I use CFEngine to manage tens of thousands of Linux hosts. I've used their enterprise edition with their agent, which is really outstanding. I've also run it at the same scale agentless, using their community edition. I have used it for one-time configuration at system installation, and have run it every 5 minutes on every host in our plant. The speed of execution and the clarity of the language are second to none, and when I was using their enterprise edition, I found their support and engineering services to be top-notch. I've been using it for 15 years or so, across several companies. While other configuration management systems get the job done, I haven't used any as straightforward and scalable as CFEngine. Many thanks, Mark Burgess!
I first learned about configuration management and 'infrastructure as code' from:<p>* <a href="http://infrastructures.org" rel="nofollow">http://infrastructures.org</a><p>They had "Bootstrapping an Infrastructure" in (twelfth) LISA (1998):<p>* <a href="http://www.infrastructures.org/papers/bootstrap/bootstrap.html" rel="nofollow">http://www.infrastructures.org/papers/bootstrap/bootstrap.ht...</a><p>* <a href="https://www.usenix.org/conference/lisa-98/bootstrapping-infrastructure" rel="nofollow">https://www.usenix.org/conference/lisa-98/bootstrapping-infr...</a><p>They started the concept in 1990s using make(1) files as their state engine because there was nothing else available ("Step 11").
I tried CFEngine3 for some personal configuration management needs a few years ago, and I was impressed by how well thought out and designed it seemed compared to the more popular alternatives.<p>Ultimately I ported over to Ansible because that's what I need to maintain fluency in for professional reasons, but I really lament it. It's a slog through mud compared to the clarity that is CFEngine.
First time I heard about CFEngine in ~2004. Version of that time didn't impress me. However CFEngine3 is a totally different story. I have been using it since 2012 and have not plans to switch. Even though CFEngine is not the most popular one it's one of the subjectively 'best'. Agent-less or kind-of-agent-less options like Ansible are not good enough feature-wise. Chef and Puppet are less convenient to me because of dependency on ruby.
CFEngine is great if you need to manage a large heterogenous fleet of different UNIX flavors like HP-UX,AIX,Solaris,Linux.<p>Have used it at AT&T and it's been great.
I stumbled on this after realising that Mark Burgess, who created CFEngine, is also the author of this other recent HN post on "Using Promise Theory to solve the distributed consensus problem" [0] (from the same blog).<p>[0] <a href="https://news.ycombinator.com/item?id=39676493">https://news.ycombinator.com/item?id=39676493</a>
I don't know why Annatar's alternative viewpoint on packaging was down voted so aggressively, especially when so many non-CFEngine automation posts were allowed.<p>In my workplace, spending some time packaging our app using FPM made our Ansible playbooks a lot simpler. Config management and packaging work great together.