20 years of CFEngine: design promises
2013 is the 20th anniversary of the CFEngine project. Users, and millions of computers worldwide, have used this software through major shifts of the industry from workstations to Windows, from mainframes to mobiles.
Sometimes I get asked what makes CFEngine different from other software. Here is my answer: design principles that get the basics right. Whatever your aesthetic preferences, design princples have kept CFEngine reliable and secure for 20 years, under a welter of dynamic challenges.
So, what are these design principles? Of course, they are promises:
The open source core promises
- To be based on the best available science
Theory and empirical knowledge are what drives fitness for purpose. From engineering to user experience, CFEngine has been researched continuously to solve the key issues in large scale, high complexity environents. The science behind CFEngine keeps it at the very state of the art, although sometimes imeplementation lags behind intentions.
- To be small, fast, and secure
Bloat is unwelcome in any organism. Managment is always overhead, and that costs both in hardware and in time wasted. So we keep it as lean as possible. When someone recently objected: "What, should we still be writing for 8k memory?" my answer was ... yes! As long as software doesn't do anymore than it did when you only had 8k, then that is what it is worth.
CFEngine does not take unnecessary risks or put ease ahead of safety. Security is a difficult concept, and it is poorly understood by many. For some, it means `just use SSL'. For CFEngine, it means not using SSL (which is complex and has many potential vulnerabilities), but rather to use basic strong encryption principles! It means simplicity, and taking care of how we act upon trusted information. It means making sure the management system itself does not compromise operations.
- To be fundamentally simple
Simplicity is different from ease. It means having standalone components with few dependencies. It means having a language with the smallest possible grammar. It means separating concerns into different components when ever possible and avoid too many fancy features. Above all, it means making the software as stable and predictable as possible.
- To be convergent first and then highly configurable
Quick convergence towards a desired state is the main goal: stability leads to predictability. Then we want a flexible tool, without compromising on convergence.
- To make no changes to the system by default
CFEngine does not hardcode decisions about infrastructure that the user cannot change, so it is safe and trustworthy, even if the policy description has to be a little longer.
- To have a clear semantic model that be used for reasoning
CFEngine 3's grammar is very small and its data-model very simple. Relationships between objects are clearly labelled. This makes knowledge mining easy. Enterprise users can build on this to get active machine-enchanced intelligence about their systems. CFEngine's convergent, idempotent language is optimized for information compression -- you only have to say something once.
- To work autonomously as part of a human-computer system
Automation exists to serve users, not to put humans to work. CFEngine avoids alarms and notifications that are not actionable, and tries to reduce the noise of information for the human curator.
- To be tolerant of network failures
Communications are always unreliable. The choice of /var/cfengine as a location for local cache was made because /var is the only OS-portable location that is guaranteed to be non-shared in a network environment, and which is unlikely to be network mounted.
These principles were key to the unreliable ethernet of 1993, and they are still key today -- in the mobile world of smart devices.
The CFEngine Enterprise promises
- No license servers!
You know why. :)
- To be easy to support
The value of vendor packaging is that you know exactly what goes into it, making issues more reproducible and confgurations more well tested.
- Versatile and convenient management of resources at large scale
Scaling up systems, and understanding them throughout the process is one of the major challenges today, whether the systems are bare metal, or public or private cloud. From building and deploying systems to monitoring and reporting on them, offer data with meaning at high availability.
- To bridge the gap between business and IT, communicating intelligence to both sides.
The dialogue between business and IT services is often tenuous, but deceptively simple tools can encourage the transfer of insight, allowing both sides to work more profitably together. Finding out the `what and why' takes humans a long time, and time is money. The computer can help! Use the machine for machine work and humans for human work.
- An intuitive and enjoyable experience for the human curators of smart infrastructure
Enjoyment is a human aspect that leads to quality of life. Making sure that CFEngine approaches the world in the way the user understands, whether in the datacenter or on a mobile device.
These make ambitious goals, but through continuous dialogue with users and non-users, all around the world, the details of how to keep these promises are continuously unfolding. Amidst all the turbulence of popular opinion and changing currents, of brilliant engineering, and stubborn refusal to progress, design principles have guided us all on the way.
Now, what about the next 20 years?