CFEngine on Windows

[Aleksey Tsalolikhin]

Hi,

I just wanted to share my first experience with trying to get CFEngine to do stuff on Windows at a recent CFEngine training.   (CFEngine Enterprise 3.7.2 on Windows Server 2012 SP 2.)

We were able to use CFEngine to:

1. Change the Windows logon screen by editing the registry

2. Install Nimsoft (monitoring tool) by using "commands" promise to install the MSI using msiexec.exe

3. Configure Nimsoft using a "files" promise

4. Restart Nimsoft to load the new config by using a "services" promises ("services restart/reload" doesn't work but "stop" and "start" does).

One of the Windows admins in the room said, between being able to edit the registry and run PowerShell commands, I can do everything I need!

We were NOT able to get an inventory of installed software and versions (that would have been useful).  The agent had no data. The data on the hardware was incomplete too (like CPU information).

Still, it's enough functionality to start automating manual workflows such as installing and configuring Nimsoft! :)

--

Aleksey Tsalolikhin

CFEngine Training & Consulting

www.VerticalSysadmin.com

+1-323-393-0779

[Paulus Smit]

Hi,

 

We (Bas van der Vlies and I) are also busy with the management of Windows workstations (version 7 and 10) and Windows servers (version 2008 and 2012).

 

- Installation of all the software (on the workstations). (After the OS with a WDS server)  

- Registry settings

- controlling services

- Starting up: setting the rights on the workstations. 

- Made some PowerShell scripts to create jobs in the scheduler to repair cfengine when the directory's get messed up.

 

Paulus | Kantoorautomatisering | SURFsara | Science Park 140 | 1098 XG Amsterdam | T (+31)(0)6 51589766 | www.surfsara.nl |

---

Van: "Aleksey Tsalolikhin" <ale...@verticalsysadmin.com>
Aan: "help-cfengine" <help-c...@googlegroups.com>
Verzonden: Dinsdag 2 februari 2016 00:35:40
Onderwerp: [help-cfengine] CFEngine on Windows

--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.
To post to this group, send email to help-c...@googlegroups.com.
Visit this group at https://groups.google.com/group/help-cfengine.
For more options, visit https://groups.google.com/d/optout.

[Nicolas Charles]

Hi,

We are also managing Windows systems (with Rudder).

We have actually trouble with software installation using packages promises type (the detection of install software doesn't work always as expected, as their versionning), but we manage the registry, the services and Windows features, run scripts, manages files (content and/or rights)

Nicolas

-- 
Nicolas CHARLES

[Alex Georgopoulos]

Funny this post happened.  I have a need for configuration management on windows as well.  I started down the road of CFEngine but had no budget for Enterprise and found compiling under cygwin too cumbersome.   It made the deployment of CFEngine itself a pain.  I ultimately had to choose a different product because of this.  Thoughts on windows community packages?    

[Natxo Asenjo]

On Fri, Feb 5, 2016 at 9:15 PM, Alex Georgopoulos <ageo...@gmail.com> wrote:

Funny this post happened.  I have a need for configuration management on windows as well.  I started down the road of CFEngine but had no budget for Enterprise and found compiling under cygwin too cumbersome.   It made the deployment of CFEngine itself a pain.  I ultimately had to choose a different product because of this.  Thoughts on windows community packages?    

yeah, a community version for cfengine in Windows would be awesome. Puppetlabs and Chef both provide free msi packages ...

--

regards,

natxo

 

[Alex Georgopoulos]

ansible and salt are also free on Windows as well.  Basically CFEngine is the odd man out here with regards to easy to install free packages.

[Bas van der Vlies]

The windows msi can be downloaded at:

https://cfengine.com/product/cfengine-enterprise-free-25/

The windows package is a client only package and can not act as policy hub. 

--

Bas van der Vlies

--

[Natxo Asenjo]

On Sat, Feb 6, 2016 at 11:02 AM, Bas van der Vlies <bas.van...@surfsara.nl> wrote:

The windows msi can be downloaded at:

https://cfengine.com/product/cfengine-enterprise-free-25/

The windows package is a client only package and can not act as policy hub. 

nice! Can you use that in more than 25 clients?

--

regards,

natxo

[Aleksey Tsalolikhin]

The 25 clients license is a hub-side restriction, so if you are running a Community hub, there's no restriction on how many Windows Enterprise clients you can run.

--

[Alex Georgopoulos]

That's great but it's not very clear that one can do that.  Somebody doing some basic research would come to the conclusion that you need to pay for windows.  

[Neil Watson]

Indeed, that's what I thought.

