cfengine is a GNU tool designed to support the automation of system administration tasks, helping to administer "nonhomogeneous distributed systems."
"Cfengine, or the configuration engine is a very high level language for building expert systems for the administration and configuration of large unix networks. Cfengine uses the idea of classes and a primitive form of intelligence to define and automate the configuration of large systems in the most economical way possible. "
The author takes the approach that this should, after a manner of speaking, represent a sort of "system immunology." One should plan to build a set of cfengine "rules" that will be applied to a number of computer systems, that should encourage the systems to converge towards "more stable" states.
Industrial Age Sysadminery: cfengine Deployment and Configuration
The C-based of cfd is not terribly thread-safe, and doesn't cope well if you have a whole lot of clients connecting to a single server. This would, for instance, be the case if you have a network with several hundred client machines that run a cfengine script each hour that might each make a hundred requests of the server.
Cfengine Notes and More Cfengine Notes
Comments by some folks at Argonne Labs that were considering using cfengine to manage system configuration for Chiba City, a 512 CPU Linux cluster intended to explore the issues of managing large clusters used for high performance computing.
Some of the main problems they had with cfengine were that they found scripts somewhat difficult to maintain, and found some problems copying files when servicing large numbers of hosts.
An essay on using cfengine with rdist to distribute ssh host information.
The general idea is to use rsync to 'pull' the known hosts file from a server, instead of using rdist to 'push' the known hosts file from the server. This scheme uses rsync to copy files instead of the internal cfengine "copy engine" because it is able to distribute "deltas" rather than transferring entire files. Thus, it uses cfengine as a 'wrapper' around rsync; rsync handles the file copying chores, while cfengine manages things overall.
FAI (Fully Automatic Installation)
We present a non interactive system, called FAI (Fully Automatic Installation), to install a Debian Linux operating system on a PC cluster.
We take one or more virgin PCs, turn on the power and after a few minutes Linux is installed, configured and running on the whole cluster, without any interaction necessary. In addition, the configuration can be changed automatically on all Linux cluster nodes. Thus we have a scalable method for installing and updating a cluster with little effort involved.
We use the Debian distribution and a collection of shell- and Perl-scripts for the installation process. Changes to the configuration files of the operating system are made by the tool cfengine.
Managing Filesystem ACLs with GNU/Cfengine
An article on the care and feeding of ACLs using cfengine written for the Usenix ;login: magazine.
The creator of cfengine observes that configuring ACLs for Windows NT by hand is a tedious and error-prone task, and suggests that in order to usefully make use of ACLs to secure systems, you need to have some form of "policy engine" to apply the desired policies.
CFEngine Examples - ssh, motd, sudoers, resolver, shell config, ntpd
Sys Admin > v15, i01: Automate System Configurations and Changes with cfengine
Debian Administration :: cfengine [1/3] : A simple overview of cfengine
Debian Administration :: cfengine [2/3] : An introduction to cfengine rules