advertisement

Getting started with CFEngine - Webinar

50 %
50 %
advertisement
Information about Getting started with CFEngine - Webinar
Technology

Published on February 19, 2014

Author: cfengine

Source: slideshare.net

Description

Learn how to avoid downtime by tracking system drifts, how to increase the robustness and security of your system, and make sure you adhere to compliance standards using CFEngine. This slide deck accompanied our "Getting Started with CFEngine" webinar, where we covered how to achieve all those benefits using CFEngine policies, promises, and sketches. Use the examples in these slides to start your own CFEngine implementation. A recording of the webinar can be found at http://www.youtube.com/watch?v=riMkdQKBI0M&feature=share&list=UUAiKge7NwhuWi-KNKt3U4HA
advertisement

Getting Started with CFEngine

Agenda • • • • • • Infrastructure Automation with CFEngine Theory Concepts Software Components Language Concepts Examples Q&A

Benefits of Infrastructure Automation Productivity • • • Global changes in minutes Unlimited scale and complexity Remove human bottlenecks Costs • • • Reduced need for labor Reduced costs related to instability/outages Reduced license costs Security • • • Billions of compliance checks per day Real-time compliance repairs Granular and pattern based

Architected for Speed, Security and Web Scale 1. Define Desired State 2. Ensure Defined State Design Center PolicyServer CFDB 3. Verify Actual State CFE Agents Knowledge Center

CFEngine – IT Automation at Web-Scale History Technology Validation • • • • • • • • • 1993: Open Source project 2001: CFEngine version 2 2004: Promise Theory 2009: CFEngine version 3 2014: CFEngine version 3.6 Infrastructure Automation, Continuous Delivery Distributed, Lean, Secure architecture IT Automation at Web-Scale (size, agility) Community (Open source), Enterprise edition Market Validation Customer Validation • • • • >10 million servers 10,000 companies 100 countries Tens of thousands of servers (individual customer deployments)

CFEngine Enterprise - Mission Portal GUI

- Proprietary and Confidential -

PROMISES

Our Promise – Mashed Potatoes

The Way To Get There - CONVERGENCE

Basic Concepts • Convergence • To Converge - To come from different directions to reach the same point (location, conclusion, etc.) • Desired state may not be reached on the first pass • Change can be incremental • 3 passes over the policy on each run, to accelerate convergence • Declarative vs. Imperative • Declarative is descriptive • Imperative is sequential

• Promise Theory Voluntary cooperation between individual, autonomous actors or agents who publish their intentions to one another in the form of promises -- Mark Burgess

A Promise Is A Statement of Intention Promiser Promises to… If not currently kept, CFEngine will A variable… …hold a certain value of a certain type …store the appropriate value in the variable A file …have certain characteristics (permissions, ownership, etc.) …set the desired properties on the file A user account …exist and have certain characteristics (home directory, group, etc.) …create the user account with the desired characteristics A process …be running on the system …run the appropriate command to create the process

Basic Concepts • Promise States • Promise kept ✔ • Promise repaired ✘ → ✔ • Promise not kept ✘ ✘ →

SOFTWARE COMPONENTS

Basic Components Server Client cf-serverd cf-agent cf-execd cf-monitord

LANGUAGE COMPONENTS

Anatomy of a Promise Promise Type What? Packages: Context When/Where? solaris.tuesday:: Promiser Why? Attributes How? “apache” comment => “Front end webserver”, package_policy => “add”, package_version => “2.0”, package_method => solaris;

Bundles & Bodies • A bundle is a collection of promises • For example, a bundle to configure Apache might: • • • • Install the apache2 package Edit the configuration file Copy the web server content Etc. • A body is a collection of attributes that constrains the promise • Internal (in-line in the promise) • External (shareable with other promises)

EXAMPLES

Example #1 – File Security body common control { bundlesequence => { "file_security" }; inputs => { "libraries/cfengine_stdlib.cf" }; } bundle agent file_security { files: "/etc/.” -> { “SecurityPolicy513”, “security@cfengine.com” } handle => "etc_tripwire", comment => ”Bubble up possible security breaches", changes => detect_all_change, depth_search => recurse("inf"); }

Example #2 - MOTD body common control { bundlesequence => { "edit_motd" }; inputs => { "libraries/cfengine_stdlib.cf" }; } bundle agent edit_motd { vars: "motd" string => "/etc/motd"; files: "$(motd)" create => "true", edit_line => insert_lines("This system is managed by CFEngine 3"), handle => "edit_motd", comment => "Inform sysadmins this system is managed by CFEngine"; }

