cfengine is a GNU tool designed to support the automation of system administration tasks, helping to administer "nonhomogeneous distributed systems."
"Cfengine, or the configuration engine is a very high level language for building expert systems for the administration and configuration of large unix networks. Cfengine uses the idea of classes and a primitive form of intelligence to define and automate the configuration of large systems in the most economical way possible. "
The author takes the approach that this should, after a manner of speaking, represent a sort of "system immunology." One should plan to build a set of cfengine "rules" that will be applied to a number of computer systems, that should encourage the systems to converge towards "more stable" states.
The C-based version of cfd is not terribly thread-safe, and doesn't cope well if you have a whole lot of clients connecting to a single server. This would, for instance, be the case if you have a network with several hundred client machines that run a cfengine script each hour that might each make a hundred requests of the server.
FAI (Fully Automatic Installation)
We present a non interactive system, called FAI (Fully Automatic Installation), to install a Debian Linux operating system on a PC cluster.
We take one or more virgin PCs, turn on the power and after a few minutes Linux is installed, configured and running on the whole cluster, without any interaction necessary. In addition, the configuration can be changed automatically on all Linux cluster nodes. Thus we have a scalable method for installing and updating a cluster with little effort involved.
We use the Debian distribution and a collection of shell- and Perl-scripts for the installation process. Changes to the configuration files of the operating system are made by the tool cfengine.
Managing Filesystem ACLs with GNU/Cfengine
An article on the care and feeding of ACLs using cfengine written for the Usenix ;login: magazine.
The creator of cfengine observes that configuring ACLs for Windows NT by hand is a tedious and error-prone task, and suggests that in order to usefully make use of ACLs to secure systems, you need to have some form of "policy engine" to apply the desired policies.
Debian Administration :: cfengine [1/3] : A simple overview of cfengine
Debian Administration :: cfengine [2/3] : An introduction to cfengine rules