LOPSA East 2013: New Brunswick, NJ
Getting started with Vagrant and CFEngine.
Walk away with a cross platform (Windows, Mac, Linux) demo environment consisting of one CFEngine hub and 2 nodes using a dynamic Vagrant configuration and some example CFEngine 3 policy to get you started.
If you attended or watched the video of this presentation (link to be added) please consider filling out the trainer survey.
http://lopsa-east.org/2013/training-survey
2. 5/2/13
Hi, my name is Nick.
● Sysadmin > 10 Yers
● Work @CFEngine
● Live in Lawrence, KS
● @cmdln_
● http://ww.cmdln.org
3. 5/2/13
Who are you?
● What's your name?
● Are you a sysadmin?
● Why did you choose
this session?
4. 5/2/13
What is Vagrant?
Tool to make working with
development environments
easy.
Create, configure, destroy
lightweight, reproducible,
and portable environments.
● Created by Mitchell Hashimoto
● @mitchelh
● http://www.vagrantup.com
8. 5/2/13
How can it help?
● Developer
on-boarding
● Quickly setup/tear
down test
environments in
repeatable fashion
● CI
● Bug Validation
● Ad-hoc Demos
11. 5/2/13
Vagrantfile
● Describe the type of machine(s) required for a project
● Syntax of Vagrantfile is Ruby, but knowledge of the Ruby language is not
necessary. It's mostly simple variable assignment.
Vagrant.configure("2") do |config|
# All Vagrant configuration is done here. The most common configuration
# options are documented and commented below. For a complete reference,
# please see the online documentation at vagrantup.com.
# Every Vagrant virtual environment requires a box to build off of.
config.vm.box = "centos-5.x-i386_nickanderson_201304271927"
end
12. 5/2/13
Boxes
● Predefined operating system install
● Provider specific
● http://www.vagrantbox.es
● Veewee (build your own) thanks
@patrickdebois
– Kickstart/preseed, postinstall scripts
14. 5/2/13
vagrant-vbguest
● Vagrant plug-in which automatically installs the
host's VirtualBox Guest Additions on the guest
system.
● vagrant plug-in install vagrant-vbguest
● If you're lucky, vagrant-vbguest does not require
any configurations. However, here is an example
config.vbguest.auto_update = true/false
● https://github.com/dotless-de/vagrant-vbguest
15. 5/2/13
Getting started
● vagrant box list
● vagrant box add
● vagrant init
● vagrant status
● vagrant up
● vagrant ssh
● vagrant destroy
● vagrant up
● vagrant status
● vagrant ssh
– vagrant ssh node
● vagrant destroy
21. 5/2/13
CFEngine
● IT infrastructure automation, compliance, and
knowledge management framework
● Opensource and Commercial Software
● Originally written by Mark Burgess
● @markburgess_osl
● http://www.cfengine.com
22. 5/2/13
CFEngine History
● First released in 1993
● CFEngine 2 released in 1998, self healing
computer immunology. Added machine
learning and anomaly detection.
● 2003 Promise Theory work began
● 2008 CFEngine 3 released. Integrates
knowledge management and discovery
mechanisms.
24. 5/2/13
Promise Theory
● A model of voluntary cooperation between
individual, autonomous actors or agents
who publish their intentions to one another
in the form of promises.
● A file can make promises about its own
contents, permissions, existence etc …
● A process can make a promise that it will be
running, number of matching processes,
owner etc ...
26. 5/2/13
CFEngine Components
● cf-agent – instigator of change
● cf-execd – cf-agent launcher daemon and
output processor
● cf-serverd – File server, also listens for remote
requests to execute cf-agent
● cf-monitord – statistical information collector
27. 5/2/13
So why is this a good thing?
● Make changes in minutes with precision
● Easier to share specific configuration details
● Brings configuration knowledge to the
forefront
29. 5/2/13
Editor War!
● I prefer vim, and it's fun to mess with
the emacs people
● services/editor_war.cf
30. 5/2/13
Definitions
● Policy - A policy is a set of intentions about the system, coded as a list of promises. A policy is
not a standard, but the result of specific organizational management decisions.
● Promise - The CFEngine software manages every intended system outcome as `promises' to
be kept. A CFEngine Promise corresponds roughly to a rule in other software products, but
importantly promises are always things that can be kept and repaired continuously, on a real
time basis, not just once at install-time.
● Bundle – A collection of promises that has a name
● Body - A promise body is the description of exactly what is promised (as opposed to what/who
is making the promise). The term `body' is used in the CFEngine syntax to mean a small
template that can be used to contribute as part of a larger promise body.
● Promiser – The object that makes a promise. (file, package, process, command, ect …)
● Promisee (stakeholder) – Who cares about a specific promise.
● Class (context) – True/False propositions. All decisions are made with classes. Hard
(discovered/builtin) and soft (user-defined).
31.
32. 5/2/13
Wage War
● Remove Disallowed Packages
– vagrant ssh hub
– watch rpm -q emacs-nox
– Uncomment disallowed_packages to activate policy.
Watch it get fixed.
● Install Required Packages
– watch rpm -q vim-enhanced
– Uncomment required_packages to activate policy
37. Please fill out the Trainer EvaluationPlease fill out the Trainer Evaluation
Rate LOPSA-East ‘13Rate LOPSA-East ‘13
http://lopsa-east.org/2013/training-survey
Thank You for Attending LOPSA-East ‘13Thank You for Attending LOPSA-East ‘13
http://www.lopsa-east.org/2013/rate-lopsa-east-13