Show posts tagged:
modules

Solving specific use cases with CFEngine policy and providing reusable modules

With the release of build.cfengine.com, I have been working to migrate some of our own security related policy into modules of their own. CFEngine Build and the cfbs tooling allows us to organize policy into modules, which are easy to update independently and share with other users. Let’s take the scenic route and look at what life is like with cfbs. One of our security policies requires that the password hashing algorithm in /etc/login.defs is set to SHA512.

Posted by Nick Anderson
November 25, 2021

How we designed CFEngine Build, a complete journey

Have you ever wondered how a site was designed and how the ideas were conceptualized into the final result? If your answer is yes, you are in the right place! In this post, I will show you our journey to create our latest website, CFEngine Build. From start to finish, how did we do the design and make the design decisions? So without further delay, let’s jump straight in!

Posted by ChiaCheng Lu
November 19, 2021

Managing local groups

Manually managing groups on a large infrastructure can be a tedious task, and is therefore best suited through automation software like CFEngine. Unfortunately - at time of writing - CFEngine does not have any built-in promise types for managing groups. But fear not; in CFEngine 3.17, custom promise types were introduced. This new exhilarating feature does not only allow for members of our community to make their own custom promise types, but also lets the CFEngine Core developers prototype new future promise types. In this blog post, I’d like to introduce one of our prototypes; the experimental groups promise type.

Posted by Lars Erik Wik
October 1, 2021

Show notes: The agent is in - Episode 4 - CFEngine Build system (cfbs)

Come see what’s new in CFEngine policy management! Herman (Product Manager) introduces and demonstrates new tooling, the CFEngine Build System (cfbs). cfbs is a command line tool to facilitate policy management and consuming modules written by others. Video The video recording is available on YouTube: At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion.

Posted by Nick Anderson
August 27, 2021

Cloning git repos and creating systemd services with CFEngine

Using modules, you can add custom promise types to CFEngine, to manage new resources. In this blog post, I’d like to introduce some of the first official modules, namely git and systemd promise types. They were both written by Fabio Tranchitella, who normally works on our other product, Mender.io. He decided to learn some CFEngine and within a couple of weeks he’s contributed 3 modules, showing just how easy it is to implement new promise types. Thanks, Fabio!

August 16, 2021

Show notes: The agent is in - Episode 3 - What's new in 3.18?

Come see the new hotness in the latest LTS series, 3.18! Craig (Digger) and Nick (Doer of Things) take a tour of 3.18.0, the first release in the latest LTS series. Join them in exploring dark mode, compliance reports, host specific data via Mission Portals CMDB, manually triggered agent runs, report collections, and CFEngine Build. Video The video recording is available on YouTube: At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion.

Posted by Nick Anderson
July 29, 2021

How to implement CFEngine custom promise types in bash

This blog post will focus on the bash programming part of implementing a promise type. To understand what custom promise types are, and how to use them, you should read the introduction first. To implement a custom promise type in CFEngine, you need a promise module. The module is an executable, and can be written in any language. It’s possible to write one from scratch, but to make it as easy as possible, we decided to provide libraries for common programming languages. In our previous blog post, we showed how to implement modules in Python. That’s great, it’s a powerful, expressive and readable programming language, however there is one drawback; installing python. Many systems don’t have python already, or have a version which is too old. So you will need to add policy to install / update Python, to make sure modules work correctly everywhere.

January 29, 2021

Custom promise outcomes in Mission Portal

CFEngine 3.17.0 introduced custom promise types, which enable CFEngine users to extend core functionality and policy language in a simple way. As an example of the power and simplicity of this new feature, I will show a promise type that helps to observe a website’s status. The module which implements this promise type was written in a couple of hours. Creating a promise type for whether a site is up We will use Python and the CFEngine library to implement a promise module. Our previous blog post, “How to implement CFEngine custom promise types in Python”, explains this in detail.

January 21, 2021

How to implement CFEngine custom promise types in Python

This tutorial focuses on how to write a promise module, implementing a new CFEngine promise type. It assumes you already know how to install promise modules and use custom promise types, as shown in the previous blog post. Why Python? Promise modules can be written in any programming language, but there are some advantages of using python: Readable and beginner friendly language / syntax Popular and familiar to a lot of people, also used in some CFEngine package modules Big standard library, allowing you to reuse data structures, parsers, etc. without reinventing the wheel or adding dependencies Official CFEngine promise module library Most of the code needed is already done (protocol, parsing, etc.) You can focus on only the business logic, what is unique to your new promise type With that said, there are some reasons why you might not always want to use python:

December 8, 2020

Introducing CFEngine custom promise types

In CFEngine 3.17, custom promise types were introduced. This allows you to extend policy language, managing resources which don’t have built in promise types. The implementation of custom promise types is open source, and available in both CFEngine Enterprise and CFEngine Community. To implement a new custom promise type, you need a promise module. (The promise type is what you use in policy language (the concept), while the module is the underlying implementation - can be a python script, compiled executable or similar).

December 3, 2020