<The CFEngine Blog

Track maintainers and purpose for hosts in your infrastructure

Posted by Craig Comstock
December 14, 2022

When something goes wrong or looks fishy for a particular host in your infrastructure how do you know who to ask about it? In an infrastructure managed by many and used by many it is also helpful to know what each hosts’ purpose is.

In this article we show how to add maintainer and purpose information to individual hosts in your infrastructure via the CMDB feature of Mission Portal. We will also add a Build Module to add this information to the /etc/motd file for each associated host.

Leverage a Build Module

For this task we will first add the maintainers-in-motd Build Module to our current Build project. This module uses reasonable variable names and automates the process of adding our information to /etc/motd.

Looking at that module’s README.md file we see that we can add three CMDB variables per host to provide the needed information: maintainer, maintainer_email, and purpose.

We additionally add tags of inventory and attribute_name=... so that we can write reports, compliance checks and an alert widget on our dashboard to show us which hosts don’t have information.

Maintainers variables in Mission Portal host info CMDB

As a lazy sysadmin I like to sit back, take a break, and wait 5-10 minutes to let the policy and it’s effects take hold.

Inventory and a Compliance report

Checking back in, I run an Inventory Report and add the items we added: Purpose, Maintainer and Maintainer Email. I see that a few hosts have information but many do not.

Inventory with maintainer and purpose information added

Next we can create a Compliance Report which fails a host if all three items are not reported. See the previous blog post Building a Compliance report based on inventory modules for how to accomplish this in detail.

Compliance report for Maintainer info

Clicking on the details (bottom-right blue box with arrow) we see which hosts we need to work on.

Maintainers info, compliance report detail

Message of the day

[craig@mbp]~% ssh x220
Linux x220 5.10.0-19-amd64 #1 SMP Debian 5.10.149-2 (2022-10-21) x86_64

::: use this machine for music and tv, contact My Dog(mydog@somewhere) with any questions/issues. :::
Last login: Tue Dec 13 14:17:10 2022 from fd8a:f257:36bd::99f
craig@x220:~$
[craig@mbp]~% ssh 192.168.1.200
Linux raspberrypi 5.15.74-v8+ #1595 SMP PREEMPT Wed Oct 26 11:07:24 BST 2022 aarch64

::: use this machine for CFEngine personal hub, contact Craig Comstock(craig.comstock@somewhere) with any questions/issues. :::
Last login: Tue Dec 13 14:17:25 2022 from 192.168.1.235
craig@raspberrypi:~$

ICE (In Case of Emergency)

When a security issue arises on a machine that you aren’t completely familiar with it can be essential to know quickly who to ocntact and what the machine should be used for.

Recommendation: Add maintainer and purpose information about each host in your infrastructure.

We showed how to add maintainer and purpose details with Mission Portal, create a Compliance report to get a high-level view of which hosts lack this information and need to be updated as well as added a message where users will see it first thing on logging in: /etc/motd.

Try CFEngine Enterprise for free

Sign up for CFEngine Enterprise and connect up to 25 hosts for free. No credit card required. Get started in minutes.

Try enterprise for free