CFEngine

Palo Alto, CA, USA
2008
  |  By Nick Anderson
Did you know you can find variables by name and tag? Like the ability to find currently defined classes (as described in Feature Friday #13: classesmatching()) that match a name or tag, you can find variables by name and tag. It’s a nifty capability. variablesmatching() returns a list of variable names that match the name and tag criteria.1 variablesmatching_as_data() returns a data container of the matching variables along with their values2.
  |  By Nick Anderson
Did you know you can find classes by name and tag? classesmatching() dynamically sources information from the current state. For example, let’s say you have classes representing a system’s role. Furthermore, let’s say that we want a host to only have a single role class defined. Finally, if we have more than one role class defined, then we don’t want to proceed.
  |  By Craig Comstock
Whether you are migrating from Ansible to CFEngine to gain some of the benefits of scale or autonomy or just need some functionality in an Ansible module, the ansible promise type can be a great tool to utilize. It also provides a compelling alternative to ansible-pull and works around some of the caveats included with that strategy. CFEngine has battle-tested features needed for the pull architecture.
  |  By Nick Anderson
Are you familiar with CFEngines special variables? Probably you are familiar with sys variables like sys.fqhost (the fully qualified host name) and sys.policy_hub (the IP address of the machine the host is bootstrapped to) but I want to highlight a few other special variables you may not be so familiar with.
  |  By Nick Anderson
Did you know that CFEngine has namespaces? Let’s see how they can facilitate policy sharing while avoiding “duplicate definitions of bundle” errors. Most of the Masterfiles Policy Framework (MPF) and policy examples for CFEngine use the default namespace. However, body file control allows you to specify a namespace that applies for the rest of the file or until it’s set again by another body file control.
  |  By Nick Anderson
Found a bug, asking for help? Use cf-support to collect info quickly. cf-support was born from interactions supporting Enterprise customers to streamline data collection and was introduced in late 2022 with the release of 3.18.31 and 3.21.02. Furthermore, it was featured on The Agent is In3 episode 21 Troubleshooting with cf-support. It gathers various details about the system and creates an archive that you can attach to your ticket.
  |  By Vratislav Podzimek
Editing and copying large files or large numbers of files is slow. For a configuration management tool, it is probably one of the slowest things we do, apart from waiting for other programs to finish or waiting for network communication. In this blog post, we look at how to copy files. More specifically, the most performant approaches available on modern Linux systems. We are working on implementing these techniques so CFEngine and all your policy will copy files more efficiently.
  |  By Nick Anderson
Did you know you can include one policy file from another? Traditionally you specify the files you want to make up a policy set using inputs in body common control found in your policy entry (promises.cf by default). body file control lets you specify additional inputs from any file that’s included in the policy and those files can include other files. Let’s check out a contrived example.
  |  By Craig Comstock
Two modules are available for this task: allow-all-hosts and allow-hosts. The first module, allow-all-hosts, configures the most open situation which is to accept hosts from anywhere. This is only recommended in network restricted environments such as a local machine’s virtual machine network or other such closed down situations.
  |  By Nick Anderson
Ever want to run just a one or a few select bundles from your policy? While developing policy it’s common to run cf-agent -KI so that you can quickly iterate on changes and the run the policy without locks. But if you are focused on select bundles you may not need the full policy to run, you can use the --bundlesequence option to specify one or more bundles overriding the bundlesequence defined in body common control. Let’s check out an example using the Masterfiles Policy Framework (MPF).
  |  By CFEngine
"CFEngine: The agent is in" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.
  |  By CFEngine
"CFEngine: The agent is in" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.
  |  By CFEngine
"CFEngine: The agent is in" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.
  |  By CFEngine
"CFEngine: The Agent Is In" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.
  |  By CFEngine
"CFEngine: The Agent Is In" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.
  |  By CFEngine
"CFEngine: The Agent Is In" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine. To register for the next webinar, click here.
  |  By CFEngine
"CFEngine: The Agent Is In" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.
  |  By CFEngine
"CFEngine: The Agent Is In" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.
  |  By CFEngine
"CFEngine: The Agent Is In" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.
  |  By CFEngine
"CFEngine: The Agent Is In" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.

CFEngine®, Inc., a pioneer in IT Automation at Web-scale, enables organizations to become more agile and thrive in the Cloud Era by radically simplifying, automating and transforming the way they build, deliver and consume IT infrastructure and applications.

With CFEngine, some of the largest IT organizations provision resources and deploy new applications orders of magnitude faster, while ensuring continuous availability, security and compliance in large-scale, very dynamic and highly complex environments.

Automate large-scale, complex and mission critical IT infrastructure.

  • Speed: Written in C. The leanest and fastest solution in the industry with execution time less than 1 second.
  • Security: The open source configuration solution with the best security record.
  • Stability: The most mature solution in the industry, conducting hundreds of billions of compliance checks in large-scale production environments.
  • Scalability: Deploy a model-based configuration change across 50,000 servers in 5 minutes.

CFEngine has users in more than 100 countries, including many of the world’s largest financial organizations such as JPMC, as well as companies like LinkedIn, Chevron, DirecTV, Locaweb, and Deutsche Telekom.