vagrant & cfengine - lopsa east 2013
DESCRIPTION
LOPSA East 2013: New Brunswick, NJ Getting started with Vagrant and CFEngine. Walk away with a cross platform (Windows, Mac, Linux) demo environment consisting of one CFEngine hub and 2 nodes using a dynamic Vagrant configuration and some example CFEngine 3 policy to get you started. If you attended or watched the video of this presentation (link to be added) please consider filling out the trainer survey. http://lopsa-east.org/2013/training-surveyTRANSCRIPT
![Page 1: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/1.jpg)
www.cfengine.com
Vagrant & CFEngine
![Page 2: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/2.jpg)
5/2/13
Hi, my name is Nick.
● Sysadmin > 10 Yers● Work @CFEngine● Live in Lawrence, KS● @cmdln_● http://ww.cmdln.org
![Page 3: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/3.jpg)
5/2/13
Who are you?
● What's your name?● Are you a sysadmin?
● Why did you choose this session?
![Page 4: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/4.jpg)
5/2/13
What is Vagrant?
Tool to make working with development environments easy.
Create, configure, destroy lightweight, reproducible, and portable environments.
● Created by Mitchell Hashimoto
● @mitchelh
● http://www.vagrantup.com
![Page 5: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/5.jpg)
5/2/13
Provides common environment
DesignersDevelopersOperations
QA
![Page 6: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/6.jpg)
5/2/13
Easy to use
vagrant upvagrant destroy
!-2
![Page 7: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/7.jpg)
5/2/13
Portable
● VirtualBox● AWS● VMware● More● https://github.com/mitchellh/vagrant/wiki/Available-Vagrant-Plugins
![Page 8: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/8.jpg)
5/2/13
How can it help?
● Developer on-boarding
● Quickly setup/tear down test environments in repeatable fashion
● CI● Bug Validation● Ad-hoc Demos
![Page 9: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/9.jpg)
5/2/13
Install Virtualbox
http://www.virtualbox.org/wiki/Downloads
resources/installers/virtualbox
![Page 10: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/10.jpg)
5/2/13
Install Vagrant
http://downloads.vagrantup.com
resources/installers/vagrant
![Page 11: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/11.jpg)
5/2/13
Vagrantfile
● Describe the type of machine(s) required for a project● Syntax of Vagrantfile is Ruby, but knowledge of the Ruby language is not
necessary. It's mostly simple variable assignment.
Vagrant.configure("2") do |config|
# All Vagrant configuration is done here. The most common configuration
# options are documented and commented below. For a complete reference,
# please see the online documentation at vagrantup.com.
# Every Vagrant virtual environment requires a box to build off of.
config.vm.box = "centos-5.x-i386_nickanderson_201304271927"
end
![Page 12: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/12.jpg)
5/2/13
Boxes
● Predefined operating system install● Provider specific
● http://www.vagrantbox.es● Veewee (build your own) thanks
@patrickdebois
– Kickstart/preseed, postinstall scripts
![Page 13: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/13.jpg)
5/2/13
Automagic
● Ssh automatic port forwards● Shared project folder /vagrant
![Page 14: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/14.jpg)
5/2/13
vagrant-vbguest
● Vagrant plug-in which automatically installs the host's VirtualBox Guest Additions on the guest system.
● vagrant plug-in install vagrant-vbguest● If you're lucky, vagrant-vbguest does not require
any configurations. However, here is an example
config.vbguest.auto_update = true/false● https://github.com/dotless-de/vagrant-vbguest
![Page 15: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/15.jpg)
5/2/13
Getting started
● vagrant box list● vagrant box add● vagrant init● vagrant status● vagrant up● vagrant ssh● vagrant destroy
● vagrant up● vagrant status● vagrant ssh
– vagrant ssh node
● vagrant destroy
![Page 16: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/16.jpg)
5/2/13
This is fantastic!
![Page 17: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/17.jpg)
5/2/13
Build base boxes for all the things!
![Page 18: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/18.jpg)
![Page 19: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/19.jpg)
Black Hole
![Page 20: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/20.jpg)
5/2/13
Automating Vagrant Provisioning
● Ansible● CFEngine● Chef● Puppet● Salt Stack● Shell Scripts● MixnMatch!
