vagrant & cfengine - lopsa east 2013
DESCRIPTION
LOPSA East 2013: New Brunswick, NJ Getting started with Vagrant and CFEngine. Walk away with a cross platform (Windows, Mac, Linux) demo environment consisting of one CFEngine hub and 2 nodes using a dynamic Vagrant configuration and some example CFEngine 3 policy to get you started. If you attended or watched the video of this presentation (link to be added) please consider filling out the trainer survey. http://lopsa-east.org/2013/training-surveyTRANSCRIPT
www.cfengine.com
Vagrant & CFEngine
5/2/13
Hi, my name is Nick.
● Sysadmin > 10 Yers● Work @CFEngine● Live in Lawrence, KS● @cmdln_● http://ww.cmdln.org
5/2/13
Who are you?
● What's your name?● Are you a sysadmin?
● Why did you choose this session?
5/2/13
What is Vagrant?
Tool to make working with development environments easy.
Create, configure, destroy lightweight, reproducible, and portable environments.
● Created by Mitchell Hashimoto
● @mitchelh
● http://www.vagrantup.com
5/2/13
Provides common environment
DesignersDevelopersOperations
QA
5/2/13
Easy to use
vagrant upvagrant destroy
!-2
5/2/13
Portable
● VirtualBox● AWS● VMware● More● https://github.com/mitchellh/vagrant/wiki/Available-Vagrant-Plugins
5/2/13
How can it help?
● Developer on-boarding
● Quickly setup/tear down test environments in repeatable fashion
● CI● Bug Validation● Ad-hoc Demos
5/2/13
Install Virtualbox
http://www.virtualbox.org/wiki/Downloads
resources/installers/virtualbox
5/2/13
Install Vagrant
http://downloads.vagrantup.com
resources/installers/vagrant
5/2/13
Vagrantfile
● Describe the type of machine(s) required for a project● Syntax of Vagrantfile is Ruby, but knowledge of the Ruby language is not
necessary. It's mostly simple variable assignment.
Vagrant.configure("2") do |config|
# All Vagrant configuration is done here. The most common configuration
# options are documented and commented below. For a complete reference,
# please see the online documentation at vagrantup.com.
# Every Vagrant virtual environment requires a box to build off of.
config.vm.box = "centos-5.x-i386_nickanderson_201304271927"
end
5/2/13
Boxes
● Predefined operating system install● Provider specific
● http://www.vagrantbox.es● Veewee (build your own) thanks
@patrickdebois
– Kickstart/preseed, postinstall scripts
5/2/13
Automagic
● Ssh automatic port forwards● Shared project folder /vagrant
5/2/13
vagrant-vbguest
● Vagrant plug-in which automatically installs the host's VirtualBox Guest Additions on the guest system.
● vagrant plug-in install vagrant-vbguest● If you're lucky, vagrant-vbguest does not require
any configurations. However, here is an example
config.vbguest.auto_update = true/false● https://github.com/dotless-de/vagrant-vbguest
5/2/13
Getting started
● vagrant box list● vagrant box add● vagrant init● vagrant status● vagrant up● vagrant ssh● vagrant destroy
● vagrant up● vagrant status● vagrant ssh
– vagrant ssh node
● vagrant destroy
5/2/13
This is fantastic!
5/2/13
Build base boxes for all the things!
Black Hole
5/2/13
Automating Vagrant Provisioning
● Ansible● CFEngine● Chef● Puppet● Salt Stack● Shell Scripts● MixnMatch!
5/2/13
CFEngine
● IT infrastructure automation, compliance, and knowledge management framework
● Opensource and Commercial Software
● Originally written by Mark Burgess
● @markburgess_osl
● http://www.cfengine.com
5/2/13
CFEngine History
● First released in 1993● CFEngine 2 released in 1998, self healing
computer immunology. Added machine learning and anomaly detection.
● 2003 Promise Theory work began● 2008 CFEngine 3 released. Integrates
knowledge management and discovery mechanisms.
5/2/13
CFEngine Properties
● Declarative syntax (Promises)
5/2/13
Promise Theory
● A model of voluntary cooperation between individual, autonomous actors or agents who publish their intentions to one another in the form of promises.
● A file can make promises about its own contents, permissions, existence etc …
● A process can make a promise that it will be running, number of matching processes, owner etc ...
5/2/13
CFEngine Properties
● Declarative syntax (Promises)
● Pull model
● Convergence
5/2/13
CFEngine Components
● cf-agent – instigator of change
● cf-execd – cf-agent launcher daemon and output processor
● cf-serverd – File server, also listens for remote requests to execute cf-agent
● cf-monitord – statistical information collector
5/2/13
So why is this a good thing?
● Make changes in minutes with precision
● Easier to share specific configuration details
● Brings configuration knowledge to the forefront
5/2/13
Bootstrap a test environment
5/2/13
Editor War!
● I prefer vim, and it's fun to mess with the emacs people
● services/editor_war.cf
5/2/13
Definitions
● Policy - A policy is a set of intentions about the system, coded as a list of promises. A policy is not a standard, but the result of specific organizational management decisions.
● Promise - The CFEngine software manages every intended system outcome as `promises' to be kept. A CFEngine Promise corresponds roughly to a rule in other software products, but importantly promises are always things that can be kept and repaired continuously, on a real time basis, not just once at install-time.
● Bundle – A collection of promises that has a name● Body - A promise body is the description of exactly what is promised (as opposed to what/who
is making the promise). The term `body' is used in the CFEngine syntax to mean a small template that can be used to contribute as part of a larger promise body.
● Promiser – The object that makes a promise. (file, package, process, command, ect …)● Promisee (stakeholder) – Who cares about a specific promise. ● Class (context) – True/False propositions. All decisions are made with classes. Hard
(discovered/builtin) and soft (user-defined).
5/2/13
Wage War
● Remove Disallowed Packages– vagrant ssh hub
– watch rpm -q emacs-nox
– Uncomment disallowed_packages to activate policy. Watch it get fixed.
● Install Required Packages– watch rpm -q vim-enhanced
– Uncomment required_packages to activate policy
5/2/13
More Nodes!
● Increase nodes to 2 in Vagrantfile● vagrant up● vagrant ssh node00{1,2}
5/2/13
Webserver
● services/webserver.cf● Activated from bundle agent main in
promises.cf● Lets ensure its present and on
– node001 http://localhost:9003
– node002 http://localhost:9004
5/2/13
Questions/Discussion?
5/2/13
Thank You!
Please fill out the Trainer EvaluationPlease fill out the Trainer Evaluation
Rate LOPSA-East ‘13Rate LOPSA-East ‘13
http://lopsa-east.org/2013/training-survey
Thank You for Attending LOPSA-East ‘13Thank You for Attending LOPSA-East ‘13
http://www.lopsa-east.org/2013/rate-lopsa-east-13