called `hub`, with hostname `hub` - Sets its IP address to be `192.168.56.2` - Sets how much memory and CPU cores we want the VM to have - Copies the `id_rsa.pub` public key into the host when it starts, so we can use `ssh` **Note:** The machine will be called `hub` in `vagrant`, `cf-remote` and in Mission Portal (based on hostname), but this is just because we were consistent when naming it in all 3 places. -These 3 names do not have to match, but it is easier to remember +These 3 names do not have to match, but it is easier to remember. ## Start the virtual machine diff --git a/content/getting-started/01-installation/pre-installation-checklist/putty-quick-start-guide.markdown b/content/getting-started/01-installation/pre-installation-checklist/putty-quick-start-guide.markdown index d7f91c728..2ee9a3ef7 100644 --- a/content/getting-started/01-installation/pre-installation-checklist/putty-quick-start-guide.markdown +++ b/content/getting-started/01-installation/pre-installation-checklist/putty-quick-start-guide.markdown @@ -45,7 +45,7 @@ a _host_ in CFEngine terminology. PuTTYgen is used only when setting up a new client machine on the CFEngine hub. The CFEngine _hub_ will already have an encrypted _key-pair_ that was created when setting up the _hub_. (See the tutorial, [Installing CFEngine on RHEL Using AWS][Using Amazon Web Services]) -The following steps describe how to get the client machine, up and running using PuTTYgen and PuTTY. There are two distinct +The following steps describe how to get the client machine up and running using PuTTYgen and PuTTY. There are two distinct steps to this process: Step 1. Use PuTTYgen to create an encrypted _key-pair_ in the _.ppk_ file format that PuTTY uses. @@ -56,8 +56,8 @@ when setting up the server (_hub_) will be in the _.pem_ file format.) Step 2. Configure the PuTTY application in order to securely access the CFEngine _hub_. -Step 1. consists of the following sequence: First, launch PuTTYgen by double-clicking on the puTTygen icon in the Windows programs menu tree; -(It should be inside the PuTTY folder that was created when the PuTTY was downloaded and installed.) +Step 1 consists of the following sequence: First, launch PuTTYgen by double-clicking on the PuTTYgen icon in the Windows programs menu tree; +(It should be inside the PuTTY folder that was created when PuTTY was downloaded and installed.) Next, download the _key-pair_ and save it on the local hard disk in the _.ppk_ file format. @@ -73,7 +73,7 @@ File name input box. c. Navigate to the location on disk where the _public-key_ file was downloaded in earlier steps, in this case a _.pem_ file. Click _Open_. The following window will appear: -![The PuTTYgen Key Generator Window; note that the actual key and key fingerprint has been blanked out](putty-key-generator-window.png) +![The PuTTYgen Key Generator Window; note that the actual key and key fingerprint has been blanked out](putty-key-generator-window.png) d. Enter a _Passphrase_ and confirm the _Passphrase_. If no _Passphrase_ is desired, leave those fields empty. @@ -113,7 +113,7 @@ The Puttygen Interface. You will load the .pem file that you created in AWS. ![The Puttygen popup window](Installing-CFE-on-AWS-2.png) -The Puttygen popup window. Click `Yes`, to proceed without a passphrase. You can also protect your private key with a passphrase that you enter into `Key Passprhase` and `Confirm Key Passphrase`. +The Puttygen popup window. Click `Yes`, to proceed without a passphrase. You can also protect your private key with a passphrase that you enter into `Key Passphrase` and `Confirm Key Passphrase`. - Finally, navigate to a good location on disk to save the key file, enter a name for the private key, ensure PuTTY Private Key Files (\*.ppk) type is selected, and then click the Save button. - You can now close the Puttygen application. You will call up the .ppk file when you configure the virtual machines using PuTTY. @@ -121,7 +121,7 @@ The Puttygen popup window. Click `Yes`, to proceed without a passphrase. You can ### Configure PuTTY - Before configuring PuTTY, go back to your AWS Console, then navigate to INSTANCES > Instances. -- Make a note of the 2 different Public DNS entries for the virtual machines that were setup earlier (e.g. ec2xxxxxxxxxxxx.uswest1.compute.amazonaws.com, where the x's represent numbers). +- Make a note of the 2 different Public DNS entries for the virtual machines that were set up earlier (e.g. ec2xxxxxxxxxxxx.uswest1.compute.amazonaws.com, where the x's represent numbers). - Launch PuTTY by either: - Double clicking `putty.exe` from the download location, if downloaded directly. - Or, if the PuTTY installer was used above, one of either: @@ -131,9 +131,9 @@ The Puttygen popup window. Click `Yes`, to proceed without a passphrase. You can ![The Puttygen Interface](Installing-CFE-on-AWS-3.png) -The Putty interface, with `Session` selected on the left-side navigation tree. +The PuTTY interface, with `Session` selected on the left-side navigation tree. -- Now, we will configure the Putty application, which we will use to set up the two AWS virtual machines. +- Now, we will configure the PuTTY application, which we will use to set up the two AWS virtual machines. - The first step is to create a Host Name for the first VM. - The Host Name consists mainly of the public DNS entry that was created for one of the two virtual machines in AWS. But the DNS is preceded by a user name, `ec2-user`, followed by the `@` symbol, which is then followed by the DNS entry. diff --git a/content/getting-started/01-installation/pre-installation-checklist/verify-signatures.markdown b/content/getting-started/01-installation/pre-installation-checklist/verify-signatures.markdown index 12b6d586c..3e055df76 100644 --- a/content/getting-started/01-installation/pre-installation-checklist/verify-signatures.markdown +++ b/content/getting-started/01-installation/pre-installation-checklist/verify-signatures.markdown @@ -7,7 +7,7 @@ aliases: --- On the [Download CFEngine][enterprise software download page], you will find -sha256 checksums of all downloadable files which you can verify by using +sha256 checksums of all downloadable files which you can verify by using the `sha256sum` tool. In addition to this, `*.deb` and `*.rpm` packages (with the exception of AIX rpms) are diff --git a/content/getting-started/01-installation/pre-installation-checklist/vi-quick-start-guide.markdown b/content/getting-started/01-installation/pre-installation-checklist/vi-quick-start-guide.markdown index d2165c36f..da6cb9426 100644 --- a/content/getting-started/01-installation/pre-installation-checklist/vi-quick-start-guide.markdown +++ b/content/getting-started/01-installation/pre-installation-checklist/vi-quick-start-guide.markdown @@ -27,7 +27,7 @@ Learning the basics of vi is quite simple. The best way is by walking through an Step 1. Inside the shell prompt, simply type "vi". This will allow the user to insert text and create a new file. -Step 2. type "i" then press the "Enter" key. This takes the user to the insert mode, and allow typing in text or copying and pasting. +Step 2. type "i" then press the "Enter" key. This takes the user to the insert mode, and allows typing in text or copying and pasting. Step 3. Type some text-for example, the obligatory "Hello World" (which will be the subject of a later tutorial). Now press "Enter" to go to the next line and type "My name is Gary, and it's nice to meet you." diff --git a/content/getting-started/01-installation/secure-bootstrap.markdown b/content/getting-started/01-installation/secure-bootstrap.markdown index f8afe1f29..11ba924f1 100644 --- a/content/getting-started/01-installation/secure-bootstrap.markdown +++ b/content/getting-started/01-installation/secure-bootstrap.markdown @@ -18,14 +18,14 @@ Usually, when getting started with CFEngine, this step is automated as a dead-si cf-agent --bootstrap ``` -However, this is in the default configuration, and there are several limitations and implications of this; +However, this is in the default configuration, and there are several limitations and implications of this: ## Default configuration In the default configuration, the policy server (`cf-serverd`) on the hub machine trusts incoming connections from the same `/16` subnet. This means that: -- Bootstrapping new clients will work as long as the 2 first numbers in the IP address are identical ([IPv4 dot decimal representation](https://en.wikipedia.org/wiki/Dot-decimal_notation)) . +- Bootstrapping new clients will work as long as the 2 first numbers in the IP address are identical ([IPv4 dot decimal representation](https://en.wikipedia.org/wiki/Dot-decimal_notation)). The hub and client mutually accept each other's keys, automatically. - This applies to _all_ IP addresses within that range, not just the 1 IP address belonging to the client you are currently bootstrapping. - The hub will keep accepting new clients from those IP addresses until you change the configuration. @@ -118,7 +118,7 @@ sudo ls /var/cfengine/ppkeys The keypair of the host itself is always in the `localhost.pub` and `localhost.priv` files. Additional public keys from the hosts CFEngine is talking to over the network are in the other `.pub` files. -The filename has a SHA checksum of the public key file - this is the CFEngine hosts unique ID (in Mission Portal, our API, PostgreSQL and LMDB databases, etc.). +The filename has a SHA checksum of the public key file - this is the CFEngine host's unique ID (in Mission Portal, our API, PostgreSQL and LMDB databases, etc.). **Recommendation:** Don't copy, transfer, open, or share the private key (`localhost.priv`). It is a secret - putting it in more places is not necessary and increases the chances it could be compromised. @@ -132,7 +132,7 @@ sudo cf-key **Tip:** When using "golden images" to spawn machines with CFEngine already installed, ensure the keys in `/var/cfengine/ppkeys` are deleted before generating the snapshot, and generate / insert keys during provisioning. -## Key distribution - boostrapping without automatically trusting +## Key distribution - bootstrapping without automatically trusting To securely bootstrap a host to a hub, without trusting the network (IP addresses), you need to copy the 2 public keys across some trusted channel. Below we will be using SSH as the trusted channel, however the commands can easily be translated to however you are able to run commands and transfer files to your hosts. @@ -149,7 +149,7 @@ Edit the 3 variables according to your situation, they represent: - `BOOTSTRAP_IP` - The IP address of the hub, which you want `cf-agent` on the client to bootstrap to (connect to). - `HUB_SSH` - The username / IP combination you would use to connect to the hub with SSH. -- `CLIENT_SSH` - The username / IP combination you would use to connect to the hub with SSH. +- `CLIENT_SSH` - The username / IP combination you would use to connect to the client with SSH. ### Trusting the client's key on the hub @@ -241,6 +241,6 @@ This will start the normal CFEngine services (`cf-execd`, `cf-serverd`, etc.): ssh "$CLIENT_SSH" "cf-agent --trust-server no --bootstrap $BOOTSTRAP_IP" ``` -When we connect to the hubs IP address, if there is another server answering, a potential [man-in-the-middle attack](https://en.wikipedia.org/wiki/Man-in-the-middle_attack), it will not work. +When we connect to the hub's IP address, if there is another server answering, a potential [man-in-the-middle attack](https://en.wikipedia.org/wiki/Man-in-the-middle_attack), it will not work. The agent on the client machine will refuse to communicate with the untrusted server. This is the main reason (security benefit) of doing mutual authentication and secure key distribution. diff --git a/content/getting-started/01-installation/upgrading.markdown b/content/getting-started/01-installation/upgrading.markdown index c0624be04..83f5d67ac 100644 --- a/content/getting-started/01-installation/upgrading.markdown +++ b/content/getting-started/01-installation/upgrading.markdown @@ -97,7 +97,7 @@ anything goes wrong. The Masterfiles Policy Framework is available in the hub package, separately on the [download page](http://cfengine.com/community/download/), or directly from -the [masterfiles repository on github](https://github.com/cfengine/masterfiles). +the [masterfiles repository on GitHub](https://github.com/cfengine/masterfiles). Normally most files can be replaced with new ones, files that typically contain user modifications include `promises.cf`, `controls/*.cf`, and @@ -150,7 +150,7 @@ empty before performing an Enterprise Hub binary upgrade. root@hub:~# dpkg --install cfengine-nova-hub_{{< params "cfengine.branch" >}}.{{< params "cfengine.latest_patch_release" >}}-{{< params "cfengine.latest_package_build" >}}_amd64-deb7.deb ``` - _Community does not have a hub specific package._ + _Community does not have a hub-specific package._ 3. Check `/var/log/CFEngine-Install.log` for errors. @@ -192,7 +192,7 @@ empty before performing an Enterprise Hub binary upgrade. } ``` - **Note:** The negative look ahead regular expression is useful because it + **Note:** The negative lookahead regular expression is useful because it automatically turns off on hosts after they reach the target version. 3. Verify that the selected hosts are upgrading successfully. diff --git a/content/getting-started/01-installation/version-control.markdown b/content/getting-started/01-installation/version-control.markdown index d6ae81350..ae9895e22 100644 --- a/content/getting-started/01-installation/version-control.markdown +++ b/content/getting-started/01-installation/version-control.markdown @@ -6,7 +6,7 @@ aliases: - "/getting-started-installation-version-control.html" --- -By default, CFEngine policy is published `/var/cfengine/masterfiles` on the policy +By default, CFEngine policy is published from `/var/cfengine/masterfiles` on the policy server. It is recommended that this directory be backed by a version control system (VCS), such as Git or Subversion. diff --git a/content/getting-started/02-modules-from-cfengine-build.markdown b/content/getting-started/02-modules-from-cfengine-build.markdown index 900d92f47..fa7c88798 100644 --- a/content/getting-started/02-modules-from-cfengine-build.markdown +++ b/content/getting-started/02-modules-from-cfengine-build.markdown @@ -14,7 +14,7 @@ The workflow will look like this: ## Step 0: Creating a new project -Create a folder for you project, for example in your home directory: +Create a folder for your project, for example in your home directory: ```command mkdir -p ~/cfengine_project @@ -50,7 +50,7 @@ For the purposes of this tutorial, let's add the git module so we can work with cfbs add git ``` -Additionally, let's add a module to make CFEngine run policy and report collection every minute instead of the default 5 minute interval: +Additionally, let's add a module to make CFEngine run policy and report collection every minute instead of the default 5-minute interval: ```command cfbs add every-minute @@ -125,7 +125,7 @@ cf-remote save -H root@192.168.56.2 --role hub --name hub ## Step 4: Observe -Open your web browser and enter the IP address of your hub in the address bar to go the Mission Portal web UI. +Open your web browser and enter the IP address of your hub in the address bar to go to the Mission Portal web UI. For example: https://192.168.56.2/ diff --git a/content/getting-started/03-reporting-and-web-ui.markdown b/content/getting-started/03-reporting-and-web-ui.markdown index a059ac88f..7c68e6b96 100644 --- a/content/getting-started/03-reporting-and-web-ui.markdown +++ b/content/getting-started/03-reporting-and-web-ui.markdown @@ -7,7 +7,7 @@ aliases: - "/getting-started/reporting-and-web-ui" --- -After setting up your CFEngine Hub, adding modules and deployed your first policy set, it's appropriate to get familiar with the CFEngine Web UI, Mission Portal, and some of it's useful features. +After setting up your CFEngine Hub, adding modules and deploying your first policy set, it's appropriate to get familiar with the CFEngine Web UI, Mission Portal, and some of its useful features. This is by no means an exhaustive list of everything Mission Portal offers, but a good introduction for new users. If you haven't already, open your web browser and put the IP address (or hostname) of your CFEngine Hub in the address bar. For example: @@ -23,7 +23,7 @@ Both ways will lead you to an individual _Host info page_: ![](host-info.png) -In this page you find a lot of useful functionality and information related to an individual host. +On this page you find a lot of useful functionality and information related to an individual host. There are a few action buttons in the top right corner: ![](action-buttons.png) @@ -67,7 +67,7 @@ In Mission Portal, there is already an example compliance report which gives you As you start writing policy or using more modules, you might encounter situations where your deployed policy is not working and causes errors on some hosts. The best way to investigate these errors is to use the _Policy Analyzer_. In the left navigation bar, you can click _Policy Analyzer_, and then the blue button to _Enable policy analyzer_. -Once enabled (refresh or wait a bit) the policy analyzer gives you a way to browse through your policy set: +Once enabled (refresh or wait a bit), the policy analyzer gives you a way to browse through your policy set: ![](policy-analyzer.png) diff --git a/content/getting-started/_index.markdown b/content/getting-started/_index.markdown index f3993c29c..cd507b49e 100644 --- a/content/getting-started/_index.markdown +++ b/content/getting-started/_index.markdown @@ -6,14 +6,14 @@ aliases: - "/getting-started.html" --- -CFEngine allows you to configure and automate all your IT infrastructure, including, servers, desktops and IoT devices. +CFEngine allows you to configure and automate all your IT infrastructure, including servers, desktops, and IoT devices. It enables efficient changes across large fleets of devices and automatic self-healing / drift correction according to the desired state. -With it's flexible and performant reporting system, you can have up to date inventory and compliance reports even with hundreds of thousands of endpoints under management. +With its flexible and performant reporting system, you can have up-to-date inventory and compliance reports even with hundreds of thousands of endpoints under management. [CFEngine Build](https://build.cfengine.com) is the website where the CFEngine users can share and find modules from the rest of the community. These modules allow you to add functionality and achieve useful tasks in CFEngine without writing any code. -In this tutorial series we will learn CFEngine the easy way, first focusing on installation, out of the box functionality, ready to use modules, and the web user interface (Mission Portal). +In this tutorial series, we will learn CFEngine the easy way, first focusing on installation, out-of-the-box functionality, ready-to-use modules, and the web user interface (Mission Portal). Afterwards, we will continue to more advanced topics, such as policy writing and module development. ## Outline diff --git a/content/reference/promise-types/_index.markdown b/content/reference/promise-types/_index.markdown index f91faff8d..9a3d3a317 100644 --- a/content/reference/promise-types/_index.markdown +++ b/content/reference/promise-types/_index.markdown @@ -116,7 +116,7 @@ body action example #### expireafter -**Description:** The Number of minutes a promise is allowed to run before the +**Description:** The number of minutes a promise is allowed to run before the agent is terminated. **Note**: Not to be confused @@ -349,7 +349,7 @@ of time, e.g. in remote copying of filesystem/disk scans. On the Windows version of CFEngine Enterprise, this can be useful if we don't want to wait for a particular command to finish execution before checking the -next promise. This is particular for the Windows platform because there is +next promise. This is particular to the Windows platform because there is no way that a program can start itself in the background here; in other words, fork off a child process. However, file operations can not be performed in the background on Windows. @@ -386,7 +386,7 @@ body action background **Description:** Defines the reporting level for standard output for this promise. `cf-agent` can be run in verbose mode (-v), inform mode (-I) and just print -errors (no arguments). This attribute allows to set these three output levels +errors (no arguments). This attribute allows you to set these three output levels on a per promise basis, allowing the promise to be more verbose than the global setting (but not less). @@ -500,7 +500,7 @@ body classes example promises that set multiple parameters on a file simultaneously. The classes for different parts of a promise are not separable. Thus, if you -promise to create and file and change its permissions, when the file exists +promise to create a file and change its permissions, when the file exists with incorrect permissions, `cf-agent` will report that the `promise_kept` for the file existence, but `promise_repaired` for the permissions. If you need separate reports, you should code two separate promises rather than @@ -603,10 +603,10 @@ The class in the above example is set if no action was necessary by `cf-agent`, because the promise concerned was already kept without further action required. **Note**: Complex promises can report misleadingly. For example, -`files`promises that set multiple parameters on a file simultaneously. +`files` promises that set multiple parameters on a file simultaneously. The classes for different parts of a promise are not separable. Thus, if you -promise to create and file and change its permissions, when the file exists +promise to create a file and change its permissions, when the file exists with incorrect permissions, `cf-agent` will report that the `promise_kept` for the file existence, but `promise_repaired` for the permissions. If you need separate reports, you should code two separate promises rather than @@ -803,7 +803,7 @@ body classes example } ``` -In the above example, a list of integer return codes indicating that a +In the above example, a list of integer return codes indicates that a command-related promise has been repaired. This can in turn be used to define classes using the `promise_repaired` attribute, or merely alter the total compliance statistics. @@ -898,7 +898,7 @@ body classes example } ``` -**See also:** [`persistance` classes attribute][classes#persistence], [`persist_time` in classes body][Promise types#persist_time] +**See also:** [`persistence` classes attribute][classes#persistence], [`persist_time` in classes body][Promise types#persist_time] #### timer_policy diff --git a/content/reference/promise-types/access.markdown b/content/reference/promise-types/access.markdown index c3d14631e..d67676164 100644 --- a/content/reference/promise-types/access.markdown +++ b/content/reference/promise-types/access.markdown @@ -55,7 +55,7 @@ Note that the usage of the `$(connection.