You are previewing CFEngine 3 Beginner's Guide.
O'Reilly logo
CFEngine 3 Beginner's Guide

Book Description

A step-by-step guide to setting up Cfengine and fully automating the configuration and management of your laptop, desktop, server, or mainframe.

  • The first and only book dedicated to the Cfengine framework.

  • Detailed instructions on installing, configuring, and setting up Cfengine and using it to build, secure and monitor your infrastructure.

  • Real world projects and tasks straight from the data centre. Monitoring, logging and reporting explained with easy-to-understand examples.

  • Covers all Cfengine commands, promises, variables, functions and best practices.

  • In Detail

    Cfengine is a compact automation framework primarily used to provide automated configuration and maintenance of laptops, desktops, servers, and mainframes. It is not a very complex framework, but certainly is extensive. There is too much to learn and it is hard to convey in a simple way what the software can do. That is where this book steps in and saves your day.

    Cfengine 3 Beginner's Guide is the first and only book dedicated to Cfengine. It dives deep into using the framework's 'promise' language to solve complex data center problems. Find all the details you’ll need about using the advanced functions and variables, with easy-to-understand examples. The book also covers complex work flows that showcase the framework’s possibilities.

    This book starts off with step-by-step instructions for installing and configuring the Cfengine server and clients, and moves on to configuring systems using Cfengine scripts. The author then walks you through the policy decision flow, conducting system and security audits.

    This is followed by detailed discussions, through various examples, on how you can use Cfengine to configure systems, users, networks, databases, web servers et al. Adding to this, the book also provides a list of best practices, Cfengine policy decision flow, and how you may use the Cfengine Orion Cloud pack. By the end of the book you should be able to write policies for automating your complex data centre tasks.

    Automate your Builds, Deployments, Management, and Audits with one efficient, dependable and versatile Cfengine framework.

