Hearing a user speak is worth more than self-glorification! As we come up to year-end, it is time to start thinking about turkeys (well if you celebrate Thanksgiving like they do out here), and of course Christmas and the festive season it heralds. In this blog post I would like to thank a particular automation tool (no points for guessing which one), but really do so from the vantage point of a user and the progress they made with the tool. “Today I started learning CFEngine 3”. This was the title of an innocuous looking post from Remi on June 13’th 2013. In here he detailed his early experience attending a training session on CFEngine delivered by Diego Zamboni the author of Learning CFEngine 3. What stood out even back then and at first glance was that CFEngine is a pretty darn good monitoring tool. It is capable of fixing issues or reporting to the user.
Please nominate your favorite! The CFEngine Champion program rewards the voluntary efforts of individuals who have significantly enhanced the CFEngine Community by promoting CFEngine and its use. The contributions of the CFEngine Community are a vital part of our company’s ecosystem. View previous champions. Please nominate your 2014 candidate here
Thanks to Mike Svoboda at Linkedin and a league of experienced CFEngine users, we are happy to announce the “CFEngine Office Hour”. Meet with CFEngine folks, bring your questions! Here is what to expect: “Instead of lecturing about how we’ve used CFEngine, the focus of this office hour is dedicated to helping you!” “Have you ever had a question that you wanted to ask, but didn’t want to blast it out on the mailing list because its too public? Would you like for someone to take a look at one of your policies and maybe suggest improvements? Have a question about how to approach an automation problem?” “The idea behind the office hour is that we want to help other folks in the community bootstrap their environment.” “Getting over that initial learning curve can be quite a challenge. Having a video conference with a person whom you can ask questions of, and can interact with directly can make this process a lot easier.” “Even if you’ve been using CFEngine for a few years, feel free to drop in. Maybe you can learn a thing or two by looking at policy examples.” If you haven’t joined the #cfengine channel, we’re on libera.chat. Feel free to drop by and ask questions there as well, there are typically a few of us around. We will post the times of Open Office Hours on our Events page We hope to see you!
In this blog post I would like to show how one of the best configuration management solution integrates with an equally well known ticketing system - Jira When a specific policy becomes out of compliance, there is a common need to integrate this with a ticketing system. For example, you have an important web application configured and ensured to be running using CFEngine. If any aspect of that fails, you want to be notified immediately. But since you already get enough email, and you already use a ticketing system for all other tasks, you want to open an issue in the JIRA issue tracking system on such an event. CFEngine 3.6.2 introduces Custom actions as a notification method for alerts, which virtually enables any notification method for any event happening in your infrastructure. In our new How To, we show how to integrate CFEngine with JIRA using Custom actions. Let CFEngine open a ticket for you whenever something important happens with your infrastructure, and spend your time planning instead of monitoring!
Dear CFEngine Community, we are proud to announce our new mailing list: dev-cfengine. Given that the contributions in both Core and Masterfiles repositories have been steadily increasing, the need for such a list became apparent. While patch submissions and code reviews will still be taking place using GitHub’s pull requests, this list serves the purpose of facilitating any other discussion on the development of CFEngine. We are looking forward to seeing the community being active on that list. In addition, we, the CFEngine developers, are planning to participate with all our discussions that do not touch on CFEngine Enterprise. Regards, CFEngine AS
This post clarifies whether CFEngine is affected by the newly published vulnerability in the SSL protocol,POODLE. CFEngine core functionality, i.e. agent-to-hub communication is not affected in any way by the POODLE vulnerability. If the protocol version is set to “classic” or “1”, or is just left to be the default, then all communication happens using the legacy protocol which has nothing to do with SSL. If it is set to “latest” or “2”, then TLS version 1.0 is used, which does *not* suffer from the specific flaw in SSL v3.0 that enables POODLE. So the vulnerability is not applicable in any case. CFEngine Enterprise provides the Mission Portal web interface, served via the Apache web server at port 443. Unfortunately the default package installation uses default Apache settings, and httpd currently accepts connections using SSL v3.0. To remedy the problem, the following line should be edited in
CFEngine recently released version 3.6, which makes deploying and using cfengine easier than ever before. The greatest improvement in 3.6, in my opinion, is by far the autorun feature. I’m going to demonstrate how to get a policy server set up with autorun properly configured.
Installing CFEngine 3.6.2 The first step is to install the CFEngine package, which I’m not going to cover. But I will say that I recomend using an existing repository. Instructions on how to set this up are here. Or you can get binary packages here. If you’re not using Linux (like myself) you can get binary packages from cfengineers.net.If you’re inclined to build from source I expect that you don’t need my help with that. Having installed the CFEngine package, the first thing to do is to generate keys. The keys may have already been generated for you, but running the command again won’t harm anything.
CFEngine 3.6.2 is now available - in both Community and Enterprise editions! There are major new features in the Enterprise hub; High Availability and Custom actions. In addition, we have resolved numerous issues to provide you with a very stable release. It has been about 8 weeks since the 3.6.1 release, and we plan to continue on a 6-8 week schedule for maintenance releases going forward.
High availability for the hub A common requirement for most enterprises is that key processes and mission critical applications are highly available - in essence to ensure there is no single point of failure. Although CFEngine is a distributed system, with decisions made by autonomous agents running on each node, the hub can be viewed as a single point of failure. Essentially, the hub has two responsibilities:
With the slew of recent security issues like Supermarket Point of Sale Compromises not once but twice, other large retailer card breaches, the famed Heartbleed vulnerability and others in the news. We want to share an example of how CFEngine can be used to quickly identify and remediate affected systems. In our documentation please find the “Reporting and Remediation of Security Vulnerabilities” tutorial. The tutorial walks through policy to both identify and remediate the recent #shellshock exploit. For those using CFEngine Enterprise there is guidance on creating dashboard alerts and inventory reports included.
In this installment we turn to Danilo Fernando Chilene who recently wrote about **monitoring CFEngine with Zabbix. **The original blog can be found at
https://bicofino.io/post/monitoring-cfengine-with-zabbix/. In this particular piece learn about how Zabbix can be leveraged to monitor processes, memory use and the promise summary log in the context of CFEngine. If you have other such stories of CFEngine use, we would love to hear back from you. Thanks Danilo for a great post! Monitoring CFEngine With Zabbix I created a template to monitor CFEngine with Zabbix. This allows the monitoring of processes, memory use and the promise summary log.
