CFEngine

CFEngine is a configuration management system written in C (Private). It's more lightweight than more widely used counterparts, but has a fairly arcane syntax.

CFEngine is founded on Promise theory, where resources are declared through Promises which declare intention to carry out a task. Individual Promises are autonomous, and through cooperation collectively get the machine to its desired state.

Concepts

  • Policy documents the desired state, and is expressed in CFEngine files (*.cf).
  • Promises describe the desired state of individual resources within policy.
  • Bodies are collections of parameters.
  • Bundles package up Bodies and Promises.

In its Enterprise product, CFEngine provides a UI for performing gap analysis, facilitating compliance auditing and reporting on drift.

Usage

Promises:

Type:
  Context::
    "promiser"
      attribute => "value",
      other_attribute => "value";

Bundles are collections of promises:

bundle type id {
  promiseType:
    "name" -> "promisee",
      attribute => value,
      other_attribute => "value";
}

Bodies constrain promises with attributes:

body common control {
  bundlesequence => { "id" };
  inputs => { "libraries/cfengine_stdlib.cf" };
}

Components

  • cf-agent applies configuration changes to the system.
  • cf-monitord collects metrics and sends them to the agent.
  • cf-execd executes tasks (similar to cron).
  • cf-serverd serves files to the clients, and allows pushing changes out immediately.

Backlinks