Example #3 – Install Packages body common control { bundlesequence => { "packages" }; inputs => { "libraries/cfengine_stdlib.cf" }; } bundle agent packages { packages: "nano" handle => "install_nano", comment => "nano is John's favorite editor", package_policy => "add", # Ensure that a package is present package_method => apt; }

Example #3 – Install Packages – Cont. cf-demo# nano bash: /usr/bin/nano: No such file or directory cf-demo# cf-agent -f package_add.cf cf-demo# nano -V GNU nano version 2.2.6 (compiled 14:12:08, Oct 1 2012) ... cf-demo#

Example #3 – Install Packages – Cont. cf-demo# bash: /usr/bin/nano: No such file or directory cf-demo# cf-agent -I -f package_add.cf Q: apt-get update ...:Ign http://dl.google.com stable InRelease ... Q: apt-get update ...:Hit http://us.archive.ubuntu.com saucy-backports/universe Translation-en Q: apt-get update ...:Reading package lists... Q: apt-get update ...: Q:apt-get --yes instal ...:Reading package lists... Q:apt-get --yes instal ...:Building dependency tree... Q:apt-get --yes instal ...:Reading state information... Q:apt-get --yes instal ...:Suggested packages: Q:apt-get --yes instal ...: spell Q:apt-get --yes instal ...:The following NEW packages will be installed: Q:apt-get --yes instal ...: nano Q:apt-get --yes instal ...:0 upgraded, 1 newly installed, 0 to remove and 4 not upgraded. Q:apt-get --yes instal ...:Need to get 0 B/194 kB of archives. Q:apt-get --yes instal ...:After this operation, 614 kB of additional disk space will be used. Q:apt-get --yes instal ...:Selecting previously unselected package nano. Q:apt-get --yes instal ...:(Reading database ... 236090 files and directories currently installed.) Q:apt-get --yes instal ...:Unpacking nano (from .../nano_2.2.6-1ubuntu1_amd64.deb) ... Q:apt-get --yes instal ...:Processing triggers for doc-base ... Q:apt-get --yes instal ...:Processing 2 added doc-base files... Q:apt-get --yes instal ...:Processing triggers for install-info ... Q:apt-get --yes instal ...:Processing triggers for man-db ... Q:apt-get --yes instal ...:Setting up nano (2.2.6-1ubuntu1) ... Q:apt-get --yes instal ...:update-alternatives: using /bin/nano to provide /usr/bin/editor (editor) in auto mode Q:apt-get --yes instal ...:update-alternatives: using /bin/nano to provide /usr/bin/pico (pico) in auto mode Q:apt-get --yes instal ...: cf-demo# nano -V GNU nano version 2.2.6 (compiled 14:12:08, Oct 1 2012) ... cf-demo#

Q&A

Next Steps • Learn More check out our documentation http://cfengine.com/docs/3.5/getting-started.html • Read Learning CFEngine 3 by Diego Zamboni • Join the conversation on our community help forum http://groups.google.com/forum/?fromgroups&hl=en#!forum/help-cfengine

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

Getting Started with CFEngine Webinar This Thursday - CFEngine

Join CFEngine partner Vertical Sysadmin for a webinar to learn about getting started with CFEngine.
Read more

Getting Started with CFEngine - Webinar PlayBack - YouTube

Learn how to avoid downtime by tracking system drifts, how to increase the robustness and security of your system, and make sure you adhere to ...
Read more

Getting Started With CFEngine - CFEngine - Distributed ...

Demo Videos, Webinars & Keynotes. This page contains video presentations demonstrating key capabilities of CFEngine Community and Enterprise editions.
Read more

Getting Started with CFEngine - Webinar Playback - 2014-03 ...

Learn how to avoid downtime by tracking system drifts, how to increase the robustness and security of your system, and make sure you adhere to ...
Read more

Getting Started with CFEngine 3 - CFEngine - Distributed ...

Getting Started with CFEngine 3. ... Getting Started . ... Videos & Webinars ; Security ; Solutions ; Archive Documentation
Read more

Mahesh Kumar, Author at CFEngine

... Mahesh Kumar Comments Off on CFEngine ... Getting Started with CFEngine Webinar This Thursday. Join CFEngine partner Vertical Sysadmin for a free ...
Read more

Get Started Guide for CFEngine 3 Enterprise 2.2 - CFEngine ...

Videos & Webinars ; Security ; Solutions ; Archive Documentation ; CFEngine 2 to CFEngine 3 ... Get started with CFEngine. CFEngine Quick Start Guide;
Read more

CFEngine Training - Vertical Sysadmin, Inc.

CFEngine Training. Automating System ... Student successes from Aleksey's "Getting Started with CFEngine 3" 3 hour webinar. ... process understanding and ...
Read more