After 4 years of "experience in the trenches" providing enterprise configuration management solutions based on CFEngine 3, it became clear that our customers wanted CFEngine's speed, small footprint, and features but were having a hard time with the language and tooling, and needed an easier way. The goal of ncf is to abstract the knowledge of "how" to achieve tasks in CFEngine, and expose these capabilities for non-expert users. Thus, you can express your intent in a very succinct and expressive manner, integrating simply with CFEngine and its power, while keeping everything "under the hood" tunable. ncf promotes DRY-ness and sharing knowledge. It is built from the ground-up to be easy to learn, flexible and extensible. The framework is written in pure CFEngine language, introducing a well-structured design built on multiple decoupled layers with clearly-defined interfaces and roles. In our presentation we will introduce ncf and explain how ncf can be used to solve real-world examples, explain our design choices, the architectural approach taken, and demo the new magic at our finger tips to build CFEngine solutions that are extensible and easier to work with.

1. ncf
A powerful and structured
CFEngine framework
Jonathan CLARKE – jcl@normation.com
@jooooooon42 (that's 7 'o's)
Normation – CC-BY-SA
normation.com

2. Who am I?
●
ncf
www.ncf.io
Jonathan Clarke
●
Title: Co-founder & Product lead at Normation
●
Origins: Sysadmin, infrastructure management
●
Now: Automation + “running a company”-stuff
●
Contributor to free software:
–
–
●
Co-creator of Rudder
Contributor to CFEngine, OpenLDAP
Co-organizer of events:
Normation – CC-BY-SA
normation.com
2

3. Intro
ncf
www.ncf.io
This presentation
is about cakes
Photo CC BY 2.0 from http://www.flickr.com/photos/misscreativecakes/
Normation – CC-BY-SA
normation.com
3

4. ncf
Intro
www.ncf.io
Reminder: how are cakes made?
1. Ingredients
2. Recipes
+
Photo CC BY-NC 2.0 from
Normation – CC-BY-SA
http://www.flickr.com/photos/tnemily/ normation.com
4

5. ncf
Background
www.ncf.io
A bunch of
CFEngine consultants
> 4 years
● Multiple companies: small, large & huge
● Various uses: security, provisioning, DR...
●
We always got the
same feedback
Normation – CC-BY-SA
normation.com
5

6. ncf
Feedback #1: CFEngine rocks!
www.ncf.io
CFEngine rocks
Small footprint, scalable
A few MB of RAM,
just seconds to run...
Continuous checking
Agent based approach,
no push
Multi-platform
Linux, Android, BSD, AIX,
HP-UX, Solaris, Windows...
Resilient to errors
Network outages, failures,
unavailable resources...
Open Source
GPLv3
Normation – CC-BY-SA
normation.com
6

7. ncf
Feedback #2: CFEngine is hard!
www.ncf.io
CFEngine is hard
Steep learning curve
Syntax is unusual, hard
to learn and understand
Lack of feedback
Output is hard to read,
“what is going on?”
Workarounds for bugs
No way of systematically
using a workaround
Too much “do it yourself”
Building your own policy
structure from blank slate
“Flour, eggs, milk and butter”
As in: https://digitalelf.net/2013/04/a-case-study-in-cfengine-layout/
Normation – CC-BY-SA
normation.com
7

8. Feedback #2: CFEngine is hard!
ncf
www.ncf.io
Learning to bake cakes on
your own is frustrating.
Photo CC BY-NC-SA 2.0 from http://www.flickr.com/photos/penguincakes/
Normation – CC-BY-SA
normation.com
8

9. ncf
Brief dilemma...
www.ncf.io
Can we fix this?
CHALLENGE ACCEPTED.
We've worked around this for
customers, let's make it reusable!
Normation – CC-BY-SA
normation.com
9

10. ncf
Approach
www.ncf.io
Too much do it yourself
Building your own policy
structure from blank slate
1) Provide a structured layout to start from
2) Provide single-purpose, reusable
“methods” to get the basics done
Normation – CC-BY-SA
normation.com
10

