cf-agent has high cpu usage when upgrading

This problem is present from at least 3.5.2 and it manifests as high (100%) CPU utilisation by cf-agent. It is triggered by the following condition:

cf-agent tries to open a file that is actually a directory. This can happen, for example, with the following policy:


body common control {
bundlesequence => { "test" };
inputs => { "/var/cfengine/inputs/lib/3.5/", "/var/cfengine/inputs/lib/3.5/" };

body agent control {
default_repository => "/var/cfengine/backup";

bundle agent test {
create => "true",
edit_line => append_if_no_line("username:x:1:3:gcos:/home/dir:/bin/false");
changes => diff;


The file "test" is created in /tmp after running the policy.


The user edits the file and cfengine creates a backup in a *file* that's located in /var/cfengine/backup with the name _tmp_test


However, if _tmp_test is pre-existing and is a *directory* cf-agent tries to open the directory as if it's a file and enters a state of maximum CPU utilisation.


This situation can be worked around using the following changes to services/

Add an ifvarclass to the one of the rules: 

"$(watch_files)" -> "goal_infosec" 
comment => "Change detection on important files", 
handle => "change_management_files_watch_files", 
ifvarclass => not(canonify(isdir(concat("$(sys.workdir)/backup/", canonify($(watch_files)))))), 
changes => diff;


This issue is flagged as a bug and is scheduled to be fixed in a future release of CFEngine.


Powered by Zendesk