cfengine · olehermanse · Jun 23, 2026 · Jun 23, 2026
diff --git a/controls/cf_agent.cf b/controls/cf_agent.cf
@@ -6,71 +6,56 @@
 # by cf-agent
 #
 ###############################################################################
-
 body agent control
-
 {
-      # Global default for time that must elapse before promise will be rechecked.
-      # Don't keep any promises.
-
-    any::
-
+  # Global default for time that must elapse before promise will be rechecked.
+  # Don't keep any promises.
+  any::
 @if minimum_version(3.27.0)
-      # The order in which promises are evaluated (top_down|classic)
-        evaluation_order => "$(default:def.control_agent_evaluation_order)";
+    # The order in which promises are evaluated (top_down|classic)
+    evaluation_order => "$(default:def.control_agent_evaluation_order)";
 @endif
-
-      # Minimum time (in minutes) which should have passed since the last time
-      # the promise was verified before it is checked again.
-
-      ifelapsed => "1";
-
-      # Do not send IP/name during server connection if address resolution is broken.
-      # Comment it out if you do NOT have a problem with DNS
-
-        skipidentify => "true";
-
-      # explicitly not supported (but they should break long before)
-        abortclasses => { "cfengine_3_3", "cfengine_3_4", @(def.control_agent_abortclasses) };
-
-      # The abortbundleclasses slist contains regular expressions that match
-      # classes which if defined lead to termination of current bundle.
-      abortbundleclasses => { @(def.control_agent_abortbundleclasses) };
-
-      # Maximum number of outgoing connections to a remote cf-serverd.
-      maxconnections => "$(def.control_agent_maxconnections)";
-
-      # Environment variables of the agent process.
-      # The values of environment variables are inherited by child commands
-      # EMPTY list is not valid for environment attribute Ref: CFE-3927. So, we
-      # do some validation on it so we can apply it selectively.
-
+    # Minimum time (in minutes) which should have passed since the last time
+    # the promise was verified before it is checked again.
+    ifelapsed => "1";
+
+    # Do not send IP/name during server connection if address resolution is broken.
+    # Comment it out if you do NOT have a problem with DNS
+    skipidentify => "true";
+
+    # explicitly not supported (but they should break long before)
+    abortclasses => {
+      "cfengine_3_3", "cfengine_3_4", @(def.control_agent_abortclasses)
+    };
+
+    # The abortbundleclasses slist contains regular expressions that match
+    # classes which if defined lead to termination of current bundle.
+    abortbundleclasses => { @(def.control_agent_abortbundleclasses) };
+
+    # Maximum number of outgoing connections to a remote cf-serverd.
+    maxconnections => "$(def.control_agent_maxconnections)";
+
+    # Environment variables of the agent process.
+    # The values of environment variables are inherited by child commands
+    # EMPTY list is not valid for environment attribute Ref: CFE-3927. So, we
+    # do some validation on it so we can apply it selectively.
 @if minimum_version(3.27.0)
-      default_directory_create_mode => "$(def.control_agent_default_directory_create_mode)";
+    default_directory_create_mode => "$(def.control_agent_default_directory_create_mode)";
 @endif
-
-   _control_agent_environment_vars_validated::
-
-      environment => { @(def.control_agent_environment_vars) };
-
-    _have_control_agent_files_single_copy::
-      # CFE-3622
-
-      # File patterns which allow a file to be copied over only a single time
-      # per agent run.
-
-      files_single_copy => { @(def.control_agent_files_single_copy) };
-
-    mpf_control_agent_default_repository::
-
-      # Location to backup files before they are edited by cfengine
-
-      default_repository => "$(def.control_agent_default_repository)";
-
-      # Environment variables based on Distro
-
-    control_agent_agentfacility_configured::
-
-      agentfacility => "$(default:def.control_agent_agentfacility)";
-
+  _control_agent_environment_vars_validated::
+    environment => { @(def.control_agent_environment_vars) };
+
+  _have_control_agent_files_single_copy::
+    # CFE-3622
+    # File patterns which allow a file to be copied over only a single time
+    # per agent run.