*)` variables is strictly limited to literal strings within the promiser and admit/deny lists; they cannot be passed to functions or stored in other variables. -With CFEngine Enteprise, access promises can be made about additional query data for +With CFEngine Enterprise, access promises can be made about additional query data for reporting and orchestration. ```cf3 {skip TODO} @@ -221,8 +221,8 @@ access: {{< CFEngine_promise_attribute() >}} -**Notes:** Failure to resolve a hostname or it's reverse results in a denial. -Since this control is sensitive to temporary DNS failures, and cases, where +**Notes:** Failure to resolve a hostname or its reverse results in a denial. +Since this control is sensitive to temporary DNS failures, and cases where reverse DNS is not present, it should be used with extreme scrutiny. **See also:** `admit_hostnames`, `deny_ips`, `deny_keys` diff --git a/content/reference/promise-types/classes.markdown b/content/reference/promise-types/classes.markdown index f941301b9..f6f517e20 100644 --- a/content/reference/promise-types/classes.markdown +++ b/content/reference/promise-types/classes.markdown @@ -28,8 +28,8 @@ classes: {{< CFEngine_include_example(class-automatic-canonificiation.cf) >}} -- The term `class` and `context` are sometimes used interchangeably. -- The following attributes to make a complete promise. +- The terms `class` and `context` are sometimes used interchangeably. +- The following attributes are used to make a complete promise. - and - expression - dist @@ -124,7 +124,7 @@ classes: **Notes:** In the example above the values sum up to `10+20+40+50 = 120`. When generating -the distribution, CFEngine picks a number between `1-120`, and set the class +the distribution, CFEngine picks a number between `1-120`, and sets the class `my_dist` as well as one of the following classes: ``` @@ -215,7 +215,7 @@ classes: **Notes:** -This is useful construction for writing expressions that contain functions. +This is a useful construction for writing expressions that contain functions. ### persistence @@ -251,11 +251,11 @@ This feature can be used to avoid recomputing expensive classes calculations on each invocation. This is useful if a class discovered is essentially constant or only slowly varying, such as a hostname or alias from a non-standard naming facility. -Persistent classes are always global and can not be set to local +Persistent classes are always global and cannot be set to local by **scope** directive. For example, to create a conditional inclusion of costly class evaluations, -put them into a separate bundle in a file `classes.cf.` +put them into a separate bundle in a file `classes.cf`. ```cf3 # promises.cf @@ -306,7 +306,7 @@ classes: **History:** Was introduced in CFEngine 3.3.0 -**See also:** [`persistance` classes attribute][classes#persistence], [`persist_time` in classes body][Promise types#persist_time] +**See also:** [`persistence` classes attribute][classes#persistence], [`persist_time` in classes body][Promise types#persist_time] ### not diff --git a/content/reference/promise-types/commands.markdown b/content/reference/promise-types/commands.markdown index 4a00e9a5a..ad05f0d2d 100644 --- a/content/reference/promise-types/commands.markdown +++ b/content/reference/promise-types/commands.markdown @@ -71,7 +71,7 @@ bundle agent example commands: "/usr/bin/env MY_ENVIRONMENT_VARIABLE=something_special /tmp/cmd"; - # Or equivlent + # Or equivalent "/usr/bin/env" args => "ME=something_special /tmp/cmd"; } @@ -79,7 +79,7 @@ bundle agent example **Note**: Some unices leave a hanging pipe on restart (they never manage to detect the end of file condition). This occurs on POSIX.1 and SVR4 popen calls -which use wait4. For some reason they fail to find and end-of-file for an +which use wait4. For some reason they fail to find an end-of-file for an exiting child process and go into a deadlock trying to read from an already dead process. This leaves a zombie behind (the parent daemon process which forked and was supposed to exit) though the child continues. A way around this @@ -97,7 +97,7 @@ continue. ### args -**Description:** Allows to separate the arguments to the command from the +**Description:** Allows separating the arguments to the command from the command itself. Sometimes it is convenient to separate command and arguments. The final arguments are the concatenation with one space. @@ -124,18 +124,18 @@ So in the example above the command would be: ### arglist -**Description:** Allows to separate the arguments to the command from the +**Description:** Allows separating the arguments to the command from the command itself, using an slist. As with `args`, it is convenient to separate command and arguments. -With `arglist` you can use a slist directly instead of having to +With `arglist` you can use an slist directly instead of having to provide a single string as with `args`. That's particularly useful when there are embedded spaces and quotes in your arguments, but also when you want to get them directly from a slist without going through `join()` or other functions. **Note:** Spaces are not preserved when the `useshell` attribute is set to -`"useshell"` or `"powersell"`. The same is true when using commands promises on +`"useshell"` or `"powershell"`. The same is true when using commands promises on Windows, even when `useshell` is set to `"noshell"`, due to limited support in the Win32 API. @@ -406,7 +406,7 @@ preview => "true"; #### no_output -**Description:** Allows to discard all output from the command. +**Description:** Allows discarding all output from the command. Setting this attribute to `true` is equivalent to piping standard output and error to `/dev/null`. @@ -473,7 +473,7 @@ module, unless the `^context` extension is used. **NOTE**: All variables and classes defined by the module protocol are defined in the `default` namespace. It is not possible to define variables and classes in any other namespace. Protocol extensions ( lines that start with `^` -) apply until they are explicitly reset, or until the end of the modules +) apply until they are explicitly reset, or until the end of the module's execution. All the variables and classes will have at least the tag diff --git a/content/reference/promise-types/custom.markdown b/content/reference/promise-types/custom.markdown index f2ae55e62..b5e94a954 100644 --- a/content/reference/promise-types/custom.markdown +++ b/content/reference/promise-types/custom.markdown @@ -100,14 +100,14 @@ Due to the implementation details, the following attributes from the `classes` b In CFEngine, each bundle is evaluated in multiple passes (3 main passes for most promise types). Within each evaluation pass of a bundle, the promises are not evaluated from top to bottom, but based on the [normal order][Policy evaluation] of the bundle type. -Custom promise types are added dynamically and don't have a predefined order, they are evaluated as they appear within a bundle (top to bottom), but at the end of each evaluation pass, after all the built in promise types. +Custom promise types are added dynamically and don't have a predefined order, they are evaluated as they appear within a bundle (top to bottom), but at the end of each evaluation pass, after all the built-in promise types. As with other promise types, we recommend not relying too much on this ordering, if you want some promises to be evaluated before others, use the `bundlesequence` or `depends_on` attribute to achieve this. **Note:** All promises of the same type are evaluated together, so splitting up the promises of one type or interleaving promises of multiple types will not make a difference. All promises of the custom promise type which appeared first will be evaluated before all the promises of the custom promise type which appeared second are evaluated, and so on. ## Creating custom promise types -The agent spawns the promise module as a subprocess and communicates with it using it's standard input and output (stdin, stdout). +The agent spawns