![Page 21: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/21.jpg)
5/2/13
CFEngine
● IT infrastructure automation, compliance, and knowledge management framework
● Opensource and Commercial Software
● Originally written by Mark Burgess
● @markburgess_osl
● http://www.cfengine.com
![Page 22: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/22.jpg)
5/2/13
CFEngine History
● First released in 1993● CFEngine 2 released in 1998, self healing
computer immunology. Added machine learning and anomaly detection.
● 2003 Promise Theory work began● 2008 CFEngine 3 released. Integrates
knowledge management and discovery mechanisms.
![Page 23: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/23.jpg)
5/2/13
CFEngine Properties
● Declarative syntax (Promises)
![Page 24: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/24.jpg)
5/2/13
Promise Theory
● A model of voluntary cooperation between individual, autonomous actors or agents who publish their intentions to one another in the form of promises.
● A file can make promises about its own contents, permissions, existence etc …
● A process can make a promise that it will be running, number of matching processes, owner etc ...
![Page 25: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/25.jpg)
5/2/13
CFEngine Properties
● Declarative syntax (Promises)
● Pull model
● Convergence
![Page 26: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/26.jpg)
5/2/13
CFEngine Components
● cf-agent – instigator of change
● cf-execd – cf-agent launcher daemon and output processor
● cf-serverd – File server, also listens for remote requests to execute cf-agent
● cf-monitord – statistical information collector
![Page 27: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/27.jpg)
5/2/13
So why is this a good thing?
● Make changes in minutes with precision
● Easier to share specific configuration details
● Brings configuration knowledge to the forefront
![Page 28: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/28.jpg)
5/2/13
Bootstrap a test environment
![Page 29: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/29.jpg)
5/2/13
Editor War!
● I prefer vim, and it's fun to mess with the emacs people
● services/editor_war.cf
![Page 30: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/30.jpg)
5/2/13
Definitions
● Policy - A policy is a set of intentions about the system, coded as a list of promises. A policy is not a standard, but the result of specific organizational management decisions.
● Promise - The CFEngine software manages every intended system outcome as `promises' to be kept. A CFEngine Promise corresponds roughly to a rule in other software products, but importantly promises are always things that can be kept and repaired continuously, on a real time basis, not just once at install-time.
● Bundle – A collection of promises that has a name● Body - A promise body is the description of exactly what is promised (as opposed to what/who
is making the promise). The term `body' is used in the CFEngine syntax to mean a small template that can be used to contribute as part of a larger promise body.
● Promiser – The object that makes a promise. (file, package, process, command, ect …)● Promisee (stakeholder) – Who cares about a specific promise. ● Class (context) – True/False propositions. All decisions are made with classes. Hard
(discovered/builtin) and soft (user-defined).
![Page 31: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/31.jpg)
![Page 32: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/32.jpg)
5/2/13
Wage War
● Remove Disallowed Packages– vagrant ssh hub
– watch rpm -q emacs-nox
– Uncomment disallowed_packages to activate policy. Watch it get fixed.
● Install Required Packages– watch rpm -q vim-enhanced
– Uncomment required_packages to activate policy
![Page 33: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/33.jpg)
5/2/13
More Nodes!
● Increase nodes to 2 in Vagrantfile● vagrant up● vagrant ssh node00{1,2}
![Page 34: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/34.jpg)
5/2/13
Webserver
● services/webserver.cf● Activated from bundle agent main in
promises.cf● Lets ensure its present and on
– node001 http://localhost:9003
– node002 http://localhost:9004
![Page 35: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/35.jpg)
5/2/13
Questions/Discussion?
![Page 36: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/36.jpg)
5/2/13
Thank You!
![Page 37: Vagrant & CFEngine - LOPSA East 2013](https://reader034.vdocuments.mx/reader034/viewer/2022042813/5402c6648d7f72d64a8b464a/html5/thumbnails/37.jpg)
Please fill out the Trainer EvaluationPlease fill out the Trainer Evaluation
Rate LOPSA-East ‘13Rate LOPSA-East ‘13
http://lopsa-east.org/2013/training-survey
Thank You for Attending LOPSA-East ‘13Thank You for Attending LOPSA-East ‘13
http://www.lopsa-east.org/2013/rate-lopsa-east-13