This problem is present from at least 3.5.2 and it manifests as high (100%) CPU utilisation by cf-agent. It is triggered by the following condition:
cf-agent tries to open a file that is actually a directory. This can happen, for example, with the following policy:
body common control {
bundlesequence => { "test" };
inputs => { "/var/cfengine/inputs/lib/3.5/files.cf", "/var/cfengine/inputs/lib/3.5/common.cf" };
}
body agent control {
default_repository => "/var/cfengine/backup";
}
bundle agent test {
files:
"/tmp/test"
create => "true",
edit_line => append_if_no_line("username:x:1:3:gcos:/home/dir:/bin/false");
"/tmp/test"
changes => diff;
}
The file "test" is created in /tmp after running the policy.
The user edits the file and cfengine creates a backup in a *file* that's located in /var/cfengine/backup with the name _tmp_test
However, if _tmp_test is pre-existing and is a *directory* cf-agent tries to open the directory as if it's a file and enters a state of maximum CPU utilisation.
This situation can be worked around using the following changes to services/file_change.cf
Add an ifvarclass to the one of the rules:
"$(watch_files)" -> "goal_infosec"
comment => "Change detection on important files",
handle => "change_management_files_watch_files",
ifvarclass => not(canonify(isdir(concat("$(sys.workdir)/backup/", canonify($(watch_files)))))),
changes => diff;
This issue is flagged as a bug and is scheduled to be fixed in a future release of CFEngine.