11. ncf
Approach
www.ncf.io
Steep learning curve
Syntax is unusual, hard
to learn and understand
1) Hide the weirder syntax
inside these reusable “methods”
2) Only require a subset of syntax
to write everyday policies (method calls)
Normation – CC-BY-SA
normation.com
11

12. ncf
Approach
www.ncf.io
Workarounds for bugs
No way of systematically
using a workaround
1) Implement workarounds into those
reusable “methods” (and use them)
2) Automated tests to make sure the bugs
don't “come back”
Normation – CC-BY-SA
normation.com
12

13. ncf
Approach
www.ncf.io
Lack of feedback
Output is hard to read,
“what is going on?”
1) Now everything goes through reusable
“methods”, build automatic feedback in
2) Make the feedback format
customisable and extensible
Normation – CC-BY-SA
normation.com
13

14. ncf
Result
www.ncf.io
“Forget baking,
I'm gonna get some
cakes from the shop”
Photo CC BY-NC-SA 2.0 from http://www.flickr.com/photos/omarsc/
Normation – CC-BY-SA
normation.com
14

15. ncf
Result
www.ncf.io
We created ncf
ncf is a framework
that runs in pure CFEngine language,
to help structure CFEngine policy and
provide reusable, single purpose components
distributed under the GPLv3 license.
Normation – CC-BY-SA
normation.com
15

16. Result
ncf
www.ncf.io
Example === 1000 words
With ncf:
Normation – CC-BY-SA
normation.com
16

17. Result
ncf
www.ncf.io
Example === 1000 words
Without ncf:
This is actually
over-simplified:
- No feedback
- No exceptions for
different OSes
- No advanced options
Normation – CC-BY-SA
normation.com
17

18. ncf
Result
www.ncf.io
Example === 1000 words
With ncf, automatic feedback:
R: [DEBUG]
R: [INFO]
ntp.conf
R: [INFO]
R: [DEBUG]
Promise kept, not doing anything: Install package ntp in version latest
Promise repaired, made a change: Build file /etc/ntp.conf from template
Promise repaired, made a change: Restart service ntp
Promise kept, not doing anything: Ensure that service ntp is running
Normation – CC-BY-SA
normation.com
18

19. ncf
How does it work?
www.ncf.io
How does it work?
CFEngine 3 can have self-contained “bundles”
that you can call with parameters.
ntp
package_install
file_from_template
logger
service_restart
Outputs structured messages
Normation – CC-BY-SA
normation.com
19

20. ncf
A layered approach
www.ncf.io
A layered approach
Services
Techniques
IT services: “Corporate web site”
Components of services: “Apache”
IT Ops Knowledge
Shared information: “httpd” package name
Generic methods
Unit tasks: “Copy file”, “Install package”
CFEngine basics
ncf internals
CFEngine standard libraries
Framework config and magic :)
Normation – CC-BY-SA
normation.com
20

21. ncf
A layered approach
www.ncf.io
A layered approach
Services
Techniques
IT services: “Corporate web site”
Components of services: “Apache”
IT Ops Knowledge
Shared information: “httpd” package name
Generic methods
Unit tasks: “Copy file”, “Install package”
CFEngine basics
ncf internals
CFEngine standard libraries
Framework config and magic :)
Normation – CC-BY-SA
normation.com
21

22. ncf
Philosophy
www.ncf.io
Core principles
DRY
KISS
Objective not subjective
Open source
Extensible
Each generic_method does
one thing and one thing only
Normation – CC-BY-SA
normation.com
22

23. Available generic_methods
ncf
www.ncf.io
Normation – CC-BY-SA
normation.com
23

24. Online documentation
ncf
www.ncf.io
http://www.ncf.io/pages/reference.html
Normation – CC-BY-SA
normation.com
24

25. Current status
ncf
www.ncf.io
Project is young, but robust
Need more generic methods
Ohloh statistics:
Actually CFEngine
Source: http://www.ohloh.net/p/ncf-project
Normation – CC-BY-SA
normation.com
25

26. Questions?
Check it out on:
http://www.ncf.io/
Jonathan CLARKE – jcl@normation.com
@jooooooon42 (that's 7 'o's)
Normation – CC-BY-SA
normation.com