» CFEngine Provisioner
Provisioner name: cfengine
The Vagrant CFEngine provisioner allows you to provision the guest usingCFEngine. It can set up both CFEnginepolicy servers and clients. You can configure both the policy serverand the clients in a singlemulti-machine Vagrantfile
.
Warning: If you are not familiar with CFEngine and Vagrant already,it is recommended to start with the shellprovisioner. However, if you are comfortable with Vagrant already, Vagrant is the best way to learn CFEngine.
Let us look at some common examples first. See the bottom of thisdocument for a comprehensive list of options.
» Setting up a CFEngine server and client
The CFEngine provisioner automatically installs the latestCFEngine Community packageson the VM, then configures and starts CFEngine according to yourspecification.
Configuring a VM as a CFEngine policy server is easy:
Vagrant.configure("2") do |config|
config.vm.provision "cfengine" do |cf|
cf.am_policy_hub = true
end
end
The host will automatically bebootstrappedto itself to become a policy server.
If you already have a working CFEngine policy server, you can get aCFEngine client installed and bootstrapped by specifying its IPaddress:
Vagrant.configure("2") do |config|
config.vm.provision "cfengine" do |cf|
cf.policy_server_address = "10.0.2.15"
end
end
» Copying files to the VM
If you have some policy or other files that you want to install bydefault on a VM, you can use the files_path
attribute:
Vagrant.configure("2") do |config|
config.vm.provision "cfengine" do |cf|
cf.am_policy_hub = true
cf.files_path = "cfengine_files"
end
end
Everything under cfengine_files/
in the Vagrant project directorywill be recursively copied under /var/cfengine/
in the VM, on top ofits default contents.
A common use case is to add your own files to/var/cfengine/masterfiles/
in the policy server. Assuming your extrafiles are stored under cfengine_files/masterfiles/
, the line shownabove will add them to the VM after CFEngine is installed, but beforeit is bootstrapped.
» Modes of operation
The default mode of operation is :bootstrap
, which results inCFEngine being bootstrapped according to the information provided inthe Vagrantfile
. You can also set mode
to :single_run
, whichwill run cf-agent
once on the host to execute the file specified inthe run_file
parameter, but will not bootstrap it, so it will not beexecuted periodically.
The recommended mode of operation is :bootstrap
, as you get the fullbenefits of CFEngine when you have it running periodically.
» Running a standalone file
If you want to run a standalone file, you can specify the run_file
parameter. The file will be copied to the VM and executed on its ownusing cf-agent
. Note that the file needs to be a standalone policy,including its ownbody common control
.
The run_file
parameter is mandatory if mode
is set to:single_run
, but can also be specified when mode
is set to:bootstrap
- in this case the file will be executed after the hosthas been bootstrapped.
» Full Alphabetical List of Configuration Options
am_policy_hub
(boolean, defaultfalse
) determines whether the VM will beconfigured as a CFEngine policy hub (automatically bootstrapped toits own IP address). You can combine it withpolicy_server_address
if the VM has multiple network interfaces and you want to bootstrapto a specific one.extra_agent_args
(string, defaultnil
) can be used to passadditional arguments tocf-agent
when it is executed. For example,you could use it to pass the-I
or-v
options to enableadditional output from the agent.classes
(array, defaultnil
) can be used to define additionalclasses duringcf-agent
runs. These classes will be defined usingthe-D
option tocf-agent
.deb_repo_file
(string, default"/etc/apt/sources.list.d/cfengine-community.list"
) specifies thefile in which the CFEngine repository information will be stored inDebian systems.deb_repo_line
(string, default"deb https://cfengine.com/pub/apt$(lsb_release -cs) main"
) specifies the repository to use for.deb
packages.files_path
(string, defaultnil
) specifies a directory that willbe copied to the VM on top of the default/var/cfengine/
(the contents of/var/cfengine/
will notbe replaced, the files will added to it).force_bootstrap
(boolean, defaultfalse
) specifies whetherCFEngine will be bootstrapped again even if the host has alreadybeen bootstrapped.install
(boolean or:force
, defaulttrue
) specifies whetherCFEngine will be installed on the VM if needed. If you set thisparameter to:force
, then CFEngine will be reinstalled even ifit is already present on the machine.mode
(:bootstrap
or:single_run
, default:bootstrap
)specifies whether CFEngine will be bootstrapped so that it executesperiodically, or will be run a single time. Ifmode
is set to:single_run
you have to setrun_file
.policy_server_address
(string, no default) specifies the IPaddress of the policy server to which CFEngine will bebootstrapped. Ifam_policy_hub
is set totrue
, this parameterdefaults to the VM's IP address, but can still be set (forexample, if the VM has more than one network interface).repo_gpg_key_url
(string, default"https://cfengine.com/pub/gpg.key"
) contains the URL to obtain theGPG key used to verify the packages obtained from the repository.run_file
(string, defaultnil
) can be used to specify a fileinside the Vagrant project directory that will be copied to the VMand executed once usingcf-agent
. This parameter is mandatory ifmode
is set to:single_run
, but can also be specified whenmode
is set to:bootstrap
- in this case the file will beexecuted after the host has been bootstrapped.upload_path
(string, default"/tmp/vagrant-cfengine-file"
)specifies the file to whichrun_file
(if specified) will be copiedon the VM before being executed.yum_repo_file
(string, default"/etc/yum.repos.d/cfengine-community.repo"
) specifies the file inwhich the CFEngine repository information will be stored in RedHatsystems.yum_repo_url
(string, default"https://cfengine.com/pub/yum/"
)specifies the URL of the repository to use for.rpm
packages.package_name
(string, default"cfengine-community"
) specifiesthe name of the package used to install CFEngine.