+    files_single_copy => { @(def.control_agent_files_single_copy) };
+
+  mpf_control_agent_default_repository::
+    # Location to backup files before they are edited by cfengine
+    default_repository => "$(def.control_agent_default_repository)";
+
+  # Environment variables based on Distro
+  control_agent_agentfacility_configured::
+    agentfacility => "$(default:def.control_agent_agentfacility)";
 }
diff --git a/controls/cf_execd.cf b/controls/cf_execd.cf
@@ -5,57 +5,54 @@
 # including scheduling times and output capture to
 # $(sys.workdir)/outputs and relay via email.
 ###############################################################################
-
 body executor control
 # @brief Settings that determine the behavior of `cf-execd`
 # @variable `default:def.control_executor_mailmaxlines` - The maximum number of lines of output that `cf-execd` will email.
 {
-
-    any::
-
-      splaytime  => "$(def.control_executor_splaytime)"; # activity will be spread over this many time slices
-
-      agent_expireafter  => "$(def.control_executor_agent_expireafter)";
-
+  any::
+    # activity will be spread over this many time slices:
+    splaytime => "$(def.control_executor_splaytime)";
+    agent_expireafter => "$(def.control_executor_agent_expireafter)";
 @if minimum_version(3.18.0)
-    _have_control_executor_runagent_socket_allow_users::
-      runagent_socket_allow_users => { @(def.control_executor_runagent_socket_allow_users) };
+  _have_control_executor_runagent_socket_allow_users::
+    runagent_socket_allow_users => {
+      @(def.control_executor_runagent_socket_allow_users)
+    };
 @endif
-
-    cfengine_internal_agent_email.!cfengine_internal_disable_agent_email::
-      mailto       => "$(def.mailto)";
-      mailfrom     => "$(def.mailfrom)";
-      smtpserver   => "$(def.smtpserver)";
+  cfengine_internal_agent_email.!cfengine_internal_disable_agent_email::
+    mailto => "$(def.mailto)";
+    mailfrom => "$(def.mailfrom)";
+    smtpserver => "$(def.smtpserver)";
 @if minimum_version(3.28.0)
-      smtpport     => "$(def.smtpport)";
+    smtpport => "$(def.smtpport)";
 @endif
-      mailmaxlines => "$(default:def.control_executor_mailmaxlines)";
-
-    control_executor_mailsubject_configured.cfengine_internal_agent_email.!cfengine_internal_disable_agent_email::
-      mailsubject => "$(default:def.control_executor_mailsubject)";
-
-    control_executor_mailfilter_exclude_configured.cfengine_internal_agent_email.!cfengine_internal_disable_agent_email::
-      mailfilter_exclude => { "@(default:def.control_executor_mailfilter_exclude)" };
-
-    control_executor_mailfilter_include_configured.cfengine_internal_agent_email.!cfengine_internal_disable_agent_email::
-      mailfilter_include => { "@(default:def.control_executor_mailfilter_include)" };
-
-    any::
-
-      # Default:
-      #
-      # schedule => { "Min00", "Min05", "Min10", "Min15", "Min20",
-      #               "Min25", "Min30", "Min35", "Min40", "Min45",
-      #               "Min50", "Min55" };
-
-      schedule => { @(def.control_executor_schedule_value) };
-
-      # The full path and command to the executable run by default (overriding builtin).
-
-    windows::
-      exec_command => "$(sys.cf_agent) -Dfrom_cfexecd,cf_execd_initiated -f \"$(sys.update_policy_path)\" & $(sys.cf_agent) -Dfrom_cfexecd,cf_execd_initiated";
-
-    !windows::
-      exec_command => "$(sys.cf_agent) -Dfrom_cfexecd,cf_execd_initiated -f \"$(sys.update_policy_path)\" ; $(sys.cf_agent) -Dfrom_cfexecd,cf_execd_initiated";
-
+    mailmaxlines => "$(default:def.control_executor_mailmaxlines)";
+
+  control_executor_mailsubject_configured.cfengine_internal_agent_email.!cfengine_internal_disable_agent_email::
+    mailsubject => "$(default:def.control_executor_mailsubject)";
+
+  control_executor_mailfilter_exclude_configured.cfengine_internal_agent_email.!cfengine_internal_disable_agent_email::
+    mailfilter_exclude => {
+      "@(default:def.control_executor_mailfilter_exclude)"
+    };
+
+  control_executor_mailfilter_include_configured.cfengine_internal_agent_email.!cfengine_internal_disable_agent_email::
+    mailfilter_include => {
+      "@(default:def.control_executor_mailfilter_include)"
+    };
+
+  any::
+    # Default:
+    #
+    # schedule => { "Min00", "Min05", "Min10", "Min15", "Min20",
+    #               "Min25", "Min30", "Min35", "Min40", "Min45",
+    #               "Min50", "Min55" };
+    schedule => { @(def.control_executor_schedule_value) };
+
+  # The full path and command to the executable run by default (overriding builtin).
