Below you will find pages that have the tag “cfengine”
CFEngine talks at PICC'12 conference
April 27, 2012
There will be several CFEngine-related classes and talks at the PICC'12 conference (Professional IT Community Conference) on May 11-12th, in New Jersey. I will be talking about using CFEngine as part of your security infrastructure. My colleague Joe Netzel will be talking about migration from CFEngine 2 to CFEngine 3, so if you are using CF2 and have been considering (or dreading) the migration, make sure to come by! Aleksey Tsalolikhin will give an introductory class to CFEngine. And Mark Burgess will give a class not related to CFEngine, but to the perils and skills needed to survive as a technical person in the "business world".
Learning CFEngine 3 has been released
March 24, 2012
CFEngine posts moving to cf-learn.info
January 4, 2012
I have been blogging about CFEngine here for a while (it's my most frequent tag). As of now, I'm starting to post all CFEngine-related posts to http://blog.cf-learn.info/, which is part of the web site for my book "Learning CFEngine 3". In this way, I intend to group all CFEngine-related content over there. I will still cross-post relevant things here, but if you want to stay fully up to date on my CFEngine writings, please subscribe over there as well.
cf-cmd: A command-line tool for running CFEngine snippets
December 27, 2011
After building the typical "test bundle" scaffolding in an editor for the hundredth time, I decided to do something about it. The result is the cf-cmd command.
A little useful script I wrote for making it easier to test CFEngine code snippets. Follow the link to see the full details.
New website for "Learning CFEngine 3"
December 15, 2011
I'm happy to announce that the website for my book is now live at http://cf-learn.info/.
In this website you will find:- General information about the book.
- A discussion forum for any type of questions, feedback or suggestions about the book.
- Downloadable code examples from the book, plus (over time) many other new examples.
- List of Errata, and access to the Errata system at O'Reilly
- A blog devoted to the book and to CFEngine.
The site is fairly empty at the moment (the blog, the forum and the errata page are live, I encourage you to participate, particularly if you have purchased the Early Release version of the book and want to provide any sort of feedback), but content will grow over time.
"Learning CFEngine 3" Early Release now available -use AUTHD to get 40-50% off
December 6, 2011
via shop.oreilly.com
My upcoming book "Learning CFEngine 3" is now available as an Early Release, which includes (for now) the first four chapters of the book. You can use the code AUTHD to get 40% off the print book, or 50% off the ebook version.
Go get yours! And of course, I'd be happy to receive any feedback you have.
"Security in the Third Wave of IT Engineering"
November 24, 2011
Today I gave a presentation at UNAM's 2011 Computer Security Conference in Mexico City. Below you will find my presentation (done using prezi.com, follow this link if you can't see it below). You can also get the PDF version.
Related blog posts from cfengine.com:
What's New in CFEngine 3: Making System Administration Even More Powerful - O'Reilly Radar
October 28, 2011
CFEngine is both the oldest and the newest of the popular tools for automating site administration. Mark Burgess invented it as a free software project in 1993, and years later, as deployments in the field outgrew its original design he gave it a complete rethink and developed the powerful concept of promise theory to make it modular and maintainable.
I contributed to this article by Andy Oram on CFEngine 3. It talks about the history of CFEngine 3, why it is a powerful tool for system administrators, and what is new in the latest releases of both the commercial and the open-source versions of CFEngine.
"Introduction to CFEngine 3 Nova" webinar
October 25, 2011
A new version of CFEngine 3 Nova was released today, and to go with it, there will be a free webinar called "Introduction to CFEngine 3 Nova" on November 2nd. It will be presented by one of the members of the core CFEngine team, and it will be a great opportunity to learn more about the new and improved capabilities in this release. If you are interested in CFEngine and maybe thinking of going the commercial route, or you need more information to decide, make sure to attend!
New job, new book
October 19, 2011
Today I have two big announcements to make.
First, as of this week I have a new job, I am now working with CFEngine AS, the company that develops and maintains cfengine. As you know if you read my blog, I am a big fan of cfengine. It is a mature and able tool that provides extreme flexibility and power to system administrators. The company is full of energy and with very interesting projects to make cfengine even better and more popular than it is today. I am very happy to be working with such a talented team. I will be working with the Products and Services group in a variety of roles and projects, about some of which you may be able to read here as well.
Installing cfengine on Mac OS X
August 5, 2011
Cfengine (tested 3.2.0) installs easily on OS X (tested 10.7), given that it's Unix. One problem I encountered was that it does not compile with the bundled version of Berkeley DB (it recognizes it during configure, but produces compilation errors). The solution is to use some other DB engine. I chose Tokyo Cabinet. Using homebrew, the process is simple
brew install tokyo-cabinet
After this, configure --with-tokyocabinet, and then compile and install as usual.
Cfengine3 lexer for Pygments
September 8, 2010
I have written a Cfengine3 lexer for Pygments, the open source syntax-highlighter used by Gist and many other sites. It seems to work fine on all the cfengine policy files I have tested, but if you find anything that doesn't quite work as expected, please let me know. This is my first-ever Pygments lexer, so if you are an expert and can advise me on better ways of doing things, I'd very much appreciate the feedback too.
