CFEngine 3 Enterprise 2.2 is the next generation of CFEngine 3 Nova (successor of CFEngine 3 Nova 2.1.3), upgraded with productivity and performance enhancements. We have made a new Mission Portal Engineering room tailored to the needs of infrastructure engineers, making it both easier and more powerful to use. Most notably we have introduced dynamic grouping of hosts through a flexible tree control, also referred to as the Navigation Tree. It allows system adminsitrators to flexibly group hosts based on CFEngine classes, both discovered (hard classes such as operating system, architecture, IP address, etc.) and user defined (soft classes such as webserver, development, staging, etc).
CFEngine 3 Nova is compatible with CFEngine 3 Enterprise and can easily be upgraded by following the instructions in the CFEngine 3 Enterprise Owner's Manual.
The launch of CFEngine 3 Enterprise also brings a new offering: CFEngine 3 Free Enterprise, our commercial enterprise product offered for free for up to 25 managed hosts. It differs from our commercial offer in that it has different licensing terms, different support and it is limited to a maximum of 25 hosts. The product is described in full detail at http://cfengine.com/25free.
CFEngine 3 Enterprise is a commercially licensed version of the core CFEngine software1 with enterprise library extensions. All of the documentation for CFEngine 3 applies to CFEngine 3 Enterprise.
The aim of CFEngine 3 Enterprise is to offer a knowledge-enhanced framework for configuration man- agement that goes beyond mere technical configuration to support the needs of businesses. Features include compliance management, reporting and business integration, and tools for handling necessary complexity. CFEngine 3 Enterprise has features to support Cloud Computing for public and private clouds, as well as greater integration facilities with database resources.
CFEngine 3 Enterprise is designed to be simple to install in its default configuration. The installation process has three phases:
You should start from a blank system. If you have been using CFEngine Community Edition and you have already developed a policy, set aside this policy during the installation process. You will be able to integrate it back later.
CFEngine 3 Enterprise is provided in two packages, cfengine-nova and
cfengine-nova-expansion. The main software package
must be installed on every host (including the hub). The expansion package is only installed on the policy hub. You should install and set up the hub first.
yum,
zypper or apt-get are working (e.g. apt-get update).
cfengine-nova_2.2.xxx.[rpm|deb]
cfengine-nova-expansion_2.2.xxx.[rpm|deb]
On all other machines:
cfengine-nova_2.2.xxx.[rpm|deb]
host# rpm -ihv packages
host# rpm -ihv packages
host# dpkg --install packages
| Save the returned license file to /var/cfengine/masterfiles/license.dat on the hub before continuing. |
Find the hostname or IP address of the hub (policy server), here we assume ‘123.456.789.123’ is the address.
hub # /var/cfengine/bin/cf-agent --bootstrap --policy-server 123.456.789.123Use the same command on all hosts, i.e. *** do not bootstrap the policy server with a localhost address *** If you mistype the address of the hub, we recommend doing the following steps to re-boostrap:
hub # /var/cfengine/bin/cf-agent --bootstrap --policy-server 123.456.789.124
hub # killall cf-execd cf-serverd cf-monitord cf-hub
hub # rm -rf /var/cfengine/inputs/*
hub # rm -f /var/cfengine/policy_server.dat
hub # /var/cfengine/bin/cf-agent --bootstrap --policy-server 123.456.789.123
CFEngine will output diagnostic information upon bootstrap. Error messages will be displayed if bootstrapping failed, pursue these to get an indication of what went wrong and correct accordingly. If all is well you should see the following in the output:
-> Bootstrap to 123.456.789.123 completed successfully
How to assess success in this procedure:
cf-execd running, and eventually other processes from
the CFEngine suite like cf-monitord cf-serverd. On the hub, you should
also eventually see cf-hub. Note that it may take 5–10 minutes before all the
processes get started.
Default user name and password is 'admin' and 'admin' (make sure to change this at first login to prevent unauthorized access).
Note that some of the displays in the Mission Portal may be blank when you log in just after installation; some reports and graphs are only updated every six hours. It may also take some time for the system to fully converge, do not get troubled if initially there are some promises repaired or not kept.
Please refer to the CFEngine 3 Enterprise Owner's Manual
(http://www.cfengine.com/manuals/Enterprise-2-2-OwnersManual) for complete information and help troubleshooting your installation.
The Mission Portal is the centerpiece of user interaction with CFEngine 3 Enterprise. It can be accessed by connecting to the hub (policy server) with your web browser (for example at http://123.456.789.123; default port 80). From here you can get a complete overview of operations and performance, business and compliance, organizational knowledge and library. We will make a quick introduction of the four main rooms in the Mission Portal, please refer to the CFEngine 3 Enterprise Owner's Manual for a complete overview.
There are four main rooms in the Mission Portal that offer insight into different aspects of operations:
Each of these rooms is a beginning from which you can refine your overview and search through information.
