Preface

This book starts off with step-by-step instructions for installing and configuring the CFEngine server and clients, and then moves on to configuring systems using CFEngine scripts. The author then walks you through the policy decision flow as well as conducting system and security audits.

This is followed by detailed discussions through various examples on how you can use CFEngine to configure systems, users, networks, databases, web servers, et al. Adding to this, the book also provides a list of best practices, CFEngine policy decision flow, and how you may use the CFEngine Orion Cloud Pack. By the end of the book you should be able to write policies to automate your complex data centre tasks.

What this book covers

Chapter 1, Getting Started with CFEngine: The first chapter, as the name suggests, lets you get started with CFEngine. The chapter underlines how CFEngine may be of great help to system administrators, configuration managers, and all those who need to manage a huge number of nodes. It gives a step-by-step procedure for installing CFEngine and testing the installation. This is followed by a brief introduction to various CFEngine components. The chapter consists of some very simple examples to give you a taste of the action in store.

Chapter 2, Configuring Systems with CFEngine: The chapter deals with the architecture of CFEngine, in detail. It lists the various components of CFEngine and their functions. Step-by-step installation and configuration of CFEngine server and clients are the highlights of this chapter. In addition to this, the chapter has a number of examples which may be used to automate various system administration tasks.

Chapter 3, System Audit with CFEngine: The chapter is dedicated to auditing your systems. In this chapter we get to see a number of CFEngine "common" and "server" control promises and their usage. It also has real life, easy to understand examples proving how CFEngine may be used as a "tripwire".

Chapter 4, Scheduling Tasks with CFEngine: The chapter deals with a few more types of promises such as monitor, executor, and reporter control promises. A very important concept of CFEngine "classes" is introduced, and how this concept of "classes" may be used to execute a sequence of jobs is explained with real life, easy to understand examples, in this chapter. We will also see how CFEngine may be used as a "scheduler".

Chapter 5, Security Audit with CFEngine: The chapter outlines how CFEngine may be used to maintain a "secure" system state. It deals with the four basic concepts of security which are authorization, authentication, data protection, and application configuration. It is full of examples which showcase the prowess of CFEngine. For example, how CFEngine may be used to automate addition of rules to IPtables for access control.

Chapter 6, Logging and Reporting with CFEngine: The chapter deals with a few other aspects of CFEngine such as logging, reporting, and monitoring. CFEngine provides a very powerful logging and reporting mechanism which may be used to keep a tab on the complete system state. How these inbuilt mechanisms may be used to generate custom reports is explained with an easy to understand example.

Chapter 7, Workflows: As the name suggests, this chapter outlines how the CFEngine framework may be used to perform more complex, inter-related tasks. It also introduces the very important concept of templates in CFEngine which helps in writing generic templates which may be used for heterogeneous systems. Another extremely important concept of "Knowledge Maps" has been introduced which may be used to automate the creation and maintenance of a knowledgebase.

Chapter 8, Advanced Functions and Variables: CFEngine is a framework and it has its own very powerful set of special functions and variables. These may be used globally, they help in reducing the number of lines of promises that need to be written, and help to improve CFEngine's performance. This chapter outlines the syntax and usage of various important special functions and variables.

Chapter 9, CFEngine Best Practices: In organizations, people work in teams and hence more than one associate may be working on the CFEngine framework at any point in time. There are some 'best practices' to be followed in order to ensure that promises are written methodically, can be easily deciphered by other team members, and that they are crisp and optimal. The chapter includes a few basic considerations for writing promises and general do's and don'ts. The chapter also explains the implementation of a version control system for the promises files.

Appendix A, CFEngine Cloud Pack—Orion: The CFEngine Orion Cloud Pack is the latest offering from CFEngine which may be used to configure and maintain instances in the cloud. The chapter deals with the basic contents of the Orion Cloud Pack and a few handy hacks. It also lists a few advantages of using the Orion Cloud Pack with the enterprise CFEngine Nova.

Appendix B, Important Control Promises: The appendix describes the syntax of various CFEngine control promises. The syntax is followed by a simple example which shows the usage of the control promise. In this way, the chapter is handy when one is looking for specific promises to be used for a task or in a workflow.

Appendix C, Important Functions and Variables: CFEngine is a framework and provides inbuilt functions and variables for specific tasks. This chapter gives you an insight to these special functions and variables. The description of these special functions and variables is followed by simple examples showing their usage.

Appendix D, Functions by Usage: This appendix lists important functions by their usage. It includes functions which read strings, files, environments, classes and data. In addition, the chapter also lists functions which compare variables. These functions are frequently used while writing promises.

Who this book is for

If you are a System Administrator or Configuration Manager with a growing infrastructure and if you are looking for a dependable tool to manage your infrastructure, then this book is for you. If your infrastructure is already large with hundreds and thousands of nodes and you are looking for a secure, versatile and stable configuration management tool, you will still find this book handy. You don't need any prior experience with CFEngine to follow this book.

Conventions

In this book, you will find several headings appearing frequently.

To give clear instructions of how to complete a procedure or task, we use:

Time for action - heading

Instructions often need some extra explanation so that they make sense, so they are followed with.

What just happened?

This heading explains the working of tasks or instructions that you have just completed.

You will also find some other learning aids in the book, including:

Pop quiz - heading

These are short multiple choice questions intended to help you test your own understanding.

Have a go hero - heading

These set practical challenges and give you ideas for experimenting with what you have learned.

You will also find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.

Code words in text are shown as follows: "We can include other contexts through the use of the include directive."

A block of code is set as follows:

body server control {
skipverify => { "172.16.3.*" };
allowconnects => { "172.16.3.*" };
allowallconnects => { "172.16.3.*" };
logallconnections => "true";
bindtointerface => "172.16.3.113";
cfruncommand => "$(sys.workdir)/bin/cf-agent";
allowusers => { "root" };
}

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

body server control {
skipverify => { "172.16.3.*" };
allowconnects => { "172.16.3.*" };
allowallconnects => { "172.16.3.*" };
logallconnections => "true";
bindtointerface => "172.16.3.113";
cfruncommand => "$(sys.workdir)/bin/cf-agent";
allowusers => { "root" };
}

Any command-line input or output is written as follows:

root@my1.system.com# /usr/local/sbin/cf-key

New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "clicking the Next button moves you to the next screen".

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.

To send us general feedback, simply send an e-mail to feedback@packtpub.com, and mention the book title via the subject of your message.

If there is a book that you need and would like to see us publish, please send us a note in the SUGGEST A TITLE form on www.packtpub.com or e-mail suggest@packtpub.com.

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Downloading the example code

You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Errata

Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/support, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.

Piracy

Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.

Please contact us at copyright@packtpub.com with a link to the suspected pirated material.

We appreciate your help in protecting our authors, and our ability to bring you valuable content.

Questions

You can contact us at questions@packtpub.com if you are having a problem with any aspect of the book, and we will do our best to address it.