Below you will find pages that have the tag “cfengine”
CFEngine talks at PICC'12 conference
Learning CFEngine 3 has been released

CFEngine posts moving to cf-learn.info
cf-cmd: A command-line tool for running CFEngine snippets
After building the typical "test bundle" scaffolding in an editor for the hundredth time, I decided to do something about it. The result is the cf-cmd command.
A little useful script I wrote for making it easier to test CFEngine code snippets. Follow the link to see the full details.
New website for "Learning CFEngine 3"
I'm happy to announce that the website for my book is now live at http://cf-learn.info/.
In this website you will find:- General information about the book.
- A discussion forum for any type of questions, feedback or suggestions about the book.
- Downloadable code examples from the book, plus (over time) many other new examples.
- List of Errata, and access to the Errata system at O'Reilly
- A blog devoted to the book and to CFEngine.
The site is fairly empty at the moment (the blog, the forum and the errata page are live, I encourage you to participate, particularly if you have purchased the Early Release version of the book and want to provide any sort of feedback), but content will grow over time.
"Learning CFEngine 3" Early Release now available -use AUTHD to get 40-50% off
My upcoming book "Learning CFEngine 3" is now available as an Early Release, which includes (for now) the first four chapters of the book. You can use the code AUTHD to get 40% off the print book, or 50% off the ebook version.
Go get yours! And of course, I'd be happy to receive any feedback you have.

"Security in the Third Wave of IT Engineering"
Today I gave a presentation at UNAM's 2011 Computer Security Conference in Mexico City. Below you will find my presentation (done using prezi.com, follow this link if you can't see it below). You can also get the PDF version.
Related blog posts from cfengine.com:
What's New in CFEngine 3: Making System Administration Even More Powerful - O'Reilly Radar
CFEngine is both the oldest and the newest of the popular tools for automating site administration. Mark Burgess invented it as a free software project in 1993, and years later, as deployments in the field outgrew its original design he gave it a complete rethink and developed the powerful concept of promise theory to make it modular and maintainable.
I contributed to this article by Andy Oram on CFEngine 3. It talks about the history of CFEngine 3, why it is a powerful tool for system administrators, and what is new in the latest releases of both the commercial and the open-source versions of CFEngine.
"Introduction to CFEngine 3 Nova" webinar
New job, new book
Installing cfengine on Mac OS X
Cfengine (tested 3.2.0) installs easily on OS X (tested 10.7), given that it's Unix. One problem I encountered was that it does not compile with the bundled version of Berkeley DB (it recognizes it during configure, but produces compilation errors). The solution is to use some other DB engine. I chose Tokyo Cabinet. Using homebrew, the process is simple
brew install tokyo-cabinet
After this, configure --with-tokyocabinet, and then compile and install as usual.
Cfengine3 lexer for Pygments
I have written a Cfengine3 lexer for Pygments, the open source syntax-highlighter used by Gist and many other sites. It seems to work fine on all the cfengine policy files I have tested, but if you find anything that doesn't quite work as expected, please let me know. This is my first-ever Pygments lexer, so if you are an expert and can advise me on better ways of doing things, I'd very much appreciate the feedback too.
Hierarchical copying with cfengine3
I recently posted a snippet to perform hierarchical copying in cfengine3. As I was attempting to integrate this mechanism into my copy of cfengine's COPBL, I realized that no additional functions or body components are needed. Thanks to cfengine3's list expansion, all you need to do is include in the existing copy promise the list containing the desired list of suffixes to try. For example:
files: | |
suse_9:: | |
"${sys.workdir}/bin" | |
perms => usystem("0700"), | |
copy_from => mycopy("${repository}/bin/suse_9"), | |
depth_search => urecurse("1"); |
Becomes:
vars: | |
"suffixes" slist => { "${sys.flavour}" }; | |
files: | |
"${sys.workdir}/bin" | |
perms => usystem("0700"), | |
copy_from => mycopy("${repository}/bin.${suffixes}"), | |
depth_search => urecurse("1"); |
While this looks at first sight even longer than the original (and of course, in this case you could just specify ${sys.flavour} directly in the copy_from statement), it is much more flexible. Instead of defining different sections for each class that you want to handle (e.g. suse_9, redhat_5, etc.), the same code is able to copy the corresponding binary directory for any operating system, you just have to put the corresponding bin.* directory in your repository.
