ncf A powerful and structured CFEngine framework Jonathan CLARKE - - PowerPoint PPT Presentation

ncf
SMART_READER_LITE
LIVE PREVIEW

ncf A powerful and structured CFEngine framework Jonathan CLARKE - - PowerPoint PPT Presentation

Aug 23, 2022 372 likes •682 views

ncf A powerful and structured CFEngine framework Jonathan CLARKE jcl@normation.com @jooooooon42 (that's 7 'o's) Normation CC-BY-SA normation.com ncf Who am I? www.ncf.io Jonathan Clarke Title: Co-founder & Product lead at

slide-1
SLIDE 1

Normation – CC-BY-SA normation.com

ncf

A powerful and structured CFEngine framework

Jonathan CLARKE – jcl@normation.com @jooooooon42 (that's 7 'o's)

slide-2
SLIDE 2

Normation – CC-BY-SA normation.com

2

ncf

www.ncf.io

Who am I?

  • Jonathan Clarke
  • Title: Co-founder & Product lead at Normation
  • Origins: Sysadmin, infrastructure management
  • Now: Automation + “running a company”-stuff
  • Contributor to free software:

Co-creator of Rudder

Contributor to CFEngine, OpenLDAP

  • Co-organizer of events:
slide-3
SLIDE 3

Normation – CC-BY-SA normation.com

3

ncf

www.ncf.io

Intro

This presentation is about cakes

Photo CC BY 2.0 from http://www.flickr.com/photos/misscreativecakes/

slide-4
SLIDE 4

Normation – CC-BY-SA normation.com

4

ncf

www.ncf.io

Intro

Reminder: how are cakes made?

  • 1. Ingredients

+

  • 2. Recipes

Photo CC BY-NC 2.0 from http://www.flickr.com/photos/tnemily/ Photo CC BY 2.0 from http://www.flickr.com/photos/misscreativecakes/

slide-5
SLIDE 5

Normation – CC-BY-SA normation.com

5

ncf

www.ncf.io

Background

A bunch of CFEngine consultants

  • > 4 years
  • Multiple companies: small, large & huge
  • Various uses: security, provisioning, DR...

We always got the same feedback

slide-6
SLIDE 6

Normation – CC-BY-SA normation.com

6

ncf

www.ncf.io

Feedback #1: CFEngine rocks!

CFEngine rocks

Multi-platform Linux, Android, BSD, AIX, HP-UX, Solaris, Windows... Open Source GPLv3 Small footprint, scalable A few MB of RAM, just seconds to run... Continuous checking Agent based approach, no push Resilient to errors Network outages, failures, unavailable resources...

slide-7
SLIDE 7

Normation – CC-BY-SA normation.com

7

ncf

www.ncf.io

Feedback #2: CFEngine is hard!

CFEngine is hard

Too much “do it yourself” Building your own policy structure from blank slate Steep learning curve Syntax is unusual, hard to learn and understand Lack of feedback Output is hard to read, “what is going on?” Workarounds for bugs No way of systematically using a workaround

“Flour, eggs, milk and butter”

As in: https://digitalelf.net/2013/04/a-case-study-in-cfengine-layout/

slide-8
SLIDE 8

Normation – CC-BY-SA normation.com

8

ncf

www.ncf.io

Feedback #2: CFEngine is hard!

Learning to bake cakes on your own is frustrating.

Photo CC BY-NC-SA 2.0 from http://www.flickr.com/photos/penguincakes/

slide-9
SLIDE 9

Normation – CC-BY-SA normation.com

9

ncf

www.ncf.io

Brief dilemma...

Can we fix this?

We've worked around this for customers, let's make it reusable!

CHALLENGE ACCEPTED.

slide-10
SLIDE 10

Normation – CC-BY-SA normation.com

10

ncf

www.ncf.io

Approach

Too much do it yourself Building your own policy structure from blank slate

1) Provide a structured layout to start from 2) Provide single-purpose, reusable “methods” to get the basics done

slide-11
SLIDE 11

Normation – CC-BY-SA normation.com

11

ncf

www.ncf.io Steep learning curve Syntax is unusual, hard to learn and understand

Approach

1) Hide the weirder syntax inside these reusable “methods” 2) Only require a subset of syntax to write everyday policies (method calls)

slide-12
SLIDE 12

Normation – CC-BY-SA normation.com

12

ncf

www.ncf.io

Approach

1) Implement workarounds into those reusable “methods” (and use them) 2) Automated tests to make sure the bugs don't “come back”

Workarounds for bugs No way of systematically using a workaround

slide-13
SLIDE 13

Normation – CC-BY-SA normation.com

13

ncf

www.ncf.io Lack of feedback Output is hard to read, “what is going on?”

