This guide describes how to install CFEngine on two Red Hat® Enterprise Linux® (RHEL) virtual machines using Amazon Web Services™ (AWS) and SSH. At the time of writing, under certain conditions, setting up an AWS account and using micro-instances is free.
One of the two machines will be a policy server
, while the other will be a host
.
Although these instructions walk through the steps needed to install CFEngine Enterprise on two machines, up to 25 machines can be set up using the same procedure and scripts.
This tutorial will cover the following steps:
Create Instance
click on Launch Instance
.Red Hat Enterprise Linux 64 Bit Free tier eligible
press the Select
button.Choose Instance Type
screen ensure the Micro Instances
tab on the left is selected.Next: Configure Instance Details
.Configure Instance Details
screen change the number of instances to 2.Network
as the default.Subnet
can be No preference
.Public IP
is checked.Review and Launch
.Security group
name on the Review Instance Launch
screen.Launch
.Create a new key
pair in the first drop down menu.Key pair name
.Download Key Pair
button and save the .pem file to your local computer.Launch Instance
button.Launch Status
screen click the View Instances
button.NETWORK & SECURITY > Security Groups
Security group
name from earlier, click on the appropriate line item in the list.Inbound
tab.+Add Rule
button. Select HTTP
from the drop-down list. Click “Add Rule” button again.Custom TCP rule
and enter 5308
in the Port range
text entry. Select “Custom IP” from the drop-down menu in the “Source” column.See: [Quick-Start Guide to Using PuTTY][Quick-Start Guide to Using PuTTY]
sudo yum install system-config-firewall
to install.The following steps are only necessary for one of the two virtual machines, the one that is designated as the policy server; these steps can be omitted on the second (client machine). Note that CFEngine refers to a client machine by the name Host
:
sudo system-config-firewall
Firewall Configuration
screen use the Tab
key to go to Customize.Enter
key. Below is the Firewall Configuration
window that comes up:Trusted Services
screen, scroll down to WWW (HTTP)
, AKA port 80.Space Bar
to toggle the WWW
entry (i.e. ensure it is on, showing an asterisk beside the name).Tab
key again until Forward
is highlighted, then hit Enter
.Tab
key until Add
is highlighted, then hit Enter
.5308
in the Port
section.Tab
key and enter tcp
in the Protocol
section.Tab
key until OK is highlighted, and hit Enter
.The Port and Protocol
are entered in the blue boxes, with entries of 5308
and tcp
respectively.
Then the Tab
key is used to highlight the OK
button, and the user presses Enter
.
Tab
key until Close
is highlighted, and hit Enter
.Tab
key or arrow keys until OK
is highlighted, and hit Enter
.For the second virtual machine, which is the client machine (also called host
), you may need to do the following if you see an error when bootstrapping this virtual machine in later steps:
Firewall Configuration
screen use the Tab
key to go to Firewall.Space
bar.Note: Turning off the firewall in a production environment is considered unsafe.
We ready now ready to install the CFEngine software on both the server and client virtual machines. These also referred to as the “hub” and “host” machines, respectively. During the course of the instructions outlined in this guide, you will perform the following tasks:
Run the following script on your designated Policy Server (hub), the virtual machine with the configured firewall from earlier steps:
$ wget http://cfengine.package-repos.s3.amazonaws.com/quickinstall/quick-install-cfengine-enterprise.sh && sudo bash ./quick-install-cfengine-enterprise.sh hub
This script installs the latest CFEngine Enterprise Policy Server on your server machine.
$ ifconfig
.Run the bootstrap command: sudo /var/cfengine/bin/cf-agent --bootstrap <IP address of policy server>
Example: $ sudo /var/cfengine/bin/cf-agent --bootstrap 172.31.3.25
Upon successful completion, a confirmation message appears: “Bootstrap to ‘172.31.3.25’ completed successfully!”
Type the following to check which version of CFEngine your are running:
/var/cfengine/bin/cf-promises --version
The Policy Server is now installed.
$ wget http://cfengine.package-repos.s3.amazonaws.com/quickinstall/quick-install-cfengine-enterprise.sh && sudo bash ./quick-install-cfengine-enterprise.sh agent
Note: The installation will work on 64-bit and 32-bit client machines (the host requires a 64-bit machine).
The client software (host), has been installed on the second virtual machine.
Note: You can install CFEngine Enterprise on up to 25 hosts using the script above.
Host
and the Policy Server
.Run the same commands that you ran in Step 2, $ sudo /var/cfengine/bin/cfagent bootstrap <IP address of policy server>
.
Example: $ sudo /var/cfengine/bin/cfagent bootstrap 172.31.3.25
admin
, and the password is also admin
.[Tutorial for Running Examples][Examples and Tutorials#Tutorial for Running Examples]
[Distribute files from a central location.][Distribute files from a central location]
Whereas the first tutorial in this list teaches you how to deploy business policy through the Mission Portal, this advanced, command-line tutorial shows you how to distribute policy files from the Policy Server to all pertinent Hosts.