This article relies largely or entirely upon a single source. All sources except for "Puppet vs CFEngine" has been written by the creator of CFEngine or his organization. (August 2014)
|Developer(s)||Mark Burgess, Northern.tech Inc.|
3.10.4 / May 02, 2018
|Type||Configuration management System administration Network management|
|License||GNU General Public License version 3|
CFEngine is an open source configuration management system, written by Mark Burgess. Its primary function is to provide automated configuration and maintenance of large-scale computer systems, including the unified management of servers, desktops, consumer and industrial devices, embedded networked devices, mobile smartphones, and tablet computers.
The CFEngine project began in 1993 as a way for author Mark Burgess (then a post-doctoral fellow of the Royal Society at Oslo University, Norway) to get his work done by automating the management of a small group of workstations in the Department of Theoretical Physics. Like many post-docs and PhD students, Burgess ended up with the task of managing Unix workstations, scripting and fixing problems for users manually. Scripting took too much time, the flavours of Unix were significantly different, and scripts had to be maintained for multiple platforms, drowning in exception logic.
After discussing the problems with a colleague, Burgess wrote the first version of CFEngine (the configuration engine) which was published as an internal report and presented at the CERN computing conference. It gained significant attention from a wider community because it was able to hide platform differences using a domain-specific language.
A year later, Burgess finished his post-doc but decided to stay in Oslo and took a job lecturing at Oslo University College. Here he realized that there was little or no research being done into configuration management, and he set about applying the principles of scientific modelling to understanding computer systems. In a short space of time, he developed the notion of convergent operators, which remains a core of CFEngine.
In 1998, dissatisfied with the level of understanding in the area and the ad hoc discussions of computer security at the time, Burgess wrote "Computer Immunology", a paper at the USENIX/LISA98 conference. It laid out a manifesto for creating self-healing systems, reiterated a few years later by IBM in their form of Autonomic Computing. This started a research effort which led to a major re-write, CFEngine 2, which added features for machine learning, anomaly detection and secure communications.
Between 1998 and 2004, CFEngine grew in adoption along with the popularity of Linux as a computing platform. During this time, Mark Burgess developed promise theory, a model of distributed cooperation for self-healing automation.
In 2008, after more than five years of research, CFEngine 3 was introduced, which incorporated promise theory as "a way to make CFEngine both simpler and more powerful at the same time", according to Burgess. The most significant re-write of the project to date, CFEngine 3 also integrated knowledge management and discovery mechanisms—allowing configuration management to scale to automate enterprise-class infrastructure.
In June 2008 the company CFEngine AS was formed as a collaboration between author Mark Burgess, Oslo University College and the Oslo Innovation Centre in order to support users of CFEngine. In April 2009, the company launched the first commercial version of CFEngine - CFEngine Enterprise. The Enterprise version can be downloaded for free for up to 25 agents (clients). February 2011, the company received its first round of funding, from FERD Capital. The company has offices in Oslo, Norway and Mountain View, California, USA.
CFEngine provides an operating system-independent interface to Unix-like host configuration. It requires some expert knowledge to deal with peculiarities of different operating systems, but has the power to perform maintenance actions across multiple hosts. CFEngine can be used on Windows hosts as well, and is widely used for managing large numbers of Unix hosts that run heterogeneous operating systems, e.g. Solaris, Linux, AIX, Tru64 and HP-UX.
Shortly after its inception, CFEngine inspired a field of research into automated configuration management. The CFEngine project claims to attempt to place the problem of configuration management in a scientific framework. Its author Mark Burgess has developed a range of theoretical tools and results to talk about the problem, and has written several text books and monographs explaining them.
One of the main ideas in CFEngine is that changes in computer configuration should be carried out in a convergent manner. This means that each change operation made by the agent should have the character of a fixed point. Rather than describing the steps needed to make a change, CFEngine language describes the final state in which one wants to end up. The agent then ensures that the necessary steps are taken to end up in this "policy compliant state". Thus, CFEngine can be run again and again, whatever the initial state of a system, and it will end up with a predictable result. CFEngine supports the item of statistical compliance with policy, meaning that a system can never guarantee to be exactly in an ideal or desired state, rather one approaches (converges) towards the desired state by best-effort, at a rate that is determined by the ratio of the frequency of environmental change to the rate of CFEngine execution.
CFEngine is used in both large and small companies, as well as in many universities and governmental institutions. Sites as large as 40,000 machines are reported (LinkedIn), while sites of several thousand hosts running under CFEngine are common. According to statistics from CFEngine AS, probably several million computers run CFEngine around the world, and users from more than 100 countries have been registered.
- Comparison of open-source configuration management software
- Anomaly-based intrusion detection system
- Host-based intrusion detection system
- Rudder (software)
- Burgess, Mark. "University of Oslo : Cfengine V2.0 : A network configuration tool" (PDF). Iu.hio.no. Retrieved 2013-09-08.
- Burgess, Mark (December 1998). "Computer Immunology" (PDF). Usenix.org. Retrieved 2013-09-08.
- Burgess, Mark; Couch, Alva (2006-11-28). "Autonomic Computing Approximated by Fixed-Point Promises, Proceedings of First IEEE International Workshop on Modelling Autonomic Communication Environments (MACE2006)" (PDF). pp. 197–222. Archived from the original (PDF) on 2012-04-25.
- "Cfengine Completes Series A Investment" (Press release). Oslo, Norway: PRNewswire. 2011-04-04. Retrieved 2014-08-22.
- Burgess, Mark (Summer 1995). "Cfengine: a site configuration engine" (PDF). USENIX Computing systems. Berkeley, CA, USA: USENIX. 8 (3). Retrieved 2014-08-22.
- Burgess, Mark (2003-11-29). "Configurable immunity for evolving human-computer systems" (PDF). Science of Computer Programming. 51 (3): 197–213. doi:10.1016/j.scico.2003.12.004. Archived from the original (PDF) on 2012-03-03.
- Burgess, Mark (2003). "On the theory of system administration" (PDF). Science of Computer Programming. 49: 1–46. doi:10.1016/j.scico.2003.08.001. Archived from the original (PDF) on 2011-07-24.
- "CFEngine Case Study - LinkedIn Infrastructure and Operations Automation at WebScale" (PDF). CFEngine AS. November 2014.