    Table of Contents

    1. CFEngine 3
      1. CFEngine 3
      2. Credits
      3. About the Author
      4. About the Reviewers
      5. www.PacktPub.com
        1. Support files, eBooks, discount offers and more
          1. Why Subscribe?
          2. Free Access for Packt account holders
      6. Preface
        1. What this book covers
        2. Who this book is for
        3. Conventions
        4. Time for action - heading
          1. What just happened?
          2. Pop quiz - heading
          3. Have a go hero - heading
        5. Reader feedback
        6. Customer support
          1. Downloading the example code
          2. Errata
          3. Piracy
          4. Questions
      7. 1. Getting Started with CFEngine
        1. Why CFEngine?
        2. Installing CFEngine
          1. Testing the installation
          2. CFEngine environment
            1. promises.cf
        3. Time for action - listing open ports and associated services
          1. What just happened?
        4. Time for action - creating a file under your home directory
          1. What just happened?
          2. Pop quiz
        5. Time for action - deleting log files
          1. What just happened?
        6. Summary
      8. 2. Configuring Systems with CFEngine
        1. How do CFEngine components communicate?
        2. Setting up a policy server
          1. Connecting to a CFEngine server
        3. Time for action - taking file backups
          1. What just happened?
        4. System configuration
          1. Configuring users and groups
        5. Time for action - user and group configuration
          1. What just happened?
        6. Time for action - setting up a web service
          1. What just happened?
        7. Time for action - setting up a database service
          1. What just happened?
        8. Time for action - mounting a NFS volume
          1. What just happened?
        9. Time for action - setting up a network interface
          1. What just happened?
        10. Time for action - adding a jailed user to a system
          1. What just happened?
          2. Pop quiz
          3. Have a go hero - verifying if the object is a soft link
        11. Summary
      9. 3. System Audit with CFEngine
        1. Classes
        2. Control promises
          1. Agent control promises
        3. Time for action - file and directory permissions audit
          1. What just happened?
        4. Time for action - user and group audit
          1. What just happened?
        5. Server control promises
        6. Time for action - log rotation using CFEngine
          1. What just happened?
        7. Access control using CFEngine
          1. What just happened?
          2. Pop quiz
          3. OSSEC and CFEngine—a robust security system
        8. Time for action - installing OSSEC
          1. Making changes to configuration files on the basis of alerts generated by OSSEC
        9. Time for action - auditing the system with CFEngine and OSSEC
          1. What just happened?
          2. Have a go hero - verifying the web server configuration files after changes
          3. Pop quiz
          4. Have a go hero - removing hashes for lines matching a string
        10. Summary
      10. 4. Scheduling Tasks with CFEngine
        1. Monitor control promises
        2. Runagent control promises
        3. Executor control promises
        4. Reporter control promises
        5. Time for action - monitoring a web server
          1. What just happened?
        6. Time for action - generating an average load report for a host
          1. What just happened?
        7. Scheduling tasks with CFEngine
          1. Building flexible time classes
          2. Defining a sequence of jobs
          3. Logging execution of promises
          4. Triggering a schedule
          5. Defining a calendar using CFEngine
          6. Have a go hero - scheduling load average reports
            1. Iterations in CFEngine
          7. Pop quiz
        8. Time for action - disk housekeeping
          1. What just happened?
        9. Time for action - restarting a process that's not running
          1. What just happened?
        10. Reading log files
        11. Distributed scheduling
          1. Pop quiz
        12. Summary
      11. 5. Security Audit with CFEngine
        1. Configuring and auditing access controls
        2. Time for action - managing access control with TCP wrapper
          1. What just happened?
        3. Time for action - auditing SSHD log files for break-in attempts
          1. What just happened ?
          2. Configuring a firewall
        4. Time for action - managing iptables with CFEngine
          1. What just happened?
        5. Auditing the file system
        6. Time for action - looking out for suspicious file names
          1. What just happened?
        7. Time for action - verifying the sudoers file
          1. What just happened?
          2. Agent control promise auditing
        8. Time for action - finding a file with setuid and setgid
          1. What just happened?
          2. Have a go hero - auditing files which are owned by root and have the SUID bit set
          3. System state
        9. Time for action - auditing Apache logs
          1. What just happened?
          2. Auditing with CFEngine Nova
          3. Pop quiz
          4. Have a go hero
        10. Summary
      12. 6. Logging and Reporting with CFEngine
        1. Time for action - generating custom reports
          1. What just happened?
          2. Pop quiz
        2. Summary
      13. 7. Workflows
        1. Menu driven configuration
          1. How to select from menus
        2. Content driven configuration
        3. CFEngine templates
        4. Time for action - distributing a MySQL configuration fileusing template expansion
          1. What just happened?
        5. Knowledge management
        6. Time for action - topic map for services
          1. What just happened?
        7. Compliance
        8. CFEngine and ITIL
          1. Database management
          2. Pop quiz
          3. Have a go hero
        9. CFEngine Nova—an introduction
        10. Summary
      14. 8. Advanced Functions and Variables
        1. CFEngine special functions
        2. Time for action - setting system variables
          1. What just happened?
        3. Functions that work on or with regular expressions
        4. Time for action - getting a list of servers that are up and running on the network
          1. What just happened?
        5. Functions that return string
        6. Time for action - concatenating individual objects using a given conjunction
          1. What just happened?
        7. Functions that fill arrays
        8. Time for action - configuring Apache virtual hosts from a list of domains in a file
          1. What just happened?
        9. CFEngine special variables
        10. Variable context mon
        11. Time for action - logging information in case the system's load average is above the threshold
          1. What just happened?
        12. Variable context match
        13. Time for action - comment matching lines
          1. What just happened?
          2. Have a go hero - doing more with the thing
          3. Pop quiz
        14. Summary
      15. 9. CFEngine Best Practices
        1. Basic considerations while writing CFEngine promises
        2. General do's and don'ts while writing policies
        3. Policy changes
        4. Version control for policy files
        5. Delegation of responsibility
          1. Pop quiz
        6. Summary
      16. A. CFEngine Cloud Pack—Orion
        1. The Orion Cloud Pack's contents
        2. The Orion Cloud Pack hacks
        3. Advantages of running Orion Cloud Pack on CFEngine Nova
      17. B. Important Control Promises
        1. Common control promises
        2. Agent control promises
        3. Server Control promises
      18. C. Important Functions and Variables
      19. D. Functions by Usage
        1. Functions for capturing the environment
        2. Functions that read files
        3. Functions that look at attributes of the file
        4. Functions that read classes
        5. Functions that read from the network
        6. Functions that compare variables
        7. Functions that read data from remote CFEngine
        8. Function that read strings
        9. Functions that read LDAP data
      20. E. Pop quiz - Answers
        1. Chapter 1, Getting Started with CFEngine
        2. Chapter 2, Configuring Systems with CFEngine
        3. Chapter 3, System Audit with CFEngine
        4. Chapter 4, Scheduling Tasks with CFEngine
        5. Chapter 5, Security Audit with CFEngine
        6. Chapter 6, Logging and Reporting with CFEngine
        7. Chapter 7, Workflows
        8. Chapter 8, Advanced Functions and Variables
        9. Chapter 9, CFEngine Best Practices