This document discusses new capabilities in CFEngine 3, an advanced configuration management system. Key points include: - CFEngine 3 is declarative, ensures desired state is reached through convergence, is lightweight using 3-6MB of memory, and can run continuously to check configurations every 5 minutes. - It supports both new platforms like ARM boards and older systems like Solaris. - Recent additions allow managing resources like SQL databases, XML files, and virtual machines in a code-free manner using the Design Center. - CFEngine treats all resources like files, processes, and VMs as maintainable and ensures they self-correct through convergence to the desired state.

1. 1
Cutting Edge Configuration Management
What's new in the world of CFEngine 3?
Mark Burgess
13th September 2012

2. An advanced configuration system
2 ● Declarative language
– Desired state
● Advanced convergence
– Keep trying until succeed
● Resource light
– 3-6 MB, negligeable memory/CPU
● Run often and continuously
– 5 minute default
● Pull based, 5000 clients per server

3. Spot the computer ...
3

4. New and old platforms ...
4 ● New platforms (embedded)
– ARM boards
– Raspberry Pi (3MB)
– Android (Samsung Nexus) 4MB
● Old platforms
– Zlinux
– HPUX
– AIX
– Solaris 11

5. The primary challenges
● Scale
– Obsession with building new things ...
● Complexity
– Oversimplifying to cope ...
● Uncertainty
– Not really measuring actual state

6. Three personal challenges
6 ● Challenge the state of the art in IT infrastructure
management.
● Engineer for an era of ubiquitous, self-healing,
knowledge-based environments with agile and
continuous productivity.
● Re-humanize IT infrastructure, through the
design autonomous technology so organizations
can cope with growing scale and complexity, find
the right roles for humans and machines, and
engage engineers in the big picture, to enjoy
certainty and predictability in their operations,
while saving time and cost.

7. CFEngine components
● Cf-agent
– Change engine
● Cf-serverd
– Serve files and remote execution, peering
● Cf-monitord
– Collect and monitor local resource data
● Cf-report
– Command line tool for reports
● Cf-execd
– Self organizing scheduler, beats cron
● Cf-runagent
– Can be used for safe remote execution

8. Recent convergent capabilities
● Older stuff ● Newer stuff
– Exploit patterns – SQL db management
– File management – XML text editing
– Process management – Manage Vms
– Service management – Private namespaces
– Tripwire security – Code-free configuration
with Design Center
– Model based monitoring
– Self-analysing knowledge
– Dry-run modes

9. Treat everything as a maintainable
resource
● Everything self-corrects, for mission critical
● Virtual machines
● Processes
● Files, etc
● Hands-free automation
http://cfengine.com/demos/cfengine-vmware

10. Examples 101
● Template expansion (unit_edit_template.cf)
● Set a variable (unit_setvar.cf)
● Manage a process
● etc

11. What does service mgt look like?
body common control
{
bundlesequence => { "test" };
Inputs => { “cfengine_stdlib.cf” };
}
#
bundle agent test
{
vars:
"mail" slist => { "spamassassin", "postfix" };
services:
"www";
"$(mail)";
}

12. Example: Inserting “XML” Virtual Host
server.xml:
host entry:

13. Example: Inserting “XML” Virtual Host

14. Orchestration from within
bundle agent dominoes_symphony
{
methods:
host1::
"dominoes" usebundle => hand_over("localhost","host1","overture");
host2::
"dominoes" usebundle => hand_over("host1","host2","first movement");
host3::
"dominoes" usebundle => hand_over("host2","host3","second movement");
host4::
"dominoes" usebundle => hand_over("host3","host4","final movement"),
classes => if_ok("finale");
}

15. Output
host$ ~/LapTop/cfengine/core/src/cf-agent -f ./unit_orchestrate_dominoes2.cf
-K
R: Singing the overture...
R: Singing the first adagio...
R: Singing second allegro...
R: Trumpets for the finale
R: The visitors book of the Dominoes method
R: Knocked over host1 and did: overture
R: Knocked over host2 and did: first_movement
R: Knocked over host3 and did: second_movement
R: Knocked over host4 and did: final_movement

16. APIs to CFEngine
● The promise language
– For making self-healing changes
● The command line
– Cf-report for accessing information
– Cf-agent- for making stuff happen
– Cf-runagent for safe remote control
● REST API for data
● Web portal

17. Host app

18. Knowledge app

19. What's coming up?

20. Massive scale
● Largest CFEngine site we know: 200,000 hosts
● Scaling depends on frequency
– Simple star network
– 5 minute checks on policy / data aggregation
– 5000 host per hub
● Multiple hubs
– Constellation network

21. Infrastructure as a service
● Build your own cloud
– guest_environments
● Kvm
● Xen
● Vmware ESX
● Borrow someone else's
– EC2
– VMWare
– Openstack
● It must self-heal

22. Design Center
● Like Chef's cookbooks for CFEngine
● Repository on GitHub
– Examples
– Data driven methods
● Tools for composing policy from building blocks,
without need to code

23. Manage from without or within?

24. contact@cfengine.com
Every time someone logs onto a system by hand, they jeopardize everyone’s
understanding of the system.
— Mark Burgess
24