CFEngine 3 Beginner’s Guide
|Also available on:|
- The first and only book dedicated to the Cfengine framework.
- Detailed instructions on installing, configuring, and setting up Cfengine and using it to build, secure and monitor your infrastructure.
- Real world projects and tasks straight from the data centre. Monitoring, logging and reporting explained with easy-to-understand examples.
- Covers all Cfengine commands, promises, variables, functions and best practices.
Book DetailsLanguage : English
Paperback : 336 pages [ 235mm x 191mm ]
Release Date : October 2011
ISBN : 1849514984
ISBN 13 : 9781849514989
Author(s) : Rajneesh
Topics and Technologies : All Books, Application Development, Beginner's Guides, Open Source
Table of ContentsPreface
Chapter 1: Getting Started with CFEngine
Chapter 2: Configuring Systems with CFEngine
Chapter 3: System Audit with CFEngine
Chapter 4: Scheduling Tasks with CFEngine
Chapter 5: Security Audit with CFEngine
Chapter 6: Logging and Reporting with CFEngine
Chapter 7: Workflows
Chapter 8: Advanced Functions and Variables
Chapter 9: CFEngine Best Practices
Appendix A: CFEngine Cloud Pack—Orion
Appendix B: Important Control Promises
Appendix C: Important Functions and Variables
Appendix D: Functions by Usage
Appendix E: Pop quiz Answers
- Chapter 1: Getting Started with CFEngine
- Why CFEngine?
- Installing CFEngine
- Testing the installation
- CFEngine environment
- Time for action – listing open ports and associated services
- Time for action – creating a file under your home directory
- Time for action – deleting log files
- Chapter 2: Configuring Systems with CFEngine
- How do CFEngine components communicate?
- Setting up a policy server
- Connecting to a CFEngine server
- Time for action – taking file backups
- System configuration
- Configuring users and groups
- Time for action – user and group configuration
- Time for action – setting up a web service
- Time for action – setting up a database service
- Time for action – mounting a NFS volume
- Time for action – setting up a network interface
- Time for action – adding a jailed user to a system
- Chapter 3: System Audit with CFEngine
- Control promises
- Agent control promises
- Time for action – file and directory permissions audit
- Time for action – user and group audit
- Server control promises
- Time for action – log rotation using CFEngine
- Access control using CFEngine
- OSSEC and CFEngine—a robust security system
- Time for action – installing OSSEC
- Making changes to configuration files on the basis of alerts generated by OSSEC
- Time for action – auditing the system with CFEngine and OSSEC
- Chapter 4: Scheduling Tasks with CFEngine
- Monitor control promises
- Runagent control promises
- Executor control promises
- Reporter control promises
- Time for action – monitoring a web server
- Time for action – generating an average load report for a host
- Scheduling tasks with CFEngine
- Building flexible time classes
- Defining a sequence of jobs
- Logging execution of promises
- Triggering a schedule
- Defining a calendar using CFEngine
- Iterations in CFEngine
- Time for action – disk housekeeping
- Time for action – restarting a process that's not running
- Reading log files
- Distributed scheduling
- Chapter 5: Security Audit with CFEngine
- Configuring and auditing access controls
- Time for action – managing access control with TCP wrapper
- Time for action – auditing SSHD log files for break-in attempts
- Configuring a firewall
- Time for action – managing iptables with CFEngine
- Auditing the file system
- Time for action – looking out for suspicious file names
- Time for action – verifying the sudoers file
- Agent control promise – auditing
- Time for action – finding a file with setuid and setgid
- System state
- Time for action – auditing Apache logs
- Auditing with CFEngine Nova
- Chapter 6: Logging and Reporting with CFEngine
- State information
- Time for action – generating custom reports
- Chapter 7: Workflows
- Menu driven configuration
- How to select from menus
- Content driven configuration
- CFEngine templates
- Time for action – distributing a MySQL configuration file using template expansion
- Knowledge management
- Time for action – topic map for services
- CFEngine and ITIL
- Database management
- CFEngine Nova—an introduction
- Chapter 8: Advanced Functions and Variables
- CFEngine special functions
- Time for action – setting system variables
- Functions that work on or with regular expressions
- Time for action – getting a list of servers that are up and running on the network
- Functions that return string
- Time for action – concatenating individual objects using a given conjunction
- Functions that fill arrays
- Time for action – configuring Apache virtual hosts from a list of domains in a file
- CFEngine special variables
- Variable context mon
