How to Install and Use CFEngine Community Edition on Ubuntu 14.04

How to Install and Use CFEngine Community Edition on Ubuntu 14.04

This tutorial is out of date and no longer maintained.

Status: Deprecated

This article is deprecated and no longer maintained.


As of April 2019, Ubuntu 14.04 is no longer supported.

See Instead

This article may still be useful as a reference, but may not work or follow best practices.

We strongly recommend using a recent article written for the operating system you are using.


If you are looking for a fast and highly scalable configuration management tool for your IT infrastructure, you should give CFEngine a try. Though the functionality it offers is quite similar to that offered by other popular tools such as Puppet and Chef, CFEngine has a much smaller footprint, both in terms of memory and CPU utilization, and is generally faster because it is written in C and thus runs natively on the OS.

In this tutorial, you will learn how to install and use CFEngine Community Edition 3.6.5 on Ubuntu 14.04.


Before you begin, you should have access to:

Step 1 — Adding CFEngine’s Package Repositories

To install the latest version of CFEngine using apt-get, you should add CFEngine’s package repositories to your server’s repository list. Use the add-apt-repository command to do so:

  1. sudo add-apt-repository 'deb http://cfengine.com/pub/apt/packages stable main'

Step 2 — Adding CFEngine’s Public Key

The repository you added in the previous step cannot be used until you also add CFEngine’s public key to APT’s list of trusted keys.

Download CFEngine’s public key using wget.

  1. wget http://cfengine.com/pub/gpg.key -O /tmp/gpg.key

Use apt-key to add it to the list of trusted keys.

  1. sudo apt-key add /tmp/gpg.key

Step 3 — Installing CFEngine

You can now use apt-get to install CFEngine Community Edition.

  1. sudo apt-get update && sudo apt-get install cfengine-community

Before you proceed, verify the installation:

  1. cf-agent --version

You should see the following output:

Output of cf-agent
CFEngine Core 3.6.5

Step 4 — Starting the Policy Hub

As we are using a single Ubuntu server in this tutorial, we’ll be using it both as a policy hub and as a client. To start CFEngine’s policy hub, you must bootstrap it with your server’s IP address.

  1. sudo cf-agent --bootstrap your_server_ip

Once this command completes successfully, you will have CFEngine fully configured and ready to use on your server.

Note: If you want to manage multiple machines using your Ubuntu server, you will have to repeat steps 1, 2, and 3 on each of the machines. However, in Step 4, to configure the machines as just clients, you should bootstrap them with the IP address of your current Ubuntu server (i.e., the IP address of the policy hub).

Step 5 — Creating Your First Policy

To automate a system administration task using CFEngine, you should create a policy file for it. A policy file is written in CFEngine’s own DSL (Domain Specific Language). The language has a rather steep learning curve, but performing basic tasks with it is easy.

Let us start by creating a simple “Hello World” policy. Use nano or your favorite text editor to create a new file called myPolicy.cf in the /tmp directory:

  1. nano /tmp/myPolicy.cf

The commands you want to execute using CFEngine should be grouped together in a bundle. Bundles can be of different types. For now, you will be creating a bundle that cf-agent can fun. To print a message to the console, the reports promise should be used. Accordingly, add the following code to the file:

bundle agent SayHello {

Save the file and exit.

You can now run your policy using the cf-agent command.

  1. sudo cf-agent -b SayHello /tmp/myPolicy.cf

You should see the following output:

Output of cf-agent
R: Hello!

Step 6 — Adding a Policy to the Policy Server

In the previous step, you ran the policy manually using the cf-agent command. To run the policy automatically — and, more importantly, on multiple machines — you should add it to the policy server. By default, policies added to the server are executed once every 5 minutes by cf-agent.

Let us now write a slightly more advanced policy that creates a file in the /tmp directory.

Use nano or your favorite text editor to create a new file called createFilePolicy.cf:

  1. nano /tmp/createFilePolicy.cf

In this policy, you will be using the files promise to create a file, and the reports promise to display a message that says the file was created.

The following policy creates an empty file named hello.txt in the /tmp directory. Add the following code to the policy:

bundle agent CreateHelloFile {
        create => "true";

      "File created";

Save your file and exit nano.

Run the policy by typing in the following command:

  1. sudo cf-agent -b CreateHelloFile /tmp/createFilePolicy.cf

After it completes, you can run the ls command to see that hello.txt has been created in /tmp.

  1. ls /tmp

Now that we know that our policy doesn’t have any errors and is doing what it is supposed to do, let us add it to the server.

The policy server serves its policies from the /var/cfengine/masterfiles/ directory. Therefore, copy createFilePolicy.cf to masterfiles:

  1. sudo cp /tmp/createFilePolicy.cf /var/cfengine/masterfiles/

Next, for CFEngine to know about your policy file and the bundle inside it, references to them should be added to promises.cf, CFEngine’s main policy file. Use nano to edit promises.cf:

  1. sudo nano /var/cfengine/masterfiles/promises.cf

Add the name of your policy file at the end of the inputs list. After the changes, the list should look like this:

promises.cf excerpt
inputs => {


  # List of services here


Make sure you don’t omit the comma at the end of the line.

Additionally, the name of the bundle in your policy file should be mentioned in the bundlesequence list toward the top of the file. Add CreateHelloFile as the last item of bundlesequence:

promises.cf excerpt
bundlesequence => {

     # Agent bundle
      cfe_internal_management,   # See cfe_internal/CFE_cfengine.cf



Make sure you don’t omit the comma at the end of the line, too. Save the file and exit.

Your policy has now been added to the policy server, and will be run every five minutes. This means that even if you delete /tmp/hello.txt, CFEngine will automatically create it again after five minutes.

If you want to remove the policy, you should first delete the name of the bundle and the name of the policy file from promises.cf, and then move the policy file out of the masterfiles directory.


In this tutorial, you learned how to install the latest version of CFEngine Community Edition on an Ubuntu 14.04 server using CFEngine’s package repositories. You also learned how to create and run simple policies, both manually and automatically. You can now use CFEngine to manage the configuration of your server.

To learn more about the DSL, refer to the CFEngine 3.6 Manual.

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

Learn more about our products

About the authors
Default avatar
Hathy A


Default avatar

staff technical writer

hi! i write do.co/docs now, but i used to be the senior tech editor publishing tutorials here in the community.

Still looking for an answer?

Ask a questionSearch for more help

Was this helpful?

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Was greatly helpful thanks guys

Hey, Hathy, thanks for the great tutorial!

I work on the CFEngine team and we’d like to get in contact with you. Could you send me an e-mail to ole ( at ) cfengine.com ?

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Join the Tech Talk
Success! Thank you! Please check your email for further details.

Please complete your information!

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel