Show posts tagged:

Show notes: The agent is in - Episode 34 - Host visibility with containerized CFEngine

Curious about getting visibility of a host where you can’t install CFEngine natively, but can run a container? Craig shows us how he’s getting inventory from his Torizon Verdin IMX8MP by deploying a container with a chroot containing volumes bind mounted from the host. A long post show discussion was had about CfgMgmtCamp as well as a long troubleshooting session dealing with a prickly package management situation. Video The video recording is available on YouTube:

Posted by Nick Anderson
February 29, 2024

Show notes: The agent is in - Episode 31 - Sneak peek of CFEngine 3.23

Join the team for a sneak peek of what’s coming in 3.23.0. Herman joins Cody, Craig and Nick to discuss what’s new in the upcoming release of CFEngine 3.23.0. We look at improvements to Groups in Mission Portal with easier ways to specify specific hosts that should or should not be part of the group based on reported attributes. This new functionality makes it much easier to affect change across a set of hosts without touching policy.

Posted by Nick Anderson
November 30, 2023

Show notes: The agent is in - Episode 29 - Basic Docker inventory with CFEngine

Ever been curious about Docker details or the cruft that has built up and could be cleared out? Craig, Cody, and Nick chat about some of the work Craig has been doing recently, using Docker in development and CI. Craig shows how to develop policy to inventory various Docker details like image names, counts of dangling images, and reclaimable disk space. Video The video recording is available on YouTube: At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees.

Posted by Nick Anderson
September 28, 2023

File integrity monitoring with CFEngine

File integrity monitoring is an important aspect in managing your infrastructure. Tripwire and AIDE are often cited as necessary tools by compliance frameworks1,2,3. Of course CFEngine can manage a file to make sure it contains desired content, but did you know that CFEngine also has the capability to simply monitor a file for change? In this blog post we take a look at CFEngines’ changes attribute for files promises. File promises, changes body To monitor a file for change in CFEngine you must have a files promise with a changes body attached.

Posted by Nick Anderson
December 13, 2022

November 2022: Severe vulnerabilities in OpenSSL 3

On October 25th 2022 the OpenSSL project team announced 1 the forthcoming release of OpenSSL version 3.0.7. From the announcement we know that a fix will be made available on Tuesday November 1st, 2022 for a CRITICAL security issue. Note: CVE-2022-3786 and CVE-2022-3602 (X.509 Email Address Buffer Overflows) have been published 2. CVE-2022-3602 originally assessed as CRITICAL was downgraded to HIGH after further review prior to being published. Affected versions The vulnerability is reported to affect version 3.

Posted by Nick Anderson
November 1, 2022

Using CFEngine inventory as Ansible inventory

CFEngine and Ansible are two complementary infrastructure management tools that both work with so-called inventories. However, the common term can be quite confusing because the way they are defined and created is very different for an Ansible Inventory and for a CFEngine Inventory. In the most basic case, an Ansible Inventory is just a file with a list of hosts and groups of hosts that Ansible then manages when fed the inventory file.

October 7, 2021

Feature preview: Trigger agent runs and report collection from Mission Portal

If you are debugging issues with a host, it is quite common to want to make changes to CFEngine policy, and speed up the process of fetching, evaluating and reporting for that host. You can do this by running cf-runagent and cf-hub from the command line, now we’ve brought this functionality into Mission Portal: You can see the feature in action, here: This feature will be part of CFEngine Enterprise 3.

March 31, 2021

Using Policy Analyzer to develop and debug CFEngine policy

I have a setup at home where I keep a local git server running on a Raspberry Pi 3 which contains personal/work journal, dotfiles and a personal policy repository. It was set up manually so before adding a new git repository for a family password store I set about retrofiting the configuration in CFEngine. The goal in this blog is to ensure that what I have already is managed by CFEngine and that what I want to add, /srv/git/passwords.

Posted by Craig Comstock
March 29, 2021

How CFEngine stays ahead of the pack

Blazing the trail CFEngine was the first Configuration Management solution on the market, and while we have made many and significant changes and improvements to CFEngine in that time, we stay true to the principles that make it such a great product and technology. There are many things that have changed in the market, not at least the competitive situation, we believe that fundamentally many of the challenges stay the same.

June 23, 2020

CFEngine in a High Performance Computing environment

CFEngine in HPC In High-Performance Computing (HPC) uptime and performance are very important. HPC is an area of computing that often focuses on research and development, supporting teams with extremely complex problems they need to solve, and heavy computation mathematical problems, such as protein folding for vaccine development. To achieve this, HPC systems rely on high performance, the equipment is expensive, and the average customer has very high demands. Any downtime, performance degradation, misconfiguration, or unexpected behavior will be a financial cost and will reduce the customers’ trust in the HPC provider.

June 11, 2020