Configuration Management

CFEngine is the original configuration management solution where IT-infrastructure is codified into policy. It is backed by extensive research and based on Promise Theory – for organizations that seek to adopt a lean way of operating, CFEngine is the future ready solution to count on for years and technologies to come.

The goal of configuration management is to quickly and securely ensure consistent and compliant system behavior, regardless of scale and complexity. CFEngine is built with exactly these requirements in mind.

Popular use-cases for CFEngine are:

  • Configure System Services
  • Ensure file content and integrity
  • Deploy Application Updates
  • Processes management (white/black-lists)
  • Ensure overall System compliance
  • Understand what is running in the datacenter

Ensuring lifecycle support

Configuration management ensures that various digital resources (servers, networks, mobiles, etc.), system services and applications are consistently configured and always in compliance.

The key ingredients of configuration management is to have a mechanism to deploy changes (define desired states), quickly, securely and consistently across any system regardless of scale (number of units) and complexity (different architectures, operating systems, etc.).



Once a change has been deployed, it is the responsibility of the configuration management system to ensure that the system maintains the new desired state over time and safeguards configuration integrity.

In today’s dynamic and inter-connected world, there are many reasons why the desired state might end up being changed by other people or applications. When this drift happens, your configuration management system should provide immediate alerts and allow the option to automatically restore the desired state.

The last important aspect of the configuration management life-cycle is to be able to report on the actual state of your system. Once a desired state has been defined it is important to be able to see what the actual state of your system has turned into. Management, auditors and IT-ops all need access to information about what has happened on the system (logs), and what is the current state.

CFEngine supports all aspect of the Configuration Management Lifecycle.

Making changes anywhere in the software stack, across environments


CFEngine can be used to make changes anywhere in the software stack from server provisioning to application deployments. Wherever you need to make consistent changes that must remain compliant, CFEngine’s self-healing capabilities will do the work for you, regardless of it being part of a kick-start process or network switch update.

CFEngine runs every 5 minute to ensure that all your changes are in compliance with policy.

As part of a continuous integration and application release system, using tools like Gerrit and Jenkins, the main role of a configuration management solution is to ensure consistency so that applications that used to work locally on a developer’s laptop, that tested successfully in test and pre-production environments also works in production environment.

dt_logo“At Deutsche Telecom, CFEngine is used to automate the deployments of applications”

Defining IT-infrastructure in code

The dynamic nature of infrastructure requires frequent compliance checks (CFEngine runs every 5 minutes), and when coding desired state, the system engineers needs to start thinking like a developer and ensure all changes are stored in a version control system. The flat and flexible policy structure of CFEngine makes it easy to integrate with all kinds of version control systems, from svn to git. Best-practice is to integrate your configuration management change process with a code review tool.

Think like a developer:

  • CFEngine is coding your IT-infrastructure
  • CFEngine integrates easily with version control systems
  • CFEngine supports test-runs
com-logo“Comcast integrates CFEngine policy with Gerrit to improve the code quality”

Supporting dynamic businesses

In order to stay competitive in today’s fast-paced world, organizations need to deploy changes and be more dynamic than ever before. For example, an online system that makes 30% of its revenue during the November-December holiday season will need to be differently configured during these months compared to the rest of the year. You would need more resources and tighter control as the cost of a potential outage during these months would be severe.

With CFEngine systems can reconfigure themselves on the spot, based on dynamic factors like:

  • CPU-load, memory available, free disk
  • Network activity, latency, local network changes
  • Time and date e.g. weekdays, time of day (crontab functionality)
  • Software running or installed, configurations, command outputs

Using Dynamic Configurations to save 80%

Amazon spot instances are purchased according to the auction principle. The price which on average is 85% lower than normal aws instances. The disadvantage is that a spot instance can go away at any time if the market increases beyond your set price. CFEngine supports dynamic configuration, and can be used to even out volatility caused by price fluctuations.

percolate-aws“At Percolate, IT-operations save 80% by using AWS spot instances. CFEngine automatically ensures availability of enough instances.”