SlideShare a Scribd company logo

ncf - a powerful and structured CFEngine framework

RUDDER
RUDDER

After 4 years of "experience in the trenches" providing enterprise configuration management solutions based on CFEngine 3, it became clear that our customers wanted CFEngine's speed, small footprint, and features but were having a hard time with the language and tooling, and needed an easier way. The goal of ncf is to abstract the knowledge of "how" to achieve tasks in CFEngine, and expose these capabilities for non-expert users. Thus, you can express your intent in a very succinct and expressive manner, integrating simply with CFEngine and its power, while keeping everything "under the hood" tunable. ncf promotes DRY-ness and sharing knowledge. It is built from the ground-up to be easy to learn, flexible and extensible. The framework is written in pure CFEngine language, introducing a well-structured design built on multiple decoupled layers with clearly-defined interfaces and roles. In our presentation we will introduce ncf and explain how ncf can be used to solve real-world examples, explain our design choices, the architectural approach taken, and demo the new magic at our finger tips to build CFEngine solutions that are extensible and easier to work with.

TechnologyEducation
1 of 26
Download to read offline
ncf A powerful and structured CFEngine framework Jonathan CLARKE – jcl@normation.com @jooooooon42 (that's 7 'o's) Normation – CC-BY-SA normation.com
Who am I? ● ncf www.ncf.io Jonathan Clarke ● Title: Co-founder & Product lead at Normation ● Origins: Sysadmin, infrastructure management ● Now: Automation + “running a company”-stuff ● Contributor to free software: – – ● Co-creator of Rudder Contributor to CFEngine, OpenLDAP Co-organizer of events: Normation – CC-BY-SA normation.com 2
Intro ncf www.ncf.io This presentation is about cakes Photo CC BY 2.0 from http://www.flickr.com/photos/misscreativecakes/ Normation – CC-BY-SA normation.com 3
ncf Intro www.ncf.io Reminder: how are cakes made? 1. Ingredients 2. Recipes + Photo CC BY-NC 2.0 from Normation – CC-BY-SA http://www.flickr.com/photos/tnemily/ normation.com 4
ncf Background www.ncf.io A bunch of CFEngine consultants > 4 years ● Multiple companies: small, large & huge ● Various uses: security, provisioning, DR... ● We always got the same feedback Normation – CC-BY-SA normation.com 5
ncf Feedback #1: CFEngine rocks! www.ncf.io CFEngine rocks Small footprint, scalable A few MB of RAM, just seconds to run... Continuous checking Agent based approach, no push Multi-platform Linux, Android, BSD, AIX, HP-UX, Solaris, Windows... Resilient to errors Network outages, failures, unavailable resources... Open Source GPLv3 Normation – CC-BY-SA normation.com 6
ncf Feedback #2: CFEngine is hard! www.ncf.io CFEngine is hard Steep learning curve Syntax is unusual, hard to learn and understand Lack of feedback Output is hard to read, “what is going on?” Workarounds for bugs No way of systematically using a workaround Too much “do it yourself” Building your own policy structure from blank slate “Flour, eggs, milk and butter” As in: https://digitalelf.net/2013/04/a-case-study-in-cfengine-layout/ Normation – CC-BY-SA normation.com 7
Feedback #2: CFEngine is hard! ncf www.ncf.io Learning to bake cakes on your own is frustrating. Photo CC BY-NC-SA 2.0 from http://www.flickr.com/photos/penguincakes/ Normation – CC-BY-SA normation.com 8
ncf Brief dilemma... www.ncf.io Can we fix this? CHALLENGE ACCEPTED. We've worked around this for customers, let's make it reusable! Normation – CC-BY-SA normation.com 9
ncf Approach www.ncf.io Too much do it yourself Building your own policy structure from blank slate 1) Provide a structured layout to start from 2) Provide single-purpose, reusable “methods” to get the basics done Normation – CC-BY-SA normation.com 10
ncf Approach www.ncf.io Steep learning curve Syntax is unusual, hard to learn and understand 1) Hide the weirder syntax inside these reusable “methods” 2) Only require a subset of syntax to write everyday policies (method calls) Normation – CC-BY-SA normation.com 11
