Managing the network with Cfengine
Cfengine  is a flexible framework for automating system administration tasks. With Cfengine, you can manage one machine or a heterogeneous network. The first version of Cfengine was released more than 15 years ago by Mark Burgess, a professor at Oslo University. According to usage estimates, Cfengine has managed more than 1 million computers over the years. Version 3 of the Cfengine framework rolls out some new capabilities and does away with all the old historical layers. The developers have even retooled the language so that all elements are handled in a uniform way.
To show what is possible with Cfengine 3, I introduce various Cfengine components in a running example. To follow along, you need two networked Linux machines that I call PolicyServer and Client. The end goal is to have the client machine running a fully configured and managed Apache web server, with no manual configuration required, other than installing Cfengine.
The basic model I use will store and distribute all of the policy code centrally from a single server. Cfengine can be used many ways because it is very flexible, but this is a common design, and it serves many sys admins well. PolicyServer will hold and make available the central repository of Cfengine code, and the Client machine will receive the Apache configuration.
Read full article as PDF »Cfengine.pdf (463.98 kB)
reply to pghpeteThere is no package named flex-devel in RHEL/CentOS 5.4, although there should be. Instead, libfl.a is part of the flex package, so you cannot crosscompile. I found this attempting to compile the latest setkey (ipsec-tools) for i386 on an x86_64 host.
Can't believe the trouble...I can't believe the trouble I was having getting ver 3.0.3 of cfengine installed on either RHEL 5.4 or CentOS 5.4... as it turns out, it's still a personal problem. Argh. What an inept bum I am today... forgot cardinal rule number 1, read the INSTALL file and install all dependencies it asks for. Which, were surprisingly extensive...
'yum install openssl openssl-devel db4 db4-deve flex flex-devel bison bison-devel pcre pcre-devel'
Then your './configure && make && make install' should run without issues on either distro.
Many issues while trying to follow your articleI read your article and enjoyed it. Thank you. I ran into a few problems so I figured I would comment for the benefit of others who may encounter the same issues. ** Long story short: compile and install from source if you want to follow this articles instructions... for details keep reading **
I decided to use a package utility instead of compiling the source.
'yum install cfengine' worked without incident
'yum install cfengine' reports package not found, nothing to do.
I thought this was quite strange since CentOS, from my knowledge, is near identical to RHEL 5.4 ( including their repository content)
Apparently, you have to install rpmforge just to get the package for CentOS 5.4. Here is what I did to accomplish that...
'rpm -Uvh rpmforge-release-0.5.1-1.e15.rf.i386.rpm'
(as rpmrepo.net/RPMforge instructs)
After that a 'yum install cfengine' worked without incident. At this point I figured my troubles where over,... nope!
While trying to follow your "Hello, World" instructions, I couldn't figure out why there was no command cf-key, or cf-agent on my systems... a quick 'man cfengine' showed me why... ah... it's cfkey and cfagent. I figured it was just the authors typo(s). Then, the files and directories that I was directed to create/alter were not on my systems either. Hum... strange. I was about to give up but then I ran 'rpm -q cfengine' on both systems and had my "Ah ha" moment... both of my test distros are Enterprise OS systems and therefore, their package versions are way behind the most recent versions of anything. I totally missed the first sentence of paragraph two in which Mr. Strejcek states clearly, "To show what is possible with Cfengine 3,..."
I can't believe I missed that! I had ton of problems, but they were all self-inflicted wounds. Had I just caught that line... aw well.
Vendor D-Wave scores big with a sale to NASA's Quantum Intelligence Lab.
Many package updates and Steam integration highlight the latest from the Mandriva-based community Linux.
Richard Stallman calls for the W3C to remain independent of vendor interests.
The new release supports nine architectures, 73 human languages, and zero non-Free components.
Fedora developers release the first alpha version of Fedora 19, known as Schrödinger’s Cat, for general testing. The final release is expected in July 2013.
ack is a grep-like, command-line tool that has been optimized for programmers to search large trees of source code.
New features in SUSE Studio 1.3 include enhanced cloud integration, VM platform support, and lifecycle management.
The Linux Foundation recently announced that the Xen Project is becoming a Linux Foundation Collaborative Project.
Open source version of LiveCode is now available for developing apps, games, and utilities for all major platforms.
OpenDaylight is an open source software-defined networking project committed to furthering adoption of SDN and accelerating innovation in a vendor-neutral and open environment.