A while back we released version 2 of cfbs, and even though we release versions of this tool quite frequently, without announcing it on the blog, we thought this was a good opportunity to talk a bit about the tool, what’s new and our direction with it in the future. The reason why we called this the “2.0” release is that we are trying to follow semantic versioning, and there were some big new features in the release which could be considered breaking changes.
Looking to be more efficient writing CFEngine policy?
Nick Anderson (Doer of Things) walks us through setting up Spacemacs for CFEngine. Get syntax highlighting, on the fly error checking, function prototypes, integration with the venerable org-mode and more!
Video The video recording is available on YouTube:
At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion.
CFEngine and Ansible are two complementary infrastructure management tools. Findings from our analysis show that they can be combined and used side by side with joint forces to handle all areas in the best possible way. Part of infrastructure management is hosts deployment, either when building a brand new infrastructure or when growing one by adding new hosts. This is something Ansible truly excels in as it makes it very easy to run a sequence of steps on all hosts to initialize (deploy) them and it only requires SSH access to the hosts and Python installed on them.
With the recent release of build.cfengine.com and cfbs I have been thinking about the process of converting a traditionally manged policy set. I consider a traditionally manged policy set one where you have a repo with the root of masterfiles being the root of the repository, or even having no repository at all and managing masterfiles by editing directly in the distribution point (e.g. /var/cfengine/masterfiles). Before jumping in with both feet and converting to a cfbs managed policy set you might want a hybrid situation where you can leverage some of the benefits of cfbs but without making drastic changes to the way policy is currently managed.
How can I work with secrets using CFEngine?
Craig (Digger) demoed cf-secret and how he uses it for protecting secrets used to mount LUKS encrypted drives.
Video The video recording is available on YouTube:
At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion.
Links cf-secret LUKS Connect on LinkedIn w/ Cody, Craig, or Nick All Episodes
Join us as we embark on an adventure to create and publish a new CFEngine Build module.
Nick (Doer of Things) demonstrates he knows the proper offerings the gods require by writing and publishing a new CFEngine Build Module from scratch, live, with no safety net!
Video The video recording is available on YouTube:
At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees.
With the release of build.cfengine.com, I have been working to migrate some of our own security related policy into modules of their own. CFEngine Build and the cfbs tooling allows us to organize policy into modules, which are easy to update independently and share with other users. Let’s take the scenic route and look at what life is like with cfbs.
One of our security policies requires that the password hashing algorithm in /etc/login.
Earlier this year, we hinted at what we were working on - a place for users to find and share reusable modules for CFEngine. Today, the CFEngine team is pleased to announce the launch of CFEngine Build:
The new website, build.cfengine.com, allows you to browse for modules, and gives you information about how to use each one of them. When you’ve found the module you were looking for, it can be downloaded and built using the command line tooling.
Come see what’s new in CFEngine policy management!
Herman (Product Manager) introduces and demonstrates new tooling, the CFEngine Build System (cfbs). cfbs is a command line tool to facilitate policy management and consuming modules written by others.
Video The video recording is available on YouTube:
At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion.
cf-remote is a tool for downloading and installing/deploying CFEngine. It automates a lot of the things you have to do before CFEngine is actually installed on your infrastructure, such as provisioning cloud instances, downloading CFEngine installers, copying them to remote hosts and installing / bootstrapping. To make it as easy as possible to get started with cf-remote and CFEngine, it is now available on pypi.
Getting started Installing cf-remote is as easy as:
