GNU Cfengine is a language-based system specifically designed for testing and configuring unix-like systems attached to a TCP/IP network. It was written by Mark Burgess.
You can think of cfengine as a very high level language---much higher level than Perl or shell. A single statement can create many hundreds of links, or fix the permissions of many hundreds of files.
The idea of Cfengine is to create a single file or set of configuration files which will describe the setup of every host on your network. Cfengine runs independently on each host and parses one file (or file-set), checks the the configuration of the host against this file and, if desired, fixes any deviations.
Although mainly intended for system administation,, cfengine can also be used a scripting language by ordinary users. It is a handy tool for tidying your old junk files and for managing the rights and permissions of your files when collaborating with other users.
When you start out from a small network with just a few workstations, or perhaps even a single mainframe system, it is quite easy to get into the habit of `fixing' the configuration of your system manually, making links, writing scripts etc.
As the size of a network increases, before you know it, you have five different operating systems supported by different organizations and each type of system has to be configured in a special way. You realize also pretty soon that Unix is not as standard as you thought, and that none of your scripts work on every system without a considerable amount of hacking and testing. The number of if..then..else.. constructions in your scripts grows to be so large that you can't really see what the script is doing anymore.
For large sites with many different flavours of operating system, what is needed is a more disciplined way of making changes which is robust against reinstallation. After all, if you suddenly have to replace a damaged disk then all of your manually placed symbolic links will have to be made from scratch!
The idea behind cfengine is to focus upon a few key areas of basic system administration, and provide a language which avoids all of the if..then...else complexity, so that the configuration file's meaning is transparent.
Because it is almost impossible to do everything, cfengine focusses on a few key functions which scripts handle rather poorly. It eliminates the need for lots of tests by allowing you to organize your network according to classes. From a single configuration file (or set of files) you specify, using classes, how your network should be configured---and cfengine will then parse your file and carry out the instructions, warning or fixing errors as it goes.
Here are some of the jobs Cfengine can handle:
Check and configure the network interface.
Edit text files.
Make and maintain symbolic links, including multiple links from a single command.
Check and set the permissions and onwership of files.
Delete junk files which clutter the system.
Systematically, mount NFS filesystems.
Verify the presence of important files and filesystems.
Execute scripts and shell commands in a controlled way.
Please send FSF & GNU inquiries & questions to gnu@gnu.org. There are also other ways to contact the FSF.
Please send comments on these web pages to webmasters@www.gnu.org, send other questions to gnu@gnu.org.
Copyright (C) 1996, 1997, 1998 Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA
Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.
Updated: 16 Feb 1998 tower