As the use of linux containers continue to grow, system administrators are facing the need for managing and auditing them. These tiny ""machines"" pose similar challenges as the traditional servers or virtual machines:
1. Process management
Make sure certain processes are running on specific containers
Make sure processes do not misbehave
2. Patch management
Make sure certain packages are installed on the system
3. Config management
Make sure a configuration file contains certain lines (in-container config management)
Make sure certain files do not grow beyond a given size
How many containers are running webservers?
Which containers are running on which hardware/machine/location? (inventory management)
To solve all these challenges we have a familiar tool that has been keeping sysadmins' promises for a long time: CFEngine.
CFEngine agents can be distributed as lightweight Docker images which, when deployed, pull policies from the policy-server and do what they do best - keep the containers in the desired state. In this talk I will demonstrate how easy it is to deploy CFEngine in containers from Docker images and have the agents report back to the CFEngine Mission Portal.
Presentation by Bishwa Shrestha from CFEngine