Cfengine
Encyclopedia
CFEngine is a popular open source
configuration management
system, written by Mark Burgess
.
Its primary function is to provide automated configuration and
maintenance of large-scale computer systems, including the unified management of servers
, desktops
, embedded networked devices, mobile smartphones
, and tablet computers
.
, Norway) to get his work done by automating the management of a small group of workstations in the Department of Theoretical Physics. Like many post-docs and PhD students, Burgess ended up with the task of managing Unix workstations, scripting and fixing problems for users manually. Scripting took too much time, the flavours of Unix were significantly different, and scripts had to be maintained for multiple platforms, drowning in exception logic.
After discussing the problems with a colleague, Bugess wrote the first version of CFEngine (the configuration engine) which was published as an internal report and presented at the CERN computing conference. It gained significant attention from a wider community because it was able to hide platform differences using a domain-specific language.
A year later, Burgess finished his post-doc but decided to stay in Oslo and took at job lecturing at Oslo University College
. Here he realized that there was little or no research being done into configuration management
, and he set about applying the principles of scientific modelling to understanding computer systems. In a short space of time, he developed the notion of convergent operators, which remains a core of CFEngine.
In 1998, dissatisfied with the level of understanding in the area and the ad hoc discussions of computer security at the time, Burgess wrote "Computer Immunology", a paper at the USENIX/LISA08 conference. It laid out a manifesto for creating self-healing systems, reiterated a few years later by at IBM in their form of Autonomic Computing
. This started a research effort which led to a major re-write, CFEngine 2, which added features for machine learning, anomaly detection and secure communications.
as a computing platform.
During this time, Mark Burgess developed Promise Theory
, a model of distributed cooperation for self-helaing automation..
In 2008, after more than five years of research, CFEngine 3 was introduced, which incorporated Promise Theory as "a way to make CFEngine both simpler and more powerful at the same time," according to Burgess. The most significant re-write of the project to date, CFEngine 3 also integrated knowledge management and discovery mechanisms -- allowing configuration management to scale to automate enterprise-class infrastructure.
hosts. CFEngine can be used on Windows hosts, and is widely used for managing large numbers of Unix hosts that run heterogeneous operating systems e.g. Solaris, Linux
, AIX
, and HPUX. Statistics collected by the supporting commercial company CFEngine AS indicate hundreds of thousands of hosts running cfengine, with the largest sites recorded at 50,000.
management. The CFEngine project claims to attempt to place the problem of configuration
management in a scientific framework. Its author Mark Burgess
has developed a range of theoretical tools and results to talk about the problem,
and has written several text books and monograph
s explaining them.
between author Mark Burgess, Oslo University College and the Oslo Innovation Centre in order to support users of CFEngine. In April 2009, the company launched the first commercial version of CFEngine - CFEngine Nova. Current version of CFEngine Nova is 2.0. February 2011, the company received its first round of funding, from FERD Capital. The company has offices in Oslo, Norway and Palo Alto, California, United States of America. Haavard Nord, one of the founders of Qt, is the chairman, Thomas Ryd the CEO, and Mark Burgess acts as the CTO.
computer configuration should be carried out in a convergent manner.
This means that each change operation made by the agent should have the
character of a fixed point
. Rather than describing the
steps needed to make a change, CFEngine language describes the final state in which
one wants to end up. The agent then ensures that the necessary steps are
taken to end up in this "policy compliant state". Thus, CFEngine can be run again and
again, whatever the initial state of a system, and it will end up with a predictable
result. CFEngine supports the item of statistical compliance with policy, meaning that a system can never guarantee
to be exactly in an ideal or desired state, rather one approaches (converges) towards the desired state by best-effort, at a rate that is determined by the ratio of the frequency of environmental change to the rate of CFEngine execution.
companies, as well as in many universities and governmental
institutions. Sites as large as 50,000 machines are reported, while
sites of several thousand hosts running under cfengine are common.
According to statistics from the Cfengine AS, probably several million
computers run CFEngine around the world, and users from more than 100 countries have been registered.
