Conftero 0.18 Beta

Configuration management system implementing the Hidden Master architecture and Python based configuration. Single binary, no dependencies.

Hidden Master architecture protects against whole categories of attacks, including the type of latest critical Salt vulnerabilities.

*Beta version - don't use on important production systems. All functinality is not implemented yet. *

Download

Download cct 0.18 beta. 0.18 Beta works on Ubuntu Linux. It compiles for many platforms (Linux, Windows, Mac), but current development and experiments are done on Linux.

Benefits

Common Patterns

Daemon

Install Apache web server and enable user homepages.

installed("apache2")

symlink("/etc/apache2/mods-enabled/userdir.load", "../mods-available/userdir.load")
symlink("/etc/apache2/mods-enabled/userdir.conf", "../mods-available/userdir.conf")

if hasChanges():
    restartNow("apache2")

Configuring a daemon is called package-file-service in many configuration management systems.

Thanks to hasChanges(), you don't need to define relationships between functions. This is different from some leading configuration management systems.

Add Human User

user("tero", password="seeh1AeThi")

Default use follows regular user creation as closely as possible. For example, home directories are created automatically. For a typical Linux, it runs 'adduser()'.

In systems having a lot of users, a centralized user management system could be used.

Add a Technical User

Technical users improve security. For example, a dynamic website could run Python. The code should run as a low privilege user for compartmentalization.

user("pyweb", locked=True)

Scheduled Task

Conftero does not provide hundreds of special functions for special purposes. Instead, key functions are combined to achieve your end result. For example, Conftero does not have a speciel cron function, as it's easy to just use file().

First do it manually, then automate. And once you have done it manually, you probably know what you want your program to do.

file("/etc/cron.d/ccta", "* * * * * root /opt/cctslave/ccta\n")

Cheat Sheet

Known bugs

Bug: Initial agent configuration over ssh requires ssh settings. SSH login must be automated with public keys beforehand.

$ ssh-keygen	# enter, enter, enter
$ ssh-copy-id tero@example.com

Bug: Linux only. 0.18 Beta works on Ubuntu Linux. It compiles for many platforms (Linux, Windows, Mac), but current development and experiments are done on Linux.