CFEngine and Docker: Containers in the desired state


Published on

As the use of linux containers continue to grow, system administrators are facing the need for managing and auditing them. These tiny ""machines"" pose similar challenges as the traditional servers or virtual machines:
1. Process management
Make sure certain processes are running on specific containers
Make sure processes do not misbehave
2. Patch management
Make sure certain packages are installed on the system
3. Config management
Make sure a configuration file contains certain lines (in-container config management)
Make sure certain files do not grow beyond a given size
4. Reporting
How many containers are running webservers?
Which containers are running on which hardware/machine/location? (inventory management)

To solve all these challenges we have a familiar tool that has been keeping sysadmins' promises for a long time: CFEngine.

CFEngine agents can be distributed as lightweight Docker images which, when deployed, pull policies from the policy-server and do what they do best - keep the containers in the desired state. In this talk I will demonstrate how easy it is to deploy CFEngine in containers from Docker images and have the agents report back to the CFEngine Mission Portal.

Presentation by Bishwa Shrestha from CFEngine

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

CFEngine and Docker: Containers in the desired state

  1. 1. CFEngine & Docker Bishwa Shrestha
  2. 2. Docker • Open source project to manage Linux containers – Container technology is not itself new – Other containers: Solaris Zones, OpenVZ, AIX VIOS, ... • Containers are suddenly easier to use • Versioning and sharing straightforward •
  3. 3. ● Rapid adoption – – ● Over 400,000 downloads over 300 contributors System administrators will need to manage such systems
  4. 4. CFEngine • Lightweight configuration management and automation tool • Runs is almost anything without much impact on the system
  5. 5. Docker in CFEngine ● Stress testing – Serving policy updates / file copy (cf-serverd) – Report collection (enterprise) ● Upgrade testing ● Staging Environments ● Integration in the build pipeline
  6. 6. What next? ● Where does CFEngine fit? – Long-running systems tend to drift – Where there is drift, there is a need for desired state – In-container configuration and process management and / or – Orchestration through APIs?
  7. 7. ● Adjustments – cf-monitord – stats generated are for the base hardware, eg. CPU, disk usage – Process scope and visibility – – Adapting to the docker model of versioning and sharing
  8. 8. Lets discuss the possibilities! @awsiv (twitter) help-cfengine (google groups) #cfengine (IRC)
  9. 9. Links • • • •
  10. 10.