ncf Approach www.ncf.io Workarounds for bugs No way of systematically using a workaround 1) Implement workarounds into those reusable “methods” (and use them) 2) Automated tests to make sure the bugs don't “come back” Normation – CC-BY-SA normation.com 12
ncf Approach www.ncf.io Lack of feedback Output is hard to read, “what is going on?” 1) Now everything goes through reusable “methods”, build automatic feedback in 2) Make the feedback format customisable and extensible Normation – CC-BY-SA normation.com 13
ncf Result www.ncf.io “Forget baking, I'm gonna get some cakes from the shop” Photo CC BY-NC-SA 2.0 from http://www.flickr.com/photos/omarsc/ Normation – CC-BY-SA normation.com 14
ncf Result www.ncf.io We created ncf ncf is a framework that runs in pure CFEngine language, to help structure CFEngine policy and provide reusable, single purpose components distributed under the GPLv3 license. Normation – CC-BY-SA normation.com 15
Result ncf www.ncf.io Example === 1000 words With ncf: Normation – CC-BY-SA normation.com 16
Result ncf www.ncf.io Example === 1000 words Without ncf: This is actually over-simplified: - No feedback - No exceptions for different OSes - No advanced options Normation – CC-BY-SA normation.com 17
ncf Result www.ncf.io Example === 1000 words With ncf, automatic feedback: R: [DEBUG] R: [INFO] ntp.conf R: [INFO] R: [DEBUG] Promise kept, not doing anything: Install package ntp in version latest Promise repaired, made a change: Build file /etc/ntp.conf from template Promise repaired, made a change: Restart service ntp Promise kept, not doing anything: Ensure that service ntp is running Normation – CC-BY-SA normation.com 18
ncf How does it work? www.ncf.io How does it work? CFEngine 3 can have self-contained “bundles” that you can call with parameters. ntp package_install file_from_template logger service_restart Outputs structured messages Normation – CC-BY-SA normation.com 19
ncf A layered approach www.ncf.io A layered approach Services Techniques IT services: “Corporate web site” Components of services: “Apache” IT Ops Knowledge Shared information: “httpd” package name Generic methods Unit tasks: “Copy file”, “Install package” CFEngine basics ncf internals CFEngine standard libraries Framework config and magic :) Normation – CC-BY-SA normation.com 20
ncf A layered approach www.ncf.io A layered approach Services Techniques IT services: “Corporate web site” Components of services: “Apache” IT Ops Knowledge Shared information: “httpd” package name Generic methods Unit tasks: “Copy file”, “Install package” CFEngine basics ncf internals CFEngine standard libraries Framework config and magic :) Normation – CC-BY-SA normation.com 21
ncf Philosophy www.ncf.io Core principles DRY KISS Objective not subjective Open source Extensible Each generic_method does one thing and one thing only Normation – CC-BY-SA normation.com 22
Available generic_methods ncf www.ncf.io Normation – CC-BY-SA normation.com 23
Online documentation ncf www.ncf.io http://www.ncf.io/pages/reference.html Normation – CC-BY-SA normation.com 24
Current status ncf www.ncf.io Project is young, but robust Need more generic methods Ohloh statistics: Actually CFEngine Source: http://www.ohloh.net/p/ncf-project Normation – CC-BY-SA normation.com 25
Questions? Check it out on: http://www.ncf.io/ Jonathan CLARKE – jcl@normation.com @jooooooon42 (that's 7 'o's) Normation – CC-BY-SA normation.com

Recommended

Using ncf building blocks to help writing CFEngine policies
Using ncf building blocks to help writing CFEngine policiesUsing ncf building blocks to help writing CFEngine policies
Using ncf building blocks to help writing CFEngine policiesRUDDER
 
O'Reilly Security - Continuous Auditing For Effective Compliance with Rudder
O'Reilly Security - Continuous Auditing For Effective Compliance with RudderO'Reilly Security - Continuous Auditing For Effective Compliance with Rudder
O'Reilly Security - Continuous Auditing For Effective Compliance with RudderRUDDER
 
Testing CFEngine policy
Testing CFEngine policyTesting CFEngine policy
Testing CFEngine policyMichael Clelland
 
CFEngine - company, mission, offering and partners
CFEngine - company, mission, offering and partnersCFEngine - company, mission, offering and partners
CFEngine - company, mission, offering and partnersRUDDER
 
