How to Install and Use CFEngine Community Edition on Ubuntu 14.04

Introduction

If you are looking for a fast and highly scalable configuration management tool for your IT infrastructure, you should give CFEngine a try. Though the functionality it offers is quite similar to that offered by other popular tools such as Puppet and Chef, CFEngine has a much smaller footprint, both in terms of memory and CPU utilization, and is generally faster because it is written in C and thus runs natively on the OS.

In this tutorial, you will learn how to install and use CFEngine Community Edition 3.6.5 on Ubuntu 14.04.

Prerequisites

Before you begin, you should have access to:

• A server running Ubuntu 14.04
• A non-root sudo user

Step 1 — Adding CFEngine’s Package Repositories

To install the latest version of CFEngine using apt-get, you should add CFEngine’s package repositories to your server’s repository list. Use the add-apt-repository command to do so:

sudo add-apt-repository 'deb http://cfengine.com/pub/apt/packages stable main'

Step 2 — Adding CFEngine’s Public Key

The repository you added in the previous step cannot be used until you also add CFEngine’s public key to APT’s list of trusted keys.

Download CFEngine’s public key using wget.

wget http://cfengine.com/pub/gpg.key -O /tmp/gpg.key

Use apt-key to add it to the list of trusted keys.

sudo apt-key add /tmp/gpg.key

Step 3 — Installing CFEngine

You can now use apt-get to install CFEngine Community Edition.

sudo apt-get update && sudo apt-get install cfengine-community

Before you proceed, verify the installation:

cf-agent --version

You should see the following output:

CFEngine Core 3.6.5

Step 4 — Starting the Policy Hub

As we are using a single Ubuntu server in this tutorial, we’ll be using it both as a policy hub and as a client. To start CFEngine’s policy hub, you must bootstrap it with your server’s IP address.

sudo cf-agent --bootstrap your_server_ip

Once this command completes successfully, you will have CFEngine fully configured and ready to use on your server.

Step 5 — Creating Your First Policy

To automate a system administration task using CFEngine, you should create a policy file for it. A policy file is written in CFEngine’s own DSL (Domain Specific Language). The language has a rather steep learning curve, but performing basic tasks with it is easy.

Let us start by creating a simple “Hello World” policy. Use nano or your favorite text editor to create a new file called myPolicy.cf in the /tmp directory:

nano /tmp/myPolicy.cf

The commands you want to execute using CFEngine should be grouped together in a bundle. Bundles can be of different types. For now, you will be creating a bundle that cf-agent can fun. To print a message to the console, the reports promise should be used. Accordingly, add the following code to the file:

bundle agent SayHello {
    reports:
        "Hello!";
}

Save the file and exit.

You can now run your policy using the cf-agent command.

sudo cf-agent -b SayHello /tmp/myPolicy.cf

You should see the following output:

R: Hello!

Step 6 — Adding a Policy to the Policy Server

In the previous step, you ran the policy manually using the cf-agent command. To run the policy automatically — and, more importantly, on multiple machines — you should add it to the policy server. By default, policies added to the server are executed once every 5 minutes by cf-agent.

Let us now write a slightly more advanced policy that creates a file in the /tmp directory.

Use nano or your favorite text editor to create a new file called createFilePolicy.cf:

nano /tmp/createFilePolicy.cf

In this policy, you will be using the files promise to create a file, and the reports promise to display a message that says the file was created.

The following policy creates an empty file named hello.txt in the /tmp directory. Add the following code to the policy:

bundle agent CreateHelloFile {
   files:
      "/tmp/hello.txt"
        create => "true";

   reports:
      "File created";
}

Save your file and exit nano.

Run the policy by typing in the following command:

sudo cf-agent -b CreateHelloFile /tmp/createFilePolicy.cf

After it completes, you can run the ls command to see that hello.txt has been created in /tmp.

ls /tmp

Now that we know that our policy doesn’t have any errors and is doing what it is supposed to do, let us add it to the server.

The policy server serves its policies from the /var/cfengine/masterfiles/ directory. Therefore, copy createFilePolicy.cf to masterfiles:

sudo cp /tmp/createFilePolicy.cf /var/cfengine/masterfiles/

Next, for CFEngine to know about your policy file and the bundle inside it, references to them should be added to promises.cf, CFEngine’s main policy file. Use nano to edit promises.cf:

sudo nano /var/cfengine/masterfiles/promises.cf

Add the name of your policy file at the end of the inputs list. After the changes, the list should look like this:

inputs => {

    ...

  # List of services here
  "services/file_change.cf",

  "createFilePolicy.cf",
};

Make sure you don’t omit the comma at the end of the line.

Additionally, the name of the bundle in your policy file should be mentioned in the bundlesequence list toward the top of the file. Add CreateHelloFile as the last item of bundlesequence:

bundlesequence => {
    
     ...

     # Agent bundle
      cfe_internal_management,   # See cfe_internal/CFE_cfengine.cf
      service_catalogue,
      @(cfengine_enterprise_hub_ha.management_bundles),

      CreateHelloFile,

};

Make sure you don’t omit the comma at the end of the line, too. Save the file and exit.

Your policy has now been added to the policy server, and will be run every five minutes. This means that even if you delete /tmp/hello.txt, CFEngine will automatically create it again after five minutes.

If you want to remove the policy, you should first delete the name of the bundle and the name of the policy file from promises.cf, and then move the policy file out of the masterfiles directory.

Conclusion

In this tutorial, you learned how to install the latest version of CFEngine Community Edition on an Ubuntu 14.04 server using CFEngine’s package repositories. You also learned how to create and run simple policies, both manually and automatically. You can now use CFEngine to manage the configuration of your server.

To learn more about the DSL, refer to the CFEngine 3.6 Manual.