Difference between revisions of "Dynamic CFEngine3"
(→Host taylor made provisioning of promises) |
|||
Line 1: | Line 1: | ||
Although this website is predominatly written in Dutch, because it is aimed at Dutch people using Debian, this set of pages is in English. The reason behind this is Webhuis' desire to support the international CFEngine community. |
Although this website is predominatly written in Dutch, because it is aimed at Dutch people using Debian, this set of pages is in English. The reason behind this is Webhuis' desire to support the international CFEngine community. |
||
+ | = The dynamics is in the data = |
||
+ | A best practice in CFEgine is to make promises or bundles as generic as possible, so that they suite the needs of as many situations as possible. |
||
== Host taylor made provisioning of promises == |
== Host taylor made provisioning of promises == |
||
Dynamic CFEngine is the Webhuis way of providing a taylor made set of promises to each and every node. Webhuis believe this is a security feature, because the host only has the bundles and the data it needs.<br/> |
Dynamic CFEngine is the Webhuis way of providing a taylor made set of promises to each and every node. Webhuis believe this is a security feature, because the host only has the bundles and the data it needs.<br/> |
||
Webhuis offers Dynamic CFEngine under [http://webhuis.nl/GPL-license GPL-2] as its contribution to the community. |
Webhuis offers Dynamic CFEngine under [http://webhuis.nl/GPL-license GPL-2] as its contribution to the community. |
||
+ | == How does it work? == |
||
− | |||
− | = How does it work? = |
||
Dynamic CFEngine extends on convergence because it provides the promises to the system in a convergent way, not all the promises are available as of the bootstrap of the host. The Webhuis example setup is structured: |
Dynamic CFEngine extends on convergence because it provides the promises to the system in a convergent way, not all the promises are available as of the bootstrap of the host. The Webhuis example setup is structured: |
||
* A host belongs to a domain |
* A host belongs to a domain |
||
* A host has a role |
* A host has a role |
||
In the example the host, domain and role bundles contain data that drive the common logic in the common bundles. When the host is bootstrapped to the CFEngine Master Hub it starts configuring itself by pulling the host and domain bundles from the hub. The host bundles file contains the role information, which convergently is being pulled from the hub in a subsequent iteration. |
In the example the host, domain and role bundles contain data that drive the common logic in the common bundles. When the host is bootstrapped to the CFEngine Master Hub it starts configuring itself by pulling the host and domain bundles from the hub. The host bundles file contains the role information, which convergently is being pulled from the hub in a subsequent iteration. |
||
− | = Data driven approach = |
+ | == Data driven approach == |
Because the data in the host, domain and role bundles drive the common logic in the common bundles Dynamic CFEngine makes little use of classes or contexts. The context is defined beforehand and no decisions have to be made, thus leading to a reduction of complexity in the logic in the common bundles. |
Because the data in the host, domain and role bundles drive the common logic in the common bundles Dynamic CFEngine makes little use of classes or contexts. The context is defined beforehand and no decisions have to be made, thus leading to a reduction of complexity in the logic in the common bundles. |
||
− | + | = The structure = |
|
The bundlesequence in promises.cf is as follows: |
The bundlesequence in promises.cf is as follows: |
||
* "role" |
* "role" |
||
Line 23: | Line 24: | ||
== Step by step == |
== Step by step == |
||
In the first iteration almost everything fails, the bundles g, update and the bundlesequence in @(webhuis_common) will execute but will not fulfill all the promises. |
In the first iteration almost everything fails, the bundles g, update and the bundlesequence in @(webhuis_common) will execute but will not fulfill all the promises. |
||
− | + | == g == |
|
The common bundle g is contained in promises.cf and it defines common variables to the system. |
The common bundle g is contained in promises.cf and it defines common variables to the system. |
Revision as of 23:19, 17 May 2014
Although this website is predominatly written in Dutch, because it is aimed at Dutch people using Debian, this set of pages is in English. The reason behind this is Webhuis' desire to support the international CFEngine community.
Contents
The dynamics is in the data
A best practice in CFEgine is to make promises or bundles as generic as possible, so that they suite the needs of as many situations as possible.
Host taylor made provisioning of promises
Dynamic CFEngine is the Webhuis way of providing a taylor made set of promises to each and every node. Webhuis believe this is a security feature, because the host only has the bundles and the data it needs.
Webhuis offers Dynamic CFEngine under GPL-2 as its contribution to the community.
How does it work?
Dynamic CFEngine extends on convergence because it provides the promises to the system in a convergent way, not all the promises are available as of the bootstrap of the host. The Webhuis example setup is structured:
- A host belongs to a domain
- A host has a role
In the example the host, domain and role bundles contain data that drive the common logic in the common bundles. When the host is bootstrapped to the CFEngine Master Hub it starts configuring itself by pulling the host and domain bundles from the hub. The host bundles file contains the role information, which convergently is being pulled from the hub in a subsequent iteration.
Data driven approach
Because the data in the host, domain and role bundles drive the common logic in the common bundles Dynamic CFEngine makes little use of classes or contexts. The context is defined beforehand and no decisions have to be made, thus leading to a reduction of complexity in the logic in the common bundles.
The structure
The bundlesequence in promises.cf is as follows:
- "role"
- "g"
- "update"
- "@(webhuis_common)"
- "${g.class_domain}"
- "${g.class_host}"
- "${role.role}"
Step by step
In the first iteration almost everything fails, the bundles g, update and the bundlesequence in @(webhuis_common) will execute but will not fulfill all the promises.
g
The common bundle g is contained in promises.cf and it defines common variables to the system.