the promise module as a subprocess and communicates with it using its standard input and output (stdin, stdout). It does not use command line arguments, or standard error output (stderr), but these may be used for testing / debugging promise modules. Everything written to stdin and stdout should follow the module protocol described below. @@ -182,11 +182,11 @@ Note that all log levels, except for `debug`, should be friendly to non-develope ### Results -Each operation performed by the module, sends a result back to the agent. +Each operation performed by the module sends a result back to the agent. The possible results are as follows: - Shared between operations: - - `error` - an unexpected error occured in the module or protocol, indicating a bug in CFEngine or the promise module + - `error` - an unexpected error occurred in the module or protocol, indicating a bug in CFEngine or the promise module - Should be explained by a `critical` level log message - Promise validation: - `valid` - No problems with the data or data types in promise @@ -197,11 +197,11 @@ The possible results are as follows: - It does not need to validate the promise again, and should **not** return `valid` / `invalid`. - `kept` - promise satisfied already, no change made - `repaired` - promise not satisfied before, but fixed now - - The change should be explained in a `info` level log message + - The change should be explained in an `info` level log message - `not_kept` - promise not satisfied before, and could not be fixed - Should be explained by an `error` level log message -- Teminate: - - `success` - Module succesfully terminated without errors +- Terminate: + - `success` - Module successfully terminated without errors - `failure` - There were problems when trying to clean up / terminate - Should be explained by a `critical` level log message @@ -317,7 +317,7 @@ header. Following are the currently recognized features supported by cf-agent. ##### Action policy The _Action policy_ feature, advertised as supported by the `action_policy` feature flag, indicates -that the module can properly handle the action policy mechanism which allows user to specify that +that the module can properly handle the action policy mechanism which allows the user to specify that promises should only check the state of the system and produce warnings in case of mismatch instead of actually repairing the state. When supported by the module, the cf-agent will allow use of the promises handled by the module with: @@ -362,7 +362,7 @@ The headers (request and response) are not JSON, but a sequence of space-separat All messages sent by cf-agent and the promise module are single line JSON-data, except: - Headers (both from cf-agent and promise module) are not JSON. -- JSON responses sent from promise module may optionally be preceeded by log messages, as explained below. +- JSON responses sent from promise module may optionally be preceded by log messages, as explained below. Within strings in the JSON data, newline characters must be escaped (`\n`). This is not strictly required by the JSON spec, but most implementations do this anyway. diff --git a/content/reference/promise-types/databases.markdown b/content/reference/promise-types/databases.markdown index ad8220e8d..3024a22e2 100644 --- a/content/reference/promise-types/databases.markdown +++ b/content/reference/promise-types/databases.markdown @@ -13,7 +13,7 @@ There are two main cases of database management to address: small embedded databases and large centralized databases. Databases are often centralized entities that have a single point of -management. While large monolithic database can be more easily managed +management. While a large monolithic database can be more easily managed with other tools, CFEngine can still monitor changes and discrepancies. In addition, CFEngine can also manage smaller embedded databases that are distributed in nature, whether they are SQL, registry or future @@ -32,10 +32,10 @@ There are three kinds of database supported by CFEngine: - _SQL - Structured Query Language_ - A number of relational databases (currently supported: MySQL, Postgres for + A number of relational databases (currently supported: MySQL, Postgres) for reading and writing complex data. - **WARNING:** Neither MySQL/MariaDB or PostgreSQL support is built into the + **WARNING:** Neither MySQL/MariaDB nor PostgreSQL support is built into the default binaries. If you wish to use this functionality you must compile the agent with support. @@ -352,7 +352,7 @@ databases: windows:: - # Regsitry has (value,data) pairs in "keys" which are directories + # Registry has (value,data) pairs in "keys" which are directories "HKEY_LOCAL_MACHINE\SOFTWARE\CFEngine AS\CFEngine" @@ -390,7 +390,7 @@ bundle agent main ### registry_exclude -**Description:** An `registry_exclude` slist contains regular expressions +**Description:** A `registry_exclude` slist contains regular expressions to ignore in key/value verification. During recursive Windows registry scanning, this option allows us to ignore diff --git a/content/reference/promise-types/files/_index.markdown b/content/reference/promise-types/files/_index.markdown index 93b7c2d2e..cf97fc892 100644 --- a/content/reference/promise-types/files/_index.markdown +++ b/content/reference/promise-types/files/_index.markdown @@ -336,7 +336,7 @@ alter such a socket. This is a known issue, documented in **Description:** Native settings for access control entry are defined by 'aces'. POSIX ACL are -available in CFEngine Community starting with 3.4.0. NTFS ACL are available in +available in CFEngine Community starting with 3.4.0. NTFS ACL are available with CFEngine Enterprise. **Type:** `slist` @@ -426,7 +426,7 @@ aces = { example, `nperms` will be ignored if `acl_type:``ntfs` and the object is stored on a file system not supporting NTFS ACLs. Valid values for `nperms` varies with different ACL types. When `acl_type` is set to `ntfs`, the - valid flags and their mappings is as follows: + valid flags and their mappings are as follows: | CFEngine nperm flag | NTFS Special Permission | | :-----------------: | ------------------------------ | @@ -447,7 +447,7 @@ aces = { - `perm_type` (optional) Can be set to either `allow` or `deny`, and defaults to `allow`. `deny` is - only valid if `acl_type` is set to an ACL type that support deny + only valid if `acl_type` is set to an ACL type that supports deny permissions. A `deny` ACE will only be enforced if the file object is stored on a file system supporting the acl type set in `acl_type`. @@ -501,7 +501,7 @@ The constraint `acl_default` gives control over the default ACL of directories. The default ACL can be left unchanged (`nochange`), empty (`clear`), or be explicitly specified (`specify`). In addition, the default ACL can be set equal to the directory's access ACL (`access`). This -has the effect that child objects of the directory gets the same access ACL as +has the effect that child objects of the directory get the same access ACL as the directory. **Type:** (menu option) @@ -737,7 +737,7 @@ If true, CFEngine will log a 'diff' summary of major changes to the files. It is not permitted to combine this promise with a depth search, since this would consume a dangerous amount of resources and would lead to unreadable reports. -The feature is intended as a informational summary, not as a version control +The feature is intended as an informational summary, not as a version control function suitable for transaction control. If you want to do versioning on system files, you should keep a single repository for them and use CFEngine to synchronize changes from the repository source. Repositories should not be @@ -861,7 +861,7 @@ recent than that of the promised file CFEngine copies the file if the modification time