www.cfengine.com Vagrant & CFEngine Ohio Linux Fest 2013

Before we get started Is everyone in the right place? Has everyone installed Virtualbox 4.2.16 or later? VirtualBox --help | grep VirtualBox Has everyone installed Vagrant 1.2.7 or later? vagrant --version

Get to know each other Hi, I'm Nick SysAdmin > 10 Years Work at CFEngine Live in Lawrence, KS Twitter: @cmdln_ IRC: nickanderson Blog: http://www.cmdln.org Who are you? What do you do? Have you used Vagrant? Have you used CFEngine? Why did you choose this session and what do you hope to get from it?

9/13/13 What is Vagrant? Tool to make working with development environments easy. Create, configure, destroy lightweight, reproducible, and portable environments. ● Created by Mitchell Hashimoto ● @mitchelh ● http://www.vagrantup.com

9/13/13 Provides common environment Designers Developers Operations QA

9/13/13 Portable ● VirtualBox ● AWS ● VMware ● More ● https://github.com/mitchellh/vagrant/wiki/Available-Vagrant-Plugins

9/13/13 How can it help? Developer on-boarding Quickly provision/decommission test environments in repeatable fashion Bug Validation Continuous Integration Ad-hoc Demos

9/13/13 So what's it made of?

9/13/13 Vagrantfile ● Describe the type of machine(s) required for a project ● Syntax of Vagrantfile is Ruby, but knowledge of the Ruby language is not necessary. It's mostly simple variable assignment. Vagrant.configure("2") do |config| # All Vagrant configuration is done here. The most common configuration # options are documented and commented below. For a complete reference, # please see the online documentation at vagrantup.com. # Every Vagrant virtual environment requires a box to build off of. config.vm.box = "centos-5.x-i386_nickanderson_201304271927" end

9/13/13 CFEngine Provisioner: Currently Undocumented ● am_policy_hub ● extra_agent_args – Extra arguments to pass to cf-agent executions ● classes – Additional classes to define when running cf-agent ● deb_repo_file – The apt repository configuration file to use for configuring the repository containing the CFEngine packages ● deb_repo_line – The line that specifys the repository to use for CFEngine packages ● files_path – Directory to copy on top of the default masterfiles ● force_bootstrap – If true, bootstrap the host even if it has been bootstrapped before ● install – Install CFEngine package from repository ● mode – “bootstrap” or “single_run”, determines whether CFEngine will be bootstrapped or just executed once on the host ● policy_server_address ● repo_gpg_key_url – http location of GPG key used for checking package signatures ● run_file – Standalone CFEngine policy file to upload and execute ● upload_path – Path to upload run_file ● yum_repo_file – The yum repository file to use when configuring the repository containing CFEngine packages ● yum_repo_url – The url of the repository containing the CFEngine packages ● package_name – The cfengine package name to install

9/13/13 CFEngine Provisioner: Example Use

9/13/13 Boxes ● Predefined operating system install ● Provider specific ● http://www.vagrantbox.es ● Use veewee or packer.io (build your own automatically) – Kickstart/preseed, postinstall scripts

9/13/13 Automagic ● Ssh automatic port forwards ● Shared project folder /vagrant

9/13/13 Useful Plugin ● vagrant-vbguest automatically installs the host's VirtualBox Guest Additions on the guest system. ● vagrant plugin install vagrant-vbguest ● https://github.com/dotless-de/vagrant -vbguest

9/13/13 Getting started ● vagrant box list ● vagrant box add ● vagrant init ● vagrant status ● vagrant up ● vagrant up ● vagrant status ● vagrant ssh – vagrant ssh node ● vagrant destroy

9/13/13 Test it out ● Import vagrant basebox – Locate CFEngine_Training.box in resources/veewee – vagrant box add CFEngine_Training CFEngine_training.box ● Create a new empty directory ● vagrant init CFEngine_Training ● vagrant up ● vagrant ssh ● vagrant destroy -f

9/13/13 Daily Use vagrant up vagrant {destroy, halt, suspend} !-2

9/13/13 This is fantastic!

9/13/13 Build base boxes for all the things!

No content

Black Hole

9/13/13 Automating Vagrant Provisioning ● Ansible ● CFEngine ● Chef ● Puppet ● Salt Stack ● Shell Scripts ● MixnMatch!

9/13/13 CFEngine ● IT infrastructure automation, compliance, and knowledge management framework ● Opensource and Commercial Software ● Originally written by Mark Burgess ● @markburgess_osl ● http://www.cfengine.com

9/13/13 CFEngine History ● First released in 1993 ● CFEngine 2 released in 1998, self healing computer immunology. Added machine learning and anomaly detection. ● 2003 Promise Theory work began ● 2008 CFEngine 3 released. Integrates knowledge management and discovery mechanisms.

9/13/13 CFEngine Properties ● Small

9/13/13 CFEngine Properties ● Small ● Secure (http://web.nvd.nist.gov/view/vuln/search )

9/13/13 CFEngine Properties ● Small ● Secure (http://web.nvd.nist.gov/view/vuln/search ) ● Portable

9/13/13 CFEngine Properties ● Small ● Secure (http://web.nvd.nist.gov/view/vuln/search ) ● Portable ● Resilient

9/13/13 CFEngine Properties ● Small ● Secure (http://web.nvd.nist.gov/view/vuln/search ) ● Portable ● Resilient ● Declarative

9/13/13 Bootstrap a test environment

9/13/13 CFEngine Demo Time ● Lets try some community contributed policy

9/13/13 cf-sketch ● Log in to your policy hub, locate the design center repository and access the cf-sketch shell – vagrant ssh hub – sudo -i – cd /vagrant/resources/design-center/tools/cf-sketch – ./cf-sketch.pl

9/13/13 Configure Timezones ● search time ● info -v tzconfig ● install System::tzconfig ● define paramset System::tzconfig – Name: NO_Oslo_TZ – Timezone: Europe/Oslo – Zoneinfo: /usr/share/zoneinfo

9/13/13 Configure Timezones ● search time ● install System::tzconfig ● define paramset System::tzconfig – Name: NO_Oslo_TZ – Timezone: Europe/Oslo – Zoneinfo: /usr/share/zoneinfo

9/13/13 Configure Timezones Cont. ● search time ● install System::tzconfig ● define paramset System::tzconfig – Name: US_Central_TZ – Timezone: US/Central – Zoneinfo: /usr/share/zoneinfo

9/13/13 Activate and Deploy Timezone Configuration ● activate System::tzconfig NO_Oslo_TZ hub ● activate System::tzconfig US_Central_TZ node001 ● deploy

9/13/13 Editor War! ● I prefer vim, and it's fun to mess with the emacs people ● services/editor_war.cf

9/13/13 Wage War ● Remove Disallowed Packages – vagrant ssh hub – watch rpm -q emacs-nox – Uncomment disallowed_packages to activate policy. Watch it get fixed. ● Install Required Packages – watch rpm -q vim-enhanced – Uncomment required_packages to activate policy

9/13/13 More Nodes! ● Increase nodes to 2 in Vagrantfile ● vagrant up ● vagrant ssh node00{1,2}

9/13/13 The Books ● Learning CFEngine 3 – Diego Zamboni ● Vagrant Up and Running – Mitchell Hashimoto

9/13/13 Questions/Discussion?

9/13/13 Thank You!