Approach

1) Now everything goes through reusable “methods”, build automatic feedback in 2) Make the feedback format customisable and extensible

slide-14
SLIDE 14

Normation – CC-BY-SA normation.com

14

ncf

www.ncf.io

Result

“Forget baking, I'm gonna get some cakes from the shop”

Photo CC BY-NC-SA 2.0 from http://www.flickr.com/photos/omarsc/

slide-15
SLIDE 15

Normation – CC-BY-SA normation.com

15

ncf

www.ncf.io

Result

We created ncf

ncf is a framework that runs in pure CFEngine language, to help structure CFEngine policy and provide reusable, single purpose components distributed under the GPLv3 license.

slide-16
SLIDE 16

Normation – CC-BY-SA normation.com

16

ncf

www.ncf.io

Result

Example === 1000 words

With ncf:

slide-17
SLIDE 17

Normation – CC-BY-SA normation.com

17

ncf

www.ncf.io

Result

Example === 1000 words

Without ncf:

This is actually

  • ver-simplified:
  • No feedback
  • No exceptions for

different OSes

  • No advanced options
slide-18
SLIDE 18

Normation – CC-BY-SA normation.com

18

ncf

www.ncf.io

Result

Example === 1000 words

With ncf, automatic feedback:

R: [DEBUG] Promise kept, not doing anything: Install package ntp in version latest R: [INFO] Promise repaired, made a change: Build file /etc/ntp.conf from template ntp.conf R: [INFO] Promise repaired, made a change: Restart service ntp R: [DEBUG] Promise kept, not doing anything: Ensure that service ntp is running

slide-19
SLIDE 19

Normation – CC-BY-SA normation.com

19

ncf

www.ncf.io

A layered approach

A layered approach

Services Techniques

IT services: “Corporate web site” Components of services: “Apache”

IT Ops Knowledge

Shared information: “httpd” package name

Generic methods

Unit tasks: “Copy file”, “Install package”, ...

slide-20
SLIDE 20

Normation – CC-BY-SA normation.com

20

ncf

www.ncf.io

How does it work?

How does it work?

CFEngine 3 can have self-contained “bundles” that you can call with parameters.

ntp

logger package_install file_from_template service_restart Outputs structured messages

slide-21
SLIDE 21

Normation – CC-BY-SA normation.com

21

ncf

www.ncf.io

Each generic_method does

  • ne thing and one thing only

Philosophy

Core principles

Objective not subjective

KISS DRY

Extensible Open source

slide-22
SLIDE 22

Normation – CC-BY-SA normation.com

22

ncf

www.ncf.io

Overview of available generic_methods

slide-23
SLIDE 23

Normation – CC-BY-SA normation.com

23

ncf

www.ncf.io

Online documentation

http://www.ncf.io/pages/reference.html

slide-24
SLIDE 24

Normation – CC-BY-SA normation.com

24

ncf

www.ncf.io

Current status

Project is young, but robust Need more generic methods

Ohloh statistics:

Source: http://www.ohloh.net/p/ncf-project Actually CFEngine

slide-25
SLIDE 25

Normation – CC-BY-SA normation.com

Demo!

(aka “show me the code!”)

Check it out on: http://www.ncf.io/

slide-26
SLIDE 26

Normation – CC-BY-SA normation.com

26

ncf

www.ncf.io

The cherry on the cake

The cherry

  • n the cake

Photo CC BY-NC-ND 2.0 from https://www.flickr.com/photos/creativeabubot

slide-27
SLIDE 27

Normation – CC-BY-SA normation.com

27

ncf

www.ncf.io

The cherry on the cake

Web interface “ncf builder”

Browse available generic methods Build Techniques Lightweight app (client side HTML+JS) Uses a simple REST API to interact with ncf

slide-28
SLIDE 28

Normation – CC-BY-SA normation.com

28

ncf

www.ncf.io

The cherry on the cake

slide-29
SLIDE 29

Normation – CC-BY-SA normation.com

Questions?

Check it out on: http://www.ncf.io/

Jonathan CLARKE – jcl@normation.com @jooooooon42 (that's 7 'o's)