<The CFEngine Blog

Debian 11 and Ubuntu 22 aarch64 (arm64) packages available!

Posted by Craig Comstock
August 18, 2022

As a person who tries to work with as few resources as possible, whether it’s editing everything with ed(1) or using old laptops without screens for servers or turning off computers as much as possible I am happy to announce nightly packages are available for the aarch64 (ARM 64-bit) architecture.

This enables low-power, low-cost devices such as the Raspberry Pi and many others to run CFEngine Enterprise.

Why run CFEngine? It is lean on resources and rich in features! It helps keep your systems secure and compliant with whatever policy you may require.

So far we are supporting what seem to be the most common operating systems: Ubuntu 22 and Debian 11.

Our work on providing community packages in Yocto is ongoing and should come before too long.

Support for Linux Devicetree

Some notable changes were needed, such as instead of relying on the x86_64/amd64 specific Desktop Management Interface(DMI) we now also support getting some inventory information from the Linux Devicetree instead which is quite prevalent on ARM devices such as phones, SBCs, etc. This paves the way for future in-roads with phones running Linux-based systems such as Android, PostmarketOS(Alpine), Mobian(Debian), Yocto and more.

Easy development with cross-architecture containers

During development I made use of the very helpful technique of running linux containers with a different architecture via qemu-user-static package available in most distributions. Here’s what I used in a Debian 11 VM:

$ sudo apt install qemu-user-static buildah
$ echo 'unqualified-search-registries = ["docker.io"]' | sudo tee -a /etc/containers/registries.conf
$ deb11=$(buildah from arm64v8/debian:11)
$ buildah run $deb11 bash

and from there I simply followed the basic community package generating steps in our buildscripts project to build community packages.

Move to the cloud, aarch64 is there

After I made various adjustments to core, masterfiles and buildscripts I added a couple of cloud images to our CI system. In this case we are using AWS and Jenkins. Handily AWS has aarch64 support and images for both Debian and Ubuntu!

part of AWS web UI to start instances of 64-bit arm ubuntu and debian machines

Testing on real hardware

For testing I have used a Raspberry Pi 4 as well as a Toradex Verdin board with an NXP iMX 8M Plus processor running Torizon (Yocto + Docker) to run various distributions on aarch64 more natively.

Fairphone fp2, PinePhone, Motorola Surnia, LG Hammerhead, Toradex Verdin board with IMX 8M Plus SoM , Raspberry Pi 4, all aarch64 devices that could be tested with

Installation

A few pre-requisites:

  • ARM 64 board, for example Raspberry Pi 4 or similar
  • A 64 bit Debian based distribution installed
    • Debian 11 or Raspberry Pi OS (based on Debian 11)
    • Ubuntu 22
    • Ubuntu 20 (use Debian 11 package)
  • SSH access with password-less sudo to run the installer
$ ssh-copy-id $HOME/.ssh/id_rsa rpi4
$ ssh rpi4 sudo whoami
root

Given that, install cf-remote (see our blog posts about cf-remote) and install a nightly package! We build nightlies 5 days a week so there is plenty of opportunity for you to find bugs, submit PRs and enjoy the results in upgrading packages from nightlies.

$ pip3 install cf-remote
$ cf-remote --version master install --clients rpi4

(This only installs CFEngine, to “start” it, add --bootstrap <IP address of policy server>, making it run every 5 minutes, pulling new policy from the policy server and enforcing it).

Run an Enterprise Hub! Free 25!

And don’t forget that you can certainly run an enterprise hub as well. Our Enterprise Hub is available free for download and installing for up to 25 hosts. It’s a great way to do some proof of concept work or setup something at home for tinkering.

$ cf-remote --version master install --hub rpi4 --bootstrap rpi4

I have been running hub on a Raspberry Pi 4 for several weeks now and am quite pleased with the results. Here you can see I have my raspberrypi hub (Raspberry Pi 4, Debian 11) with two containers bootstrapped on the Toradex board. Mission Portal served by a Raspberry Pi 4

Community packages

Nightly builds are also available as community packages

To install with cf-remote add the --edition community argument:

cf-remote  --version master install --edition community --clients rpi4

Dust off, Fire up!

So go find those ARM devices and let CFEngine keep them running well!

Let us know how it goes or what other devices you’d like to see supported on GitHub discussions , the mailing list and/or chat via #cfengine on irc.libera.chat or gitter.im/cfengine.core (also available via Matrix).

Try CFEngine Enterprise for free

Sign up for CFEngine Enterprise and connect up to 25 hosts for free. No credit card required. Get started in minutes.

Try enterprise for free