This site is now 100% read-only, and retired.

cfengine [1/3] : A simple overview of cfengine

Posted by Steve on Mon 22 Aug 2005 at 02:07

There aren't many systems as powerful or useful in administering a large LAN as cfengine. However the learning curve is pretty steep, which puts a lot of people off using it. In this introduction to cfengine we'll show what kind of things it can do, and how it works.

The CFEngine Installation

An installation of cfengine logically breaks down into several major components:

  • The Server (cfservd)
  • The Client (cfagent)
  • The Scheduler (cfexecd)

The role of these components is probably fairly self-explanatory. The server will contain the collection of rules which apply to your LAN. (Most likely you will only have one server regardless of the LAN size.)

Upon each of the hosts which you wish to remotely manage you will have a client, or agent, running. This will be setup to accept connections and instructions from the central server and will then carry out jobs which it is instructed to conduct.

The scheduler is the part of the software which manages the execution of the jobs, and ensures the system operates smoothly.

There are also additional tools for particular jobs, such as setting up access keys (cfkey) and running rules against one host in particular (cfrun).

One of the early jobs will be to setup each of the clients so they will accept connections from the server, like OpenSSH access is controlled via public and private keys. However unlike using passwordless logins with SSH the cfengine requires a two-way trust.

Getting Started

As with many packages in Debian installation of the software is very simple:

apt-get install cfengine2

However once the software is installed the real work begins. Configuring the software is both complex and largely site-specific.

This is one reason why so few large examples exist. The job of cfengine is to apply a set of rules to a collection of hosts and these rules are largely specific to particular environments.

Some simple rules can be shared and discussed but the real payoff comes from doing many global jobs with your own set of customised rules.

cfengine rules can be almost arbitrarily complex. It is possible to script and automate many things across the LAN, such as:

  • Checking file permissions and ownerships; fixing them if required.
  • Restarting failed daemons/servers.
  • Installing software remotely, including security updates.
  • Editing files remotely.
  • Executing commands remotely.
  • Configuring network interfaces, routing, and DNS.
  • Compressing, deleting, or otherwise managing files or directories.

These are just some highlights, with a bit of creativity and effort you can accomplish many many jobs - all across a whole host of machines.

The cfengine has been ported to most of the major Unix systems, and also to some flavours of Windows.

Further Information

I hope to cover a basic guide on installing and getting started with cfengine shortly. In the meantime you can find a wealth of information on the internet.

The following resources make good starting points:

O'Reilly's book Essential System Administration also provides a small amount of discussion and is highly recommended resource in its own right.



Re: A simple overview of cfengine
Posted by Anonymous (24.16.xx.xx) on Mon 22 Aug 2005 at 03:10
I'd love to see an article showing how to actually do something with cfengine.

[ Parent ]

Re: A simple overview of cfengine
Posted by Steve (82.41.xx.xx) on Mon 22 Aug 2005 at 03:14
[ View Weblogs ]

Coming up shortly will be a piece on installing and setting up a common job or two.

But it's a huge system and hard to explain neatly and succinctly. So anything more involved will have to come from somebody with more time than I possess.


[ Parent ]

Re: A simple overview of cfengine
Posted by Anonymous (209.149.xx.xx) on Tue 30 Aug 2005 at 22:14
I wrote a couple of articles on cfengine last year: e.html

I didn't get as far with the series as I'd hoped, mostly because I founded a software company producing a competing open-source tool, Puppet:

The above articles have been described as a good place to start, though.

--Luke Kanies

[ Parent ]

Re: cfengine [1/3] : A simple overview of cfengine
Posted by Anonymous (198.144.xx.xx) on Wed 5 Oct 2005 at 06:46
Why are these articles *not* in the The wiki should be the place to grow the documentation of large examples for cfengine.

[ Parent ]

Re: cfengine [1/3] : A simple overview of cfengine
Posted by Anonymous (70.182.xx.xx) on Sun 9 Oct 2005 at 21:17
Automating Unix and Linux Administration by Kirk Bauer has information on cfengine.

[ Parent ]