Taking a quick look at the configuration management system Cfengine 3

I have been working with Cfengine 2 for more than one and a half year now and decided to take a look at the new version: Cfengine 3.

What the hell is Cfengine?
Cfengine can be considered as a free management tool for servers and clients. With the help of an agent and configuration scripts, a system can be fully configured without editing any file manually. The agent does all the work and you only provide the necessary script once. Many data centers use Cfengine to take care of the configuration of thousands of servers. Having this in mind, it is easy to imagine that suddenly one single guy can actually administrate so many servers on his own.

What we will do 
Without any talking and diving into the materia, we will take a quick look at Cfengine 3. If you are interested in more details or a longer description about the tool please visit the official website.
Now access your Linux box and install the stuff. I use Linux Mint, that is why I assume you you apt for package management. Please note that the paths mentioned here are default paths in Debian and Ubuntu. They might differ if you are using another Linux distribution.

apt-get install cfengine3

Before we can get started, we need to copy a few files to the right place:

cp /usr/share/doc/cfengine3/examples/promises.cf /etc/cfengine3/
cp /usr/share/doc/cfengine3/examples/update.cf /etc/cfengine3/
cp /usr/share/doc/cfengine3/examples/failsafe.cf /etc/cfengine3/
cp /usr/share/doc/cfengine3/examples/site.cf /etc/cfengine3/
cp /usr/share/doc/cfengine3/examples/cfengine_stdlib.cf /etc/cfengine3/

These files are basic input files for Cfengine and are needed for basic operations.
If you want to edit /etc/cfengine/promises.cf with an editor of your choice and replace the default mail address with yours.

Having done that, we can “enable” Cfengine 3 by editing the file /etc/defaults/cfengine:

RUN_CFMONITORD=1
RUN_CFSERVERD=1
RUN_CFEXECD=1

Now let’s go!

/etc/init.d/cfengine3 start

When running ps aux and grepping for cf you should now see the following daemons:

• /usr/sbin/cf-monitord
• /usr/sbin/cf-serverd
• /usr/sbin/cf-execd

A very simple example for editing text files
Create the file /var/lib/cfengine3/inputs/example.cf and fill it with the following content:

body common control

{
any::

bundlesequence => {
editexample
};
}

bundle agent editexample

{
files:

"/etc/example"

edit_line => addline,
create => "true";
}

bundle edit_line addline

{
insert_lines:

"Test.";

}

Close and save the file.
Cfengine provides you with a tool to check the syntax of a .cf-script, so let’s use it:

cf-promises -f /var/lib/cfengine/inputs/example.cf

Ok, no errors, so let’s execute the script with the help of the Cfengine agent:

cf-agent -f /var/lib/cfengine3/inputs/example.cf

Now have a look at your file which was auto-created by the “create => “true”"-statement:

cat /etc/example
Test.

Woho!
You will realize that Cfengine created a backup of the original file before editing it (here: /etc/example.cf-before-edit).

Some final words
Of course this is a very simple example and only demonstrates a tiny part of Cfengine’s abilities! But you now should be able to get the idea behind Cfengine. Cfengine also allows connections over network, meaning that you can run a configuration server with “clients”. Furthermore Cfengine logs most of the stuff in the /var/log/ folder.

I hope you liked the short tour! Hopefully I will have the time and motivation to write more blog posts about Cfengine and show you some complex examples.

Update on 2012-05-07: Jon posted some feedback, I updated this blog post accordingly.

You can download the sample Cfengine3 script described in this post here: xenuser_org-001-simple_editing_files.cf