Mission Engineering illustrates the state of the system in relation to the desired state at all scales. Zoom in to specific areas and examine the impact of promises, query data, and extract reports.
The Mission Engineering room underwent a substantial rework for the release of CFEngine 3 Enterprise 2.2. Most notably we introduced a host Navigation Tree where hosts can be grouped and organized in a hierarchy defined by classes. The remaining content on the page is influenced by the selected tree context, i.e. the Status and Reports tabs will only show information for linux hosts if such a context/node is selected in the the tree (the active node is highlighted to show that it is selected). Another notable change is the new interface to interact with reports, now available as a tab and drop-down menus.
The Navigation Tree consists of two main parts:
Add in the dropdown menu to add your own tree (input the name of the new tree in the field next to the add button). Click X next to a tree name to delete it.
X shown beside the node.
Pencil icon shown beside the node.
The trees and nodes that a user creates will not be visible to other users of the Mission Portal.
Click on any host in the tree to get a quick overview of that host in the status tab. Click the host name under the compliance graph to see more detailed information about the host.
The Status tab shows the overall status of the hosts selected in the Navigation Tree. This section contains:
execd, is not running (the hub will still able to contact the client to collect reports but the client will return stale data since it has not been running at regular intervals).
Action icons:
Reports are sorted into five main categories that contain drop down menus to select default reports. Clicking a report will bring up a search filter specific to that report.
Reports are updated at different intervals, the default values are every 5 minutes or every 6 hours (this can be changed by the user). Below is a list of standard reports, updated every 5 minutes unless otherwise noted:
Mission status is a high level summary of how well the entire system is behaving.
Business Value and Host Status: The two pie charts show the business value of the promises kept/not kept and well as host status, respectively. Business value is associated with the value of promises as defined in policy files. In the Host Status chart, each host represents a slice of the pie and is classified into red, yellow, green and blue according to the level of their compliance. A host is red if less than 80% of its promises are kept, yellow if 20% or more of its promises were repaired and host is now compliant, green if more than 80% of its promises are kept, and blue if there is no contact between the hub and the client host.
Compliance Summary: The row of bar meters shows the compliance (average percentage of promises kept, repaired or not kept) of all registered hosts 6 in blocks of 6 hours for the past week. It summarizes performance and anomalous behavior in a simple red (promises not kept), yellow (promises repaired) and green (promises kept) scale. Click on a bar to see which promises were kept/not kept.
Services/Goals: A summary of Mission goals (as defined in user policy files). See the CFEngine 3 Enterprise Owners Manual for more information.
Make changes to policies, goals determined by promises and implement specific tactics to achieve the desired state. Interact with data, approve changes and anomalies. Get an overview of users logged on to the Mission Portal, as well as their current activity.
Policy Goals: List of policy goals as defined in policy files; these examples are from company_knowledge.cf. Edit the file in the policy editor (Edit policies button) or edit the file in your own text editor. The "More..." button links to the Service Catalogue, click to see which bundles contribute to these policy goals.
Action buttons:
Logged on: Shows users currently logged on to the Mission Portal and their activity.
Activity log: Shows the latest activity entries. Type in a new activity to keep colleagues posted on current work.
Library buttons:
The Topics viewer, or Knowledge map, is a sematic web of subject references and document pointers. In a semantic web, you are presented with links to documents about your chosen topic. In addition you are offered leads and possible pathways to topics that are known to be related. These leads don't just point you to more documents, but explain how neighboring issues are related. The aim is to help the user learn from the experience of browsing, by conveying the meaning of the current topic in relation to other issues in the system. This is how knowledge transfer occurs.
The Knowledge Map can be found by searching for a topic in the top right corner or through the topic finder in the Mission Library (this will sometimes also lead directly to a document or web page instead).
The yellow sphere represents the current topic, surrounding (blue) spheres represent related topics, and the size of the spheres represents the number of associations each topic has. This map is navigable: click on a different topic to see a new view centered on that topic and its associations. The tabs will show leads, references, topics in the same context, and sub topics in the same context. Links can also lead to other viewers in the Mission Portal, documents and web pages related to the current topic.
Please refer to the CFEngine 3 Enterprise Owner's Manual for complete information about this product. You may also wish to visit our getting started section on cfengine.com:
[1] Major version 3 [2] You will obtain credentials to the CFEngine Support ticketing system and software download repository as a part of your purchase. (Note: CFEngine 3 Free Enterprise users do not have access to commercial support, see http://cfengine.com/25free [3] Blue or black hosts will not appear here [4] This is because hosts check in at different times and some hosts may not yet be accounted for at the time of generation of the graph. [5] You have to stop CFEngine on the concerned host before deleting it in the Mission Portal, else the host will contact the hub and re-appear in the database. [6] Blue or black hosts will not appear here
Table of Contents
Footnotes