getting started with cfengine - webinar
DESCRIPTION
Learn how to avoid downtime by tracking system drifts, how to increase the robustness and security of your system, and make sure you adhere to compliance standards using CFEngine. This slide deck accompanied our "Getting Started with CFEngine" webinar, where we covered how to achieve all those benefits using CFEngine policies, promises, and sketches. Use the examples in these slides to start your own CFEngine implementation. A recording of the webinar can be found at http://www.youtube.com/watch?v=riMkdQKBI0M&feature=share&list=UUAiKge7NwhuWi-KNKt3U4HATRANSCRIPT
![Page 1: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/1.jpg)
Getting Startedwith CFEngine
![Page 2: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/2.jpg)
Agenda
• Infrastructure Automation with CFEngine• Theory Concepts• Software Components• Language Concepts• Examples• Q&A
![Page 3: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/3.jpg)
Productivity
Costs
Security
• Global changes in minutes• Unlimited scale and complexity• Remove human bottlenecks
• Reduced need for labor• Reduced costs related to instability/outages• Reduced license costs
• Billions of compliance checks per day• Real-time compliance repairs• Granular and pattern based
Benefits of Infrastructure Automation
![Page 4: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/4.jpg)
Architected for Speed, Security and Web Scale
1. Define Desired State
2. Ensure Defined State
CFDB
3. Verify Actual State
Policy-ServerDesign Center
Knowledge Center
CFE Agents
![Page 5: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/5.jpg)
History• 1993: Open Source project• 2001: CFEngine version 2• 2004: Promise Theory• 2009: CFEngine version 3• 2014: CFEngine version 3.6
Customer Validation
Technology Validation• Infrastructure Automation, Continuous
Delivery• Distributed, Lean, Secure architecture• IT Automation at Web-Scale (size, agility)• Community (Open source), Enterprise edition
Market Validation• >10 million servers• 10,000 companies• 100 countries• Tens of thousands of servers (individual
customer deployments)
CFEngine – IT Automation at Web-Scale
![Page 6: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/6.jpg)
CFEngine Enterprise - Mission Portal GUI
![Page 7: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/7.jpg)
![Page 8: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/8.jpg)
- Proprietary and Confidential -
![Page 9: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/9.jpg)
PROMISES
![Page 10: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/10.jpg)
Our Promise – Mashed Potatoes
![Page 11: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/11.jpg)
The Way To Get There - CONVERGENCE
OR
![Page 12: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/12.jpg)
Basic Concepts
• Convergence• To Converge - To come from different directions to
reach the same point (location, conclusion, etc.)
• Desired state may not be reached on the first pass
• Change can be incremental
• 3 passes over the policy on each run, to accelerate
convergence
• Declarative vs. Imperative• Declarative is descriptive
• Imperative is sequential
![Page 13: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/13.jpg)
• Promise TheoryVoluntary cooperation between individual, autonomous
actors or agents who publish their intentions to one
another in the form of promises
--
Mark Burgess
![Page 14: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/14.jpg)
![Page 15: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/15.jpg)
A Promise Is A Statement of Intention
Promiser Promises to… If not currently kept, CFEngine will
A variable… …hold a certain value of a certain type
…store the appropriate value in the variable
A file …have certain characteristics (permissions, ownership, etc.)
…set the desired properties on the file
A user account …exist and have certain characteristics (home directory, group, etc.)
…create the user account with the desired characteristics
A process …be running on the system
…run the appropriate command to create the process
![Page 16: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/16.jpg)
Basic Concepts
• Promise States
• Promise kept ✔
• Promise repaired ✘ → ✔
• Promise not kept ✘ → ✘
![Page 17: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/17.jpg)
SOFTWARE COMPONENTS
![Page 18: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/18.jpg)
Basic Components
Server
cf-serverdClient
cf-agent
cf-execd
cf-monitord
![Page 19: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/19.jpg)
LANGUAGE COMPONENTS
![Page 20: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/20.jpg)
Anatomy of a Promise
Promise TypeWhat?
ContextWhen/Where?
Promiser
Why?
AttributesHow?
Packages:
solaris.tuesday::
“apache”
comment => “Front end webserver”,
package_policy => “add”,package_version => “2.0”,package_method => solaris;
![Page 21: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/21.jpg)
Bundles & Bodies
• A bundle is a collection of promises• For example, a bundle to configure Apache might:
• Install the apache2 package• Edit the configuration file• Copy the web server content• Etc.
