CFEngine 3 Beginner’s Guide

A step-by-step guide to setting up Cfengine and fully automating the configuration and management of your laptop, desktop, server, or mainframe.

CFEngine 3 Beginner’s Guide

Beginner's Guide
Rajneesh

A step-by-step guide to setting up Cfengine and fully automating the configuration and management of your laptop, desktop, server, or mainframe.
$10.00
$44.99
RRP $26.99
RRP $44.99
eBook
Print + eBook
$12.99 p/month

Get Access

Get Unlimited Access to every Packt eBook and Video course

Enjoy full and instant access to over 3000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.

+ Collection
Free Sample

Book Details

ISBN 139781849514989
Paperback336 pages

About This Book

  • The first and only book dedicated to the Cfengine framework.
  • Detailed instructions on installing, configuring, and setting up Cfengine and using it to build, secure and monitor your infrastructure.
  • Real world projects and tasks straight from the data centre. Monitoring, logging and reporting explained with easy-to-understand examples.
  • Covers all Cfengine commands, promises, variables, functions and best practices.

Who This Book Is For

If you are a System Administrator or Configuration manager with a growing infrastructure and if you are looking for a dependable tool to manage your infrastructure, then this book is for you. If your infrastructure is already big with hundreds and thousands of nodes and you are looking for a secure, versatile and stable configuration management tool, you will still find this book handy. You don’t need any prior experience of Cfengine to follow this book.

Table of Contents

Chapter 1: Getting Started with CFEngine
Why CFEngine?
Installing CFEngine
Time for action – listing open ports and associated services
Time for action – creating a file under your home directory
Time for action – deleting log files
Summary
Chapter 2: Configuring Systems with CFEngine
How do CFEngine components communicate?
Setting up a policy server
Time for action – taking file backups
System configuration
Time for action – user and group configuration
Time for action – setting up a web service
Time for action – setting up a database service
Time for action – mounting a NFS volume
Time for action – setting up a network interface
Time for action – adding a jailed user to a system
Chapter 3: System Audit with CFEngine
Classes
Control promises
Time for action – file and directory permissions audit
Time for action – user and group audit
Server control promises
Time for action – log rotation using CFEngine
Access control using CFEngine
Time for action – installing OSSEC
Time for action – auditing the system with CFEngine and OSSEC
Summary
Chapter 4: Scheduling Tasks with CFEngine
Monitor control promises
Runagent control promises
Executor control promises
Reporter control promises
Time for action – monitoring a web server
Chapter 5: Security Audit with CFEngine
Configuring and auditing access controls
Time for action – managing access control with TCP wrapper
Time for action – auditing SSHD log files for break-in attempts
Time for action – managing iptables with CFEngine
Auditing the file system
Time for action – looking out for suspicious file names
Time for action – verifying the sudoers file
Time for action – finding a file with setuid and setgid
Time for action – auditing Apache logs
Summary
Chapter 6: Logging and Reporting with CFEngine
State information
Time for action – generating custom reports
Summary
Chapter 7: Workflows
Menu driven configuration
Content driven configuration
CFEngine templates
Time for action – distributing a MySQL configuration file using template expansion
Knowledge management
Time for action – topic map for services
Compliance
CFEngine and ITIL
CFEngine Nova—an introduction
Summary
Chapter 8: Advanced Functions and Variables
CFEngine special functions
Time for action – setting system variables
Functions that work on or with regular expressions
Time for action – getting a list of servers that are up and running on the network
Functions that return string
Time for action – concatenating individual objects using a given conjunction
Functions that fill arrays
Time for action – configuring Apache virtual hosts from a list of domains in a file
CFEngine special variables
Variable context mon
Time for action – logging information in case the system's load average is above the threshold
Variable context match
Time for action – comment matching lines
Summary
Chapter 9: CFEngine Best Practices
Basic considerations while writing CFEngine promises
General do's and don'ts while writing policies
Policy changes
Version control for policy files
Delegation of responsibility
Summary

What You Will Learn

  • Install and configure the Cfengine environment including the server and clients. Understand the Cfengine policy decision flow.
  • Build complete systems including laptops, desktops, servers, mainframes, etc. with minimal human intervention across multiple nodes.
  • Conduct system audits and detect anomalies in the desired state of a system.
  • Schedule various tasks from a centralized policy server and make changes to multiple systems' state by making those changes on a single centralized policy server.
  • Syntax and usage of various controls; Cfengine provides relevant and easy to understand examples.
  • Monitor services and system states from a centralized policy server.
  • Write complex work flows to solve complex data centre issues.
  • Use advanced functions and variables inbuilt in Cfengine.
  • Implement best practices for effective change management and infrastructure management.
  • Create and manage a knowledge base with an inbuilt knowledge management tool.

