This guide describes how to install CFEngine on two Red Hat® Enterprise Linux® (RHEL) virtual machines using Amazon Web Services™ (AWS) and SSH. At the time of writing, under certain conditions, setting up an AWS account and using micro-instances is free.

One of the two machines will be a policy server, while the other will be a host.

Although these instructions walk through the steps needed to install CFEngine Enterprise on two machines, up to 25 machines can be set up using the same procedure and scripts.

This tutorial will cover the following steps:

  1. Initial Configuration of the AWS Virtual Machines.
  2. Configuring the Security Group.
  3. Configuring SSH Access to the Virtual Machines Using PuTTY (for Windows machines).
  4. Configuring the Firewall on the Policy Server.
  5. Installing CFEngine on both the Policy Server and Host Virtual Machines.

Initial Configuration of the Virtual Machines in AWS

Configure 2 RHEL Virtual Machine Instances in AWS

Configure Instance Details

Review and Launch

Configure the Security Group

Accessing the Virtual Machines Using SSH

See: [Quick-Start Guide to Using PuTTY][Quick-Start Guide to Using PuTTY]

Install and Configure the Firewall

Install the Firewall

Configure the Firewall on the Policy Server (AKA hub)

The following steps are only necessary for one of the two virtual machines, the one that is designated as the policy server; these steps can be omitted on the second (client machine). Note that CFEngine refers to a client machine by the name Host:

The firewall Configuration window

Open Port 80 (HTTPD)

Open Port 5308 (CFEngine)

Configuring a forward

The Port and Protocol are entered in the blue boxes, with entries of 5308 and tcp respectively. Then the Tab key is used to highlight the OK button, and the user presses Enter.

Wrapping Up Firewall Configuration

Disabling Firewall on a Host (Warning: Only Do This If Absolutely Necessary)

For the second virtual machine, which is the client machine (also called host), you may need to do the following if you see an error when bootstrapping this virtual machine in later steps:

Note: Turning off the firewall in a production environment is considered unsafe.

CFEngine Installation Overview

We ready now ready to install the CFEngine software on both the server and client virtual machines. These also referred to as the “hub” and “host” machines, respectively. During the course of the instructions outlined in this guide, you will perform the following tasks:

Step 1. Download and install Enterprise on a Policy Server

Run the following script on your designated Policy Server (hub), the virtual machine with the configured firewall from earlier steps:

$ wget http://cfengine.package-repos.s3.amazonaws.com/quickinstall/quick-install-cfengine-enterprise.sh && sudo bash ./quick-install-cfengine-enterprise.sh hub

This script installs the latest CFEngine Enterprise Policy Server on your server machine.

Step 2. Bootstrap the Policy Server

Bootstrap the policy server

Upon successful completion, a confirmation message appears: “Bootstrap to ‘172.31.3.25’ completed successfully!”

Step 3. Install Enterprise on Host (Client)

$ wget http://cfengine.package-repos.s3.amazonaws.com/quickinstall/quick-install-cfengine-enterprise.sh && sudo bash ./quick-install-cfengine-enterprise.sh agent

Note: The installation will work on 64-bit and 32-bit client machines (the host requires a 64-bit machine).

Bootstrap the policy server

The client software (host), has been installed on the second virtual machine.

Note: You can install CFEngine Enterprise on up to 25 hosts using the script above.

Step 4. Bootstrap the Host to the Policy Server

Step 5. Log in to the Mission Portal

What Next?

Tutorials