Cfengine presentation at the RMLL
Cfengine presentation at the RMLLCfengine presentation at the RMLL
Cfengine presentation at the RMLLRUDDER
 
Config Management Camp 2015 - How to Deploy CFEngine in the Open Internet
Config Management Camp 2015 - How to Deploy CFEngine in the Open InternetConfig Management Camp 2015 - How to Deploy CFEngine in the Open Internet
Config Management Camp 2015 - How to Deploy CFEngine in the Open InternetCFEngine
 
Configuration management: automating and rationalizing server setup with CFEn...
Configuration management: automating and rationalizing server setup with CFEn...Configuration management: automating and rationalizing server setup with CFEn...
Configuration management: automating and rationalizing server setup with CFEn...RUDDER
 
Configuration management 101 - A tale of disaster recovery using CFEngine 3
Configuration management 101 - A tale of disaster recovery using CFEngine 3Configuration management 101 - A tale of disaster recovery using CFEngine 3
Configuration management 101 - A tale of disaster recovery using CFEngine 3RUDDER
 

Recommended

Using ncf building blocks to help writing CFEngine policies
Using ncf building blocks to help writing CFEngine policiesUsing ncf building blocks to help writing CFEngine policies
Using ncf building blocks to help writing CFEngine policiesRUDDER
 
O'Reilly Security - Continuous Auditing For Effective Compliance with Rudder
O'Reilly Security - Continuous Auditing For Effective Compliance with RudderO'Reilly Security - Continuous Auditing For Effective Compliance with Rudder
O'Reilly Security - Continuous Auditing For Effective Compliance with RudderRUDDER
 
Testing CFEngine policy
Testing CFEngine policyTesting CFEngine policy
Testing CFEngine policyMichael Clelland
 
CFEngine - company, mission, offering and partners
CFEngine - company, mission, offering and partnersCFEngine - company, mission, offering and partners
CFEngine - company, mission, offering and partnersRUDDER
 
Cfengine presentation at the RMLL
Cfengine presentation at the RMLLCfengine presentation at the RMLL
Cfengine presentation at the RMLLRUDDER
 
Config Management Camp 2015 - How to Deploy CFEngine in the Open Internet
Config Management Camp 2015 - How to Deploy CFEngine in the Open InternetConfig Management Camp 2015 - How to Deploy CFEngine in the Open Internet
Config Management Camp 2015 - How to Deploy CFEngine in the Open InternetCFEngine
 
Configuration management: automating and rationalizing server setup with CFEn...
Configuration management: automating and rationalizing server setup with CFEn...Configuration management: automating and rationalizing server setup with CFEn...
Configuration management: automating and rationalizing server setup with CFEn...RUDDER
 
Configuration management 101 - A tale of disaster recovery using CFEngine 3
Configuration management 101 - A tale of disaster recovery using CFEngine 3Configuration management 101 - A tale of disaster recovery using CFEngine 3
Configuration management 101 - A tale of disaster recovery using CFEngine 3RUDDER
 
What if configuration management didn't need to be lvl60 in dev?
What if configuration management didn't need to be lvl60 in dev?What if configuration management didn't need to be lvl60 in dev?
What if configuration management didn't need to be lvl60 in dev?RUDDER
 
Servers compliance: audit, remediation, proof
Servers compliance: audit, remediation, proofServers compliance: audit, remediation, proof
Servers compliance: audit, remediation, proofRUDDER
 
OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?
OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?
OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?RUDDER
 
OW2Con - Configurations, do you prove yours?
OW2Con - Configurations, do you prove yours?OW2Con - Configurations, do you prove yours?
OW2Con - Configurations, do you prove yours?RUDDER
 
The new plugin ecosystem in RUDDER 5.0
The new plugin ecosystem in RUDDER 5.0The new plugin ecosystem in RUDDER 5.0
The new plugin ecosystem in RUDDER 5.0RUDDER
 
What uses for observing operations of Configuration Management?
What uses for observing operations of Configuration Management?What uses for observing operations of Configuration Management?
What uses for observing operations of Configuration Management?RUDDER
 
UX challenges of a UI-centric config management tool
UX challenges of a UI-centric config management toolUX challenges of a UI-centric config management tool
UX challenges of a UI-centric config management toolRUDDER
 
