Tutorial
How to Install and Use CFEngine Community Edition on Ubuntu 14.04
This tutorial is out of date and no longer maintained.
Status: Deprecated
This article is deprecated and no longer maintained.
Reason
As of April 2019, Ubuntu 14.04 is no longer supported.
See Instead
This article may still be useful as a reference, but may not work or follow best practices.
We strongly recommend using a recent article written for the operating system you are using.
Introduction
If you are looking for a fast and highly scalable configuration management tool for your IT infrastructure, you should give CFEngine a try. Though the functionality it offers is quite similar to that offered by other popular tools such as Puppet and Chef, CFEngine has a much smaller footprint, both in terms of memory and CPU utilization, and is generally faster because it is written in C and thus runs natively on the OS.
In this tutorial, you will learn how to install and use CFEngine Community Edition 3.6.5 on Ubuntu 14.04.
Prerequisites
Before you begin, you should have access to:
- A server running Ubuntu 14.04
- A non-root sudo user
Step 1 — Adding CFEngine’s Package Repositories
To install the latest version of CFEngine using apt-get, you should add CFEngine’s package repositories to your server’s repository list. Use the add-apt-repository command to do so:
- sudo add-apt-repository 'deb http://cfengine.com/pub/apt/packages stable main'
Step 2 — Adding CFEngine’s Public Key
The repository you added in the previous step cannot be used until you also add CFEngine’s public key to APT’s list of trusted keys.
Download CFEngine’s public key using wget.
- wget http://cfengine.com/pub/gpg.key -O /tmp/gpg.key
Use apt-key to add it to the list of trusted keys.
- sudo apt-key add /tmp/gpg.key
Step 3 — Installing CFEngine
You can now use apt-get to install CFEngine Community Edition.
- sudo apt-get update && sudo apt-get install cfengine-community
Before you proceed, verify the installation:
- cf-agent --version
You should see the following output:
CFEngine Core 3.6.5
Step 4 — Starting the Policy Hub
As we are using a single Ubuntu server in this tutorial, we’ll be using it both as a policy hub and as a client. To start CFEngine’s policy hub, you must bootstrap it with your server’s IP address.
- sudo cf-agent --bootstrap your_server_ip
Once this command completes successfully, you will have CFEngine fully configured and ready to use on your server.
Note: If you want to manage multiple machines using your Ubuntu server, you will have to repeat steps 1, 2, and 3 on each of the machines. However, in Step 4, to configure the machines as just clients, you should bootstrap them with the IP address of your current Ubuntu server (i.e., the IP address of the policy hub).
Step 5 — Creating Your First Policy
To automate a system administration task using CFEngine, you should create a policy file for it. A policy file is written in CFEngine’s own DSL (Domain Specific Language). The language has a rather steep learning curve, but performing basic tasks with it is easy.
Let us start by creating a simple “Hello World” policy. Use nano or your favorite text editor to create a new file called myPolicy.cf in the /tmp directory:
- nano /tmp/myPolicy.cf
The commands you want to execute using CFEngine should be grouped together in a bundle. Bundles can be of different types. For now, you will be creating a bundle that cf-agent can fun. To print a message to the console, the reports promise should be used. Accordingly, add the following code to the file:
bundle agent SayHello {
reports:
"Hello!";
}
Save the file and exit.
You can now run your policy using the cf-agent command.
- sudo cf-agent -b SayHello /tmp/myPolicy.cf
You should see the following output:
R: Hello!
Step 6 — Adding a Policy to the Policy Server
In the previous step, you ran the policy manually using the cf-agent command. To run the policy automatically — and, more importantly, on multiple machines — you should add it to the policy server. By default, policies added to the server are executed once every 5 minutes by cf-agent.
Let us now write a slightly more advanced policy that creates a file in the /tmp directory.
Use nano or your favorite text editor to create a new file called createFilePolicy.cf:
- nano /tmp/createFilePolicy.cf
In this policy, you will be using the files promise to create a file, and the reports promise to display a message that says the file was created.
The following policy creates an empty file named hello.txt in the /tmp directory. Add the following code to the policy:
bundle agent CreateHelloFile {
files:
"/tmp/hello.txt"
create => "true";
reports:
"File created";
}
Save your file and exit nano.
Run the policy by typing in the following command:
- sudo cf-agent -b CreateHelloFile /tmp/createFilePolicy.cf
After it completes, you can run the ls command to see that hello.txt has been created in /tmp.
- ls /tmp
Now that we know that our policy doesn’t have any errors and is doing what it is supposed to do, let us add it to the server.
The policy server serves its policies from the /var/cfengine/masterfiles/ directory. Therefore, copy createFilePolicy.cf to masterfiles:
- sudo cp /tmp/createFilePolicy.cf /var/cfengine/masterfiles/
Next, for CFEngine to know about your policy file and the bundle inside it, references to them should be added to promises.cf, CFEngine’s main policy file. Use nano to edit promises.cf:
- sudo nano /var/cfengine/masterfiles/promises.cf
Add the name of your policy file at the end of the inputs list. After the changes, the list should look like this:
inputs => {
...
# List of services here
"services/file_change.cf",
"createFilePolicy.cf",
};
Make sure you don’t omit the comma at the end of the line.
Additionally, the name of the bundle in your policy file should be mentioned in the bundlesequence list toward the top of the file. Add CreateHelloFile as the last item of bundlesequence:
bundlesequence => {
...
# Agent bundle
cfe_internal_management, # See cfe_internal/CFE_cfengine.cf
service_catalogue,
@(cfengine_enterprise_hub_ha.management_bundles),
CreateHelloFile,
};
Make sure you don’t omit the comma at the end of the line, too. Save the file and exit.
Your policy has now been added to the policy server, and will be run every five minutes. This means that even if you delete /tmp/hello.txt, CFEngine will automatically create it again after five minutes.
If you want to remove the policy, you should first delete the name of the bundle and the name of the policy file from promises.cf, and then move the policy file out of the masterfiles directory.
Conclusion
In this tutorial, you learned how to install the latest version of CFEngine Community Edition on an Ubuntu 14.04 server using CFEngine’s package repositories. You also learned how to create and run simple policies, both manually and automatically. You can now use CFEngine to manage the configuration of your server.
To learn more about the DSL, refer to the CFEngine 3.6 Manual.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
author
editor
staff technical writer
hi! i write do.co/docs now, but i used to be the senior tech editor publishing tutorials here in the community.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Get our biweekly newsletter
Sign up for Infrastructure as a Newsletter.
Hollie's Hub for Good
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Become a contributor
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Was greatly helpful thanks guys
Hey, Hathy, thanks for the great tutorial!
I work on the CFEngine team and we’d like to get in contact with you. Could you send me an e-mail to ole ( at ) cfengine.com ?