The State of Open Source System Automation
The days of DIY system administration are rapidly coming to a close. Why? Because the open source tools available are just too good not to use. Presenting Bcfg2, Cfengine, Chef and Puppet.
Nice overview of the Usenix 2010 Configuration Management Summit, including descriptions and comparisons of the four major open-source CM systems.
Editing whitespace-separated config files with cfengine
# Sets the RHS of configuration items in the file of the form | |
# LHS RHS | |
# If the line is commented out with #, it gets uncommented first. | |
# Adds a new line if none exists. | |
# The argument is an associative array containing v[LHS]="rhs" | |
# Based on set_variable_values from cfengine_stdlib.cf, modified | |
# by Diego Zamboni to use whitespace as separator, and to handle | |
# commented-out lines. | |
bundle edit_line set_config_values(v) | |
{ | |
vars: | |
"index" slist => getindices("$(v)"); | |
# Be careful if the index string contains funny chars | |
"cindex[$(index)]" string => canonify("$(index)"); | |
field_edits: | |
# If the line is there, but commented out, first uncomment it | |
"#+$(index)\s+.*" | |
edit_field => col("\s+","1","$(index)","set"); | |
# match a line starting like the key something | |
"$(index)\s+.*" | |
edit_field => col("\s+","2","$($(v)[$(index)])","set"), | |
classes => if_ok("not_$(cindex[$(index)])"); | |
insert_lines: | |
"$(index) $($(v)[$(index)])", | |
ifvarclass => "!not_$(cindex[$(index)])"; | |
} |
cfengine Community Open Promise Body Library on GitHub
I have created a copy of the cfengine COPBL on GitHub , where I will use it as a playground for changes and additions. This is in no way endorsed by cfengine - it is just my personal copy. But if you use GitHub and want to use it, go ahead, I will try to keep it updated with respect to the original subversion repository , although it will include my changes too.
Detecting NICs that match certain IP addresses
# Find all network interfaces that match a certain IP address. | |
# Time-stamp: <[netif_find.cf] modified by Diego Zamboni on Tuesday, 2010.08.24 at 01:53:03> | |
body common control | |
{ | |
bundlesequence => { "test" }; | |
} | |
bundle agent test | |
{ | |
vars: | |
"nics" slist => getindices("sys.ipv4"); | |
# Regex we want to match on the IP address | |
"ipregex" string => "192\.168\..*"; | |
# This is heavily based on cfengine3 list expansion. The expression is | |
# evaluated for every value of ${nics}, and if there are any matches, | |
# the corresponding class is defined, which then triggers the printing | |
# of the "Matched NIC" message (of course, in a real example, the class | |
# could be used to trigger some other action). | |
classes: | |
"ismatch_${nics}" expression => regcmp("${ipregex}", "${sys.ipv4[${nics}]}"); | |
reports: | |
linux|windows:: | |
"NICs found: ${nics}"; | |
"Matched NIC: ${nics} (${sys.ipv4[${nics}]})" | |
ifvarclass => "ismatch_${nics}"; | |
} |
Implementing "single-copy nirvana" in cfengine3
Installing cfengine on Windows 7 under cygwin
Update (2011/09/05): Updated the instructions for cfengine 3.2.0, cygwin 1.7.9, and tested them on a clean cygwin install.
Installing the cfengine community edition under Windows (the commercial version includes native Windows support) is fairly easy under cygwin, you just need to have the appropriate dependencies installed. Here’s how I did it.
Versions
Additional cygwin packages needed
To install these, run cygwin’s setup.exe, search for each packages in turn, and install them. Make sure you agree to install any additional packages that are listed as dependencies (setup.exe will ask you about it).