This is just a brief introduction on how to setup CFEngine 3. For a detailed explanation, a bit of theory and a very nice document on philosophy about design of configuration management systems, I highly recommend the following tutorial:
Let's first introduce the conception. CFEngine3 can be used as a centralized system, where the computers that hold information to be distributed are called "distribution servers" or "hubs" in cf3 nomenclature but we will call just *servers*. The "end hosts" are the computers controled by CFEngine3, that receive the configuration. We will call them *clients*.
Supposing your CFEngine3 setup is in
/var/cfengine. Inside this directory
we see two important ones. One is called
masterfiles and the other
This is the directory where we will work. We make changes in
here, *not anywhere else*. From time to time, CFEngine3 daemons in clients
cf-agent) pull the server for changes in the
This is the directory where clients receive CFEngine3 files to be applied on
the system. These files are used to apply configuration to the clients. One
should not edit these files, but change the ones in
on the server.
Note that, on the server, there is also a
inputs directory. The server
also works as a client of itself.
How it works
Basically, dataflow is something like that:
1. cfengine3, on server, check for update in masterfiles;
2. changes are copied to
3. clients pull from files from
masterfiles/ directory of the server.
CFEngine3 setup is so simple that I got confused. Key exchange, server reconnaissance and everything is made with a simple command::
# /var/cfengine/bin/cf-agent --bootstrap --policy-server 123.456.789.123
Simply that. If the IP you see above is the same as the machine, it will be the server of your CFEngine3 setup. If it is not, it will be a client and look to the server on that IP.
If you have a problem at this phase, check the Troubleshooting section.
Simply, uhm? How does key exchange and everything else works? There is a nice section on the CFEngine3 Tutorial that discuss this and other things related to security and networks:
CFEngine 3 Tutorial: Remote access explained
Bootstrapping not working
If bootstrap misteriously fails, with no great detail, check if all binaries
/var/cfengine/bin exist. In some GNU/Linux distributions, like CentOS,
they are symbolic links to elsewhere CFEngine3 is installed and the package
doesn't create all links.