Using CFEngine there are many ways to group and classify your hosts. In order to group their hosts, our users use a combination of JSON files, CFEngine policy language (with variables, classes, and class expressions), host specific data and host filters in Mission Portal. With these features you can choose which hosts to show in reports, and you can make decisions on what changes to make on which hosts. There is, however, no straight forward way for a Mission Portal user to save a selection of hosts (a filter) and then start doing things (reports, changes) with those hosts.
Our next big feature is groups in Mission Portal:
A group is a saved filter with a name. (Optionally with some data assigned).
There are 2 big reasons why we’re adding groups to Mission Portal:
- Allow saving selections of hosts (filters) and reusing them in various reports, making Mission Portal more intuitive and user-friendly.
- Enable making configuration changes to many hosts at a time.
All groups at a glance
In the Groups app, users can organize their personal groups, and view all the shared groups from others on their team. Similar to our recent improvements to the reports page, users can click the star icon next to shared groups to make them show up within My groups.
Creating groups
Upon clicking the Add button, a new group is created, and the title and filter can be customized.
Within the filter you specify a list of rules that have to be satisfied for a host to be in the group. These can be things like:
- Hosts running Microsoft Windows (class
windows
is defined) - Hosts without a maintainer (inventory attribute
Maintainer
is not reported) - Hosts in AWS us-east-1 region (class
aws_us_east_1
is defined)
In addition to these rules, you can also add and remove (include and exclude) individual hosts from the filter.
Host data
Now with the Groups app, users can edit the data for a group of hosts simultaneously, similar to the Host specific data inside the host info page. The data is stored in PostgreSQL on the hub, and transferred to hosts as JSON files, where the values can be used in your policy and by modules.
Variables and classes
The Data tab has a similar UI to Host specific data and allows you to enter variables and classes:
Module input
The Modules tab has a similar UI to CFEngine Build in Mission Portal, especially for modules which accept input:
With this functionality, you can use modules like the delete-files
module and make it delete a file only on groups of hosts in your infrastructure.
Access control
By default, users can create their own personal groups and view groups shared across the organization. This enables viewing useful info in Portal and using the groups functionality to make reports, without the risk of actually making changes to hosts.
The more powerful features, such as creating/deleting/editing shared groups and group data, are only available to administrators by default. This prevents other users from accidentally or maliciously causing problems to hosts in the infrastructure. As with other features, an administrator can go to the RBAC settings to customize which functionality a user / role has access to.
Getting started with CFEngine
The Groups app will arrive later this year. If you would like to get to grips with Mission Portal first, you can follow this tutorial to get started with CFEngine for free. Or get in touch with our team to see how we can help you with your project.