1bundle agent cfe_internal_enterprise_main 2# @brief Drive policy related to CFEngine Enterprise 3{ 4 methods: 5 any:: 6 7 "security" -> { InfoSec } 8 usebundle => change_management, 9 comment => "Basic change management", 10 handle => "cfe_internal_enterprise_main_change_management"; 11 12 am_policy_hub:: 13 14 "hub" usebundle => cfe_internal_update_folders, 15 handle => "cfe_internal_management_update_folders", 16 comment => "Create empty directories for CFE self-upgrade"; 17 18 am_policy_hub.enterprise:: 19 20 "hub" -> { "Mission Portal", "CFEngine Enterprise" } 21 usebundle => cfe_internal_purge_scheduled_reports_older_than_days( $(def.purge_scheduled_reports_older_than_days) ), 22 handle => "cfe_internal_management_purge_scheduled_reports_older_than_days", 23 comment => "So that we do not fill up the disk we need to purge scheduled 24 reports after some time."; 25 26 "hub" usebundle => cfe_internal_setup_knowledge, 27 handle => "cfe_internal_management_setup_knowledge", 28 comment => "Manage CFE Knowledge Map"; 29 30 "Enterprise Maintenance" 31 usebundle => cfe_internal_enterprise_maintenance; 32 33 "hub" usebundle => cfe_internal_php_runalerts, 34 handle => "cfe_internal_management_php_runalerts", 35 comment => "To run PHP runalerts to check bundle status on SQL and Sketch. 36 ENT-5432: must run after cfe_internal_enterprise_maintenance bundle 37 so that active_hub class is determined"; 38 39 am_policy_hub.enterprise_edition:: 40 41 "Inventory Enterprise License Utilization" -> { "ENT-5089" } 42 usebundle => inventory_cfengine_enterprise_license_utilization; 43 44 am_policy_hub.enterprise_edition.enable_log_cfengine_enterprise_license_utilization:: 45 46 "hub" -> { "ENT-3186" } 47 usebundle => log_cfengine_enterprise_license_utilization, 48 handle => "log_cfengine_enterprise_license_utilization", 49 comment => "Log license utilization information"; 50 51 # As passive hub is supposed to run read-only PostgreSQL instance 52 # doing maintenance makes no sense and is not possible at all. 53 (am_policy_hub.enterprise.!enable_cfengine_enterprise_hub_ha)||(enable_cfengine_enterprise_hub_ha.hub_active):: 54 55 "hub" usebundle => cfe_internal_hub_maintain, 56 handle => "cfe_internal_management_hub_maintain", 57 comment => "Start the hub maintenance process"; 58 59 "hub" usebundle => cfe_internal_truncate_events, 60 handle => "cfe_internal_truncate_events", 61 comment => "To run CFE truncate to pending"; 62 63 postgresql_full_maintenance|postgresql_monitoring_maintenance:: 64 65 "hub" usebundle => cfe_internal_postgresql_maintenance, 66 handle => "cfe_internal_management_postgresql_maintenance", 67 action => measure_promise_time("cfe_internal_management_postgresql_maintenance"), 68 comment => "Run clean up on PostgreSQL database"; 69 70 postgresql_vacuum:: 71 72 "hub" usebundle => cfe_internal_postgresql_vacuum, 73 handle => "cfe_internal_management_postgresql_vacuum", 74 action => measure_promise_time("cfe_internal_management_postgresql_vacuum"), 75 comment => "Maintain PostgreSQL by executing vacuum"; 76 77 enable_cfe_internal_cleanup_agent_reports:: 78 "any" usebundle => cfe_internal_cleanup_agent_reports, 79 handle => "cfe_internal_management_cleanup_agent_reports", 80 comment => "Remove accumulated reports if they grow too large in size"; 81 82 !windows:: 83 "Permissions and Ownership" 84 usebundle => cfe_internal_permissions, 85 comment => "Specific expectations for permissions and ownership for cfengine itself"; 86 87} 88