0
CFEngine, 4 years later
___________________________
A song of code and configuration

Matthieu CERDA

Normation – CC-BY-SA...
Who are you ?
Name

Matthieu CERDA

Email :

matthieu.cerda@normation.com

Web site :

http://www.normation.com

Twitter :...
What are we going to talk about

CFEngine 3

●

How we began with it, what we gained from it

●

“Funky” use cases

●

The...
Why CFEngine ?
http://www.cfengine.com | http://www.github.com/cfengine
Few dependencies (LMDB,
OpenSSL, [PCRE])
●

●

Sma...
CFEngine 3 : 20 % cooler !

●

Created in 2009

●

Complete rewrite from CF2

●

Promise theory

Based on what has been
le...
Overview
e
Puppet

Chef

CFEngine

e

Normation – CC-BY-SA
normation.com

6
A long path 'till today !
Learnt to use CFEngine
properly
●

Acquired knowledge about
best practices, worked with
great pe...
The beginning

●

Back to 2009 !!!

●

Sparse documentation

●

Inexperience

Advice: Start small, to manage
few machines
...
Funky example 1: Rug

●

Rug was SLES 10 default package manager (Now, it is Zypper)

Problem ? Rug relies on a Mono backe...
2 – ALWAYS modularize when you can

●

Example: Package installation definition

Normation – CC-BY-SA
normation.com

10
2 – ALWAYS modularize when you can

●

Example: … and the “utility” bundle that goes with it !

Normation – CC-BY-SA
norma...
A word about promises layout

●

Everything begins with a bootstrap
cf-agent -B <my ip address>

Never do everything in on...
3 – Reporting is important
Example: When something bad happens, you'll be happy to see
where the problem is (without havin...
3 – Reporting is important

Normation – CC-BY-SA
normation.com

14
3 – Reporting is important

Normation – CC-BY-SA
normation.com

15
Funky example 2: Internal database bloat
CFEngine uses a database to store internal state value
(BerkeleyDB for < 3.3, Tok...
Funky example 2: Internal database bloat
Solutions:
●

●

Stop reporting all the time (Only
report relevant changes)
Mount...
4 – Backup your stuff
Example: When CFEngine does something with a file, you would
like to keep a backup of this file befo...
4 – Backup your stuff

Normation – CC-BY-SA
normation.com

19
5 – Tame the agent
Example: You want to make sure CFEngine only operates in
safe environments
●

You need way to make
CFEn...
5 – Tame the agent

Normation – CC-BY-SA
normation.com

21
6 – Always a damn DNS problem (tm)
Example: Your network interfaces resolutions are not always
working properly (AWS ?)
●
...
6 – Always a damn DNS problem (tm)

Normation – CC-BY-SA
normation.com

23
BONUS STAGE: Beware of the allmighty Cron

●

A word of warning:
Cron(d) is not a
configuration management
engine !!!

Eas...
Future

●

●

Work on the ncf framework (See Jon's presentation !)

●

Work with the Debian packaging team

●

e

Continue...
Questions ? :)

Normation – CC-BY-SA
normation.com

28
Upcoming SlideShare
Loading in...5
×

CFEngine, 4 years later

876

Published on

Everything began 4 years ago, CFEngine 3 had just been released, documentation and expertise were in short supply. We had to accept the reality of a steep learning curve.

As CFEngine grew so did we. We discovered bugs, submitted pull requests, designed workarounds for various pitfalls, gained advances in productivity (thanks to the knowledge and experience gained working with CFEngine 3) and evaluated design choices available to us. This journey led us to become one of the most advanced CFEngine users in Europe.

I'll recount our journey, share insights on solution architecture with CFEngine and show examples of what we had to overcome and how we achieved that using less well-known features of CFEngine. Our examples will cover advanced use of CFEngine 3 code. Finally, I will present our retrospective: what we did right, what we did wrong and share where we have got to thus far in our journey.

Published in: Technology, Design
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
876
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
9
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "CFEngine, 4 years later"

