CFEngine
AS was present in the Configuration Management
Camp that took place in Gent, Belgium the 1st
and 2nd February of 2016. This is the event on open source
configuration management tools, scheduled immediately following
FOSDEM and is located close to Brussels, so it
usually has thousands of attendants. This year’s main track
topics mostly revolved
around security, orchestration, and application containers.
We had a separate room for CFEngine and
Rudder related topics with an exciting
schedule:
| Monday, February 1 | |
| 14:00 | CFEngine Champions Panel |
| 14:40 | Security Practices with CFEngine |
| 15:20 | Break |
| 15:40 | Testing Policy and the Core test framework |
| 16:20 | Messaging CFEngine and Data |
| Tuesday, February 2 | |
| 14:00 | The CFEngine Roadshow BYOVM |
| 14:40 | Using ncf building blocks to help writing CFEngine policies |
| 15:20 | Break |
| 15:40 | Integrating Rudder and CFEngine Mission Portal |
Effectively leveraging data from external sources and best practices with regard to policy style were popular topics in the “CFEngine Champions Panel”. “Security Practices with CFEngine” discussed at a high level various ways of distributing policy in a complex infrastructure and ways to minimize the impact of a security breach. The session concluded by demonstrating CFEngine policy both score and automatically re-mediate industry standard Center for Internet Security CIS benchmarks.
https://www.slideshare.net/slideshow/embed_code/58317897
“Testing Policy and the Core test framework” discussed what people are currently doing to test their CFEngine policy. It covered at a high level how the CFEngine Core acceptance test framework works and how contributions to core examples can both improve the documentation as well as add additional test coverage.
https://www.slideshare.net/slideshow/embed_code/58318232
During “Messaging CFEngine and Data” Martin Simons demonstrated integrating CFEngine agents with a ZeroMQ message bus. Clients reported their discovered information and hosts using the nagios role used the reported data to automatically configure nagios checks and alerts for the services in use. “The CFEngine Roadshow” presentation given by Martin Simons was a very neat interactive demo. Participants were able to spin up fresh virtual machines on their own laptops and after classifying the host by setting its hostname the host was automatically configured with users, ssh keys, and services as defined by the roadshow policy. Alexis Mousset and Benoit Peccatte presented on ncf which is a framework from Normation for CFEngine policy that favours readability over all else. They demoed the ncf builder, a web interface that can use the create and edit policies composed of generic methods provided with ncf. Nicolas Charles demonstrated “Integrating Rudder and CFEngine Mission Portal” bringing the codeless automation and detailed compliance reporting from under the same roof, by combining the powers of both Rudder and CFEngine Enterprise.