What happened in RUDDER in 2018 and what’s next?
What happened in RUDDER in 2018 and what’s next?What happened in RUDDER in 2018 and what’s next?
What happened in RUDDER in 2018 and what’s next?RUDDER
 
What is RUDDER and when should I use it?
What is RUDDER and when should I use it?What is RUDDER and when should I use it?
What is RUDDER and when should I use it?RUDDER
 
Fosdem - Configurations do you prove yours?
Fosdem - Configurations do you prove yours?Fosdem - Configurations do you prove yours?
Fosdem - Configurations do you prove yours?RUDDER
 
L'audit en continu : clé de la conformité démontrable (#POSS 2018)
L'audit en continu : clé de la conformité démontrable (#POSS 2018)L'audit en continu : clé de la conformité démontrable (#POSS 2018)
L'audit en continu : clé de la conformité démontrable (#POSS 2018)RUDDER
 
Fiabilité et conformité continues en production avec Rudder (#BBOOST 2018)
Fiabilité et conformité continues en production avec Rudder (#BBOOST 2018)Fiabilité et conformité continues en production avec Rudder (#BBOOST 2018)
Fiabilité et conformité continues en production avec Rudder (#BBOOST 2018)RUDDER
 
Stay up - voyage d'un éditeur de logiciels libres
Stay up - voyage d'un éditeur de logiciels libresStay up - voyage d'un éditeur de logiciels libres
Stay up - voyage d'un éditeur de logiciels libresRUDDER
 
How we scaled Rudder to 10k, and the road to 50k
How we scaled Rudder to 10k, and the road to 50kHow we scaled Rudder to 10k, and the road to 50k
How we scaled Rudder to 10k, and the road to 50kRUDDER
 
What's new and what's next in Rudder
What's new and what's next in RudderWhat's new and what's next in Rudder
What's new and what's next in RudderRUDDER
 
Poss 2017 : gestion des configurations et mise en conformité chez un service ...
Poss 2017 : gestion des configurations et mise en conformité chez un service ...Poss 2017 : gestion des configurations et mise en conformité chez un service ...
Poss 2017 : gestion des configurations et mise en conformité chez un service ...RUDDER
 
Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...
Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...
Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...RUDDER
 
POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...
POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...
POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...RUDDER
 
DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...
DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...
DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...RUDDER
 
RUDDER - Continuous Configuration (configuration management + continuous aud...
RUDDER - Continuous Configuration (configuration management + continuous aud... RUDDER - Continuous Configuration (configuration management + continuous aud...
RUDDER - Continuous Configuration (configuration management + continuous aud...RUDDER
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 

More Related Content

More from RUDDER

What if configuration management didn't need to be lvl60 in dev?
What if configuration management didn't need to be lvl60 in dev?What if configuration management didn't need to be lvl60 in dev?
What if configuration management didn't need to be lvl60 in dev?RUDDER
 
Servers compliance: audit, remediation, proof
Servers compliance: audit, remediation, proofServers compliance: audit, remediation, proof
Servers compliance: audit, remediation, proofRUDDER
 
OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?
OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?
OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?RUDDER
 
OW2Con - Configurations, do you prove yours?
OW2Con - Configurations, do you prove yours?OW2Con - Configurations, do you prove yours?
OW2Con - Configurations, do you prove yours?RUDDER
 
The new plugin ecosystem in RUDDER 5.0
The new plugin ecosystem in RUDDER 5.0The new plugin ecosystem in RUDDER 5.0
The new plugin ecosystem in RUDDER 5.0RUDDER
 
What uses for observing operations of Configuration Management?
What uses for observing operations of Configuration Management?What uses for observing operations of Configuration Management?
What uses for observing operations of Configuration Management?RUDDER
 
UX challenges of a UI-centric config management tool
UX challenges of a UI-centric config management toolUX challenges of a UI-centric config management tool
UX challenges of a UI-centric config management toolRUDDER
 
What happened in RUDDER in 2018 and what’s next?
What happened in RUDDER in 2018 and what’s next?What happened in RUDDER in 2018 and what’s next?
What happened in RUDDER in 2018 and what’s next?RUDDER
 
What is RUDDER and when should I use it?
What is RUDDER and when should I use it?What is RUDDER and when should I use it?
What is RUDDER and when should I use it?RUDDER
 
