Cfengine presentation - Configuration management - Promise technology - Cfengine architecture - Cfengine syntax - Examples
About the speaker <ul><li>Nicolas  CHARLES : nicolas.charles@normation.com </li><ul><li>Developer in different languages a...
2009, cofounded Normation
Active member of the Cfengine community </li></ul><li>Normation </li><ul><li>Software company </li><ul><li>Compliance and ...
Consulting on Identity and Service Management </li></ul></ul>
Why should I manage configurations?
Why should I manage configurations ? <ul><li>Automation and normalisation </li><ul><li>Centralized entry point for configu...
Automated operations on each servers,
Test configuration on a separate environnement and automate its deployement on servers. </li></ul><li>Keep a track of what...
Rollback on configuration files in case of error,
Self healing configuration from a defined reference. </li></ul></ul>
Some Cfengine users <ul><li>Long track-record with millions servers managed by thousands registered users including: </li>...
Promise Technology <ul><li>Based on Promise Theory </li><ul><li>Goals are invariants
Recipes depend on circumstances </li></ul><li>Simple connection to « Service Level Agreements » </li><ul><li>Promise that ...
Convergence <ul><li>Promises focus on the desired state
Convergence is built in Cfengine </li></ul>Cfengine way Traditional scripts
Cfengine features
Cfengine architecture <ul><li>Cfengine can be used as a standalone agent </li><ul><li>No need to be connected to an extern...
Use its own promises (or fetch them from a source control) </li></ul><li>Your whole infrastructure can be managed by Cfeng...
Use policy servers to distribute promises files to agents. </li></ul></ul>
Cfengine architecture
Cfengine architecture <ul><li>Each node is responsible for its own state </li><ul><li>High scalability
Resilient to network outage </li></ul><li>Agents use external resources on demand </li><ul><li>Fetch policies updates from...
Package management integration
LDAP and Database integration* </li></ul></ul>
Cfengine components <ul><li>7 components : </li><ul><li>cf-promises : syntax checker,
cf-agent : the cfengine agent,
Upcoming SlideShare
Loading in...5
×

Cfengine presentation at the RMLL

3,436

Published on

Cfengine presentation at the RMLL 2010 in Bordeaux. This presentation focuses on the reasons for configuration management, and how Cfengine addresses this need.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,436
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • « la MOA perd de la visibilité sur son produit avec le temps, on lui garantit un respect fonctionnel », « la maîtrise de la conformité est coûteuse et soumise à bcp d’erreurs humaines », « l’exploitant a besoin d’outils pour travailler avec toutes les normes », « les directions fonctionnelles ne peuvent pas appréhender l’infrastructure technique sur laquelle l’application repose »
  • Transcript of "Cfengine presentation at the RMLL"

