Use Syntax Highlighters

Highlighting syntax is a big time server. Color highlighting lets you save time and trouble by catching errors early in the development process.

Use a syntax plug-in for your editor!

Revision control system hooks.  Code review.

You can set up a precommit hook to validate syntax before accepting code into your VCS repository; or you can use Jenkins to syntax-check new commits and move them to another branch if they validate.

knife-spork from Etsy is a workflow plugin from Etsy to allow multiple users to work on the same Chef repo/server without stepping on each other’s toes. Spork integrates with graphite and IRC. Good for big teams!
https://github.com/jonlives/knife-spork

Gerrit is a Web-based code review system based on git.
https://code.google.com/p/gerrit/

Use Vagrant to test your code.

http://vagrantup.com/

• Vagrant has provisioners for Ansible, Chef, CFEngine, Puppet and Shell.
• You do have block out or disable external dependencies (since Vagrant is encapsulated).
• SSDs pay for themselves. VMs come up much faster.
• Matt Barr keeps a local copy of CentOS DVD mounted to provide the full repo to his Vagrant VMs. He also deploys new code to VMs automatically.
• Sinatra is a web development framework for minimalists. You can use it to quickly build simulators of external web services inside your Vagrant environment.
• Jenkins can deploy your code into Vagrant VMs

Testing

foodcritic, puppetlint and cf-promises check syntax. But how do you check the output (the modified system)? The answers are unit testing, integration testing and user acceptance testing.

Use Jenkins, TravisCI, etc.

rspec is a Ruby testing framework. You can write tests for your configuration in it.

http://rspec.info/

For Chef, chefspec is an extension to rspec for unit-testing. Also, minitests and test-kitchen (http://www.opscode.com/blog/2012/08/17/announcing-test-kitchen/ and https://github.com/opscode/test-kitchen)

For Puppet: serverspec + rspec do functional checks of remote systems.

User acceptance testing

You can deploys to test VMs first (like Matt does).

You can deploy to “canary” servers (a limited production deploy, AKA “toe-in-the-water” deploy).

External monitoring can be done with traditional tools, such as Nagios.

cucumber-nagios lets you describe how a system should work in natural language, and outputs whether it does in the Nagios plugin format
http://www.cucumber-nagios.org/
http://fooforge.com/2012/11/06/Analyzing-my-OSMC-2012-talk-on-BDI.html

CFEngine is designed to be comprehensive and to let you model nearly any aspect of the system’s configuration. There are 478 unique promise attributes in CFEngine 3.4.0 to enable you to do so.

Here is a detailed listing of all the promise attributes available in CFEngine 3.4.0, and the synopsis for each. For more detail, please consult the syntax guide or the reference manual.

Fortunately CFEngine is also designed to address challenges of Knowledge Management and allows you to summarize and abstract the underlying low-level detail.

Diego Zamboni, author of “Learning CFEngine 3”, commented on A not-so-brief aside on reigning in chaos. His comment includes the clearest explanation of idempotence vs convergence I’ve ever seen:

About idempotence vs convergence: as you rightly point out, they are not the same, and there are very important differences. Idempotence is an operation that leaves the system unmodified if it’s already in the desired state, whereas convergence is the property of a system of not making unnecessary changes (nor operations). The end result may be the same, but CFEngine emphasizes convergence over idempotence, and has A LOT of built-in logic to automatically avoid performing unnecessary operations.

At a certain point in your career, you may start sharing your work with others in your profession. You may be asked to present a poster at a conference summarizing your work.

There is a wonderful write-up by Colin Purrington, graphic designer, on creating academic posters – it is full of useful tips and is funny and passionate.

Purpose: There is a lot to know about CFEngine, which can make it hard for people new to the subject.  The purpose of this guide is to lay out the resources available to CFEngine students and to orient them to this body of knowledge to speed their journey into practical system automation with CFEngine 3.

The guide is based largely on the materials of cfengine.com with full gratitude to Mark Burgess for continuously raising the bar in the field of system administration.

Comments welcome, please email me.

Getting Started

• CFEngine Quickstart: a Quick Start Guide.  Build and install from source; or install a package.  Then either set up CFEngine to run from cron; or start learning by running individual examples.
• CFEngine 3 Concept Guide: an abbreviated version of the CFEngine tutorial.  Topics include: Introduction – System automation; The components of CFEngine; Bodies and bundles; A simple crash course in concepts; Knowledge Management.