or creation time of the source file is more recent than that of the promised file. If the times are -equal, a byte-for-bye comparison is done on the files to determine if it needs +equal, a byte-for-byte comparison is done on the files to determine if it needs to be copied. - `exists` @@ -935,7 +935,7 @@ body copy_from example **Description:** The `encrypt` menu option policy describes whether to use encrypted data stream to connect to remote hosts. -Client connections are encrypted with using a Blowfish randomly generated +Client connections are encrypted using a Blowfish randomly generated session key. The initial connection is encrypted using the public/private keys for the client and server hosts. @@ -1127,7 +1127,7 @@ the file and the file is missing the promise will be kept. **Notes:** -This can be useful for opportunistically coping files that are not necessarily +This can be useful for opportunistically copying files that are not necessarily required or available at all times. For example if there is a host specific data that each host attempts to copy this will allow you to not have many promise failures when a host does not have any data prepared for it. @@ -1326,7 +1326,7 @@ If the server's public key has not already been trusted, `trustkey` provides automated key-exchange. Note that, as a simple security precaution, `trustkey` should normally be set -to false. Even though the risks to the client low, it is a good security +to false. Even though the risks to the client are low, it is a good security practice to avoid key exchange with a server one is not one hundred percent sure about. On the server-side however, trust is often granted to many clients or to a whole network in which possibly unauthorized parties might be able to @@ -1405,7 +1405,7 @@ verify => "true"; **History:** Was introduced in 3.16.0 -**Note:** You cannot `content` in combination with the other edit operations +**Note:** You cannot use `content` in combination with the other edit operations like `edit_line`, `edit_xml`, `edit_template` or `edit_template_string`. ### create @@ -1731,7 +1731,7 @@ R: example_edit_backup_true R: example_edit_backup_true.cf-before-edit ``` -A value of `timestamp` will result in the original file be suffixed with the +A value of `timestamp` will result in the original file being suffixed with the epoch and the canonified form of the date when the file was changed followed by `.cf-before-edit`. For example `_1511292441_Tue_Nov_21_13_27_22_2017.cf-before-edit`. @@ -1769,7 +1769,7 @@ R: example_edit_backup_timestamp_1511300904_Tue_Nov_21_15_48_25_2017.cf-before-e A value of `false` will result in no retention of the original file. -A value of `rotate` will result in the original file be suffixed with +A value of `rotate` will result in the original file being suffixed with `.cf-before-edit` followed by an integer representing the nth previous version of the file. The number of rotations is managed by the `rotate` attribute in `edit_defaults`. @@ -1828,7 +1828,7 @@ recipe allows an ordered procedure to be convergent. **Notes:** -- Within `edit_line` bundles the variable `$(edit.empty_before_use)` holds this value, allowing for decisions to be bade based on it. +- Within `edit_line` bundles the variable `$(edit.empty_before_use)` holds this value, allowing for decisions to be made based on it. **Example:** @@ -1907,7 +1907,7 @@ If set to true, this option allows CFEngine to process line based files with backslash continuation. The default is to not process continuation backslashes. -Back slash lines will only be concatenated if the file requires editing, +Backslash lines will only be concatenated if the file requires editing, and will not be restored. Restoration of the backslashes is not possible in a meaningful and convergent fashion. @@ -2241,7 +2241,7 @@ file_result => "ctime"; **Description:** Range of modification times (mtime) for acceptable files -The file's modification time refers to both modification of content but +The file's modification time refers to modification of content but not other attributes, such as permissions. **Type:** `irange[int,int]` @@ -2284,7 +2284,7 @@ body file_select used_recently body file_select not_used_much { - # files not accessed since 00:00 1st Jan 2000 (in the local timezime) + # files not accessed since 00:00 1st Jan 2000 (in the local timezone) atime => irange(on(2000,1,1,0,0,0),now); file_result => "!atime"; } @@ -2519,7 +2519,7 @@ unpredictable. Note that symlink is synonymous with absolute links, which are different from relative links. Although all of these are symbolic links, the nomenclature here is defined such that symlink and absolute are -equivalent . When verifying a link, choosing 'relative' means that the +equivalent. When verifying a link, choosing 'relative' means that the link _must_ be relative to the source, so relative and absolute links are mutually exclusive. @@ -2536,7 +2536,7 @@ absolute **Default value:** symlink -**Example impelementation:** +**Example implementation:** {{< CFEngine_include_snippet(masterfiles/lib/files.cf, ^body\slink_from\sln_s.*, ^##) >}} @@ -2702,7 +2702,7 @@ string regardless of what characters it contains. If it is declared Note that CFEngine splits the promiser up into path links before matching, so that each link in the path chain is matched separately. -Thus it it meaningless to have a `/` in a regular expression, as the +Thus it is meaningless to have a `/` in a regular expression, as the comparison will never see this character. **Default value:** `guess` @@ -3140,7 +3140,7 @@ based on the current scope of the calling promise. If lines are grouped into a block, the whole block is repeated when lists are expanded (see the Special Topics Guide on editing). -If a class-context modified is used: +If a class-context modifier is used: ``` [%CFEngine class-expression:: %] @@ -3165,7 +3165,7 @@ Everything after here applies only to solaris on Mondays until overridden... [%CFEngine linux:: %] -Everything after here now applies now to linux only. +Everything after here applies only to linux. [%CFEngine BEGIN %] This is a block of text diff --git a/content/reference/promise-types/measurements.markdown b/content/reference/promise-types/measurements.markdown index bc85233c7..9b3df1561 100644 --- a/content/reference/promise-types/measurements.markdown +++ b/content/reference/promise-types/measurements.markdown @@ -8,7 +8,7 @@ aliases: By default, CFEngine's monitoring component `cf-monitord` records performance data about the system. These include process counts, service traffic, load average and CPU utilization and temperature when available. It also records a -three year trend summary based any 'shift'-averages. +three year trend summary based on any 'shift'-averages. Custom `measurements` promises can monitor or log very specific user data through a generic interface. The end-result is to either generate a periodic @@ -43,7 +43,7 @@ bundle monitor self_watch units => "kb", match_value => proc_value(".*cf-monitord.*", "root\s+[0-9.]+\s+[0-9.]+\s+[0-9.]+\s+[0-9.]+\s+[0-9.]+\s+\s+[0-9.]+\s+[0-9.]+\s+([0-9]+).*"), - comment => "The ammount of memory (RSS or Resident Set Size) cf-monitored is consuming"; + comment => "The amount of memory (RSS or Resident Set Size) cf-monitored is consuming"; } body match_value proc_value(x,y) @@ -125,7 +125,7 @@ Measurement data is presented in Mission Portal in the [`Measurements App`][Meas When policy is changed in regards to monitor bundles, both `cf-monitord` _and_ `cf-serverd` should be restarted in order to receive the updated policy. -It is possible to [configure masterfiles to restart `cf-monitord` when variables which affect it's configuration are changed][mpf-configure-component-restart]. +It is possible to [configure masterfiles to restart `cf-monitord` when variables which affect its configuration are changed][mpf-configure-component-restart]. All measurements historical data is stored in `${sys.statedir}/cf_observations.lmdb`. This is where reporting data is pulled from. @@ -351,7 +351,7 @@ back-reference for extracting a value. A single parenthesized back-reference should be given to lift the value to be measured out of the text stream. The regular expression is [unanchored][unanchored], meaning -it may match a partial string +it may match a partial string. **Type:** `string` @@ -369,7 +369,7 @@ extraction_regex => "MemFree:\s+([0-9]+).