Managing configuration with Cfengine 3: concepts & theories

In December 2009, Mark Burgess, the author of Cfengine, was in France. This was a great opportunity to arrange a talk with members of the French Cfengine community.

Cfengine[0] is a policy-based configuration management system written by Mark Burgess at Oslo University College. Its primary function is to provide automated configuration and maintenance of computers, from a policy specification.[1]

In this presentation, Mark presents the concept of configuration management and its history, from the user-created shell scripting, then to the first normalized tools for configuration back in 1993 as a reaction to the complexity and non-portability, up to the new features of Cfengine 3, released in 2009, and its underlying concept, the promise theory[2].

The idea of this theory is to put the goals in focus, not the recipes to reach it; thus Cfengine 3 promises to maintain a certain state for the machine configuration. This declaration of promises offers self-documenting configuration, and an easy translation in SLA[3]. terms.

Then, the presentation continues with the possible applications of Cfengine 3 : enforcing security, monitoring a system, automating task, or as a compliance tool or a provisioning system.

All these are made possible thanks to the distributed approach of this software, with each node being responsible of his own state, allowing for scalability and detailed adaptation to the local environment.  Through autonomous execution and convergence, the expected state for the node is reached, and kept.

Finally, Mark presents Nova, the commercial version of Cfengine, and its benefits:

  • Knowledge management
  • Extended reporting system
  • Database and identity management integration
  • Windows native version

You can watch the video of the presentation (45 minutes long), and see the slides.


[0] Cfengine community website

[1] Cfengine entry on Wikipedia

[2] Promise theory on Wikipedia

[3] Service Level Agreement

Share this post

Scroll to Top
Rudder robot

Directive NIS2: how to get ready? Rudder can help you

Security management module details

This module targets maximum security and compliance for managing your infrastructure, with enterprise-class features such as:
Learn more about this module on the Security management page

Configuration & patch management module details

This module targets maximum performance and reliability for managing your infrastructure and patches, with enterprise-class features such as:

Learn more about this module on the Configuration & patch management page