CFEngine standalone

48 views
Skip to first unread message

Arne Hoffmann

unread,
Sep 4, 2017, 10:01:37 AM9/4/17
to help-cfengine
Hello,

I'm new to CFEngine (and this list) and have never professionally worked
with it (though have some experience with puppet). Recently I seriously
started to get into CFEngine: read Zamboni's book and online documentation
and started to write some policies in test environments. And I will probably
bother you with a lot of questions in the coming weeks or months ...

I'm mostly a Linux user, but have some systems that are running illumos
(SmartOS/OmniOSce). And in the future there might be a FreeBSD in the mix.

For now I am using CFEngine community edition 3.7.


First question: what is the *proper* way to run CFEngine standalone (no
server, but continuously running)?

1) Put policies in '/var/cfengine/masterfiles/' and bootstrap the host
against itself?

2) Put policies in '/var/cfengine/inputs/' and disable download of new
policies from any server?

3) Make policies 'executeable' (with #!/var/cfengine/bin/cf-agent in the
first line) and run them from cron?



I think it's probably not 3). But input from more experienced users would be
really appreciated.



Best regards,
Arne Hoffmann

Marco Marongiu

unread,
Sep 4, 2017, 10:09:51 AM9/4/17
to help-c...@googlegroups.com
In my "personal configuration management" I am doing something like this:

On 04/09/17 16:01, Arne Hoffmann wrote:
> 2) Put policies in '/var/cfengine/inputs/' and disable download of new
> policies from any server?

If you are not worried about customizing a makefile to your needs, you
may (or may not...) find this useful:

https://github.com/brontolinux/cf-deploy

Ciao!
-- bronto

Aleksey Tsalolikhin

unread,
Sep 4, 2017, 9:08:49 PM9/4/17
to help-cfengine
See also Neil's comments in https://groups.google.com/forum/m/#!topic/help-cfengine/tSQCC6YISOU and Brian Bennett's in https://groups.google.com/forum/m/#!topic/help-cfengine/t8wfMN7NRek

I used to run CFEngine standalone in a smaller environment (<50 hosts), each host with a cron job updating inputs from git. No policy server.

I couldn't imagine living without Enterprise now.


--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengine+unsubscribe@googlegroups.com.
To post to this group, send email to help-c...@googlegroups.com.
Visit this group at https://groups.google.com/group/help-cfengine.
For more options, visit https://groups.google.com/d/optout.

Nick Anderson

unread,
Sep 6, 2017, 5:14:28 PM9/6/17
to help-cfengine, ahof...@primervoto.de
Hi Arne,

Welcome to CFEngine.

I would say if you aren't going to have a "hub" where your policy is published from and you want each host to be managed individually, I would just update the policy in /var/cfengine/inputs on each host.

However, I would encourage you to put your policy into a git repository and have a hub that automatically publishes the latest version from the repository. You can use this tooling to assist with automatic policy publishing: https://github.com/cfengine/core/tree/master/contrib/masterfiles-stage

If your using it on less than 25 hosts you can use Enterprise for free.

Sean Johnson

unread,
Sep 6, 2017, 6:13:17 PM9/6/17
to help-cfengine
Just throwing my 2c onto the table. :)

Since the CFEngine server is not much more than a file server, it's incredibly lightweight, so running without one doesn't seem to provide a lot of benefit, especially since it means some other mechanism has to setup on all clients in its absence. 

If you're using the community edition, something as lightweight as a Raspberry Pi can easily support a "personal configuration environment". It's still a good idea to have the masterfiles be in a git repository, but if you have a server instance, then you only have to handle the updates on a single system, via a cron job or just a manual git pull if you're not updating very often. 

To Aleksey's point, if you're in a "home lab" style environment, definitely consider using the Enterprise version. I have a smallish VMware cluster of Intel NUCs, and run Enterprise as a VM for the rest of the environment. Also, just because you're running Enterprise doesn't mean you can't use community clients. In my case, I have a small pile of Raspberry Pi systems, and since there isn't an Enterprise client for ARM ( by the way, if an Enterprise ARM build existed, that would really cool ), I just run the community version on them, point them at the Enterprise VM for their policy server, and all is well. 

And in the case where I'm just running CFEngine on a single machine, I _still_ prefer to run a server. For example, a couple jobs ago I used CFEngine for an HPC cluster. To work out new policy, I would fire up a VM, install CFEngine, clone the masterfiles, bootstrap the system to itself, and roll from there. If I wanted to have it be a little more of a test environment, it was just a matter of firing up one or more VMs, and pointing them at the already running VM for their policy server. 

;tldr The policy server piece of CFEngine is extremely lightweight. It's nowhere close to the headache involved in standing up a Puppet Master for a home lab  style environment. :) 

Cheers,

sean

--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages