There are several steps to bring up a CFEngine installation within an organization:
- Prepare all appropriate machines for installation.
- Configure your network and security.
- Download the CFEngine software.
- Install CFEngine on the Policy Server(s).
- Bootstrap the Policy Server to itself.
- Initiate post-install configuration on the Policy Server.
- Install CFEngine on the Host machine(s).
- Bootstrap the Host(s) to a Policy Server.
CFEngine Enterprise is provided in two packages; one is for the Policy Server (hub) and the other is for each Host (client).
Note: See Installing Community for the community version of CFEngine)
Log in as root and then follow these steps to install CFEngine Enterprise:
On the designated Policy Server, install the
[RedHat/CentOS/SUSE] $ rpm -i <server hub package>.rpm [Debian/Ubuntu] $ dpkg -i <server hub package>.deb
On each Host, install the
[RedHat/CentOS/SUSE] $ rpm -i <agent package>.rpm [Debian/Ubuntu] $ dpkg -i <agent package>.deb
Note: Install actions logged to
Bootstrapping a client means to configure it initially. With CFEngine, the default bootstrap:
- records the server's address (accessible as
sys.policy_hub) and public key, and gives the server the client's key to establish trust (see Bootstrapping)
- copies all the contents of
/var/cfengine/masterfileson the policy server (AKA
Run the bootstrap command, first on the policy server:
Find the IP address of your Policy Server:
Run the bootstrap command:
$ sudo /var/cfengine/bin/cf-agent --bootstrap <IP address of policy server>
The bootstrap command must then be run on any client attaching itself to this server, using the ip address of the policy server (i.e. exactly the same as the command run on the policy server itself).
CFEngine itself is configured through policy as well (see Components and Common Control and
The Policy Framework for details). The following basic changes to the default policy will configure
cf-execd for your environment.
Find the following line:
"domain" string => "your.domain.here",
Change your.domain.here to your domain name, e.g. example.com.
Find the following line:
mailto => "firstname.lastname@example.org";
Change email@example.com to your email address.
Note: On some systems this modification should hopefully work without needing to make any additional changes elsewhere. However, any emails sent from the system might also end up flagged as spam and sent directly to a user's junk mailbox.
Server IP Address and Hostname
/etc/hosts and add an entry for the IP address and hostname of the server.
CFEngine Enterprise Post-Installation Setup
More Detailed Installation Guides
Although most install procedures follow the same general workflow, there are several ways of installing CFEngine depending on your environment and which version of CFEngine you are using.
- Installing Enterprise for Production
- Install and test the latest version using our native version, for free!
- Installing CFEngine on virtual machine instances using Amazon Web Services' (AWS) EC2 service
- This is especially useful for people running Windows on their workstation or laptop.
- Install and test the latest version using our pre-packaged Vagrant environment
- Installing CFEngine Community Edition
- Learn about Writing and Serving Policy