Managing Systemd with Converge

// Rebecca Skinner // Converge

Converge 0.6.0 adds support for the systemd.unit.state resource, which will allow you to control systemd services from converge. In this article, we’ll talk about what capabilities have been added to converge for controlling systemd processes.

Read More…

Extending Converge

// Rebecca Skinner

In this article on extending Converge, we’ll walk through the process of developing a brand new Converge resource from scratch. We’ll go into detail on the resource authors’ API and building a resource that’s safe and usable. This article was generated from a literate program, you can download the original orgmode document if you want to build the examples yourself.

Update: 2017-01-06

This article was updated on 2017-01-06. The How Resource Work section has been updated to use the updated Resource Authors API.

Read More…

Introducing Converge

// Steven Borrelli // Converge

We’re delighted to introduce our newest project, Converge. Converge is a configuration management tool that makes it easy to configure servers, desktops, and Raspberry Pi devices.

Converge manages apt and rpm packages, files, directories, docker images and containers, and the Linux LVM subsystem. The CLI, modules, and API server are all bundled in a single 11Mb binary file, making it easy to deploy and run.

Converge is powered by a sophisticated graph execution engine that automatically creates dependencies and runs tasks in parallel. Internally, the desired state of a system is represented as a directed graph.

Read More…

Consul ACLs – an Introduction

// Steven Borrelli // Consul

HashiCorp’s Consul is a popular service discovery and key/value storage tool that has become a core component of many distributed applications.

However, if Consul is not secured an intruder could register their own service and capture traffic. For example, if you have an auth service, the intruder could register another service with the same DNS entry auth.service.consul and collect login information.

Consul does not implement access controls on the key-value data or service discovery endpoints by default. This means anyone (including intruders) are able to connect to a Consul host, register services, and modify data.

But don’t despair! Consul has an Access Control List (ACL) system that can be used to control who can read and write data. This means we can keep intruders from registering services without authenticating to the Consul server.

Read More…

Building Reusable Modules with Conditionals

// Rebecca Skinner

Converge 0.3.0 adds support for conditionals, making it easy to create a module that can react to different underlying operating systems, user configurations, and other runtime information.

Read More…