  1. 1. CFEngine, 4 years later ___________________________ A song of code and configuration Matthieu CERDA Normation – CC-BY-SA normation.com
  2. 2. Who are you ? Name Matthieu CERDA Email : matthieu.cerda@normation.com Web site : http://www.normation.com Twitter : @Kegeruneku Job System engineer at Normation CFEngine Enthusiast, power user and trainer Rudder Integrator, packager Infrastructure Team member Normation – CC-BY-SA normation.com 2
  3. 3. What are we going to talk about CFEngine 3 ● How we began with it, what we gained from it ● “Funky” use cases ● The future Normation – CC-BY-SA normation.com 3
  4. 4. Why CFEngine ? http://www.cfengine.com | http://www.github.com/cfengine Few dependencies (LMDB, OpenSSL, [PCRE]) ● ● Small memory footprint ● Highly compatible Working “close to the OS” (Can be seen as a flaw for some people) ● Normation – CC-BY-SA normation.com 4
  5. 5. CFEngine 3 : 20 % cooler ! ● Created in 2009 ● Complete rewrite from CF2 ● Promise theory Based on what has been learnt from Puppet and CF2 ● ● Alive and kicking ! Normation – CC-BY-SA normation.com 5
  6. 6. Overview e Puppet Chef CFEngine e Normation – CC-BY-SA normation.com 6
  7. 7. A long path 'till today ! Learnt to use CFEngine properly ● Acquired knowledge about best practices, worked with great people ● Helped to build Rudder from the ground ● Began working on ncf with Normation's team ● ● Became a trainer :) Normation – CC-BY-SA normation.com 7
  8. 8. The beginning ● Back to 2009 !!! ● Sparse documentation ● Inexperience Advice: Start small, to manage few machines ● e Normation – CC-BY-SA normation.com 8
  9. 9. Funky example 1: Rug ● Rug was SLES 10 default package manager (Now, it is Zypper) Problem ? Rug relies on a Mono backend (ZMD) that hangs if you stress it too much or call it repeatedly... ● Needed a way to make an exclusion for this specific kind of machines ! ● Normation – CC-BY-SA normation.com 9
  10. 10. 2 – ALWAYS modularize when you can ● Example: Package installation definition Normation – CC-BY-SA normation.com 10
  11. 11. 2 – ALWAYS modularize when you can ● Example: … and the “utility” bundle that goes with it ! Normation – CC-BY-SA normation.com 11
  12. 12. A word about promises layout ● Everything begins with a bootstrap cf-agent -B <my ip address> Never do everything in one file, always split your promises using a hierarchical order: ● ● Always separate utilities, zones and services Normation – CC-BY-SA normation.com 12
  13. 13. 3 – Reporting is important Example: When something bad happens, you'll be happy to see where the problem is (without having to go for the debug output) ! ● You need a “verbose” mode. => ● As always: modularization is important ! Static and redundant reports are a good way to make your code fat and unreadable in the long term. ● Normation – CC-BY-SA normation.com 13
  14. 14. 3 – Reporting is important Normation – CC-BY-SA normation.com 14
  15. 15. 3 – Reporting is important Normation – CC-BY-SA normation.com 15
  16. 16. Funky example 2: Internal database bloat CFEngine uses a database to store internal state value (BerkeleyDB for < 3.3, TokyoCabinet for 3.3 to 3.5 and LMDB for 3.6+) => https://cfengine.com/dev/issues/2560 ● BDB / TokyoCabinet do bloat when using reporting with highly volatile values (reporting a date everytime with seconds) ● ● Result: Normation – CC-BY-SA normation.com 16
  17. 17. Funky example 2: Internal database bloat Solutions: ● ● Stop reporting all the time (Only report relevant changes) Mount the “state” directory on a RAMdisk http://blog.normation.com/en/20 13/09/09/speed-up-your-cfengine -by-using-a-ram-disk Bonus effect: Up to 2/3 times faster during I/O on databases ● Destroy the databases regularly (every month or week) Normation – CC-BY-SA normation.com 17
  18. 18. 4 – Backup your stuff Example: When CFEngine does something with a file, you would like to keep a backup of this file beforehand ● <= You need a backup repository. https://cfengine.com/docs/3.5/reference-promise-types-files.html# repository ● File name is preserved, along with backup timestamp Normation – CC-BY-SA normation.com 18
  19. 19. 4 – Backup your stuff Normation – CC-BY-SA normation.com 19
  20. 20. 5 – Tame the agent Example: You want to make sure CFEngine only operates in safe environments ● You need way to make CFEngine only operate in => certain conditions ● CFEngine can be told to abort if certain conditions are not met https://cfengine.com/docs/3.5/reference-components-cfagent.htm l#abortclasses Normation – CC-BY-SA normation.com 20
  21. 21. 5 – Tame the agent Normation – CC-BY-SA normation.com 21
  22. 22. 6 – Always a damn DNS problem (tm) Example: Your network interfaces resolutions are not always working properly (AWS ?) ● You need to make CFEngine ignore some interfaces CFEngine can be told to ignore some network interfaces if needed ● ● It is a workaround, not a solution ! Normation – CC-BY-SA normation.com 22
  23. 23. 6 – Always a damn DNS problem (tm) Normation – CC-BY-SA normation.com 23
  24. 24. BONUS STAGE: Beware of the allmighty Cron ● A word of warning: Cron(d) is not a configuration management engine !!! Easy to “fix” things quickly with a cron job ● KISS: Let every tool do its job, do not fall in the trap ● Normation – CC-BY-SA normation.com 26
  25. 25. Future ● ● Work on the ncf framework (See Jon's presentation !) ● Work with the Debian packaging team ● e Continue to improve Rudder Train more people ! Normation – CC-BY-SA normation.com 27
  26. 26. Questions ? :) Normation – CC-BY-SA normation.com 28
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×