Core Documentation

• Glossary of Terms
• Tutorial: Covers the following topics:
  • System automation
  • The components of CFEngine
  • Bodies and bundles
  • First promises
  • A simple crash course in concepts
  • Using CFEngine as a front-end for cron
  • Network services
  • Knowledge Management
• CFEngine 3 Best Practices:  A guide to CFEngine 3 best practices.
  • Policy Style Guide
  • Policy Dos and Don’ts
  • Common Workflows
  • Quality Assurance around CFEngine
• Troubleshooting: A guide to debugging and reporting errors.  The three common types of problems and how to handle them: CFEngine appears to hang; segmentation fault; memory leak.  Common misunderstandings: CFEngine does not always work – only sometimes; I am seeing multiple cf-agents in the process table, building up.
• CFEngine Solutions: a Solutions Guide.  Basic examples (copying files, restarting processes, etc.).   High level solutions (adding users, setting up clusters, etc.).  Lots of low level examples (reading from a TCP socket, setting up a PXE boot server, etc.).  VERY USEFUL IN LEARNING CFENGINE.
• Reference Manual:  Everything about CFEngine.  Auto-generated from the source code.   You’ll likely spend most of your time in the Bundles for agent section.  INDISPENSABLE IN USING CFENGINE.
• Syntax: A companion to the Reference Manual, the syntax guide details all the parts of the CFEngine language and how they relate to each other.  A must read for aspiring CFEngine gurus.

Learning CFEngine

• Mark Burgess’s Introduction to CFEngine 3: four videos comprising Mark’s day class on CFEngine (find them at the top of the linked Training page):
  1. Introduction and motivation
  2. Understanding patterns and knowledge
  3. Client-Server basics
  4. Recap and the CFEngine landscape
• CFEngine 3 Practical Examples: A collection of practical examples to help learn CFEngine 3.  Use “ls -1” to display them in order (they are arranged from basic to more advanced).
• CFEngine 3 Cookbook: A growing collection of practical examples well explained.  Neil’s writing helped many sysadmins start with CFEngine 2 and 3.

CFEngine Policy Source Code Libraries

• CFEngine Community Open Promise-Body Library a.k.a. COPBL, a.k.a. cfengine_stdlib.cf).  Please read the purpose of the COPBL
• Modular Bundles: intended as a library of CFengine promise bundles. Has not been updated in over a year.
• Orion Cloud Pack: another library of CFEngine promise bundles.  Configure more than 20 popular services.  (Intended to be used on Amazon EC2 but could work in lots of environments.)  Has not been updated in 9 months.  Also: demo video and documentation.
• Index of Third-party Shared Policies: CFEngine users have shared some policies outside the above libraries.
• CFEngine 3 Practical Examples: See “Learning CFEngine” above.
• CFEngine 3 Cookbook: See “Learning CFEngine” above.

Special Topics

• There is a large (and growing) number of guides on various topics: devops, file editing, adopting CFEngine, etc.  Check Special Topics for the full list.

Enterprise Edition

• Nova Quick Start Guide: helps you install Nova and gives an overview of the beautiful admin GUI (the “Mission Portal”).
• CFEngine Nova Technical Supplement: details Nova installation, admin GUI, and Nova capabilities:
  • Business integration
  • Monitoring extensions
  • Database control
  • File ACLs
  • Server extensions
  • Environments and workflows
  • Virtualization
  • Content-Driven Policies (Community Edition can do this too)
  • Windows-specific features

Demo Videos

Video presentations demonstrating key capabilities of CFEngine Community and Enterprise editions.  The below content is straight from http://www.cfengine.com:

 

	CFEngine and Change Detection – CFEngine offers extensive tripwire functionality. Combined with CFEngine auto-repair functionality you can ensure policy compliance on files and directories. In this video you will see how CFEngine detects file creation, file change and file deletion. Use CFEngine to secure your files and prevent unauthorized changes. With CFEngine you can keep track of all configuration changes and view them in detailed reports.
	CFEngine and Apache Webserver – This demo shows you how CFEngine can manage one Apache webserver to ensure server availability and uptime. Use policies to define how to manage your webservers, and CFEngine will make sure your webserver are compliant with your policies. Avoid any downtime due to misconfigured or accidentally deleted files.
	CFEngine and Windows Registry – This demo shows you how CFEngine can manage the Windows registry. With CFEngine you can make sure the registry always stays compliant with your policies. Manage the whole registry or just specific keys and / or key-values.
	CFEngine and PXE Boot – CFEngine manages your servers and networks of machines throughout the life-cycle. Use CFEngine during the build and deploy phase by creating PXE-boot servers controlled and deployed by CFEngine. Based on policies you can turn any server into whatever configuration setting you like, independent of operating system and required services. This demo will show how to create a CFEngine PXE-boot server and then install Redhat on a clean machine using CFEngine. PS: This demo has sound.
	The Orion Cloud Pack – Three Steps you need to bring reliability and efficiency to Managed Services running out of the Amazon Cloud. Set up and tear down machines as you like, and bring instant configuration and compliance, with self-healing to your business.
	CFEngine Computer-Process Management – Use CFEngine to manage your computer-processes. Use application-availability policies to ensure uptime at all times. CFEngine starts, deletes and/or restart processes, all according to your policies. In this video we will show how CFEngine restarts a broken Apache-server. The demo will show how CFEngine can kill a process, and how it automatically (the CFEngine Agent) restarts the same process.
	CFEngine DNS Resolver – This clip shows how cfengine can deal with a very common issue in network configuration: setting up the name-server bindings. DNS configuration is sometimes done by DHCP, but statically configured servers can be maintained by CFEngine directly. We show how CFEngine repairs a damaged configuration file to ensure the correct settings.

Misc.

• Command Reference: a summary of command line options for each CFEngine component.