« Ubuntu squid with SSLhindsight on cfengine 3 »

Upgrading from CFEngine 2 to CFEngine 3


  05:59:00 pm, by The Dreamer   , 476 words  
Categories: Software, CFEngine

Upgrading from CFEngine 2 to CFEngine 3

I just learned of a key missing detail that would probably have helped lots of other CFEngine 2 sites make the transition to becoming CFEngine 3 sites.

All the sites, include CFEngine's have docs about Upgrading from CFEngine 2 to 3....

Where, the touch, or go in-depth, on conversion of policies from 2 to 3, extol how 3 is better than 2, and then offer vague options on how to upgrade (either in-place or replace)....

The most detailed explanation was a slide deck...which wasn't detailed enough.... that says "CF2 and CF3 designed to be interoperable", "Replace CF2 policies at your pace". How?

In-Place Upgrade

"Replace cfexecd with CFEngine 3's cf-execd" - Access controls remains untouched, runs cf-agent.

"Sample input files contain integration promises" - Launched automatically, Changes crontab

And, then get's in the steps:

  • Install CFEngine 3
  • Copy new inputs files to CF2 master repository
  • Remove any rules to reinstall CF2 or add cfexecd or cfagent to crontabs
  • Remove cfexecd from start up
  • Edit update.cf
  • set email options for executor in promises.cf
  • cf-agent --bootstrap

If all went well, you are now running CFEngine 3.

Bootstrap policy server using:

cf-agent --bootstrap --policy-server

  • Remove all rules and policies that are capable of activating CFEngine 2 components
  • Convert cfservd.conf into a server bundle
  • Place a reference to this in promises.cf
  • Add converted CFEngine 2 policies or create new CFEngine 3 policies
  • Done???? :??:

    Somethings missing....where's this interoperability taking place? Does CF3 know how to run CF2 policies? no... where's this replace CF2 with CF3 at my pace? Reads like its a full in-pace replacement of CF2 to CF3....

    So I finally made a reference about this on a list...


    It's why the CF3 binaries have dashes in the name. So you can drop them into the CF2 working directory.... The trick is editing the exec_command in the executor configuration, that's the command for running the agent; modify it to run both agents (v2 and v3).

    Wow...that's kind of an important detail that's been missing!

    Who knows we might have upgraded to CF3 long ago if we had known....instead of all the effort for the full replacement to CF3 (where not everything in our CF2 could be quickly translated into CF3 by a single person....) and then scrapping it to see if a full replacement with Chef is the way to go instead. Which has required a big change in mindset, because a lot of our CF2 policies make heavy use of "single-copy nirvana", which I think is even better in CF3....but its not the Chef way.... Might result in a divide of systems done using Chef and systems managed by CF2.

    And, that new server I've been working on, might have appeared sooner if I wasn't currently trying to translate CF3 promises into a CF2 policy....new server is FreeBSD and does a subset of what I'm doing on dbox...so I could've just adapted CF3 promises I have at home and use them at work....

    No feedback yet

    Now instead of subjecting some poor random forum to a long rambling thought, I will try to consolidate those things into this blog where they can be more easily ignored profess to be collected thoughts from my mind.

    Latest Poopli Updaters -- http://lkc.me/poop


    There are 17 years 7 months 20 days 11 minutes and 59 seconds until the end of time.
    And, it has been 7 years 5 months 8 days 13 hours 50 minutes and 57 seconds since The Doctor saved us all from the end of the World!


    May 2020
    Mon Tue Wed Thu Fri Sat Sun
     << <   > >>
            1 2 3
    4 5 6 7 8 9 10
    11 12 13 14 15 16 17
    18 19 20 21 22 23 24
    25 26 27 28 29 30 31


      XML Feeds

    Who's Online?

    • Guest Users: 2
    This seal is issued to lawrencechen.net by StopTheHacker Inc.
    powered by b2evolution

    hosted by
    Green Web Hosting! This site hosted by DreamHost.

    monitored by
    Monitored by eXternalTest
    SiteUptime Web Site Monitoring Service
    website uptime