cf-agent has high cpu usage when upgrading

This problem is present from at least 3.5.2 and it manifests as high (100%) CPU utilisation by cf-agent. It is triggered by the following condition:

cf-agent tries to open a file that is actually a directory. This can happen, for example, with the following policy:

 

body common control {
bundlesequence => { "test" };
inputs => { "/var/cfengine/inputs/lib/3.5/files.cf", "/var/cfengine/inputs/lib/3.5/common.cf" };
}

body agent control {
default_repository => "/var/cfengine/backup";
}

bundle agent test {
files:
"/tmp/test"
create => "true",
edit_line => append_if_no_line("username:x:1:3:gcos:/home/dir:/bin/false");
"/tmp/test"
changes => diff;
}

 

The file "test" is created in /tmp after running the policy.

 

The user edits the file and cfengine creates a backup in a *file* that's located in /var/cfengine/backup with the name _tmp_test

 

However, if _tmp_test is pre-existing and is a *directory* cf-agent tries to open the directory as if it's a file and enters a state of maximum CPU utilisation.

 

This situation can be worked around using the following changes to services/file_change.cf

Add an ifvarclass to the one of the rules: 

"$(watch_files)" -> "goal_infosec" 
comment => "Change detection on important files", 
handle => "change_management_files_watch_files", 
ifvarclass => not(canonify(isdir(concat("$(sys.workdir)/backup/", canonify($(watch_files)))))), 
changes => diff;

 

This issue is flagged as a bug and is scheduled to be fixed in a future release of CFEngine.

Have more questions? Submit a request

Comments

Powered by Zendesk