Fosdem - Configurations do you prove yours?
Fosdem - Configurations do you prove yours?Fosdem - Configurations do you prove yours?
Fosdem - Configurations do you prove yours?RUDDER
 
L'audit en continu : clé de la conformité démontrable (#POSS 2018)
L'audit en continu : clé de la conformité démontrable (#POSS 2018)L'audit en continu : clé de la conformité démontrable (#POSS 2018)
L'audit en continu : clé de la conformité démontrable (#POSS 2018)RUDDER
 
Fiabilité et conformité continues en production avec Rudder (#BBOOST 2018)
Fiabilité et conformité continues en production avec Rudder (#BBOOST 2018)Fiabilité et conformité continues en production avec Rudder (#BBOOST 2018)
Fiabilité et conformité continues en production avec Rudder (#BBOOST 2018)RUDDER
 
Stay up - voyage d'un éditeur de logiciels libres
Stay up - voyage d'un éditeur de logiciels libresStay up - voyage d'un éditeur de logiciels libres
Stay up - voyage d'un éditeur de logiciels libresRUDDER
 
How we scaled Rudder to 10k, and the road to 50k
How we scaled Rudder to 10k, and the road to 50kHow we scaled Rudder to 10k, and the road to 50k
How we scaled Rudder to 10k, and the road to 50kRUDDER
 
What's new and what's next in Rudder
What's new and what's next in RudderWhat's new and what's next in Rudder
What's new and what's next in RudderRUDDER
 
Poss 2017 : gestion des configurations et mise en conformité chez un service ...
Poss 2017 : gestion des configurations et mise en conformité chez un service ...Poss 2017 : gestion des configurations et mise en conformité chez un service ...
Poss 2017 : gestion des configurations et mise en conformité chez un service ...RUDDER
 
Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...
Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...
Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...RUDDER
 
POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...
POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...
POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...RUDDER
 
DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...
DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...
DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...RUDDER
 
RUDDER - Continuous Configuration (configuration management + continuous aud...
RUDDER - Continuous Configuration (configuration management + continuous aud... RUDDER - Continuous Configuration (configuration management + continuous aud...
RUDDER - Continuous Configuration (configuration management + continuous aud...RUDDER
 

More from RUDDER (20)

What if configuration management didn't need to be lvl60 in dev?
What if configuration management didn't need to be lvl60 in dev?What if configuration management didn't need to be lvl60 in dev?
What if configuration management didn't need to be lvl60 in dev?
 
Servers compliance: audit, remediation, proof
Servers compliance: audit, remediation, proofServers compliance: audit, remediation, proof
Servers compliance: audit, remediation, proof
 
OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?
OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?
OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?
 
OW2Con - Configurations, do you prove yours?
OW2Con - Configurations, do you prove yours?OW2Con - Configurations, do you prove yours?
OW2Con - Configurations, do you prove yours?
 
The new plugin ecosystem in RUDDER 5.0
The new plugin ecosystem in RUDDER 5.0The new plugin ecosystem in RUDDER 5.0
The new plugin ecosystem in RUDDER 5.0
 
What uses for observing operations of Configuration Management?
What uses for observing operations of Configuration Management?What uses for observing operations of Configuration Management?
What uses for observing operations of Configuration Management?
 
UX challenges of a UI-centric config management tool
UX challenges of a UI-centric config management toolUX challenges of a UI-centric config management tool
UX challenges of a UI-centric config management tool
 
What happened in RUDDER in 2018 and what’s next?
What happened in RUDDER in 2018 and what’s next?What happened in RUDDER in 2018 and what’s next?
What happened in RUDDER in 2018 and what’s next?
 
What is RUDDER and when should I use it?
What is RUDDER and when should I use it?What is RUDDER and when should I use it?
What is RUDDER and when should I use it?
 
Fosdem - Configurations do you prove yours?
Fosdem - Configurations do you prove yours?Fosdem - Configurations do you prove yours?
Fosdem - Configurations do you prove yours?
 
