4

We have an existing cfengine3-community installation with lots of custom promises and it runs on about 50 machines. I'm interested in switching to Rudder, and I'm wondering about the best way to migrate. The newest version of Rudder seems to be based on cfengine 3.6.3, and we're running the latest cfengine, which is 3.7.1. So there's some syntax incompatibility. Would it work to just swap in the newest cfengine binaries? If not, what's the proper way to migrate?

steev
  • 165
  • 7

2 Answers2

4

Rudder can run side by side with CFEngine. They use different ports for client-server communication (5309 for Rudder) and different paths (/var/rudder/cfengine-community) so they can work together on the system.

The best strategy would be to have both of them running on yout nodes, and transcript your policies one by one into Rudder (by defining Directives and applying them in Rules, or creating your own Techniques with the Graphical Technique Editor), and disabling the migrating policies in CFEngine.

Direct transcription is quite fast (all bricks are available in Rudder and easy to use); but it is a good opportunity to review:

  1. the relevance of the policies - we often find dead code in migration
  2. the application of policies - it can be that some policies should apply on more (or sometimes less) nodes than they are really aplpied on
  3. the correctness of policies - you get reporting with Rudder, which shows if policies are correctly applied and works. It may be that some of them where failling before without you knowing it, because there were no reports.
Nicolas Charles
  • 725
  • 5
  • 11
  • excellent answer. thank you! I am somewhat disappointed there's not some easy automatic conversion, but your reasons for "transcribing" are good ones. – steev Oct 23 '15 at 16:09
2

rudder use an embedded cfengine-community which is not incompatible with an independant cfengine installation (path are different).

There are some cfengine pactches maintained by Rudder team so I think it will be not a good idea to swap the binaries.

For the incompatibility I don't know, but I know you will need to add some information in your promises to report the state inside Rudder.

frbayart
  • 327
  • 2
  • 8
  • "not incompatible"? Do you mean compatible? Your second sentence seems to indicate no, that you mean they ARE incompatible. – steev Oct 23 '15 at 13:42
  • 1
    You can have rudder and your own cfengine on the same server. Rudder install cfengine in /var/rudder/cfengine-community/bin/ (cf-agent / cf-execd ...). So your cfengine installation can still work and migrate the promises in Rudder one by one if you want. Rudder will not use your cfengine installation – frbayart Oct 23 '15 at 14:14