Hierarchical copying with cfengine3
August 27, 2010
I recently posted a snippet to perform hierarchical copying in cfengine3. As I was attempting to integrate this mechanism into my copy of cfengine's COPBL, I realized that no additional functions or body components are needed. Thanks to cfengine3's list expansion, all you need to do is include in the existing copy promise the list containing the desired list of suffixes to try. For example:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| files: | |
| suse_9:: | |
| "${sys.workdir}/bin" | |
| perms => usystem("0700"), | |
| copy_from => mycopy("${repository}/bin/suse_9"), | |
| depth_search => urecurse("1"); |
Becomes:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| vars: | |
| "suffixes" slist => { "${sys.flavour}" }; | |
| files: | |
| "${sys.workdir}/bin" | |
| perms => usystem("0700"), | |
| copy_from => mycopy("${repository}/bin.${suffixes}"), | |
| depth_search => urecurse("1"); |
While this looks at first sight even longer than the original (and of course, in this case you could just specify ${sys.flavour} directly in the copy_from statement), it is much more flexible. Instead of defining different sections for each class that you want to handle (e.g. suse_9, redhat_5, etc.), the same code is able to copy the corresponding binary directory for any operating system, you just have to put the corresponding bin.* directory in your repository.
The State of Open Source System Automation
August 26, 2010
The days of DIY system administration are rapidly coming to a close. Why? Because the open source tools available are just too good not to use. Presenting Bcfg2, Cfengine, Chef and Puppet.
Nice overview of the Usenix 2010 Configuration Management Summit, including descriptions and comparisons of the four major open-source CM systems.
Editing whitespace-separated config files with cfengine
August 25, 2010
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Sets the RHS of configuration items in the file of the form | |
| # LHS RHS | |
| # If the line is commented out with #, it gets uncommented first. | |
| # Adds a new line if none exists. | |
| # The argument is an associative array containing v[LHS]="rhs" | |
| # Based on set_variable_values from cfengine_stdlib.cf, modified | |
| # by Diego Zamboni to use whitespace as separator, and to handle | |
| # commented-out lines. | |
| bundle edit_line set_config_values(v) | |
| { | |
| vars: | |
| "index" slist => getindices("$(v)"); | |
| # Be careful if the index string contains funny chars | |
| "cindex[$(index)]" string => canonify("$(index)"); | |
| field_edits: | |
| # If the line is there, but commented out, first uncomment it | |
| "#+$(index)\s+.*" | |
| edit_field => col("\s+","1","$(index)","set"); | |
| # match a line starting like the key something | |
| "$(index)\s+.*" | |
| edit_field => col("\s+","2","$($(v)[$(index)])","set"), | |
| classes => if_ok("not_$(cindex[$(index)])"); | |
| insert_lines: | |
| "$(index) $($(v)[$(index)])", | |
| ifvarclass => "!not_$(cindex[$(index)])"; | |
| } |
cfengine Community Open Promise Body Library on GitHub
August 25, 2010
I have created a copy of the cfengine COPBL on GitHub , where I will use it as a playground for changes and additions. This is in no way endorsed by cfengine - it is just my personal copy. But if you use GitHub and want to use it, go ahead, I will try to keep it updated with respect to the original subversion repository , although it will include my changes too.
Detecting NICs that match certain IP addresses
August 24, 2010
Another cfengine snippet in case anyone finds it useful. This can be used to determine which NICs in the host have a certain IP address assigned to it, or match any pattern.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Find all network interfaces that match a certain IP address. | |
| # Time-stamp: <[netif_find.cf] modified by Diego Zamboni on Tuesday, 2010.08.24 at 01:53:03> | |
| body common control | |
| { | |
| bundlesequence => { "test" }; | |
| } | |
| bundle agent test | |
| { | |
| vars: | |
| "nics" slist => getindices("sys.ipv4"); | |
| # Regex we want to match on the IP address | |
| "ipregex" string => "192\.168\..*"; | |
| # This is heavily based on cfengine3 list expansion. The expression is | |
| # evaluated for every value of ${nics}, and if there are any matches, | |
| # the corresponding class is defined, which then triggers the printing | |
| # of the "Matched NIC" message (of course, in a real example, the class | |
| # could be used to trigger some other action). | |
| classes: | |
| "ismatch_${nics}" expression => regcmp("${ipregex}", "${sys.ipv4[${nics}]}"); | |
| reports: | |
| linux|windows:: | |
| "NICs found: ${nics}"; | |
| "Matched NIC: ${nics} (${sys.ipv4[${nics}]})" | |
| ifvarclass => "ismatch_${nics}"; | |
| } |
Implementing "single-copy nirvana" in cfengine3
August 23, 2010
Here is a sample implementation in cfengine3 of the technique described in the cfengine wiki as "Singlecopy Nirvana" for cfengine2. Cfengine3 makes the technique more powerful by allowing modularization, so that you can specify both the suffixes to try, and the files to copy using those suffixes, as variables. Also, cf3's automatic list expansion allows us to write a single copy statement that will be automatically expanded into all the different values to try.
Installing cfengine on Windows 7 under cygwin
August 23, 2010
Update (2011/09/05): Updated the instructions for cfengine 3.2.0, cygwin 1.7.9, and tested them on a clean cygwin install.
Installing the cfengine community edition under Windows (the commercial version includes native Windows support) is fairly easy under cygwin, you just need to have the appropriate dependencies installed. Here’s how I did it.
Versions
Additional cygwin packages needed
To install these, run cygwin’s setup.exe, search for each packages in turn, and install them. Make sure you agree to install any additional packages that are listed as dependencies (setup.exe will ask you about it).