As a person who tries to work with as few resources as possible, whether it’s editing everything with ed(1) or using old laptops without screens for servers or turning off computers as much as possible I am happy to announce nightly packages are available for the aarch64 (ARM 64-bit) architecture.
This enables low-power, low-cost devices such as the Raspberry Pi and many others to run CFEngine Enterprise.
Why run CFEngine? It is lean on resources and rich in features! It helps keep your systems secure and compliant with whatever policy you may require.
So far we are supporting what seem to be the most common operating systems: Ubuntu 22 and Debian 11.
Our work on providing community packages in Yocto is ongoing and should come before too long.
Support for Linux Devicetree
Some notable changes were needed, such as instead of relying on the x86_64
/ amd64
specific Desktop Management Interface(DMI)
we now also support getting some inventory information from the Linux Devicetree instead which is quite prevalent on ARM devices such as phones, SBCs, etc.
This paves the way for future in-roads with phones running Linux-based systems such as Android, PostmarketOS(Alpine), Mobian(Debian), Yocto and more.
Easy development with cross-architecture containers
During development I made use of the very helpful technique of running linux containers with a different architecture via qemu-user-static
package available in most distributions.
Here’s what I used in a Debian 11 VM:
sudo apt install qemu-user-static buildah
echo 'unqualified-search-registries = ["docker.io"]' | sudo tee -a /etc/containers/registries.conf
deb11=$(buildah from arm64v8/debian:11)
buildah run $deb11 bash
and from there I simply followed the basic community package generating steps in our buildscripts project to build community packages.
Move to the cloud, aarch64 is there
After I made various adjustments to core, masterfiles and buildscripts I added a couple of cloud images to our CI system. In this case we are using AWS and Jenkins. Handily AWS has aarch64 support and images for both Debian and Ubuntu!
Testing on real hardware
For testing I have used a Raspberry Pi 4 as well as a Toradex Verdin board with an NXP iMX 8M Plus processor running Torizon (Yocto + Docker) to run various distributions on aarch64 more natively.
Installation
A few pre-requisites:
- ARM 64 board, for example Raspberry Pi 4 or similar
- A 64 bit Debian based distribution installed
- Debian 11 or Raspberry Pi OS (based on Debian 11)
- Ubuntu 22
- Ubuntu 20 (use Debian 11 package)
- SSH access with password-less sudo to run the installer
ssh-copy-id $HOME/.ssh/id_rsa rpi4
ssh rpi4 sudo whoami
root
Given that, install cf-remote
(see our blog posts about cf-remote
) and install a nightly package!
We build nightlies 5 days a week so there is plenty of opportunity for you to find bugs, submit PRs and enjoy the results in upgrading packages from nightlies.
pip3 install cf-remote
cf-remote --version master install --clients rpi4
(This only installs CFEngine, to “start” it, add --bootstrap <IP address of policy server>
, making it run every 5 minutes, pulling new policy from the policy server and enforcing it).
Run an Enterprise Hub! Free 25!
And don’t forget that you can certainly run an enterprise hub as well. Our Enterprise Hub is available free for download and installing for up to 25 hosts. It’s a great way to do some proof of concept work or setup something at home for tinkering.
cf-remote --version master install --hub rpi4 --bootstrap rpi4
I have been running hub on a Raspberry Pi 4 for several weeks now and am quite pleased with the results.
Here you can see I have my raspberrypi
hub (Raspberry Pi 4, Debian 11) with two containers bootstrapped on the Toradex board.
Community packages
Nightly builds are also available as community packages
To install with cf-remote
add the --edition community
argument:
cf-remote --version master install --edition community --clients rpi4
Dust off, Fire up!
So go find those ARM devices and let CFEngine keep them running well!
Let us know how it goes or what other devices you’d like to see supported on GitHub discussions , the mailing list and/or chat via #cfengine on irc.libera.chat or gitter.im/cfengine.core (also available via Matrix).