On Mon, Feb 08, 2016 at 10:47:50AM -0800, Alex Georgopoulos wrote:
>
>
> That's great but it's not very clear that one can do that.  Somebody
> doing some basic research would come to the conclusion that you need to
> pay for windows.  
>
> On Saturday, February 6, 2016 at 7:17:27 AM UTC-8, Aleksey Tsalolikhin
> wrote:
>
> The 25 clients license is a hub-side restriction, so if you are
> running a Community hub, there's no restriction on how many Windows
> Enterprise clients you can run.
>

> On Feb 6, 2016 5:57 AM, "Natxo Asenjo" <[1]natxo....@gmail.com> wrote:
>
> On Sat, Feb 6, 2016 at 11:02 AM, Bas van der Vlies
> <[2]bas.van...@surfsara.nl> wrote:
>
> The windows msi can be downloaded at:

> [3]https://cfengine.com/product/cfengine-enterprise-free-25/

> The windows package is a client only package and can not act as
> policy hub. 
>
> nice! Can you use that in more than 25 clients?
>
> --
> regards,
> natxo
>
> --
> You received this message because you are subscribed to the Google
> Groups "help-cfengine" group.
> To unsubscribe from this group and stop receiving emails from it,

> send an email to [4]help-cfengin...@googlegroups.com.
> To post to this group, send email to [5]help-c...@googlegroups.com.
> Visit this group at
> [6]https://groups.google.com/group/help-cfengine.
> For more options, visit [7]https://groups.google.com/d/optout.

>
> --
> You received this message because you are subscribed to the Google
> Groups "help-cfengine" group.
> To unsubscribe from this group and stop receiving emails from it, send

> an email to [8]help-cfengin...@googlegroups.com.
> To post to this group, send email to [9]help-c...@googlegroups.com.
> Visit this group at [10]https://groups.google.com/group/help-cfengine.
> For more options, visit [11]https://groups.google.com/d/optout.
>
>References
>
> Visible links
> 1. javascript:
> 2. javascript:
> 3. https://cfengine.com/product/cfengine-enterprise-free-25/
> 4. javascript:
> 5. javascript:
> 6. https://groups.google.com/group/help-cfengine
> 7. https://groups.google.com/d/optout
> 8. mailto:help-cfengin...@googlegroups.com
> 9. mailto:help-c...@googlegroups.com
> 10. https://groups.google.com/group/help-cfengine
> 11. https://groups.google.com/d/optout
>ELinks: No such file or directory


--
Neil H Watson
Sr. Partner, Architecture and Infrastructure
CFEngine reporting: https://github.com/evolvethinking/delta_reporting
CFEngine policy: https://github.com/evolvethinking/evolve_cfengine_freelib
CFEngine and vim: https://github.com/neilhwatson/vim_cf3
CFEngine support: http://evolvethinking.com

[Aleksey Tsalolikhin]

I don't represent CFEngine AS.  I just know how licensing works at the technology level and it's a hub-side restriction.  There may be legal reasons one can't run > 25 Enterprise clients (such as, you didn't pay for the license).    In fact (after a quick check), there are! 

https://cfengine.com/terms/ states:

If you use the free 25 agents available under CFEngine 3 Enterprise software, you accept the terms and conditions of the End User License Agreement (“EULA”) (www.cfengine.com/enterprise/eula).

https://cfengine.com/product/enterprise/eula/ states:

Agents. Pursuant to the terms and conditions of this agreement, with respect to CFEngine 3 Enterprise software, Customer may download and install, without charge, 25 Agents on its computers. If Customer would like to add additional agents, the Customer must purchase additional agents under the terms of CFEngine’s Master Software License Agreement (“MSLA”). The MSLA can be reviewed here: http://cfengine.com/enterprise/msla. “Agent” means each agent of the Software installed on a physical or virtual computer (server or client) of Customer.

To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.
To post to this group, send email to help-c...@googlegroups.com.
Visit this group at https://groups.google.com/group/help-cfengine.
For more options, visit https://groups.google.com/d/optout.

[Nick Anderson]

The hashing difference between the Enterprise and community agents makes for some annoying limitations when mixing them. I believe you can't use remote copy with hashes, have to do binary comparison.

And I think that using enterprise agents without a license is kind of against the spirit of offering free access to them.

Sent from my mobile device.

[Aleksey Tsalolikhin]

Mea culpa, mea maximua culpa.  Thanks for offering free access to the Enterprise edition and for your trust.  I later set the record straight -- we definitely need a license to use more than 25 agents.