In Detail

Cfengine is a compact automation framework primarily used to provide automated configuration and maintenance of laptops, desktops, servers, and mainframes. It is not a very complex framework, but certainly is extensive. There is too much to learn and it is hard to convey in a simple way what the software can do. That is where this book steps in and saves your day.

Cfengine 3 Beginner's Guide is the first and only book dedicated to Cfengine. It dives deep into using the framework's 'promise' language to solve complex data center problems. Find all the details you’ll need about using the advanced functions and variables, with easy-to-understand examples. The book also covers complex work flows that showcase the framework’s possibilities.

This book starts off with step-by-step instructions for installing and configuring the Cfengine server and clients, and moves on to configuring systems using Cfengine scripts. The author then walks you through the policy decision flow, conducting system and security audits.

This is followed by detailed discussions, through various examples, on how you can use Cfengine to configure systems, users, networks, databases, web servers et al. Adding to this, the book also provides a list of best practices, Cfengine policy decision flow, and how you may use the Cfengine Orion Cloud pack. By the end of the book you should be able to write policies for automating your complex data centre tasks.

Authors

Table of Contents

Chapter 1: Getting Started with CFEngine
Why CFEngine?
Installing CFEngine
Time for action – listing open ports and associated services
Time for action – creating a file under your home directory
Time for action – deleting log files
Summary
Chapter 2: Configuring Systems with CFEngine
How do CFEngine components communicate?
Setting up a policy server
Time for action – taking file backups
System configuration
Time for action – user and group configuration
Time for action – setting up a web service
Time for action – setting up a database service
Time for action – mounting a NFS volume
Time for action – setting up a network interface
Time for action – adding a jailed user to a system
Chapter 3: System Audit with CFEngine
Classes
Control promises
Time for action – file and directory permissions audit
Time for action – user and group audit
Server control promises
Time for action – log rotation using CFEngine
Access control using CFEngine
Time for action – installing OSSEC
Time for action – auditing the system with CFEngine and OSSEC
Summary
Chapter 4: Scheduling Tasks with CFEngine
Monitor control promises
Runagent control promises
Executor control promises
Reporter control promises
Time for action – monitoring a web server
Chapter 5: Security Audit with CFEngine
Configuring and auditing access controls
Time for action – managing access control with TCP wrapper
Time for action – auditing SSHD log files for break-in attempts
Time for action – managing iptables with CFEngine
Auditing the file system
Time for action – looking out for suspicious file names
Time for action – verifying the sudoers file
Time for action – finding a file with setuid and setgid
Time for action – auditing Apache logs
Summary
Chapter 6: Logging and Reporting with CFEngine
State information
Time for action – generating custom reports
Summary
Chapter 7: Workflows
Menu driven configuration
Content driven configuration
CFEngine templates
Time for action – distributing a MySQL configuration file using template expansion
Knowledge management
Time for action – topic map for services
Compliance
CFEngine and ITIL
CFEngine Nova—an introduction
Summary
Chapter 8: Advanced Functions and Variables
CFEngine special functions
Time for action – setting system variables
Functions that work on or with regular expressions
Time for action – getting a list of servers that are up and running on the network
Functions that return string
Time for action – concatenating individual objects using a given conjunction
Functions that fill arrays
Time for action – configuring Apache virtual hosts from a list of domains in a file
CFEngine special variables
Variable context mon
Time for action – logging information in case the system's load average is above the threshold
Variable context match
Time for action – comment matching lines
Summary
Chapter 9: CFEngine Best Practices
Basic considerations while writing CFEngine promises
General do's and don'ts while writing policies
Policy changes
Version control for policy files
Delegation of responsibility
Summary

Book Details

ISBN 139781849514989
Paperback336 pages
Read More

Recommended for You