*"; #### track_growing_file -**Description:** If true, CFEngine remembers the position to which is last +**Description:** If true, CFEngine remembers the position to which it last read when opening the file, and resets to the start if the file has since been truncated diff --git a/content/reference/promise-types/methods.markdown b/content/reference/promise-types/methods.markdown index 168ecddc4..cc0370463 100644 --- a/content/reference/promise-types/methods.markdown +++ b/content/reference/promise-types/methods.markdown @@ -62,7 +62,7 @@ bundle agent subtest_c(info) Methods offer powerful ways to encapsulate multiple issues pertaining to a set of parameters. -Note in the above that a list can be passed as a implicitly iterated +Note in the above that a list can be passed as an implicitly iterated scalar and as a reference, while a `data` variable (a data container) can only be passed by reference. @@ -99,7 +99,7 @@ only look like `$(name)` where `name` is either a string or an slist. They can't be `"$(a)$(b)"`, `$(a[b])`, and so on. Here's a full example of how you might encode bundle names and -parameters in a slist, if you need to pack and unpack method calls in +parameters in an slist, if you need to pack and unpack method calls in a portable (e.g. written in a file) format. {{< CFEngine_include_snippet(unpack_method_calls.cf, #\+begin_src cfengine3, .*end_src) >}} diff --git a/content/reference/promise-types/packages-deprecated.markdown b/content/reference/promise-types/packages-deprecated.markdown index 1caafd429..aed1cdd26 100644 --- a/content/reference/promise-types/packages-deprecated.markdown +++ b/content/reference/promise-types/packages-deprecated.markdown @@ -321,7 +321,7 @@ package_list_arch_regex => "[^.]+\.([^.]+)"; } ``` -**Notes:** If no architecture is specified for thegiven package manager, then +**Notes:** If no architecture is specified for the given package manager, then do not define this. #### package_changes @@ -448,7 +448,7 @@ installed This regular expression must match complete lines in the output of the list command that are actually installed packages. If all -the lines match, then the regex can be set of `.*`, however most package +the lines match, then the regex can be set to `.*`, however most package systems output prefix lines and a variety of human padding that needs to be ignored. @@ -694,7 +694,7 @@ package_name_regex => "([^\s]).*"; **Description:** Regular expression to match verification failure output -An[anchored][anchored] regular expression to match output from a package verification +An [anchored][anchored] regular expression to match output from a package verification command. If the output string matches this expression, the package is deemed broken. @@ -788,7 +788,7 @@ package_patch_command => "/usr/bin/zypper -non-interactive patch"; already installed A few package managers keep a separate notion of patches, as opposed to -package updates. OpenSuSE, for example, is one of these. This provide an +package updates. OpenSuSE, for example, is one of these. This provides an analogous command struct to the packages for patch updates. **Type:** `string` @@ -912,7 +912,7 @@ It is required only when `package_policy` is verify. The outcome of the command is compared with `package_noverify_returncode` or `package_noverify_regex`, one of which has to be set when using this command. If the package is not installed, -the command will not be run the promise gets flagged as not kept before +the command will not be run, the promise gets flagged as not kept before the verify command executes. In order for the promise to be considered kept, the package must be @@ -1010,7 +1010,7 @@ version comparison, by calling an external command to check whether the first passed version is less than another. The built-in algorithm does a good approximation of version comparison, -but different packaging systems differ in corner cases (e.g Debian +but different packaging systems differ in corner cases (e.g. Debian treats symbol `~` less than any other symbol and even less than empty string), so some sort of override is necessary. diff --git a/content/reference/promise-types/packages.markdown b/content/reference/promise-types/packages.markdown index 0d77f15a7..fe2f4f449 100644 --- a/content/reference/promise-types/packages.markdown +++ b/content/reference/promise-types/packages.markdown @@ -43,7 +43,7 @@ Note that if your `policy` attribute specifies "absent", then the promiser string needs to be a bare package name, you cannot use a file name for this. -**Noteable differences from `package_method` based implementation:** +**Notable differences from `package_method` based implementation:** - The promiser must be the fully qualified path to a file _or_ a _package name_. `package_modules` do not have the concept of a @@ -205,7 +205,7 @@ of the package module inside `/var/cfengine/modules/packages`. #### default_options -**Description:** Options to pass to to the package module by default. +**Description:** Options to pass to the package module by default. See the `options` attribute for details on what options do. @@ -316,7 +316,7 @@ body package_module apt_get #### module_path -**Description:** Absolute path to the the package module. +**Description:** Absolute path to the package module. By default, the package module implementation has to be in a file with the same name as the package module itself, under the `$(sys.workdir)/modules/packages` @@ -543,7 +543,7 @@ packages: **Notes:** - Requires Python version 2 to be installed on the host. -- Supports [`options`][packages#options] attribute. Each space separate +- Supports [`options`][packages#options] attribute. Each space-separated option must be added as a separate list element. The options are passed directly through to the package manager. @@ -661,7 +661,7 @@ the package name must be used. **Example**: install [Google Chrome][] but prevent it from self-upgrading (otherwise Google Chrome's self-upgrading will conflict with CFEngine ensuring -that version from this particluar MSI is installed): +that version from this particular MSI is installed): [Google Chrome]: https://cloud.google.com/chrome-enterprise/browser/download/#chrome-browser-update diff --git a/content/reference/promise-types/processes.markdown b/content/reference/promise-types/processes.markdown index 064da6f0c..182a8e4fc 100644 --- a/content/reference/promise-types/processes.markdown +++ b/content/reference/promise-types/processes.markdown @@ -57,7 +57,7 @@ when a process has been running for longer than a day. {{< CFEngine_include_example(processes_define_class_based_on_process_runtime.cf) >}} -Take care to not oversimplify your patterns as it may match +Take care to not oversimplify your patterns as they may match unexpected processes. For example, on many systems, the process pattern `"^cp"` may not match any processes, even though `"cp"` is running. This is because the process table entry may list `"/bin/cp"`. However, the process pattern `"cp"` @@ -499,7 +499,7 @@ processes: ### restart_class **Description:** A class to be defined globally if the process is not -running, so that a `command:` rule can be referred to restart the process +running, so that a `commands:` rule can be referred to restart the process This is a signal to restart a process that should be running, if it is not running. Processes are signaled first and then restarted later, at @@ -507,7 +507,7 @@ the end of bundle execution, after all possible corrective actions have been made that could influence their execution. Windows does not support having processes start themselves in the -background, like Unix daemons usually do; as fork off a child process. +background, like Unix daemons usually do, i.e., fork off a child process. Therefore, it may be useful to specify an `action` body that sets `background` to true in a commands promise that is invoked by the class set by `restart_class`. See the `commands` promise type for more diff --git a/content/reference/promise-types/reports.markdown b/content/reference/promise-types/reports.markdown index 42cf5c0b5..44db4af9d 100644 --- a/content/reference/promise-types/reports.markdown +++ b/content/reference/promise-types/reports.markdown @@ -31,7 +31,7 @@ bundle agent report } ``` -Reports do not fundamentaly make changes to the system and report type promise +Reports do not fundamentally make changes to the system and report type promise outcomes are _always_ considered kept. ```cf3 diff --git a/content/reference/promise-types/services.markdown b/content/reference/promise-types/services.markdown index a90be6ea0..1535542ca 100644 --- a/content/reference/promise-types/services.markdown +++ b/content/reference/promise-types/services.markdown @@ -10,17 +10,17 @@ aliases: `service_bundle` in a `service_method` body. Reference the [services bodies and bundles in the standard library][lib/services.cf]. -Most commonly services type promises are use to manage standard operating system -services using the platforms standard service management tools via the +Most commonly services type promises are used to manage standard operating system +services using the platform's standard service management tools via the `standard_services` bundle in the standard library. However, services type promises can be leveraged to build standard abstractions around custom services as well. Services are registered in the operating system in some way, and get a unique name. -Service promises abstracts the mechanism for interacting with services +Service promises abstract the mechanism for interacting with services on the given operating system, making it as uniform and easy as possible to work with services cross-platform. The exact mechanism CFEngine uses -vary depending on availability at the OS, but it could be System V scripts, +varies depending on availability at the OS, but it could be System V scripts, systemd units, tools such as `chkconfig`, or the Windows API. Some operating systems are bundled with a lot of unused services that @@ -72,8 +72,8 @@ running through the CFEngine Enterprise Executor service, typical for on production machines, CFEngine has sufficient rights. Services of type generic promises are implemented for all operating -systems and are merely as a convenient front-end to `processes` and -`commands`. If nothing else is specified, CFEngine looks for an special +systems and are merely a convenient front-end to `processes` and +`commands`. If nothing else is specified, CFEngine looks for a special reserved agent bundle called ```cf3 @@ -143,7 +143,7 @@ for services promises. **Description:** Policy for service status. The `service_policy` is expected to be passed to the service bundle in order to -manage it's state. It is up to the mapped `service_bundle` to determine which +manage its state. It is up to the mapped `service_bundle` to determine which promises should be actuated in order to converge to the specified `service_policy`. @@ -265,7 +265,7 @@ depends A list of services that must be running before the service can be started. These dependencies can be started automatically by CFEngine if they -are not running see `service_dependence_chain`. However, the dependencies will +are not running, see `service_dependence_chain`. However, the dependencies will never be implicitly stopped by CFEngine. Specifying dependencies is optional. Note that the operating system may keep an additional list of dependencies for diff --git a/content/reference/promise-types/storage.markdown b/content/reference/promise-types/storage.markdown index 8f24fd499..57f02c8bf 100644 --- a/content/reference/promise-types/storage.markdown +++ b/content/reference/promise-types/storage.markdown @@ -123,7 +123,7 @@ body mount example #### mount_server -**Description:** Hostname or IP or remote file system server. +**Description:** Hostname or IP of remote file system server. **Type:** `string` diff --git a/content/reference/promise-types/users.markdown b/content/reference/promise-types/users.markdown index 4eba121cc..8301162f2 100644 --- a/content/reference/promise-types/users.markdown +++ b/content/reference/promise-types/users.markdown @@ -16,14 +16,14 @@ shell, group membership, description, and password. Platform native tools are used to create/modify/delete users (C api on Windows, and `useradd` `usermod` `userdel` on Unix, Linux and similar platforms). User presence is determined by the `NetUserGetInfo` function on Windows and reading `/etc/passwd` on Unix, -Linux and similar platforms nix External/non-local for example LDAP are ignored. +Linux and similar platforms. External/non-local users, for example LDAP, are ignored. A bundle can be associated with a user promise, such as when a user is created in order to do housekeeping tasks in his/her home directory, like putting default configuration files in place, installing encryption keys, and storing a login picture. -**Note:** This promise type does not create or delete groups (not even a users +**Note:** This promise type does not create or delete groups (not even a user's primary group). The groups the user is promised to be in need to be managed separately. @@ -88,7 +88,7 @@ users: ### groups_secondary -**Description:** The `groups_secondary` attributes sets the user's +**Description:** The `groups_secondary` attribute sets the user's secondary group membership(s), in addition to his/her primary group. **Note:** On Windows, no difference exists between primary and diff --git a/content/reference/promise-types/vars.markdown b/content/reference/promise-types/vars.markdown index 0cdcc9146..489d7dc29 100644 --- a/content/reference/promise-types/vars.markdown +++ b/content/reference/promise-types/vars.markdown @@ -216,7 +216,7 @@ newline as shown in the example. Inline JSON or YAML data may contain CFEngine variable references. They will be expanded at runtime as if they were simply calls to -`readjson()` or `readyaml()`, which also means that syntax error in +`readjson()` or `readyaml()`, which also means that syntax errors in the JSON or YAML data will only be caught when your policy is actually being evaluated. diff --git a/content/resources/additional-topics/file-content.markdown b/content/resources/additional-topics/file-content.markdown index 143e90f23..a632b2a2a 100644 --- a/content/resources/additional-topics/file-content.markdown +++ b/content/resources/additional-topics/file-content.markdown @@ -184,7 +184,7 @@ Everything after here applies only to solaris on Mondays until overridden... [%CFEngine linux:: %] -Everything after here now applies now to linux only. +Everything after here applies now to linux. [%CFEngine BEGIN %] This is a block of text @@ -216,7 +216,7 @@ The result would look like this, on a linux host: #This is a template file /templates/input.tmpl These lines apply to anyone -Everything after here now applies now to linux only. +Everything after here applies only to linux. This is a block of text That contains list variables: 1 With text before and after.