www.cfengine.com

Vagrant & CFEngine

5/2/13

Hi, my name is Nick.

● Sysadmin > 10 Yers● Work @CFEngine● Live in Lawrence, KS● @cmdln_● http://ww.cmdln.org

5/2/13

Who are you?

● What's your name?● Are you a sysadmin?

● Why did you choose this session?

5/2/13

What is Vagrant?

Tool to make working with development environments easy.

Create, configure, destroy lightweight, reproducible, and portable environments.

● Created by Mitchell Hashimoto

● @mitchelh

● http://www.vagrantup.com

5/2/13

Provides common environment

DesignersDevelopersOperations

QA

5/2/13

Easy to use

vagrant upvagrant destroy

!-2

5/2/13

Portable

● VirtualBox● AWS● VMware● More● https://github.com/mitchellh/vagrant/wiki/Available-Vagrant-Plugins

5/2/13

How can it help?

● Developer on-boarding

● Quickly setup/tear down test environments in repeatable fashion

● CI● Bug Validation● Ad-hoc Demos

5/2/13

Install Virtualbox

http://www.virtualbox.org/wiki/Downloads

resources/installers/virtualbox

5/2/13

Install Vagrant

http://downloads.vagrantup.com

resources/installers/vagrant

5/2/13

Vagrantfile

● Describe the type of machine(s) required for a project● Syntax of Vagrantfile is Ruby, but knowledge of the Ruby language is not

necessary. It's mostly simple variable assignment.

Vagrant.configure("2") do |config|

# All Vagrant configuration is done here. The most common configuration

# options are documented and commented below. For a complete reference,

# please see the online documentation at vagrantup.com.

# Every Vagrant virtual environment requires a box to build off of.

config.vm.box = "centos-5.x-i386_nickanderson_201304271927"

end

5/2/13

Boxes

● Predefined operating system install● Provider specific

● http://www.vagrantbox.es● Veewee (build your own) thanks

@patrickdebois

– Kickstart/preseed, postinstall scripts

5/2/13

Automagic

● Ssh automatic port forwards● Shared project folder /vagrant

5/2/13

vagrant-vbguest

● Vagrant plug-in which automatically installs the host's VirtualBox Guest Additions on the guest system.

● vagrant plug-in install vagrant-vbguest● If you're lucky, vagrant-vbguest does not require

any configurations. However, here is an example

config.vbguest.auto_update = true/false● https://github.com/dotless-de/vagrant-vbguest

5/2/13

Getting started

● vagrant box list● vagrant box add● vagrant init● vagrant status● vagrant up● vagrant ssh● vagrant destroy

● vagrant up● vagrant status● vagrant ssh

– vagrant ssh node

● vagrant destroy

5/2/13

This is fantastic!

5/2/13

Build base boxes for all the things!

Black Hole

5/2/13

Automating Vagrant Provisioning

● Ansible● CFEngine● Chef● Puppet● Salt Stack● Shell Scripts● MixnMatch!

5/2/13

CFEngine

● IT infrastructure automation, compliance, and knowledge management framework

● Opensource and Commercial Software

● Originally written by Mark Burgess

● @markburgess_osl

● http://www.cfengine.com

5/2/13

CFEngine History

● First released in 1993● CFEngine 2 released in 1998, self healing

computer immunology. Added machine learning and anomaly detection.

● 2003 Promise Theory work began● 2008 CFEngine 3 released. Integrates

knowledge management and discovery mechanisms.

5/2/13

CFEngine Properties

● Declarative syntax (Promises)

5/2/13

Promise Theory

● A model of voluntary cooperation between individual, autonomous actors or agents who publish their intentions to one another in the form of promises.

● A file can make promises about its own contents, permissions, existence etc …

● A process can make a promise that it will be running, number of matching processes, owner etc ...

5/2/13

CFEngine Properties

● Declarative syntax (Promises)

● Pull model

● Convergence

5/2/13

CFEngine Components

● cf-agent – instigator of change

● cf-execd – cf-agent launcher daemon and output processor

● cf-serverd – File server, also listens for remote requests to execute cf-agent

● cf-monitord – statistical information collector

5/2/13

So why is this a good thing?

● Make changes in minutes with precision

● Easier to share specific configuration details

● Brings configuration knowledge to the forefront

5/2/13

Bootstrap a test environment

5/2/13

Editor War!

● I prefer vim, and it's fun to mess with the emacs people

● services/editor_war.cf

5/2/13

Definitions

● Policy - A policy is a set of intentions about the system, coded as a list of promises. A policy is not a standard, but the result of specific organizational management decisions.

● Promise - The CFEngine software manages every intended system outcome as `promises' to be kept. A CFEngine Promise corresponds roughly to a rule in other software products, but importantly promises are always things that can be kept and repaired continuously, on a real time basis, not just once at install-time.

● Bundle – A collection of promises that has a name● Body - A promise body is the description of exactly what is promised (as opposed to what/who

is making the promise). The term `body' is used in the CFEngine syntax to mean a small template that can be used to contribute as part of a larger promise body.

● Promiser – The object that makes a promise. (file, package, process, command, ect …)● Promisee (stakeholder) – Who cares about a specific promise. ● Class (context) – True/False propositions. All decisions are made with classes. Hard

(discovered/builtin) and soft (user-defined).

5/2/13

Wage War

● Remove Disallowed Packages– vagrant ssh hub

– watch rpm -q emacs-nox

– Uncomment disallowed_packages to activate policy. Watch it get fixed.

● Install Required Packages– watch rpm -q vim-enhanced

– Uncomment required_packages to activate policy

5/2/13

More Nodes!

● Increase nodes to 2 in Vagrantfile● vagrant up● vagrant ssh node00{1,2}

5/2/13

Webserver

● services/webserver.cf● Activated from bundle agent main in

promises.cf● Lets ensure its present and on

– node001 http://localhost:9003

– node002 http://localhost:9004

5/2/13

Questions/Discussion?

5/2/13

Thank You!

Please fill out the Trainer EvaluationPlease fill out the Trainer Evaluation

Rate LOPSA-East ‘13Rate LOPSA-East ‘13

http://lopsa-east.org/2013/training-survey

Thank You for Attending LOPSA-East ‘13Thank You for Attending LOPSA-East ‘13

http://www.lopsa-east.org/2013/rate-lopsa-east-13