L'audit en continu : clé de la conformité démontrable (#POSS 2018)
L'audit en continu : clé de la conformité démontrable (#POSS 2018)L'audit en continu : clé de la conformité démontrable (#POSS 2018)
L'audit en continu : clé de la conformité démontrable (#POSS 2018)
 
Fiabilité et conformité continues en production avec Rudder (#BBOOST 2018)
Fiabilité et conformité continues en production avec Rudder (#BBOOST 2018)Fiabilité et conformité continues en production avec Rudder (#BBOOST 2018)
Fiabilité et conformité continues en production avec Rudder (#BBOOST 2018)
 
Stay up - voyage d'un éditeur de logiciels libres
Stay up - voyage d'un éditeur de logiciels libresStay up - voyage d'un éditeur de logiciels libres
Stay up - voyage d'un éditeur de logiciels libres
 
How we scaled Rudder to 10k, and the road to 50k
How we scaled Rudder to 10k, and the road to 50kHow we scaled Rudder to 10k, and the road to 50k
How we scaled Rudder to 10k, and the road to 50k
 
What's new and what's next in Rudder
What's new and what's next in RudderWhat's new and what's next in Rudder
What's new and what's next in Rudder
 
Poss 2017 : gestion des configurations et mise en conformité chez un service ...
Poss 2017 : gestion des configurations et mise en conformité chez un service ...Poss 2017 : gestion des configurations et mise en conformité chez un service ...
Poss 2017 : gestion des configurations et mise en conformité chez un service ...
 
Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...
Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...
Poss 2017 - la continuité, arme secrète de la gestion du si - cas concret de ...
 
POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...
POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...
POSS 2017 : Comment automatiser son infrastructure quand... on a pas le temps...
 
DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...
DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...
DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...
 
RUDDER - Continuous Configuration (configuration management + continuous aud...
RUDDER - Continuous Configuration (configuration management + continuous aud... RUDDER - Continuous Configuration (configuration management + continuous aud...
RUDDER - Continuous Configuration (configuration management + continuous aud...
 

Recently uploaded

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Recently uploaded (20)

