My CFEngine journey started in 2008, when I was still a student. I was working on my master’s degree in Mathematics, specialising in cryptography at the University of Tromsø. I had moved to Oslo to write my master’s thesis in cooperation with the Norwegian Defence Research Establishment. At the same time, I took a course in Business leadership at the University of Oslo. As part of this course, we got the opportunity to be interns at technology start-ups in Oslo.
My start-up of choice was, of course, CFEngine! At the time, CFEngine had been an open source project for 15 years, and had a massive user-base. A couple months later, I was very exited to accept an offer as a software developer for the new company.
Back then, CFEngine only had four employees: Mark Burgess (CTO), Thomas Ryd (CEO), Nakarin (Jeang) Phooripoom, and me. Since Mark was busy handling so many aspects of CFEngine, I had the responsibility to make the CFEngine software shine. It was quite a shock to go from being a student to suddenly developing software that is running on millions of computers across the globe!
My first main projects with the company were to port CFEngine 3 to Windows, and add support for POSIX and NTFS file ACLs. These features were incorporated into the commercial CFEngine Nova product, which had its initial release in April 2009.
Since the early days, many things have changed a lot. We took on the first round of investment in February, 2011 from the Norwegian investor Ferd. The Oslo office has moved locations three times to accommodate for the rapid expansion, and we have opened a new office in Palo Alto, California to meet the very strong demand for our products and services in the US market. We are now around 30 people working at CFEngine – representing 12 nationalities (and still growing)!
I took the opportunity to move to the United States in May 2011, and now live in San Francisco. My new job is to meet customers that run CFEngine at scales of tens of thousands of hosts. I learn about the challenges that they face, suggest ways we can help them, and report their issues back to the development team. This is both interesting and challenging. In addition, I get to travel in the US, and see a lot of different cities and regional cultures. This country is so diverse! I like to think of the US as a continent rather than a country. Indeed, it has more than 60x the population of Norway.
We now have a team of software developers, but I still get to do development on CFEngine – both the community and commercial versions. in the past few months, I have been optimising the Nova code, to push the scalability of CFEngine 3 Nova even further. We can now support thousands of hosts per Nova hub, with a five-minute update interval both for policy and reports. No other product can achieve anything close to this.
As part of this work, I have been pushing the database technology we are using to the limit. All the reports in CFEngine Nova are stored in MongoDB – an open-source document-oriented database. It turns out that 10gen, the developers of MongoDB, also have a office here in Palo Alto. I am visiting them regularly to understand how we can scale even further, without needing to throw more hardware at the solution.
I am also working on incorporating Role-Based Access Control (RBAC) into the CFEngine Nova Mission Portal (GUI dashboard). We expect that this will make it into the Nova release due in spring 2012. I plan to write more about the details of RBAC in another blog-post. We are also planning to incorporate RBAC into the CFEngine language itself (the input side) in the not-too-distant future.
Two larger topics on my mind that I’d like to see addressed in CFEngine are the global list-iteration issue (https://cfengine.com/manuals/cf3-reference#List-variable-substitution-and-expansion), and the automatic reloading of changed policies for cf-execd. All CFEngine daemons except cf-execd is reloading their policy on change, which is a bit inconsistent and may be a surprise to new users. Both these issues are very deep and risky changes, which is why they have not been fixed sooner. However, they are high up on the priority list now, so look for updates on them in the near future.
Well, that is all I have for now. If you have use-cases for CFEngine that you would like to see covered, or ideas on how we can make CFEngine even better, please leave a comment below. I will try to address them with a reply or another blog entry. I also have some CFEngine-related posts on my personal blog.
