Configuration management: automating and rationalizing server setup with CFEngine 3 (Open World Forum 2011)
Upcoming SlideShare
Loading in...5
×
 

Configuration management: automating and rationalizing server setup with CFEngine 3 (Open World Forum 2011)

on

  • 4,675 views

With the advent of virtualization and cloud computing, modern IT management relies more and more on the concept of "create, set up, use and throw away" servers. In this context, the benefits of ...

With the advent of virtualization and cloud computing, modern IT management relies more and more on the concept of "create, set up, use and throw away" servers. In this context, the benefits of automating and rationalizing the "set up phase" are obvious. This is where configuration management tools come in to play.

This presentation kicks off with a discussion of some key points of configuration management and their benefits and drawbacks, building on real world examples (well, pseudo examples, mostly too silly to have ever really happened... or maybe not?)

The main contender will then be introduced: CFEngine 3. Released in 2009, this is a brand new version of the open source configuration management solution, built on 17+ years of experience from previous versions of the software. We'll introduce the technology's key points, comparing approaches with similar devops-type tools, such as Puppet and Chef (where possible).

I then cover the basics of setting up a minimal environment to start automating your configuration with CFEngine 3, and simple but illustrative examples.

Statistics

Views

Total Views
4,675
Views on SlideShare
2,492
Embed Views
2,183

Actions

Likes
0
Downloads
35
Comments
0

5 Embeds 2,183

http://blog.normation.com 2140
http://blog-poc.labo.normation.com 29
http://www.normation.com 12
http://a0.twimg.com 1
http://webcache.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-ShareAlike LicenseCC Attribution-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Configuration management: automating and rationalizing server setup with CFEngine 3 (Open World Forum 2011) Configuration management: automating and rationalizing server setup with CFEngine 3 (Open World Forum 2011) Presentation Transcript

  • 24/09/2011 Configuration Management Automating and rationalizing server setup with CFEngine 3Jonathan Clarke <jcl@normation.com>    
  • About the speakerJonathan Clarke → CTO →Sysadmin background Startup created in 2010Infrastructure management Based in ParisFLOSS contributor: Configuration management: CFEngine  CFEngine (partner) Others (OpenLDAP, LSC, FusionInventory...)  Rudder (creator)    
  • Introduction 1. CREATE 2. SETUP 3. USE 4. THROW AWAY Cloud Computing    
  • Introduction 1. CREATE 2. SETUP 3. USE 4. THROW AWAY Cloud Computing → APIs and tools are available    
  • Introduction 1. CREATE 2. SETUP 3. USE 4. THROW AWAY Cloud Computing Three approaches: 1. Manually 2. Imaging 3. Configuration tool    
  • Agenda1) Configuration Management principles2) Configuration Management tools3) About CFEngine 34) Getting started    
  • Configuration Management Principles through examples...    
  • A server crashed. Install a new one, people cant work without it!OK, itll be done inabout two days... Why configuration management? Theres a new critical security patch we must deploy on all our servers! Get it out quickly! Right, Ill put the whole team on it.    
  • Reproducibility Industrialization Automation Why configuration management?    
  • How do we setup service X? Ask Jim, hes the expert on that.But he left the company... Why configuration management? Huh, this server has been logging errors for a few weeks. Oh? I think Michael changed something on it recently... Hell tell you what it was. Damn, hes on vacation!    
  • Documentation History Building-up knowledge Why configuration management?   
  • An intruder just stole our datausing a vulnerability in amodule we dont need... I thought the project specification ensured that we disabled that?Er, it did, but we enabled it tosolve a problem and forgot todisable it afterwards... sorry... Why configuration management?    
  • Why configuration management? Continuous vigilanceAutomatic repairs Alerts    
  • I dont understand how this server is setup. It doesnt match our best-practices. Oh, thats a legacy server... Why configuration management? Give me details on our current security policy. Well, its a collection of little things, here and there... Ah... Well, OK. Tell me: is it fully applied on all our critical servers? Er...   
  • Why configuration management? Rationalization Normalization Control   
  • Reproducibility Industrialization Documentation History Automation Building-up knowledge Configuration management benefits Continuous Rationalization vigilanceAutomatic repairs Alerts Normalization Control    
  • Configuration Management The tools    
  • Main tools available CFEngine 3 Puppet Chef    
  • Main tools available: history Relative origins of CFEngine, Puppet and ChefSource:http://verticalsysadmin.com/blog/uncategorized/relative-origins-of-cfengine-chef-and-puppet    
  • The tools: similarities CFEngine 3 Puppet Chef Common origins Designed specifically Text-based / CLI for configuration interface management Client-server model (sometimes optional) Open Source    
  • The tools: some differences CFEngine 3 Puppet Chef C Ruby Ruby Language GPL Apache Apache (ex-GPL) License Yes Preliminary PartialWindows support    
  • A bit about CFEngine 3...   
  • CFEngine 3: Features Multi platform Windows support Two versions: 1. Community (open source) Runs in Cygwin 2. Nova (commercial) ● Native Windows service    
  • CFEngine 3: Features Multi-OS Multi-distribution Adapted to Make it ”transparent” (forget heterogeneous about the complexity) environments Existing standard library handling the differences between each OS and distribution    
  • CFEngine 3: FeaturesLightweight, non-intrusive Non-intrusive Daemon consumption on managed hosts Only two dependencies: - BerkeleyDB - OpenSSL    
  • CFEngine 3: Features Evolution of CPU utilization for an increasing number of managed hosts Highly scalable From 25 to 400 clients (x16) CPU utilization increases by 1.16%Notes:• Each host runs CFEngine every 5 minutes• Configuration tested sets up Apache web server• Tests and monitoring using AWS    
  • CFEngine 3: Features Multi platform Adapted toLightweight, non-intrusive heterogeneous environments Autonomous Fault-tolerant Highly scalable Progressive roll-out    
  • Getting started with CFEngine 3    
  • CFEngine 3: Installing Install from sources:  http://www.cfengine.com/source_code Prebuilt packages:  Debian / SuSE / Fedora / RHEL / Ubuntu  Requires free signup  https://cfengine.com/inside/myspace    
  • CFEngine 3: Client-Server Using a server is optional!  Get started by running standalone CFEngines server daemon is cf-serverd  Dedicated protocol: TCP port 5308  Requires SSL key exchange    
  • CFEngine 3: Configuration Minimal configuration: body common control { bundlesequence => { "HelloWorld" }; } Syntax notes bundle agent HelloWorld Whitespace doesnt count { Comments follow # # This will output "Hello World!" commands: "/bin/echo Hello World!"; } Structure notes ● Structures are created using { } ● Structures are bundles or bodies    
  • CFEngine 3: Configuration Promise types: Promise types Promise types (all versions) (commercial versions) files environments packages services processes databases commands storage interfaces (for future use) Special types Special types (all versions) (commercial versions) vars outputs classes methods reports    
  • CFEngine 3: Examples Install and update the LAMP stack bundle agent lamp {   vars: "packages" slist => { "httpd", "php5", "mysql" };   packages:     "${packages}"       package_method => generic,       package_method => "addupdate"; }    
  • CFEngine 3: Examples Install Apache with distribution variations packages: debian:: "apache2" package_policy => "add", package_method => apt; centos|redhat:: "httpd" package_policy => "add", package_method => yum;    
  • 24/09/2011 Thanks for participating!Stay in touch...Jonathan ClarkeEmail: jcl@normation.comTwitter: jooooooon42