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

ncf - a powerful and structured CFEngine framework

  • 1. ncf A powerful and structured CFEngine framework Jonathan CLARKE – jcl@normation.com @jooooooon42 (that's 7 'o's) Normation – CC-BY-SA normation.com
  • 2. Who am I? ● ncf www.ncf.io Jonathan Clarke ● Title: Co-founder & Product lead at Normation ● Origins: Sysadmin, infrastructure management ● Now: Automation + “running a company”-stuff ● Contributor to free software: – – ● Co-creator of Rudder Contributor to CFEngine, OpenLDAP Co-organizer of events: Normation – CC-BY-SA normation.com 2
  • 3. Intro ncf www.ncf.io This presentation is about cakes Photo CC BY 2.0 from http://www.flickr.com/photos/misscreativecakes/ Normation – CC-BY-SA normation.com 3
  • 4. ncf Intro www.ncf.io Reminder: how are cakes made? 1. Ingredients 2. Recipes + Photo CC BY-NC 2.0 from Normation – CC-BY-SA http://www.flickr.com/photos/tnemily/ normation.com 4
  • 5. ncf Background www.ncf.io A bunch of CFEngine consultants > 4 years ● Multiple companies: small, large & huge ● Various uses: security, provisioning, DR... ● We always got the same feedback Normation – CC-BY-SA normation.com 5
  • 6. ncf Feedback #1: CFEngine rocks! www.ncf.io CFEngine rocks Small footprint, scalable A few MB of RAM, just seconds to run... Continuous checking Agent based approach, no push Multi-platform Linux, Android, BSD, AIX, HP-UX, Solaris, Windows... Resilient to errors Network outages, failures, unavailable resources... Open Source GPLv3 Normation – CC-BY-SA normation.com 6
  • 7. ncf Feedback #2: CFEngine is hard! www.ncf.io CFEngine is hard Steep learning curve Syntax is unusual, hard to learn and understand Lack of feedback Output is hard to read, “what is going on?” Workarounds for bugs No way of systematically using a workaround Too much “do it yourself” Building your own policy structure from blank slate “Flour, eggs, milk and butter” As in: https://digitalelf.net/2013/04/a-case-study-in-cfengine-layout/ Normation – CC-BY-SA normation.com 7
  • 8. Feedback #2: CFEngine is hard! ncf www.ncf.io Learning to bake cakes on your own is frustrating. Photo CC BY-NC-SA 2.0 from http://www.flickr.com/photos/penguincakes/ Normation – CC-BY-SA normation.com 8
  • 9. ncf Brief dilemma... www.ncf.io Can we fix this? CHALLENGE ACCEPTED. We've worked around this for customers, let's make it reusable! Normation – CC-BY-SA normation.com 9
  • 10. ncf Approach www.ncf.io Too much do it yourself Building your own policy structure from blank slate 1) Provide a structured layout to start from 2) Provide single-purpose, reusable “methods” to get the basics done Normation – CC-BY-SA normation.com 10
  • 11. ncf Approach www.ncf.io Steep learning curve Syntax is unusual, hard to learn and understand 1) Hide the weirder syntax inside these reusable “methods” 2) Only require a subset of syntax to write everyday policies (method calls) Normation – CC-BY-SA normation.com 11
  • 12. ncf Approach www.ncf.io Workarounds for bugs No way of systematically using a workaround 1) Implement workarounds into those reusable “methods” (and use them) 2) Automated tests to make sure the bugs don't “come back” Normation – CC-BY-SA normation.com 12
  • 13. ncf Approach www.ncf.io Lack of feedback Output is hard to read, “what is going on?” 1) Now everything goes through reusable “methods”, build automatic feedback in 2) Make the feedback format customisable and extensible Normation – CC-BY-SA normation.com 13
  • 14. ncf Result www.ncf.io “Forget baking, I'm gonna get some cakes from the shop” Photo CC BY-NC-SA 2.0 from http://www.flickr.com/photos/omarsc/ Normation – CC-BY-SA normation.com 14
  • 15. ncf Result www.ncf.io We created ncf ncf is a framework that runs in pure CFEngine language, to help structure CFEngine policy and provide reusable, single purpose components distributed under the GPLv3 license. Normation – CC-BY-SA normation.com 15
  • 16. Result ncf www.ncf.io Example === 1000 words With ncf: Normation – CC-BY-SA normation.com 16
  • 17. Result ncf www.ncf.io Example === 1000 words Without ncf: This is actually over-simplified: - No feedback - No exceptions for different OSes - No advanced options Normation – CC-BY-SA normation.com 17
  • 18. ncf Result www.ncf.io Example === 1000 words With ncf, automatic feedback: R: [DEBUG] R: [INFO] ntp.conf R: [INFO] R: [DEBUG] Promise kept, not doing anything: Install package ntp in version latest Promise repaired, made a change: Build file /etc/ntp.conf from template Promise repaired, made a change: Restart service ntp Promise kept, not doing anything: Ensure that service ntp is running Normation – CC-BY-SA normation.com 18
  • 19. ncf How does it work? www.ncf.io How does it work? CFEngine 3 can have self-contained “bundles” that you can call with parameters. ntp package_install file_from_template logger service_restart Outputs structured messages Normation – CC-BY-SA normation.com 19
  • 20. ncf A layered approach www.ncf.io A layered approach Services Techniques IT services: “Corporate web site” Components of services: “Apache” IT Ops Knowledge Shared information: “httpd” package name Generic methods Unit tasks: “Copy file”, “Install package” CFEngine basics ncf internals CFEngine standard libraries Framework config and magic :) Normation – CC-BY-SA normation.com 20
  • 21. ncf A layered approach www.ncf.io A layered approach Services Techniques IT services: “Corporate web site” Components of services: “Apache” IT Ops Knowledge Shared information: “httpd” package name Generic methods Unit tasks: “Copy file”, “Install package” CFEngine basics ncf internals CFEngine standard libraries Framework config and magic :) Normation – CC-BY-SA normation.com 21
  • 22. ncf Philosophy www.ncf.io Core principles DRY KISS Objective not subjective Open source Extensible Each generic_method does one thing and one thing only Normation – CC-BY-SA normation.com 22
  • 25. Current status ncf www.ncf.io Project is young, but robust Need more generic methods Ohloh statistics: Actually CFEngine Source: http://www.ohloh.net/p/ncf-project Normation – CC-BY-SA normation.com 25
  • 26. Questions? Check it out on: http://www.ncf.io/ Jonathan CLARKE – jcl@normation.com @jooooooon42 (that's 7 'o's) Normation – CC-BY-SA normation.com