This document discusses configuration management and CFEngine 3. It begins with an introduction to configuration management principles like reproducibility, industrialization, and automation. It then discusses the main configuration management tools including CFEngine 3, Puppet, and Chef. The document focuses on CFEngine 3, describing its features like being lightweight, scalable, and adapted to heterogeneous environments. It concludes with instructions on installing and getting started with CFEngine 3, including examples of using it to install and configure servers.
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Configuration management: automating and rationalizing server setup with CFEngine 3 (Open World Forum 2011)
1. 24/09/2011
Configuration Management
Automating and rationalizing server setup with CFEngine 3
Jonathan Clarke <jcl@normation.com>
2. About the speaker
Jonathan Clarke → CTO →
Sysadmin background Startup created in 2010
Infrastructure management Based in Paris
FLOSS contributor: Configuration management:
CFEngine
CFEngine (partner)
Others (OpenLDAP, LSC,
FusionInventory...) Rudder (creator)
8. A server crashed.
Install a new one, people
can't work without it!
OK, it'll be done in
about two days...
Why configuration management?
There's a new critical security patch
we must deploy on all our servers!
Get it out quickly!
Right, I'll put the whole
team on it.
10. How do we setup
service X?
Ask Jim, he's
the expert on that.
But he left the company...
Why configuration management?
Huh, this server has been logging
errors for a few weeks.
Oh? I think Michael changed
something on it recently...
He'll tell you what it was.
Damn, he's on vacation!
11. Documentation History
Building-up
knowledge
Why configuration management?
12. An intruder just stole our data
using a vulnerability in a
module we don't need...
I thought the project specification
ensured that we disabled that?
Er, it did, but we enabled it to
solve a problem and forgot to
disable it afterwards... sorry...
Why configuration management?
14. I don't understand how this
server is setup. It doesn't match
our best-practices.
Oh, that's a legacy server...
Why configuration management?
Give me details on our
current security policy.
Well, it's a collection of little
things, here and there...
Ah... Well, OK.
Tell me: is it fully applied
on all our critical servers?
Er...
19. Main tools available: history
Relative origins of CFEngine, Puppet and Chef
Source:
http://verticalsysadmin.com/blog/uncategorized/relative-origins-o
f-cfengine-chef-and-puppet
20. The tools: similarities
CFEngine 3 Puppet Chef
Common origins Designed specifically Text-based / CLI
for configuration interface
management
Client-server model
(sometimes optional) Open Source
21. The tools: some differences
CFEngine 3 Puppet Chef
C Ruby Ruby
Language
GPL Apache Apache
(ex-GPL)
License
Yes Preliminary Partial
Windows support
23. CFEngine 3: Features
Multi platform
Windows support
Two versions:
1. Community (open source)
Runs in Cygwin
2. Nova (commercial)
● Native Windows service
24. CFEngine 3: Features
Multi-OS
Multi-distribution
Adapted to
Make it ”transparent” (forget heterogeneous
about the complexity) environments
Existing standard library
handling the differences
between each OS and
distribution
25. CFEngine 3: Features
Lightweight, non-intrusive
Non-intrusive
Daemon consumption on managed hosts
Only two dependencies:
- BerkeleyDB
- OpenSSL
26. CFEngine 3: Features
Evolution of CPU utilization
for an increasing number of managed hosts Highly scalable
From 25 to 400 clients (x16)
CPU utilization increases by 1.16%
Notes:
• Each host runs CFEngine every 5 minutes
• Configuration tested sets up Apache web server
• Tests and monitoring using AWS
27. CFEngine 3: Features
Multi platform
Adapted to
Lightweight, non-intrusive heterogeneous
environments
Autonomous
Fault-tolerant Highly scalable
Progressive
roll-out
30. CFEngine 3: Client-Server
Using a server is optional!
Get started by running standalone
CFEngine's server daemon is cf-serverd
Dedicated protocol: TCP port 5308
Requires SSL key exchange
31. CFEngine 3: Configuration
Minimal configuration:
body common control
{
bundlesequence => { "HelloWorld" };
}
Syntax notes
bundle agent HelloWorld Whitespace doesn't count
{ Comments follow #
# This will output "Hello World!"
commands:
"/bin/echo Hello World!";
}
Structure notes
● Structures are created using { }
● Structures are bundles or bodies