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
configuration management
Configuration management
Configuration management is a field of management that focuses on establishing and maintaining consistency of a system or product's performance and its functional and physical attributes with its requirements, design, and operational information throughout its life.For information assurance, CM...
system, written by Mark Burgess
Mark Burgess (computer scientist)
Mark Burgess is a researcher and writer at Oslo University College in Norway, who is well known for work in computer science in the field of policy-based configuration management....
.
Its primary function is to provide automated configuration and
maintenance of large-scale computer systems, including the unified management of servers
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
, desktops
Desktop computer
A desktop computer is a personal computer in a form intended for regular use at a single location, as opposed to a mobile laptop or portable computer. Early desktop computers are designed to lay flat on the desk, while modern towers stand upright...
, embedded networked devices, mobile smartphones
Smartphone
A smartphone is a high-end mobile phone built on a mobile computing platform, with more advanced computing ability and connectivity than a contemporary feature phone. The first smartphones were devices that mainly combined the functions of a personal digital assistant and a mobile phone or camera...
, and tablet computers
Tablet computer
A tablet computer, or simply tablet, is a complete mobile computer, larger than a mobile phone or personal digital assistant, integrated into a flat touch screen and primarily operated by touching the screen...
.
History: CFEngine 1 & CFEngine 2
The CFEngine project began in 1993 as a way for author Mark Burgess (then a post-doctoral fellow of the Royal Society at Oslo UniversityUniversity of Oslo
The University of Oslo , formerly The Royal Frederick University , is the oldest and largest university in Norway, situated in the Norwegian capital of Oslo. The university was founded in 1811 and was modelled after the recently established University of Berlin...
, Norway) to get his work done by automating the management of a small group of workstations in the Department of Theoretical Physics. Like many post-docs and PhD students, Burgess ended up with the task of managing Unix workstations, scripting and fixing problems for users manually. Scripting took too much time, the flavours of Unix were significantly different, and scripts had to be maintained for multiple platforms, drowning in exception logic.
After discussing the problems with a colleague, Bugess wrote the first version of CFEngine (the configuration engine) which was published as an internal report and presented at the CERN computing conference. It gained significant attention from a wider community because it was able to hide platform differences using a domain-specific language.
A year later, Burgess finished his post-doc but decided to stay in Oslo and took at job lecturing at Oslo University College
Oslo University College
Oslo University College , Norwegian: Høgskolen i Oslo is the largest state university college in Norway, with more than 11,000 students and approx. 1100 employees...
. Here he realized that there was little or no research being done into configuration management
Configuration management
Configuration management is a field of management that focuses on establishing and maintaining consistency of a system or product's performance and its functional and physical attributes with its requirements, design, and operational information throughout its life.For information assurance, CM...
, and he set about applying the principles of scientific modelling to understanding computer systems. In a short space of time, he developed the notion of convergent operators, which remains a core of CFEngine.
In 1998, dissatisfied with the level of understanding in the area and the ad hoc discussions of computer security at the time, Burgess wrote "Computer Immunology", a paper at the USENIX/LISA08 conference. It laid out a manifesto for creating self-healing systems, reiterated a few years later by at IBM in their form of Autonomic Computing
Autonomic Computing
Autonomic Computing refers to the self-managing characteristics of distributed computing resources, adapting to unpredictable changes whilst hiding intrinsic complexity to operators and users...
. This started a research effort which led to a major re-write, CFEngine 2, which added features for machine learning, anomaly detection and secure communications.
CFEngine 3: Promise Theory
Between 1998 and 2004, CFEngine grew in adoption along with the popularity of LinuxLinux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
as a computing platform.
During this time, Mark Burgess developed Promise Theory
Promise theory
Promise theory is a model of voluntary cooperation between individual, autonomous actors or agents who publish their intentions to one another in the form of promises. A promise is a declaration of intent whose purpose is to increase the recipient's certainty about a claim of past, present or...
, a model of distributed cooperation for self-helaing automation..
In 2008, after more than five years of research, CFEngine 3 was introduced, which incorporated Promise Theory as "a way to make CFEngine both simpler and more powerful at the same time," according to Burgess. The most significant re-write of the project to date, CFEngine 3 also integrated knowledge management and discovery mechanisms -- allowing configuration management to scale to automate enterprise-class infrastructure.