• A body is a collection of attributes that constrains the promise• Internal (in-line in the promise)• External (shareable with other promises)
![Page 22: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/22.jpg)
EXAMPLES
![Page 23: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/23.jpg)
Example #1 – File Securitybody common control{ bundlesequence => { "file_security" };
inputs => { "libraries/cfengine_stdlib.cf" };
}
bundle agent file_security {
files:
"/etc/.” -> { “SecurityPolicy513”, “[email protected]” }
handle => "etc_tripwire", comment => ”Bubble up possible security breaches", changes => detect_all_change, depth_search => recurse("inf");}
![Page 24: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/24.jpg)
![Page 25: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/25.jpg)
Example #2 - MOTD
body common control { bundlesequence => { "edit_motd" }; inputs => { "libraries/cfengine_stdlib.cf" };}
bundle agent edit_motd { vars: "motd" string => "/etc/motd";
files: "$(motd)" create => "true", edit_line => insert_lines("This system is managed by CFEngine 3"), handle => "edit_motd", comment => "Inform sysadmins this system is managed by CFEngine";}
![Page 26: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/26.jpg)
![Page 27: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/27.jpg)
Example #3 – Install Packagesbody common control {
bundlesequence => { "packages" }; inputs => { "libraries/cfengine_stdlib.cf" };}
bundle agent packages {
packages:
"nano"
handle => "install_nano", comment => "nano is John's favorite editor", package_policy => "add", # Ensure that a package is present package_method => apt;}
![Page 28: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/28.jpg)
cf-demo# nano bash: /usr/bin/nano: No such file or directorycf-demo# cf-agent -f package_add.cfcf-demo# nano -V GNU nano version 2.2.6 (compiled 14:12:08, Oct 1 2012)...cf-demo#
Example #3 – Install Packages – Cont.
![Page 29: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/29.jpg)
cf-demo#bash: /usr/bin/nano: No such file or directorycf-demo# cf-agent -I -f package_add.cfQ: apt-get update ...:Ign http://dl.google.com stable InRelease...Q: apt-get update ...:Hit http://us.archive.ubuntu.com saucy-backports/universe Translation-enQ: apt-get update ...:Reading package lists...Q: apt-get update ...:Q:apt-get --yes instal ...:Reading package lists...Q:apt-get --yes instal ...:Building dependency tree...Q:apt-get --yes instal ...:Reading state information...Q:apt-get --yes instal ...:Suggested packages:Q:apt-get --yes instal ...: spellQ:apt-get --yes instal ...:The following NEW packages will be installed:Q:apt-get --yes instal ...: nanoQ:apt-get --yes instal ...:0 upgraded, 1 newly installed, 0 to remove and 4 not upgraded.Q:apt-get --yes instal ...:Need to get 0 B/194 kB of archives.Q:apt-get --yes instal ...:After this operation, 614 kB of additional disk space will be used.Q:apt-get --yes instal ...:Selecting previously unselected package nano.Q:apt-get --yes instal ...:(Reading database ... 236090 files and directories currently installed.)Q:apt-get --yes instal ...:Unpacking nano (from .../nano_2.2.6-1ubuntu1_amd64.deb) ...Q:apt-get --yes instal ...:Processing triggers for doc-base ...Q:apt-get --yes instal ...:Processing 2 added doc-base files...Q:apt-get --yes instal ...:Processing triggers for install-info ...Q:apt-get --yes instal ...:Processing triggers for man-db ...Q:apt-get --yes instal ...:Setting up nano (2.2.6-1ubuntu1) ...Q:apt-get --yes instal ...:update-alternatives: using /bin/nano to provide /usr/bin/editor (editor) in auto modeQ:apt-get --yes instal ...:update-alternatives: using /bin/nano to provide /usr/bin/pico (pico) in auto modeQ:apt-get --yes instal ...:cf-demo# nano -V GNU nano version 2.2.6 (compiled 14:12:08, Oct 1 2012)...cf-demo#
Example #3 – Install Packages – Cont.
![Page 30: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/30.jpg)
Q & A
![Page 31: Getting started with CFEngine - Webinar](https://reader034.vdocuments.us/reader034/viewer/2022042602/558448c2d8b42af85e8b487e/html5/thumbnails/31.jpg)
• Join the conversation on our community help forumhttp://groups.google.com/forum/?fromgroups&hl=en#!forum/help-cfengine
Next Steps
• Learn More check out our documentationhttp://cfengine.com/docs/3.5/getting-started.html
• Read Learning CFEngine 3 by Diego Zamboni