I am using Cfengine since 2007-02 to manage some aspects of our Linux Servers. Cfengine (as any automation tool) has a steep learning curve. It is difficult to climb out of the hole and get things up and running.

In 2008 I came in contact with Puppet, a tool I actually prefer to bootstrap new machines after the initial setup.

But cfengine is very handy to take care of a busy system. It is lightweight and fast and very suitable to do garbage collection or e.g. ensure a directory is present and has the proper ownership.

apt-get install cfengine2

Quite easy

That's an very complex task which depends mostly on your needs. I recommend reading the very good Tutorial of cfengine at http://www.cfengine.org/docs/cfengine-Tutorial.html. This will give you an idea what can be done.

Some examples:

control:
        actionsequence = ( directories files tidy shellcommands )
        sysadm = ( admin@host )

directories:
    Hr00::        
        /var/somedir/tmp          o=root g=root m=775

files:
    any::
        # check permissions
        /path/to/dir    o=user g=grp m=664 r=inf action=fixall

tidy:
    Hr03::
        # Garbage Collection:
        /path/to/dir                   pattern=* r=inf age=8

        /path/to/otherdir
                pattern=*
                exclude=*.jpg
                exclude=*.txt
                rmdirs=all
                r=inf
                age=0

display all classes defined on your host in 'parse-only-verbose' mode:

cfagent -p -v

run cfagent by hand

# do only display what to do but don't do it actually
cfagent -nvK | less

# define a class to be true (e.g. testing purpose)
# in this example show what is to be done at 3 a.m.
cfagent -nvK -D Hr03 | less

use a standalone config file to be run:

cfagent -vKf /path/to/file