Portability
CFEngine provides an operating system-independent interface to Unix-like host configuration. It requires some expert knowledge to deal with peculiarities of different operating systems, but has the power to perform maintenance actions across multiple Unix-likeUnix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
hosts. CFEngine can be used on Windows hosts, and is widely used for managing large numbers of Unix hosts that run heterogeneous operating systems e.g. Solaris, Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
, AIX
AIX operating system
AIX AIX AIX (Advanced Interactive eXecutive, pronounced "a i ex" is a series of proprietary Unix operating systems developed and sold by IBM for several of its computer platforms...
, and HPUX. Statistics collected by the supporting commercial company CFEngine AS indicate hundreds of thousands of hosts running cfengine, with the largest sites recorded at 50,000.
Research-based
Shortly after its inception, CFEngine inspired a field of research into automated configurationmanagement. The CFEngine project claims to attempt to place the problem of configuration
management in a scientific framework. Its author Mark Burgess
Mark Burgess (computer scientist)
Mark Burgess is a researcher and writer at Oslo University College in Norway, who is well known for work in computer science in the field of policy-based configuration management....
has developed a range of theoretical tools and results to talk about the problem,
and has written several text books and monograph
Monograph
A monograph is a work of writing upon a single subject, usually by a single author.It is often a scholarly essay or learned treatise, and may be released in the manner of a book or journal article. It is by definition a single document that forms a complete text in itself...
s explaining them.
Commercialization
In June 2008 the company CFEngine AS was formed as a collaborationbetween author Mark Burgess, Oslo University College and the Oslo Innovation Centre in order to support users of CFEngine. In April 2009, the company launched the first commercial version of CFEngine - CFEngine Nova. Current version of CFEngine Nova is 2.0. February 2011, the company received its first round of funding, from FERD Capital. The company has offices in Oslo, Norway and Palo Alto, California, United States of America. Haavard Nord, one of the founders of Qt, is the chairman, Thomas Ryd the CEO, and Mark Burgess acts as the CTO.
Convergence
One of the main ideas in CFEngine is that changes incomputer configuration should be carried out in a convergent manner.
This means that each change operation made by the agent should have the
character of a fixed point
Fixed point (mathematics)
In mathematics, a fixed point of a function is a point that is mapped to itself by the function. A set of fixed points is sometimes called a fixed set...
. Rather than describing the
steps needed to make a change, CFEngine language describes the final state in which
one wants to end up. The agent then ensures that the necessary steps are
taken to end up in this "policy compliant state". Thus, CFEngine can be run again and
again, whatever the initial state of a system, and it will end up with a predictable
result. CFEngine supports the item of statistical compliance with policy, meaning that a system can never guarantee
to be exactly in an ideal or desired state, rather one approaches (converges) towards the desired state by best-effort, at a rate that is determined by the ratio of the frequency of environmental change to the rate of CFEngine execution.
User base
CFEngine is used in both large and smallcompanies, as well as in many universities and governmental
institutions. Sites as large as 50,000 machines are reported, while
sites of several thousand hosts running under cfengine are common.
According to statistics from the Cfengine AS, probably several million
computers run CFEngine around the world, and users from more than 100 countries have been registered.
See also
- Comparison of open source configuration management softwareComparison of open source configuration management softwareThis is a comparison of free and open source configuration management software.- Basic properties :- Platform support :Note: This means platforms on which a recent version of the tool has actually been used successfully, not platforms where it should theoretically work since it's written in good...
- Anomaly-based intrusion detection systemAnomaly-based intrusion detection systemAn Anomaly-Based Intrusion Detection System, is a system for detecting computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous. The classification is based on heuristics or rules, rather than patterns or signatures, and will detect any type of...
- Host-based intrusion detection systemHost-based intrusion detection systemA host-based intrusion detection system is an intrusion detection system that monitors and analyzes the internals of a computing system as well as the network packets on its network interfaces...
External links
- CFEngine.com
- Mark Burgess's talk about CFEngine at Google Tech Talks on YouTube
- CFEngine Introduction (Spanish)