First steps with cfengine

This afternoon I started looking at cfengine. In very little time, I’ve already set up rules that can bring a system from pretty much cdebootstrap state up to a minimal production system in our environment. I’ve still got a little ways to go, but it’s already hacking on /etc/hosts, hosts.deny, sources.list, installing appropriate Debian packages for our systems, etc.

It’s come a long way since I last looked at it six years ago.

One thing I can’t figure out…

I have a /etc/bacula/bacula-fd.conf file that contains, among other things, this:

Director {
  Name = backup-dir
  Password = "foo"

Director {
  Name = backup-mon
  Password = "bar"
  Monitor = yes

I can’t figure out how to make cfengine delete just that second section. I tried this:

       BeginGroupIfLineMatching "  name = .+-mon"
         IncrementPointer "-1"
         DeleteToLineMatching "\}"
         DeleteNLines "1"

But it seems that the pointer is never actually being decremented, even when examined under verbose mode. That is, it leaves the leading “Director {” line in the file.

7 thoughts on “First steps with cfengine

  1. I would suggest taking a look at bcfg2 instead of cfengine. It takes a different approach to configuration management which (at least for us) really simplifies large-scale system management. It is portable, though we use it heavily on debian. (I am one of the primary developers of it)

    I would be interested to hear what you think of it.

  2. Based on my experience, I try to edit files as little as at all possible using cfengine as you very easily loose track of how changes are done.

    Instead, how I have chosen to do things is to simply have a configuration file per machine or machine type and copy in the correct file based on hostname or groups.

    If you want I can send you all my cfengine configs for inspiration.

    1. Peter, bcfg2 does just that. It doesn’t want you to edit your files, it provides a rather clean way to provide configuration files for your hosts. I’ve always thought that cfengine was bit of an overkill for such a simple task of configuration management.

      And could someone PLEASE fix things so that commenting works without cookies.

      1. Sami,

        I briefly browsed through the bcfg2 trac site, but didn’t find a feature to feature comparison with cfengine. Would you happen to have that somewhere else?

        One of the things I do with cfengine is to define group specific directory trees which are copied automatically without me having to edit config files. An example:

        I keep a structure like this:


        And all files found in there (incl subdirectories) are then copied on to all members of webservers.

        With bcfg2 it seems like I would have to create an awful lot of xml files to accomplish something similar. No?

        1. Bcfg2’s architecture is substantially different from cfengine. Cfengine is functionally a system administration domain specific language. The user writes programs that will (hopefully) result in the proper set of operations that will reconfigure clients. This difficulty with this approach is that the admin needs to write cfengine programs that will always result in the proper state for all current client states and all future client states that may occur. This isn’t a big deal when using simple cfengine constructs, but can get pretty hairy when doing complex things.

          With bcfg2, you describe the goal state for the client, and the bcfg2 client-side code takes care of determining the set of operations that will result in the goal state. This means that the user focuses on describing the configuration goals as opposed to the configuration process.

          Installing a particular configuration file consists of two steps: telling the server that a config file should be installed on a class of client machines, and describing the versions of that config file that exist across clients.

          It isn’t quite as onerous as it looks, and it is getting easier to do all of the time, particularly with the scripts Sami has been writing.

          Development-wise, I think that bcfg2 and cfengine are going in different directions. Mark Burgess is interested in autonomics and computer immunology issues. I am more interested in the social issues surrounding configuration management; ie, how large administrator teams can more effectively use tools. Or how better configuration state information can help administrators to understand and manage their environment. I personally think that configuration management tools should help administrators make better decisions about their environment, as opposed to just performing mechanical updates.

  3. Yesterday I posted about my first steps with cfengine. By the end of the day today, I had things far along that I can:

    cdebootstrap a directoryRun a special cfengine script to get the base files like /etc/fstab and /etc/hosts set upBring it up in Xen,

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.