There will be several CFEngine-related classes and talks at the PICC'12 conference (Professional IT Community Conference) on May 11-12th, in New Jersey. I will be talking about using CFEngine as part of your security infrastructure. My colleague Joe Netzel will be talking about migration from CFEngine 2 to CFEngine 3, so if you are using CF2 and have been considering (or dreading) the migration, make sure to come by! Aleksey Tsalolikhin will give an introductory class to CFEngine. And Mark Burgess will give a class not related to CFEngine, but to the perils and skills needed to survive as a technical person in the "business world".

I'm happy to announce that the website for my book is now live at http://cf-learn.info/.

In this website you will find:

• General information about the book. 
• A discussion forum for any type of questions, feedback or suggestions about the book. 
• Downloadable code examples from the book, plus (over time) many other new examples. 
• List of Errata, and access to the Errata system at O'Reilly 
• A blog devoted to the book and to CFEngine. 

The site is fairly empty at the moment (the blog, the forum and the errata page are live, I encourage you to participate, particularly if you have purchased the Early Release version of the book and want to provide any sort of feedback), but content will grow over time.

Today I gave a presentation at UNAM's 2011 Computer Security Conference in Mexico City. Below you will find my presentation (done using prezi.com, follow this link if you can't see it below). You can also get the PDF version.

 

 

Related blog posts from cfengine.com:

CFEngine - The Third Wave of Configuration Management

A new version of CFEngine 3 Nova was released today, and to go with it, there will be a free webinar called "Introduction to CFEngine 3 Nova" on November 2nd. It will be presented by one of the members of the core CFEngine team, and it will be a great opportunity to learn more about the new and improved capabilities in this release. If you are interested in CFEngine and maybe thinking of going the commercial route, or you need more information to decide, make sure to attend!

Today I have two big announcements to make.

Cfengine (tested 3.2.0) installs easily on OS X (tested 10.7), given that it's Unix. One problem I encountered was that it does not compile with the bundled version of Berkeley DB (it recognizes it during configure, but produces compilation errors). The solution is to use some other DB engine. I chose Tokyo Cabinet. Using homebrew, the process is simple

brew install tokyo-cabinet

After this, configure --with-tokyocabinet, and then compile and install as usual.

I have written a Cfengine3 lexer for Pygments, the open source syntax-highlighter used by Gist and many other sites. It seems to work fine on all the cfengine policy files I have tested, but if you find anything that doesn't quite work as expected, please let me know. This is my first-ever Pygments lexer, so if you are an expert and can advise me on better ways of doing things, I'd very much appreciate the feedback too.

I recently posted a snippet to perform hierarchical copying in cfengine3. As I was attempting to integrate this mechanism into my copy of cfengine's COPBL, I realized that no additional functions or body components are needed. Thanks to cfengine3's list expansion, all you need to do is include in the existing copy promise the list containing the desired list of suffixes to try. For example:

Becomes:

While this looks at first sight even longer than the original (and of course, in this case you could just specify ${sys.flavour} directly in the copy_from statement), it is much more flexible. Instead of defining different sections for each class that you want to handle (e.g. suse_9, redhat_5, etc.), the same code is able to copy the corresponding binary directory for any operating system, you just have to put the corresponding bin.* directory in your repository.

I have created a copy of the cfengine COPBL on GitHub , where I will use it as a playground for changes and additions. This is in no way endorsed by cfengine - it is just my personal copy. But if you use GitHub and want to use it, go ahead, I will try to keep it updated with respect to the original subversion repository , although it will include my changes too.

Here is a sample implementation in cfengine3 of the technique described in the cfengine wiki as "Singlecopy Nirvana" for cfengine2. Cfengine3 makes the technique more powerful by allowing modularization, so that you can specify both the suffixes to try, and the files to copy using those suffixes, as variables. Also, cf3's automatic list expansion allows us to write a single copy statement that will be automatically expanded into all the different values to try.

Update (2011/09/05): Updated the instructions for cfengine 3.2.0, cygwin 1.7.9, and tested them on a clean cygwin install.

Installing the cfengine community edition under Windows (the commercial version includes native Windows support) is fairly easy under cygwin, you just need to have the appropriate dependencies installed. Here’s how I did it.

Versions  

• cfengine: 3.2.0
• Windows 7 Enterprise SP1/64bit
• cygwin: 1.7.9-1

Additional cygwin packages needed 

To install these, run cygwin’s setup.exe, search for each packages in turn, and install them. Make sure you agree to install any additional packages that are listed as dependencies (setup.exe will ask you about it).