- Time for action – logging information in case the system's load average is above the threshold
- Variable context match
- Time for action – comment matching lines
- Chapter 9: CFEngine Best Practices
- Basic considerations while writing CFEngine promises
- General do's and don'ts while writing policies
- Policy changes
- Version control for policy files
- Delegation of responsibility
- Appendix A: CFEngine Cloud Pack—Orion
- The Orion Cloud Pack's contents
- The Orion Cloud Pack hacks
- Advantages of running Orion Cloud Pack on CFEngine Nova
- Appendix B: Important Control Promises
- Common control promises
- Agent control promises
- Server Control promises
- Appendix D: Functions by Usage
- Functions for capturing the environment
- Functions that read files
- Functions that look at attributes of the file
- Functions that read classes
- Functions that read from the network
- Functions that compare variables
- Functions that read data from remote CFEngine
- Function that read strings
- Functions that read LDAP data
- Appendix E: Pop quiz Answers
- Chapter 1, Getting Started with CFEngine
- Chapter 2, Configuring Systems with CFEngine
- Chapter 3, System Audit with CFEngine
- Chapter 4, Scheduling Tasks with CFEngine
- Chapter 5, Security Audit with CFEngine
- Chapter 6, Logging and Reporting with CFEngine
- Chapter 7, Workflows
- Chapter 8, Advanced Functions and Variables
- Chapter 9, CFEngine Best Practices
Download the code and support files for this book.
Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.
What you will learn from this book
- Install and configure the Cfengine environment including the server and clients. Understand the Cfengine policy decision flow.
- Build complete systems including laptops, desktops, servers, mainframes, etc. with minimal human intervention across multiple nodes.
- Conduct system audits and detect anomalies in the desired state of a system.
- Schedule various tasks from a centralized policy server and make changes to multiple systems' state by making those changes on a single centralized policy server.
- Syntax and usage of various controls; Cfengine provides relevant and easy to understand examples.
- Monitor services and system states from a centralized policy server.
- Write complex work flows to solve complex data centre issues.
- Use advanced functions and variables inbuilt in Cfengine.
- Implement best practices for effective change management and infrastructure management.
- Create and manage a knowledge base with an inbuilt knowledge management tool.
Cfengine is a compact automation framework primarily used to provide automated configuration and maintenance of laptops, desktops, servers, and mainframes. It is not a very complex framework, but certainly is extensive. There is too much to learn and it is hard to convey in a simple way what the software can do. That is where this book steps in and saves your day.
Cfengine 3 Beginner's Guide is the first and only book dedicated to Cfengine. It dives deep into using the framework's 'promise' language to solve complex data center problems. Find all the details you’ll need about using the advanced functions and variables, with easy-to-understand examples. The book also covers complex work flows that showcase the framework’s possibilities.
This book starts off with step-by-step instructions for installing and configuring the Cfengine server and clients, and moves on to configuring systems using Cfengine scripts. The author then walks you through the policy decision flow, conducting system and security audits.
This is followed by detailed discussions, through various examples, on how you can use Cfengine to configure systems, users, networks, databases, web servers et al. Adding to this, the book also provides a list of best practices, Cfengine policy decision flow, and how you may use the Cfengine Orion Cloud pack. By the end of the book you should be able to write policies for automating your complex data centre tasks.
Automate your Builds, Deployments, Management, and Audits with one efficient, dependable and versatile Cfengine framework.
Part of Packt’s Beginner’s Guide series, this book guides you through setting up Cfengine to maximizing its potential. This book focuses on getting you through all the major learning points in a smooth, logical order. You'll also learn how to avoid some common pitfalls.
Who this book is for
If you are a System Administrator or Configuration manager with a growing infrastructure and if you are looking for a dependable tool to manage your infrastructure, then this book is for you. If your infrastructure is already big with hundreds and thousands of nodes and you are looking for a secure, versatile and stable configuration management tool, you will still find this book handy. You don’t need any prior experience of Cfengine to follow this book.