CFEngine: Difference between revisions
pipe your links! |
|||
Line 47: | Line 47: | ||
computer configuration should be carried out in a ''convergent'' manner. |
computer configuration should be carried out in a ''convergent'' manner. |
||
This means that each change operation made by the agent should have the |
This means that each change operation made by the agent should have the |
||
character of a [[ |
character of a [[fixed point (mathematics)|fixed point]]. Rather than describing the |
||
steps needed to make a change, cfengine describes the final state in which |
steps needed to make a change, cfengine describes the final state in which |
||
one wants to end up. The agent then ensures that the necessary steps are |
one wants to end up. The agent then ensures that the necessary steps are |
Revision as of 00:13, 27 April 2007
Cfengine is a policy-based Configuration management
system written by Mark Burgess at Oslo University College.
Its primary function is to provide automated configuration and
maintenance of computers, from a policy specification.
The cfengine project was started in 1993 as a reaction to the complexity and non-portability of shell scripting for Unix configuration management, and continues today. The aim was to absorb frequently used coding paradigms into a declarative, domain-specific language that would offer self-documenting configuration.
Portability
Cfengine provides an operating system independent interface to Unix-like host configuration. It maintains some expert knowledge to deal with peculiarities of different operating systems and can perform maintenance actions across multiple Unix-like servers. Cfengine can be used on Windows servers as well, and is quickly becoming a widely accepted method of managing a large number of Unix servers that run heterogeneous operating systems e.g. Solaris, Linux, AIX and HPUX.
Research-based tool
Shortly after its inception, cfengine inspired a field research into automated configuration management, in which its author remains a key innovator. The cfengine project claims to attempt to place the problem of configuration management in a scientific framework. Its author Mark Burgess has developed a range of important theoretical tools and results to talk about the problem, and has written several text books and monographs explaining these.
Convergence
One of the main innovations of cfengine is the idea that changes in computer configuration should be carried out in a convergent manner. This means that each change operation made by the agent should have the character of a fixed point. Rather than describing the steps needed to make a change, cfengine describes the final state in which one wants to end up. The agent then ensures that the necessary steps are taken to end up in this "policy compliant state". Thus, cfengine can be run again and again, whatever the initial state of a system, and it will end up with a predictable result.
User base
Cfengine is estimated to run on millions of Unix, Mac OS X and Windows computers all around the world. It is used in both large and small companies, as well as in many universities and governmental institutions. Sites as large as 11,000 machines are reported, while sites of several thousand hosts running under cfengine are common.
See also
- Comparison of open source configuration management software
- Anomaly-based intrusion detection system
- Host-based intrusion detection system