    1. 1. Cfengine presentation - Configuration management - Promise technology - Cfengine architecture - Cfengine syntax - Examples
    2. 2. About the speaker <ul><li>Nicolas CHARLES : nicolas.charles@normation.com </li><ul><li>Developer in different languages and fields for the past 7 years
    3. 3. 2009, cofounded Normation
    4. 4. Active member of the Cfengine community </li></ul><li>Normation </li><ul><li>Software company </li><ul><li>Compliance and Drift assessment </li></ul><li>Cfengine partner
    5. 5. Consulting on Identity and Service Management </li></ul></ul>
    6. 6. Why should I manage configurations?
    7. 7. Why should I manage configurations ? <ul><li>Automation and normalisation </li><ul><li>Centralized entry point for configurations,
    8. 8. Automated operations on each servers,
    9. 9. Test configuration on a separate environnement and automate its deployement on servers. </li></ul><li>Keep a track of what has been done </li><ul><li>Use a source control for configuration files,
    10. 10. Rollback on configuration files in case of error,
    11. 11. Self healing configuration from a defined reference. </li></ul></ul>
    12. 12. Some Cfengine users <ul><li>Long track-record with millions servers managed by thousands registered users including: </li></ul>
    13. 13. Promise Technology <ul><li>Based on Promise Theory </li><ul><li>Goals are invariants
    14. 14. Recipes depend on circumstances </li></ul><li>Simple connection to « Service Level Agreements » </li><ul><li>Promise that an Apache server is up and running </li></ul><li>A promise is a documentation by itself </li></ul>
    15. 15. Convergence <ul><li>Promises focus on the desired state
    16. 16. Convergence is built in Cfengine </li></ul>Cfengine way Traditional scripts
    17. 17. Cfengine features
    18. 18. Cfengine architecture <ul><li>Cfengine can be used as a standalone agent </li><ul><li>No need to be connected to an external system,
    19. 19. Use its own promises (or fetch them from a source control) </li></ul><li>Your whole infrastructure can be managed by Cfengine </li><ul><li>Centralize the configuration of promises,
    20. 20. Use policy servers to distribute promises files to agents. </li></ul></ul>
    21. 21. Cfengine architecture
    22. 22. Cfengine architecture <ul><li>Each node is responsible for its own state </li><ul><li>High scalability
    23. 23. Resilient to network outage </li></ul><li>Agents use external resources on demand </li><ul><li>Fetch policies updates from policy server
    24. 24. Package management integration
    25. 25. LDAP and Database integration* </li></ul></ul>
    26. 26. Cfengine components <ul><li>7 components : </li><ul><li>cf-promises : syntax checker,
    27. 27. cf-agent : the cfengine agent,
    28. 28. cf-served : server for file sharing and external request,
    29. 29. cf-execd : scheduling daemon,
    30. 30. cf-runagent : helper program that talks to cf-served,
    31. 31. cf-report : generate reports on executions,
    32. 32. cf-know : generate topic map. </li></ul></ul>
    33. 33. Cfengine components <ul><li>Execution flows </li></ul>
    34. 34. Cfengine agent <ul><li>Agent installed on each server </li><ul><li>Written in C
    35. 35. Cross platform (Linux, Unixes, *BSD, Windows, MacOS)
    36. 36. Few external dependencies (OpenSSL, [PCRE])
    37. 37. Very small memory footprint (between 2 and 30 MB) </li></ul></ul>
    38. 38. Cfengine agent <ul><li>Aware of the computer's configuration
    39. 39. Autonomous
    40. 40. Automated
    41. 41. Continuous operation
    42. 42. Reliable : only one vulnerability in 17 years </li></ul>
    43. 43. Installation <ul><li>Installation packages available for : </li><ul><li>CentOS
    44. 44. Debian
    45. 45. Fedora
    46. 46. FreeBSD*
    47. 47. RedHat
    48. 48. Solaris*
    49. 49. SUSE
    50. 50. Ubuntu
    51. 51. Windows* </li></ul></ul>
    52. 52. Installation <ul><li>Typical installation path </li><ul><li>/var/cfengine : base folder for cfengine
    53. 53. /var/cfengine/bin : cfengine components
    54. 54. /var/cfengine/inputs : promises files
    55. 55. /var/cfengine/ppkeys : private keys
    56. 56. /var/cfengine/outputs : outputs of each runs
    57. 57. And some others.... </li></ul></ul>
    58. 58. Generic promise syntax <ul>type: class:: &quot;promiser&quot; -> { &quot;promisee1&quot;, &quot;promisee2&quot; }, attribute_1 => body_or_template1, attribute_2 => body_or_template2; </ul>
    59. 59. Generic promise syntax <ul><li>Cfengine promises are made of bundle ( similar to a function ) </li><ul><li>Each bundle can contain several instructions. </li></ul><li>The entry point for cf-agent is the body common control </li><ul><li>Define the list and order of execution of the bundles
    60. 60. Define the imported files </li></ul></ul>
    61. 61. Hello World <ul>body common control { bundlesequence => { &quot;test&quot; } ; } bundle agent test { reports: linux:: &quot;Hello World !&quot; ; } </ul>
    62. 62. Generic promise syntax <ul><li>Types : </li><ul><li>vars
    63. 63. classes
    64. 64. interfaces
    65. 65. processes
    66. 66. storage
    67. 67. packages
    68. 68. commands
    69. 69. methods
    70. 70. files
    71. 71. databases*
    72. 72. services*
    73. 73. reports </li></ul></ul>
    74. 74. Use library <ul>body common control { bundlesequence => { &quot;packages&quot; }; inputs => {&quot;cfengine_stdlib.cf&quot;}; } bundle agent packages { vars: &quot;match_package&quot; slist => { &quot;apache2-mod_php5&quot;, &quot;apache2-prefork&quot;, &quot;php5&quot; }; packages: &quot;$(match_package)&quot; package_policy => &quot;add&quot;, package_method => apt; } </ul>
    75. 75. Examples
    76. 76. A word of caution body common control { bundlesequence => { &quot;killall&quot; }; } bundle agent killall { processes: &quot;.*&quot; signals => { &quot;kill&quot; }; }
    77. 77. Acknowledgements <ul><li>Mark Burgess </li><ul><li>Wrote Cfengine
    78. 78. Borrowed heavily from his work : </li><ul><li>Cfengine Reborn, Paris, 2009 </li><ul><li>http://www.slideshare.net/normation/cfengine-reborn </li></ul><li>http://cfengine.com/pages/demos </li></ul></ul><li>RMLL </li><ul><li>Thank you for this conference </li></ul></ul>
    79. 79. Want more ? <ul><li>http://www.cfengine.org/
    80. 80. https://cfengine.com/forum/
    81. 81. Mailing-list : [email_address]
    82. 82. IRC : freenode #cfengine
    83. 83. Email : nicolas.charles@normation.com </li></ul>
    84. 84. Q&A Thank you for your attention !

    ×