CFEngine

Palo Alto, CA, USA
2008
  |  By Nick Anderson
Do you enjoy escaping quotes inside strings? I sure don’t, and I really appreciate the flexibility CFEngine provides with 3 different quoting characters (", ', ` ). Let’s take a look. This came up in the post show discussion for The agent is in, episode 39.
  |  By Nick Anderson
CFEngine works by defining a desired state for a given context and converging towards that goal. Given there is no fixed starting point and that the current context might change wildly it can be challenging to succinctly answer the question “What would CFEngine do?”. In Feature Friday: Don’t fix, just warn we saw how an individual promise could be made to warn instead of trying to automatically converge towards the desired state, a granular --dry-run mode.
  |  By Nick Anderson
Implicit list iteration in CFEngine is quite a unique and novel feature. Today we look at a practice example showing how lists can improve the readability and maintainability of your policy. A novel feature in CFEngine is how a list variable is iterated when referenced as a scalar ($(variable)). Let’s take a look at a contrived example.
  |  By Nick Anderson
CFEngine build modules are great for quickly integrating 3rd party policy into your policy set. Module input (not to be confused with inputs in body common control or body file control which are the list of policy files to load) allows you to define values that apply for a particular module as it’s integrated into your policy set. Let’s take a look at a case of extending a module to support input.
  |  By Nick Anderson
Ever need to make a decision based on the version of something? The version_compare() function might be useful for you.1 Over time, software changes and features are added and removed. Sometimes, we need to make a decision based on versions. For example, the Include directive in ssh_config was introduced in OpenSSH 7.3.2 Let’s take a look at how we could possibly use it. This example illustrates the basic use of version_compare()
  |  By Nick Anderson
Looking for a tool to help you format your CFEngine policy? Have you heard of cffmt? You might recall that we had a chat with the author, Miek Gieben in The agent is in - Episode 24.1 In case you missed it, cffmt is a command line tool for formatting CFEngine policy files, like gofmt for.cf files.2 Let’s take a look. Consistent formatting can really ease reading of policy, but sometimes editors are configured differently and you can end up with inconsistently formatted policy.
  |  By Nick Anderson
Have you seen the new Groups feature in CFEngine Enterprise Mission Portal? It was first released in 3.23.0 and it’s part of the 3.24 LTS series released earlier this year, let’s check it out. Groups in Mission Portal can be based on any host reported data. They can be dynamic (hosts can come and go from a group) or they can be static and tied to specific hosts by hostname, mac address, IP or CFEngine’s public key.
  |  By Nick Anderson
Did you know CFEngine can self-organize hosts into different groups? Say you have a few hosts that you want to reboot once a month. You don’t care when, but you want the hosts to self-organize and pick a date. The select_class attribute for classes type promises might be what you’re looking for. Let’s take a look.
  |  By Nick Anderson
What’s the difference between an associative array and a data container in CFEngine? CFEngine has two ways in which structured data can be used, associative arrays (sometimes called classic arrays) and data containers. Let’s take a look at a simple data structure. Here we have two data structures, a_email an associative array and d_email a data container. The policy emits the JSON representation of each.
  |  By Nick Anderson
Ever need to do some math during policy evaluation? Sometimes configuration settings are based on available resources. For example, what if you want to calculate the size of shared buffers to be 25% of your available memory? Let’s write some policy. First, we need to figure out how much memory we have. Let’s parse this out from /proc/meminfo: So, we have 65505464 kB of memory in total. Knowing that we can use eval() to calculate what 25% is. eval() can also be used to test truthfulness.
  |  By CFEngine
"CFEngine: The agent is in" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.
  |  By CFEngine
"CFEngine: The agent is in" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.
  |  By CFEngine
"CFEngine: The agent is in" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.
  |  By CFEngine
"CFEngine: The agent is in" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.
  |  By CFEngine
"CFEngine: The agent is in" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.
  |  By CFEngine
"CFEngine: The agent is in" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.
  |  By CFEngine
"CFEngine: The agent is in" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.
  |  By CFEngine
"CFEngine: The agent is in" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.
  |  By CFEngine
"CFEngine: The agent is in" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.
  |  By CFEngine
"CFEngine: The Agent Is In" is our monthly webinar series, where we show new features, teach best practices, and keep the community informed about everything CFEngine.

CFEngine®, Inc., a pioneer in IT Automation at Web-scale, enables organizations to become more agile and thrive in the Cloud Era by radically simplifying, automating and transforming the way they build, deliver and consume IT infrastructure and applications.

With CFEngine, some of the largest IT organizations provision resources and deploy new applications orders of magnitude faster, while ensuring continuous availability, security and compliance in large-scale, very dynamic and highly complex environments.

Automate large-scale, complex and mission critical IT infrastructure.

  • Speed: Written in C. The leanest and fastest solution in the industry with execution time less than 1 second.
  • Security: The open source configuration solution with the best security record.
  • Stability: The most mature solution in the industry, conducting hundreds of billions of compliance checks in large-scale production environments.
  • Scalability: Deploy a model-based configuration change across 50,000 servers in 5 minutes.

CFEngine has users in more than 100 countries, including many of the world’s largest financial organizations such as JPMC, as well as companies like LinkedIn, Chevron, DirecTV, Locaweb, and Deutsche Telekom.