+  windows::
+    exec_command => "$(sys.cf_agent) -Dfrom_cfexecd,cf_execd_initiated -f \"$(sys.update_policy_path)\" & $(sys.cf_agent) -Dfrom_cfexecd,cf_execd_initiated";
+
+  !windows::
+    exec_command => "$(sys.cf_agent) -Dfrom_cfexecd,cf_execd_initiated -f \"$(sys.update_policy_path)\" ; $(sys.cf_agent) -Dfrom_cfexecd,cf_execd_initiated";
 }
diff --git a/controls/cf_hub.cf b/controls/cf_hub.cf
@@ -6,30 +6,24 @@
 # by cf-monitord. The system defaults will be sufficient for most users.
 #
 ###############################################################################
-
 body hub control
 # @brief Control attributes for `cf-hub`
 {
+  enterprise_edition.policy_server::
+    exclude_hosts => { @(def.control_hub_exclude_hosts) };
 
-    enterprise_edition.policy_server::
-
-      exclude_hosts => { @(def.control_hub_exclude_hosts) };
-      # exclude_hosts => { "192.168.12.21", "10.10", "10.12.*" };
-
-      # cf-hub initiates a pull collection round if one of the listed classes is defined.
-      hub_schedule => { @(def.control_hub_hub_schedule) };
-
-      # port => "5308";
+    # exclude_hosts => { "192.168.12.21", "10.10", "10.12.*" };
+    # cf-hub initiates a pull collection round if one of the listed classes is defined.
+    hub_schedule => { @(def.control_hub_hub_schedule) };
 
+    # port => "5308";
 @if minimum_version(3.15)
-      query_timeout => "$(def.control_hub_query_timeout)";
+    query_timeout => "$(def.control_hub_query_timeout)";
 @endif
-
-      # Hub will discard accumulated reports on the clients
-      # and download only information about current state of the client
-      # in case of not successfully downloading the reports for defined
-      # period of time. Default value is 6 hours.
-      # Was introduced in CFEngine 3.6.4
-      # client_history_timeout => 6; # [hours]
-
+    # Hub will discard accumulated reports on the clients
+    # and download only information about current state of the client
+    # in case of not successfully downloading the reports for defined
+    # period of time. Default value is 6 hours.
+    # Was introduced in CFEngine 3.6.4
+    # client_history_timeout => 6; # [hours]
 }
diff --git a/controls/cf_monitord.cf b/controls/cf_monitord.cf
@@ -8,16 +8,13 @@
 # the integrated monitoring capabilities of CFEngine.
 #
 ###############################################################################
-
 body monitor control
 # @brief Attributes controlling cf-monitord
 {
+  any::
+    forgetrate => "0.7";
+    histograms => "true";
 
-    any::
-
-      forgetrate => "0.7";
-      histograms => "true";
-      #  tcpdump => "false";
-      #  tcpdumpcommand => "/usr/sbin/tcpdump -t -n -v";
-
+    #  tcpdump => "false";
+    #  tcpdumpcommand => "/usr/sbin/tcpdump -t -n -v";
 }
diff --git a/controls/cf_runagent.cf b/controls/cf_runagent.cf
@@ -7,17 +7,11 @@
 # that the agent will poll for connections.
 #
 ###############################################################################
-
 body runagent control
-
 {
+  # A list of hosts to contact when using cf-runagent
+  any::
+    hosts => { "127.0.0.1" };
 
-      # A list of hosts to contact when using cf-runagent
-
-    any::
-
-      hosts => { "127.0.0.1" };
-
-      # , "myhost.example.com:5308", ...
-
+    # , "myhost.example.com:5308", ...
 }